Smoothwall Firewall project

Tuesday 9 April 2013

Using an External Node Classifier in a masterless configuration with Puppet


I use standalone puppet a lot for managing my own machines and cloud servers, but the site.pp file was starting to grow large and it became obvious the solution was to use an external node classifier or ENC.

There is lots of documentation on the web on how to do this with a puppet master/ agent configuration, but nothing I could find on how to do this.

The key change is where you specify the change of node class information in the puppet.conf file. If you follow the puppetlabs documents , it won't work. If however you put the new ENC definition into the [main] section , it works just fine. Only a minor change , but it will not work unless you do.

The code you need looks like this:


node_terminus = exec
external_nodes = /usr/local/bin/node_classifier.py

The node classifier can be whatever you want, but I used python just to get it up and running quickly for testing.


I hope this saves someone hours of hunting around to get this sorted.

During my research , I have also found that it should be possible in the latest releases to use Hiera as your ENC to generate the YAML required. Next on my list to try.

Link to Puppet Labs ENC documentation

Using Hiera as your ENC

Sunday 7 April 2013

Apple computing can change the end user computer landscape for ever.



As a long time computer professional, I have lived and worked through the mainframe, mini computer , LAN based and now cloud computer eras. I have seen them all, large and small, and the changes that have affected our industry, which does love to evolve, sometimes rapidly. It also tends to have very painful outcomes for the incumbents - just ask IBM about OS/2.

There is absolutely no doubt we are living through one of these large changes at the moment and it is coming in several forms , that all point to a post-PC era - reference below. This blog post is being typed on a Google Chomebook from Samsung, and a lot of the research for the article was done using my iPad and Google Nexus 4 phone. No PC involved at all. I fully accept that I embrace technologies faster than most, but I never jump to join technologies and think carefully before I act. So if you are reading this on your trusty old PC with windows XP installed , then bear with me, you will get to this future faster than you think.

Apple really did push a large boulder over a cliff when they introduced the iPhone, intentionally or not they really did change the industry. Google could see the wisdom in this move and jumped on the bandwagon and built its' own operating system and infrastructure to compete, Microsoft did nothing but release another tired old version of Windows phone which crashed horribly.

At the same time Amazon introduced the world to the concept of cloud computing for the enterprise, which was first seen as a curiosity, but is now in any good CTO's strategic planning as the way forward. Google also saw this as an opportunity and introduced fairly quickly the concept of their cloud applications, and Dropbox showed the way for cloud storage. Microsoft was not so badly placed here, but really did not execute on its' good start with Hotmail, and basically seemed to do nothing, until this year when they released Office365 - years behind its' competitors. Its' cloud offering is not that amazing or different , but does offer some good features.

Microsoft have always been strong on the desktop, which they have owned for a decade, but with another badly received release with Windows 8 in all its' forms, it is currently very vulnerable  PC sales are dropping off dramatically while tablet and smartphone sales are booming. Microsoft is very badly positioned in both these markets and that is where the end user industry is heading. They will be fine in the corporate landscape for many years to come on the server side, but the desktop will change. The cloud means you can use anything as a client access device. Why pay $500 dollars per employee device when you can pay $200 - simple economics. Even better encourage your staff to bring their own - BYOD - even cheaper. If you are paying $100-$200 for a client device - why would you spend $200 on Microsoft office, when most apps are $5 for you Apple or free from Google?

Another cash cow slaughtered.

If Apple wished to grab this once-in-a-generation opportunity all they need to do is have a re-think about prices and product ranges, and simply introduce a budget range - nothing smarter than that. Google are already trying with their Chromebook, but they are not for everyone. They are having a lot more success with their Android smartphones - just see the sales figures and all the very cheap Chinese clones. If Apple were to partner with HTC,Asus or Dell and bring out a budget range of laptops, tablets and smartphones - cheap iPhone is already rumoured - just think how disruptive this would be. Google would have a real fight on its' hands and the competition would be fierce. Microsoft, and in truth a lot of other players would be next to pointless. Their tiny share in the smartphone market would evaporate and the their tablets which are already dying on their feet would disappear. They would become significantly less relevant in the new era, and we would at last have two decent competitors.

This would mean Apple going against a lot of its' historical DNA, and it has always sworn they would not do this, but this strategy is what nearly bankrupted them in the 1990's. They need to be very careful about how they proceed from here. Google is now their main competitor, and not just for devices but for the cloud experience that they are offering to their customers, and Google is a lot more open, and offers most of its' products for free.

I personally hope they do, as we have seen significantly more innovation since Apple and Google really got stuck in, as Microsoft had become stale. Internet explorer was a prime example. Once Mozilla, Google and Apple started to innovate IE became a much smaller player in the field.

Here is a link I read recently on the topic, but there are literally hundreds of other examples - just Google it ;-)

Research from Gartner on post PC era




Friday 5 April 2013

Using an encrypted git repository on Dropbox to store my puppet code in the Cloud.


Today, most technologists have said they love the cloud storage paradigm and to have files and configs at their finger tips , no matter where they are , or how they access them.

Dropbox was arguably the first, easiest and globally available cloud storage solution out their, and it's the one I continue to use today. Like all cloud solutions - apart from owncloud - they have one drawback, who else can look at your files? This tends to make users suspicious and cautious about what they are prepared to store in the cloud, me too. As I control various ssh keys with my puppet code, I certainly don't want people having access to these.

So the solution I found was Truecrypt - a great open source project that allows you to create encrypted  volumes that you can mount on all popular operating systems, including Linux, OSX and Microsoft. As I use all three of these systems at various times, it gives me great coverage. In the post PC era, it would be nice to see IOS and Android versions available in the future, but in all honesty I have not seen a real need yet.

My purposes only required a small amount of space, as code does not generally take up too much room, so I only made it 10MB. Your mileage may vary of course. There are good tutorials on the Truecrypt web site, and if you like what you see, then please donate to the project.

Once Truecrypt has been installed , created your volume and you have mounted it , you can now create your git repository using standard git commands like so:

git init --bare project.git

You can then take the project you have been working on your local hard drive, and commit it to your new git repo, like so

git remote add origin /media/truecrypt1/git/project.git
git push -u origin master

That's all there is too it, so now I have my puppet git repository where ever I go, and I can very quickly bring a machine up to my requirements with all the settings and packages I need to get work done with puppet and a few git commands. It literally saves hours of time, and I can rest easy in the knowledge it is safe in the cloud.

You can obviously use Truecrypt for storing all sorts of other things in the cloud, as I do. If you want to make sure only you can see sensitive data then this a good way to go.