Initial to the rescue!

What your class might look like:

class PersonForm(forms.Form):
    first_name = forms.CharField(max_length=100)
    last_name = forms.CharField(max_length=100)
    gender = forms.CharField(max_length=1)
    hair_color = forms.CharField(max_length=256)

If you now wanted to initialize your form for males with blonde hair, include this snippet in your view:

form = PersonForm(initial = { 'gender' : "M", 'hair_color' : "blonde" } )

Then pass that form as part of your render return:

return render_to_response('add_person.htm', { 'form' : form })

This post is brought to you by #neverwantingtosearchtheinternetforthisagain, and StackOverflow for inspiration.

Location based networking, anurag wakhlu (coloci inc)
http://goo.gl/mxAtd
* location based apps: where are you now? or where will you be?
* where are you now: foursquare, gowalla, loopt, etc
* where will you be: coloci, fyesa, tripit, plancast
* interest based networking: the reason to talk to someone who is near you. tie an interest: sending someone a coupon when they are near starbucks. if they arent near starbucks, what good is a coupon?
* proactive coupons: dont wait for a check-in. if someone is 2 blocks from starbucks, send them a notification for coupon. ex// minority report. walk by a billboard, recognizes you, tailors ad specifically to you.
52% of US consumers willing to share location for retail perks.
* foursquare background checkin? automatically check you in when you are in a close enough vicinity to a location
* Do privacy concerns have a potential impact on services becoming more popular? ex// European privacy laws about broadcasting who you are, where you are, etc.
* Have to trust your device that when you disallow authority to know your location, it actually does not broadcast where you are.
* Trade off of convenience versus privacy. Debit card is a lot more convenient than cash, people are more than likely to give up privacy.
* If you really want to not be tracked, you really need to disconnect yourself from the computer. Go cash only. Re-education might help. “You might already be sharing this info somewhere else, so what difference is it now that you do it via your phone?”
* Tracking someone’s history via CSS visited tag. Firefox supposedly has fixed this issue where websites cannot do this anymore.
* Using EZpass, who is responsible for giving a ticket if you did 60 miles in faster than 60 minutes? Using your location to know your broke the law.
At the start, Anurag gave a wonderfully succint history of location based networking, highighting the current giants like Foursquare and Facebook Places. We talked about how the potential is there to enable your phone to alert you about consumer deals in your vicinity, having more of a ‘push’ aspect to networking, or your phone could alert you to friends being near as well. Eventually though, the attendants turned the talk into a big privacy discussion. Not necessarily as flame-worthy as it could have been, but still talking about how much of our information we want to broadcast and allow to advertisers. Broadcasting location and private information. Could the situation eventually get to the point like Minority Report where your phone is overtly/covertly broadcasting who you are to potential advertisers or other potentially nefarious people.

Economics of open source
* reputation is a kind of currency. ancillary benefits of ‘being known.’ ex// popular github repo, can get you a book deal, flown to conferences, etc.
* are we cheapening what we do by giving it away? software produces so much cash for people. not everything is oss. still need people to customize it and apply.
* discussion: can donations kill a project? the comptroller decides who gets money, and those who donate time but dont get paid feel slighted, and the project can take a nose dive.
Content of presentation was a bit bland/dry, but the discussion was involved. War story: giving training away for free when a company charges for it. you are hurting the ecosystem by giving it away rather than someone paying for it. This was fairly interesting, delving past the common topic of software being ‘free as in beer.’

Interviewing well as a coder round table
* feel okay sitting there for a couple minutes thinking. Dont feel stressed to start writing code right away.
* some questions to ask you to regurgitate syntax. what happens if you get confused between languages.
* design issues “show us where you would add X feature.” stylistics versus code syntax.
* code portfolios: employers look at your github profile. see the code you’ve written. if your code is ‘too good’, employer wants you to find bugs in their code.
* how to practice your whiteboarding skills? codekata: short programming problems.
* asking questions that there is no solution to. can you be an asshole interviewing?
* be prepared for personal questions because employers will google you and find your personal interests
* spin negative questions as positive: what do you see improving in your work environment?
* questions back to employee: what do you hope to improve for our company?
* if you list a skill in your skills list, be ready to whiteboard the code.

Can the internet make you healthier? jason jacobs, runkeeper founder
* convergence of health/athletic data and IT
* virtual coaching: ahead/behind pace, in-app reminders to go faster or slower on their iOS app.
The more data you have over what you’re doing physically, can help you react. How am I doing against my peers? This was interesting, since Jason sees his company’s first product ‘Run Keeper’ as the jumping off point to more athletic-body sensing applications. The point was raised about what point does the app which suggests a certain pace while running, dance the line of being medical advice. I think it is a good point, that the app needs more information about your health before suggesting a certain distance or pace for exercise. I’ll be curious myself as I use the app more, how I am improving athletically.

Overall, I found the signal-to-noise ratio of the unconference to be very high. For my first Barcamp, I would suggest it to all technically-inclined folks who just want to let their interests and imaginations plot the course of which talks they attend. I know I will be a repeat attendee. ]]> http://blog.jeffreyforman.net/2011/04/17/boston-barcamp-6-day-two/feed/ 0 http://blog.jeffreyforman.net/2011/04/10/barcamp-boston-6-day-one/ http://blog.jeffreyforman.net/2011/04/10/barcamp-boston-6-day-one/#comments Sun, 10 Apr 2011 12:13:22 +0000 Jeff Forman http://blog.jeffreyforman.net/?p=633 Continue reading →]]> Having never been to a Barcamp before, I knew the overall structure of the conference, but was curious if I would actually like it. Truth be told, I found it full of content, without a lot of fluff, even for the talks I sat in on where I had no prior knowledge. My notes follow, thanks to the great OSX app Notational Velocity hooked up to Simplenote. My overall thoughts in italic after each post.:

how to give a presentation people love and learn from
break presentation into 7-10 minute chunks
then transition 7 minutes into the talk to another topic, to keep people’s attention
insert emotion, a story. rather than just X happened.
(For a talk to be this meta, a presentation about giving presentations, I was not hooked. There weren’t any real nuggets of information here that made me sit up and say “Wow, I haven’t been doing this in the presentation I make.”)

how to run a startup like genghis khan, by @wufoo
* work like a nomad
* build an audience first. protect your audience. make the audience part of the show.
* make developers handle support requests. once devs get same question two or three times, they go in and fix the code so they dont get the question again.
(Presenter absolutely killed it. Engaging, fast talking (without mumbling), great slides that presented the information in clear and sometimes humorous ways. Made me think more about engaging the people I am trying to convince to my way of thinking)

android developer: war stories and antipatterns
yoni, lead android dev at scavngr
* dont code splashscreens. more of an iOS thing. if you have to preload data, show a progress bar in the app already open
* dont force orientation (landscape/portrait). support both
* dont assume their screen size. use relative layouts
(I went into this talk curious and with no prior experience or knowledge of writing an Android app. I don’t even own an Android phone. This was much more a round table, with those devs in the room very willing to share their experiences and war stories. I found they really had good experiential tips, rather than “This is the best practice” and moving on.)

ask a plasma physics grad student anything
(I must say this was completely over my head. The student at the front of the room, from MIT’s Plasma Science and Fusion Center, seemed to know his stuff and was genuienly interested in challenging the audience. What blew me away was the knowledge of the audience, asking very pointed questions with what sounded like real science to back it up.)

building fast websites, making users happy (@jonathanklein)
* google injected 400ms delay into search page, dropped 0.76% searches/users over time.
* phpied.com/the-performance-business-pitch
* faster sites rank better in google. site speed is part of search ranking.
* what’s load time? server side generation time, client side render time. 80-90% of load time takes place on the client.
* best practices:
* reduce http requests: combine css/js, use image sprites (one download and cut up into multiple images).
* minify css/jss: strip comments out and white space. (yuy, java library). will rename variables into shortest name possible
* gzip all text: html, css, js
* for graphics, use png8 (restricts you to 256 different colors in the image)
* jpegs can be saved at 75% quality
* image compressor: smush.it (from yahoo dev network), lossless compression.
* measuring performance
* google webmaster tools, www.webpagetest.org
* yotta, firebug, yslow, page speed, dynatrace ajax edition
(For an ops guy, I was really interested in this talk. Jonathan blew through his material at break-neck speed, but covered the topics and answered questions without feeling like the talk was broken up. Some really good information through his experiences, and things I would like to dig into more myself.)

nosql round table
* some are relational, others are key value
* redis, redis + resque
* cassandra
* mongodb
* why nosql over mysql? no schema, lack of migrations from version to version. being able to store different things. replication (single threaded)
* keeping mysql in sync with nosql layer about: broadcast updates from mysql over rapidmq(?).  nosql service grabs update from mysql.
* solutions that they discarded:
* cassandra: v0.6, latency spikes between nodes. node would get flagged as awol. cascading failure because data gets rebalanced. use “hinted handoff” to prefer the direction of the failover. supposedly better in v0.7. documentation is messy.
* in the cloud or in a dc? mostly EC2. local storage with evs slave.
* search via solr
(Another one where I went in having nothing but curiosity, since noSQL is one of the popular buzz words these days. Very engaged audience who shared war stories, both good and bad, implementing noSQL solutions in their workplaces. Left me with a stalk of websites to dig into.)

agile development war stories
* problems it tries to solve: waste. business approach.
* more collab between business and engineering. dont just throw the ‘stories’ from biz over the wall.
* focus on testable behavior. how can we test each iteration? should be part of the original story.
* be smaller, quicker, more iterative. ex// dont go off for 18 months planning your solution. business might change underneath you
* people do “agile but..” and tend to modify the methodology.
* burn down?
* should tasks stay <1 day? sounds a bit unreasonable, since “speeding up the server by 20%” is unable to be done in one day. task size should have a reason.
* average sprint time: 2 weeks
* do a code review before the planning meeting. so estimations on a piece of work can be completed in the meeting. ex// dont trace the code for the 1st time in a meeting.
* software to track scrums/managing stories: soft2, scrum ninja, team foundations studio (windows), white boards, index cards on a wall, ibm rational, pivotal tracker (good for distributed teams), mingle from softworks.
(Another highly-concentrated buzzword round table where I was more curious than anything. Some real good information about what works and what doesn’t when it comes to managing time and projects. Lots to read up on here, and see if I can apply it to my daily work life.)

Background: I was connected into my office’s VPN a few months ago and was noticed some very slow DNS resolution of host names back at the office. I would attempt to ssh into another host, and the connection would sit there for more than a few seconds before finally proceeding. This didn’t happen for just ssh, but also for making http requests. I dug into my resolv.conf locally and tried sending a few DNS queries via dig to the two DNS servers I was provided. The first one failed, the second one returned immediately with the correct response. I swapped the two entries and DNS resolution locally was back to where I would expect it, very fast. I alerted our IT group and the issue was fixed (the first DNS server had become hung, and needed a process restart).

Curiosity: This got me thinking, was everyone suffering my issue? Did the two DNS servers handed out always come in that same order? If so, DNS would have been slow for everyone. We’d all be timing out trying to query the first server, waiting for our local resolvers to query the second operational server. Could I get a DHCP server to randomize the list of DNS servers to its querying clients?

Assumptions: I am ignoring the fact that our VPN concentrator might not be running the ISC DHCPD, which my examples are based upon. I will split up each DHCP subnet into two groups, in a binary fashion.

How I did it: After doing some Google searches, I came across a post on the mailing list for ISC DHCPD users. It explained that you could do some logic on the incoming MAC address, and based upon that, hand out unique information, among it, DNS, routers, domain names, etc.I was curious to see if I could actually get this working.

I figure the easiest way to do this is paste some config data and go from there.

dhcpd.conf:
class "binary-group-0" {
    match if suffix(binary-to-ascii(2, 8, "", substring(hardware, 6, 1)), 1) = "0";
}

class "binary-group-1" {
    match if suffix(binary-to-ascii(2, 8, "", substring(hardware, 6, 1)), 1) = "1";
}

subnet 10.30.0.0 netmask 255.255.255.0 {
    option routers 10.30.0.1;
    option domain-name "vmtest.jeffreyforman.net";

    pool {
        allow members of "binary-group-0";
        range 10.30.0.20 10.30.0.30;
        option domain-name-servers 1.1.1.1, 2.2.2.2;
        on commit {
            execute("/bin/echo", "GROUP ZERO");
        }
    }
    pool {
        allow members of "binary-group-1";
        range 10.30.0.200 10.30.0.210;
        option domain-name-servers 4.4.4.4, 5.5.5.5;
        on commit {
            execute("/bin/echo", "GROUP ONE");
        }
    }
}

Configuration explination:
On lines 2-8, each named class is populated by clients whose MAC address corresponds to the appropriate ‘match’ line. These match do the following: Starting from the 6th byte of the client’s MAC address, grab one byte of data. Once we have that data, convert the binary data to ascii characters, without a separator using base two, each bit of data being eight bits long. With that data, take a string onecharacter from the end. We have created two classes here, one where the last character is 0 (zero), and the other is 1 (one).

On lines 10-30,we have a standard subnet declaration, with two pools. Each pool (lines 14-20, 21-29) uses the ‘allow members of’ to control which class of users from above the pool applies to. In this instance, we hand out two different ranges and sets of domain name servers depending on what class a user belongs. For my own debugging, I stick an ‘on commit’ execution in each pool. This outputs in the log when a lease is acquired for a particular client, and gave me some explanation about where I was in the config. These ‘on commit’ lines are purely for debugging, and can be removed for production. Clients whose MAC address ends in a binary ’0′, are placed in the 10.30.0.20-30 range with DNS servers 1.1.1.1 and 2.2.2.2. Those whose MAC address ends in a binary ’1′ are given an address in the 10.30.0.200-210 pool, with DNS servers 4.4.4.4, 5.5.5.5. You could easily put your own DNS servers in this section, modifying the order in any way you please.

Log Output:
Using a couple of VM’s on an isolated network at home (and playing with the MAC address of the client), I was able to test my above configuration. Notice on each they are given IP’s from each appropriate range, with the correct ‘echo’ statement being executed.

DHCPDISCOVER from 52:54:00:4c:f3:d4 (testvm1) via re1
DHCPOFFER on 10.30.0.21 to 52:54:00:4c:f3:d4 (testvm1) via re1
execute_statement argv[0] = /bin/echo
execute_statement argv[1] = GROUP ZERO
GROUP ZERO
DHCPREQUEST for 10.30.0.21 (10.30.0.1) from 52:54:00:4c:f3:d4 (testvm1) via re1
DHCPACK on 10.30.0.21 to 52:54:00:4c:f3:d4 (testvm1) via re1

DHCPDISCOVER from 52:54:00:4c:f3:d3 via re1
DHCPOFFER on 10.30.0.201 to 52:54:00:4c:f3:d3 (testvm1) via re1
execute_statement argv[0] = /bin/echo
execute_statement argv[1] = GROUP ONE
GROUP ONE
DHCPREQUEST for 10.30.0.201 (10.30.0.1) from 52:54:00:4c:f3:d3 (testvm1) via re1
DHCPACK on 10.30.0.201 to 52:54:00:4c:f3:d3 (testvm1) via re1

Appendix:
For those curious about how I came to breaking up the MAC address of the client, I became painfully familiar with the dhcp-eval man page. I honestly would not wish that man page on anyone, it is woefully confusing for someone who does not dabble in DHCPD configuration on a daily basis.

MAC Address: 52:54:00:4c:f3:d3

binary-to-ascii(2, 8, ":", hardware);
1:1010010:1010100:0:1001100:11110011:11010011

binary-to-ascii(2,8,".", substring(hardware,6,1));
11010011

suffix(binary-to-ascii(2, 8, ":", hardware), 1);
1

There you have it. Now you can break up your clients into binary groups, handing them different network information depending on where they fall. Obviously if you want to split them up into more than two groups, the match statements become a bit more verbose for each condition. Ultimately this would not have solved my problem of being given a ‘bad’ DNS server first in line for my request (since my MAC address would always be the same), but it does spread the load among DNS servers over local clients. I am now curious, when I get the free time, to play around with creating an on-commit-like command that based upon its execution (generate a random number for example), changes the order of DNS servers handed out to clients.

References:

• http://easycalculation.com/hex-converter.php
• http://www.linuxmanpages.com/man5/dhcpd.conf.5.php
• https://lists.isc.org/pipermail/dhcp-users/2011-February/012784.html

2011/01/29-18:09:55 [3581] Error output from bind9:
2011/01/29-18:09:55 [3581]     Died at /usr/local/etc/munin/plugins/bind9 line 41.
2011/01/29-18:09:55 [3581] Service 'bind9' exited with status 2/0.

Digging around in the Bind9 Munin plugin, line 41 complains about a state file that Munin uses. The plugin immediately tries to open the state file, without checking if the file is actually present. (TODO: Check to see what ramifications there are to just creating the file if it is not present.)

Line 41:

    open(Q,"< $STATEFILE") or die;

After digging around to figure out the plugin state directory (/var/munin/plugin-state, for those following along at home), I was back in business.

[root@dns1 ~]# cd /var/munin/plugin-state
[root@dns1 /var/munin/plugin-state]# touch bind9.state
[root@dns1 /var/munin/plugin-state]# chgrp munin bind9.state
[root@dns1 /var/munin/plugin-state]# chmod g+rw bind9.state
[root@dns1 /var/munin/plugin-state]# ls -al
total 4
drwxrwxr-x  2 nobody  munin  512 Jan 29 18:13 .
drwxr-xr-x  3 munin   munin  512 Jan 29 14:47 ..
-rw-rw-r--  1 root    munin    0 Jan 29 18:13 bind9.state

Relevant bind named.conf stanza for query logging:

logging {
  channel default_queries {
    file "/var/log/queries.log" versions 3 size 500k;
    severity info;
    print-severity yes;
    print-category yes;
    print-time yes;
  };
  category queries { default_queries; };
};

With that, ‘munin-run bind9′ worked. I restarted the munin-node process and queries are now being graphed as expected.

Enter Munin, an RRD-graph based tool that creates easy to understand (for the most part) graphs of data over time. Munin plugins can be written to scrape any data you are able to programatically retrieve and whip it into a pretty graph. The plugin I wrote for Munin scrapes the data from a Motorola Surfboard SB6120 modem’s status page, and presents it in an easy-to-digest format for Munin. Previous Munin plugins handled the old SB4120 and SB5120 modems. These are old DOCSIS 2.0 products, and therefore the status page has evolved, and displays the connection data in a way where the old plugin does not work on the SB6120 modem.

Without further adieu, the graph produced by my plugin is:
The graph shows the various downstream and upstream channels, graphing the signal-to-noise ratio dB (decibel) of each respective channel.  Suggested values for Comcast in particular can be found in a FAQ entry from Broadband Reports. These are just suggestions, and different values will have different effects on your Internet connection. A severe dip in the graph could correspond to your modem being unable to stay sycned with Comcast’s infrastructure, which translates to an unstable Internet connection.

Installation instructions follow common Munin plugin practices, by creating the plugin (or a symlink to the plugin) in the /etc/munin/plugins/ directory to the plugin code. Mine is written in Python, so a basic Python install is required on your machine. Source can be found can be found in my munin-surfboard6120 repo on Github.

Enjoy! (Comments/criticisms are welcomed to improve the usefulness of this plugin)

>>> time.strftime(“%Y%m%d-%H%M.%S”, time.gmtime(os.path.getctime(“$path_to_file”)))
’20101213-1948.58′

My proposed workflow: Start with a local clone of the Nagios configs. Add a host,  service, or contact to a local nagios Config file. Git commit locally. Git push to the remote repo on the monitoring box. The Nagios config parser would run remotely verifying the syntactic-correctness of the proposed-check in. If these checks fail, reject the push. If parsing succeeds, accept the push, and restart Nagios (hence reloading the new configs). I wanted to alleviate the need for an admin to log into the monitoring machine at all. This would eliminate the need to add sudo permissions to a group of users to allow them to restart the Nagios service.

Without further delay, on to the code. The first piece, was the pre-receive hook with Git. I used this hook specifically because it has the power to accept or reject a push.

Behold, $git_repo/.hooks/pre-receive:

#!/bin/bash
while read OLD_SHA1 NEW_SHA1 REFNAME; do
 export GIT_WORK_TREE=/tmp/nagiosworkdir
 /usr/bin/git checkout -f $NEW_SHA1
 sed -i "s|cfg_dir=CHANGEWITHGIT|cfg_dir=${GIT_WORK_TREE}\/config|g" $GIT_WORK_TREE/nagios.cfg
 sudo -u root /bin/chgrp -R nagios $GIT_WORK_TREE
 sudo -u root /usr/sbin/nagios3 -v $GIT_WORK_TREE/nagios.cfg > $GIT_WORK_TREE/check.out
 NAGIOS_CHECK_STATUS=$?
 echo "Nagios Config Check Exit Status:" $NAGIOS_CHECK_STATUS
 if [ "$NAGIOS_CHECK_STATUS" -ne 0 ]
   then
   echo "Your configs did not parse correctly, there was an error. Output follows."
   cat $GIT_WORK_TREE/check.out
   exit 1
 else
   echo "Your configs look good and parsed correctly."
   exit 0
 fi
done

The operations here flow from checking out the pending push to a ‘temporary directory’ (explained below), and then making a slight modification to the nagios.cfg to handle our temp configs being somewhere other than the Nagios install directory. This is needed since we want to parse our configs, and not the ones currently in-use on the machine. After this is done, we parse the output of that check, and based upon that output, either accept or reject the push. In the case of a rejection, the output of the verification is printed for the user to see. This output is pretty clear when explaining where the error is.

And now the post-receive:

#!/bin/bash
cd /etc/nagios3/testing
/usr/bin/env -i /usr/bin/git pull
echo "Restarting Nagios now"
sudo -u root /usr/sbin/service nagios3 restart

The post-receive happens after the entire process is done [1]. We change into the directory of the Git clone of your monitoring config repository. which itself is inside /etc/nagios3, and execute a ‘git pull.’ The need to wrap it around ‘env’ is because of an issue I also learned in this process. [2] The GIT_DIR directory is set to the directory of your repository. In this case, we must change to another directory on this machine, which is outside of our initial Git repo. Therefore we must ‘unset’ this variable, which is what the ‘env’ execution does.

This is pretty straightforward for the most part. The part of the process new to me was the GIT_WORK_TREE. I received a a pretty simple explanation from the author of Gitolite. He explained that the work tree directory is a directory where the potential new commit can be checked out before it is actually allowed to be pushed into the remote repository. Essentially, the opposite of a bare repository. The reason I do this is because I want to do the parsing check before I actually allow the push. I can’t ‘git pull’ the new repository directly into the Nagios configuration directory before it is actually committed. GIT_WORK_TREE allows this intermediary functionality.

The reasoning for the ‘sed’ modification in that file is that since I will be checking-out the intermediary files into a new directory, I need a Nagios config file that references this intermediary directory. How did I get around this? I copied the nagios.cfg file I would run my install with into the repo, and changed the cfg_dir directory to something I can easily modify during the check in (cfg_dir=CHANGEWITHGIT). This file is not expected to be used on the actual server, so do not copy this one over your actual Nagios.cfg file.

The chgrp magic is because the user who runs the Nagios application must have read access to the configuration files.

Relevant sudoers lines needed:

git ALL=(ALL) NOPASSWD: /bin/chgrp -R nagios /tmp/nagiosworkdir
git ALL=(ALL) NOPASSWD: /usr/sbin/nagios3 -v /tmp/nagiosworkdir/nagios.cfg
git ALL=(ALL) NOPASSWD: /usr/sbin/service nagios3 restart

The three lines above are as such. (1) Allow the git user to, without a password, change the group of the temporary Nagios work dir. (2) Allow the git user to, without password, run the verification of the to-be-committed files. (3) Actually restart the Nagios service.

A successful commit, including a restart of Nagios looks like the following:

jforman@merlot:~/devel/testing/config$ git commit . && git push
[master 2f796e3] testing for the blog post
 1 files changed, 1 insertions(+), 1 deletions(-)
Counting objects: 7, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 394 bytes, done.
Total 4 (delta 2), reused 0 (delta 0)
remote: Previous HEAD position was ca6dd74... fix now
remote: HEAD is now at 2f796e3... testing for the blog post
remote: Nagios Config Check Exit Status: 0
remote: Your configs look good and parsed correctly.
remote: From /home/git/repositories/testing
remote:    ca6dd74..2f796e3  master     -> origin/master
remote: Updating ca6dd74..2f796e3
remote: Fast-forward
remote:  config/contacts_nagios2.cfg |    2 +-
remote:  1 files changed, 1 insertions(+), 1 deletions(-)
remote: Restarting Nagios now
remote:  * Restarting nagios3 monitoring daemon nagios3
remote:
remote:    ...done.
To git@monitor:testing.git
   ca6dd74..2f796e3  master -> master

This was definitely an eye-opening learning process for me into all the moving parts of Git. I hope this Howto helps those out there looking for a solution like this. Enjoy!

Addendum:

For those wondering about the various permissions of the git_work_tree directory and also the repo checkout inside /etc/Nagios3:

monitor:/tmp/nagiosworkdir

drwxrwxr-x  3 git  nagios  4096 2010-11-16 16:13 nagiosworkdir

monitor:/etc/nagios3/testing

drwxr-xr-x  4 git  nagios  4096 2010-11-15 08:36 testing

[1] http://progit.org/book/ch7-3.html

[2] http://debuggable.com/posts/git-tip-auto-update-working-tree-via-post-receive-hook:49551efe-6414-4e86-aec6-544f4834cda3

Insert my 11-year old HP2100m printer that I have outfitted with an HP Jetdirect 610N 10/100 internal print server. This allows me to stick this printer on my network and print away, no intermediary required. What does this save? The printer is not tied to one computer’s parallel/USB port. I can shut off my main desktop, and still print over the network.

The next problem: Who wants to print to 10.10.0.205? Hard coding an IP address into the printer config is just asking for bad news, especially with DHCP involved. Better yet, if I shut off the printer for a week, its DHCP lease could expire, and upon restarting the printer, it could grab 10.10.0.215. Now I have to go around and fix my printer config, my wife’s, and all the other devices.

Enter dynamic DNS:

Snippet from /etc/dhcpd.conf:

# Dynamic Updates
ddns-updates on;
ddns-update-style interim;

host hp2100m {
    hardware ethernet 00:01:e6:23:df:4f;
    ddns-hostname "hp2100m";
}

Here we see I have specified the MAC address of the print server and the dynamic dns host name. According to the page which I stole most of the information from, you can specify a ddns-domain-name as well. When trying to do that, I recieved the following error:

/etc/dhcpd.conf line 60: semicolon expected.
ddns-domain-name "home.jeffreyforman.net"

Even with the semicolons present, I still need to tinker around with that line and figure out why I can’t set the domain name explicitly. I can only assume the domain name is deduced according to the layer 3 subnet which the printer is on.

Now you need the BIND configuration from named.conf

zone "home.jeffreyforman.net" IN {
 type master;
 file "master/db.home.jeffreyforman.net";
 allow-update { key "ddns-key"; };
};

zone "0.10.10.in-addr.arpa" IN {
 type master;
 file "master/db.10.10.0";
 allow-update { key "ddns-key"; };
};

These are the forward and reverse DNS respectively. Using a shared key, this enables only the allowed DHCPd to enable DNS records on this particular BIND server.

Snippet from daemon log:

Sep 24 08:29:12 formangate dhcpd: DHCPDISCOVER from 00:01:e6:23:df:4f via vr1
Sep 24 08:29:13 formangate dhcpd: DHCPOFFER on 10.10.0.205 to 00:01:e6:23:df:4f (hp2100m) via vr1
Sep 24 08:29:18 formangate dhcpd: Added new forward map from hp2100m.home.jeffreyforman.net to 10.10.0.205
Sep 24 08:29:18 formangate dhcpd: added reverse map from 205.0.10.10.in-addr.arpa to hp2100m.home.jeffreyforman.net
Sep 24 08:29:18 formangate dhcpd: DHCPREQUEST for 10.10.0.205 (10.10.0.1) from 00:01:e6:23:df:4f (hp2100m) via vr1
Sep 24 08:29:18 formangate dhcpd: DHCPACK on 10.10.0.205 to 00:01:e6:23:df:4f (hp2100m) via vr1

This shows the DHCP server interacting with the printer, and then sending the new forward and reverse DNS mappings to the DNS server.

I can now ping hp2100m from machines at home, and configure all printing to use that hostname, no matter what IP address it points to.

jforman@server1f:~$ ping hp2100m
PING hp2100m.home.jeffreyforman.net (10.10.0.205) 56(84) bytes of data.
64 bytes from hp2100m.home.jeffreyforman.net (10.10.0.205): icmp_seq=1 ttl=64 time=5.69 ms

*Note: The configuration snippets above are not complete, and will require other information to complete this roll out and enable Dynamic DNS.

Comcast, loved or hated, started IPv6 trials on their own network, turning up customers on their (trial?) IPv6 network. Since IPv6 is not in widespread use today, and not all destinations on the Internet can handle v6 requests, there are several stop-gap solutions. One of them is IPv6 6RD, where RD stands for “Rapid deployment.” From my little understanding, this allows Comcast customers to encapsulate v6 traffic inside v4 packets through Comcast’s network to the IPv6-enabled destinations.

Without further wait, this is how I did it (save the several weeks of headbanging frustration that ensued):

Comcast provides their customers with some network addressing information:

IPv6 prefix = 2001:55c::/32
6rd BR FQDN = 6rd.comcast.net
IPv4 prefix length = 0</pre>

Having only a very cursory knowledge of IPv6 addressing, I stumbled my way through the configuration. The IPv6 prefix is used to determine the breadth of Comcast’s v6 network, which octets are network bits, and what bits are host bits. The BR FQDN (border router, fully qualified domain name) is the IPv4 hostname for the gateway in which my firewall will connect to reach the “v6 Internet.” IPv6 packets are encapsulated inside v4 packets, and passed through this border router for further transit.

On to the configuration. First off, I use OpenBSD 4.7 on my firewall/router. It runs on a little embedded box, using pf as the firewall packet filter.

First we must set some system variables via sysctl (via command line and commit to /etc/sysctl.conf):

net.inet6.ip6.accept_rtadv=0
net.inet6.ip6.forwarding=0

These two variables tell your machine not to accept router advertisements (don’t act like a DHCP client accepting network configuration), and the second one tells your machine not to forward IPv6 packets. v6 unlike v4, for the most part, obviates the need for NAT. Therefore if this value were ’1′, you would be forwarding v6 traffic from the external Internet to all v6-enabled devices on your home network. Unless you really intend to open up your home network to the entire Internet, keep this value as 0 for now.

I created a little shell script that creates the tunnel interface (gif0), and then configures the interface and default routes.

#!/bin/sh -x
WANIP=`ifconfig vr0 | grep -v inet6 | grep inet | awk '{print $2}'`
HOSTRD=`host 6rd.comcast.net | awk '{print $4}'`
V6PREFIX=`printf '%02x%02x:%02x%02x' $(echo $WANIP | tr . ' ')`
ifconfig gif0 destroy
ifconfig gif0 create
ifconfig gif0 tunnel ${WANIP} ${HOSTRD}
ifconfig gif0 inet6 2001:55c:${V6PREFIX}::1 prefixlen 32
ifconfig gif0 up
route -n add -inet6 default ::1 -ifp gif0

The nasty bits are mostly in the first three variables.
WANIP is the external IPv4 IP of my firewall
HOSTRD is the IPv4 IP of Comcast’s IPv6 border router
V6PREFIX: This takes WANIP and converts the IP into its hexadecimal equivalent. This is the format used in IPv6 addresses, and will make up the rest of my personal IPv6 prefix.

Most of the script is self explanatory, and large chunks are stolen from others on the Comcast IPv6 message boards. I have set my external IPv6 tunnel interface to $prefix::1, and set the route for all IPv6 traffic to go out over the gif0 tunnel interface.

At this point, if pf is disabled (therefore allowing all packets through to your machine), you should be able to ping6/traceroute6 to various IPv6-enabled Internet sites. These include ipv6.google.com, www.kame.net and ipv6.comcast.net.

# traceroute6 ipv6.google.com
traceroute6: Warning: ipv6.l.google.com has multiple addresses; using 2001:4860:800f::63
traceroute6 to ipv6.l.google.com (2001:4860:800f::63) from 2001:55c:MY:PREFIX::1, 64 hops max, 12 byte packets
1  2001:55c:MY:PREFIX::1  21.491 ms  19.103 ms  22.759 ms
2  2001:558:e0:52::1  20.734 ms  19.227 ms  16.623 ms
3  2001:558:e0:24::1  17.903 ms  18.821 ms  19.193 ms
4  te-0-3-0-4-cr01.newyork.ny.ibone.comcast.net  21.704 ms  23.512 ms  24.715 ms
5  pos-1-12-0-0-cr01.mclean.va.ibone.comcast.net  27.821 ms  41.616 ms  31.4 ms
6  pos-0-3-0-0-pe01.ashburn.va.ibone.comcast.net  25.451 ms  34.823 ms  25.43 ms
7  2001:558:0:f749::2  29.801 ms  39.119 ms  33.211 ms
8  Vlan22.icore1.AEQ-Ashburn.ipv6.as6453.net  34.592 ms  36.29 ms  33.039 ms
9  pr61.iad07.net.google.com  34.766 ms  34.493 ms  39.389 ms
10  2001:4860::1:0:9ff  34.941 ms  35.911 ms  32.12 ms
11  2001:4860:0:1::149  37.298 ms 2001:4860:0:1::14b  48.993 ms 2001:4860:0:1::149  37.446 ms
12  iad04s01-in-x63.1e100.net  36.593 ms  31.367 ms  33.089 ms</pre>

This post only involves getting your gateway machine speaking IPv6. I have been able to wire up the rest of my internal LAN using rtadvd, and allow them IPv6 access. There are a lot more pieces here, including rtadvd and packet filtering that I don’t quite fully understand yet how they all interact, and will require another post.

Added update
To use tcpdump to watch IPv6 traffic: tcpdump -i $interface ip6