Monday, May 15, 2023

Poetry - how to add a dependency of a private git repo?

poetry add git+ssh://git@github.com/org/private-repo.git

Based on https://github.com/python-poetry/poetry/issues/835#issuecomment-600773746

Posted by at No comments:

Tuesday, April 18, 2023

OpenAPI 3.0 - Model Composition; interesting idea ... only idea now

DRY is one of key principles in software development.

I was happy to see OpenAPI schema can be extended if needed and wanted to benefit from it

"jira_cloud_input": {
"type": "object",
"properties": {
"api_token": {
"type": "string"
},
"name": {
"type": "string"
},
"from": {
"type": "string"
},
"interval": {
"type": "string"
},
"index": {
"type": "string"
}
},
"xml": {
"name": "jira_cloud_input",
"attribute": false,
"wrapped": false
}
},
"jira_cloud_input_disabled": {
"allOf": [
{
"$ref": "#/components/schemas/jira_cloud_input"
},
{
"type": "object",
"properties": {
"disabled": {
"type": "string",
"enum": [
"0",
"1"
]
}
}
}
]
}

This looks nice in Swagger Editor

Relevant endpoint definitions also look as expected:

When python client code is generated in the editor it does not look so nice however (taking sample from README.md)

What is generated from "standard" schema definition looks fine

# create an instance of the API class
api_instance = swagger_client.DefaultApi(swagger_client.ApiClient(configuration))
api_token = 'api_token_example' # str | (optional)
name = 'name_example' # str | (optional)
_from = '_from_example' # str | (optional)
interval = 'interval_example' # str | (optional)
index = 'index_example' # str | (optional)
output_mode = 'output_mode_example' # str | The name of the item to operate on (optional)

try:
api_response = api_instance.splunk_ta_jira_cloud_jira_cloud_input_post( api_token=api_token, name=name, _from=_from, interval=interval, index=index, output_mode=output_mode)
pprint(api_response)
except ApiException as e:
print("Exception when calling DefaultApi->splunk_ta_jira_cloud_jira_cloud_input_post: %s\n" % e)

Unfortunately, where the extension was used lacks of method parameters

# create an instance of the API class
api_instance = swagger_client.DefaultApi(swagger_client.ApiClient(configuration))
name = 'name_example' # str | The name of the item to operate on
output_mode = 'output_mode_example' # str | The name of the item to operate on (optional)

try:
api_response = api_instance.splunk_ta_jira_cloud_jira_cloud_input_name_post( name, output_mode=output_mode)
pprint(api_response)
except ApiException as e:
print("Exception when calling DefaultApi->splunk_ta_jira_cloud_jira_cloud_input_name_post: %s\n" % e)

As a consequence, I need to break DRY rule just to have reliable client code generated.

PS: I do use swagger-codegen-cli-v3 docker image in fact to generate the client code

Posted by at No comments:

Tuesday, September 27, 2022

How to Deploy Cisco ASAv in AWS?

I was working on AWS lab with ASA recently.

There is fantastic step-by-step instruction. When going through it, pay attention there is sub-instruction you should implement first.

Anyway, once I was to finish the ASA instruction, there was no connection from the internet to ASA management. I had "jump host" as a "side effect" of the sub-instruction, so I was able to connect via private IP address.

Issue was in route table - lack of entry for internet gateway. See this troubleshooting instruction for a reference.

Posted by at No comments:

Friday, September 9, 2022

Sysmon For Linux - where it works and where not?

I was installing Sysmon For Linux with use of the project instructions.
Once sysmon is installed, it requires to accept EULA and start with some configuration - see relevant paragraph in the project documentation.

Let me describe general rules before going into details:

  1. AWS was used to create following linux machines.
    AMIs owned by AWS or organisation that is responsible for specific distribution were selected only.
    All labs were created in us-west-1
  2. The same config files was used for all distributions/versions
  3. The effort was a part of greater automation project. As a consequence, some commands were modified to non-interactive/pre-approved.
  4. If there was an issue, no more than few hours hours were spent to find a solution.
    If the solution would require to use different than Microsoft package for specific distribution/version, the solution is not applicable.

Let me start from distributions where the instructions were sufficient:

  • Ubuntu 18.04 and 20.04
  • openSUSE 15
  • Fedora 33 - just one comment here: wget was not pre-installed, so before the instructions, following has to be executed:
sudo dnf search wget
sudo dnf install -y wget
There was one case (for SLES 15), where the instruction had to be modified to make the sysmon works. A solution was to take openSUSE instruction and instead of pointing to openSUSE 15 repo, to point to relevant SLES repo.
This can be also a hint for solution for other cases - see Ubuntu 22 as an example.
... and the code:
sudo zypper install -y libicu
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
wget -q https://packages.microsoft.com/config/sles/15/prod.repo
sudo mv prod.repo /etc/zypp/repos.d/microsoft-prod.repo
sudo chown root:root /etc/zypp/repos.d/microsoft-prod.repo

sudo zypper install -y sysmonforlinux

Let's come to cases where the instruction failed:

  • Ubuntu 21.04 - it's already EoL; administrator is forced to upgrade to Ubuntu 22.04
  • Ubuntu 22.04
sudo apt-get install sysmonforlinux

ends with error

Unable to locate package sysmonforlinux

If package for Ubuntu 21.04 is used all seems to work fine - sysmon was started and all of 8 Event IDs are returned. Content also looks fine at first glance, but I'm not sure about details.

  • Fedora 34
[root@ip-172-31-10-70 fedora]# sysmon -accepteula -i /tmp/all_rules_included.xml 

Sysmon v1.0.2 - Monitors system events
Sysinternals - www.sysinternals.com
By Mark Russinovich, Thomas Garnier and Kevin Sheldrake
Copyright (C) 2014-2021 Microsoft Corporation
Using libxml2. libxml2 is Copyright (C) 1998-2012 Daniel Veillard. All Rights Reserved.

Loading configuration file with schema version 4.60
Sysmon schema version: 4.81
Configuration file validated.
Job for sysmon.service failed because the control process exited with error code.
See "systemctl status sysmon.service" and "journalctl -xeu sysmon.service" for details.
[root@ip-172-31-10-70 fedora]# systemctl status sysmon.service
× sysmon.service - Sysmon event logger
     Loaded: loaded (/etc/systemd/system/sysmon.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Fri 2022-09-09 10:36:37 UTC; 5s ago
    Process: 15510 ExecStart=/opt/sysmon/sysmon -i /opt/sysmon/config.xml -service (code=exited, status=13)
        CPU: 5.781s

Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal sysmon[15557]: /opt/sysinternalsEBPF/sysinternalsEBPF_offsets.conf
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal sysmon[15510]: Telemetry failed to start: Configuration could not be loaded
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal systemd[1]: sysmon.service: Control process exited, code=exited, status=13/n/a
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal sysmon[15557]: <Event><System><Provider Name="Linux-Sysmon" Guid="{ff032593-a8d3-4f13-b0d6-01fc615a0f97}"/><EventID>4</EventID><Version>3</Version><Level>4</Level><Task>4</Task><Opcode>0</Opco>
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal sysmon[15557]: Stopping....
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal sysmon[15557]: Total events: 0, bad events: 0, ratio = -nan
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal sysmon[15557]: Lost events: 0, in 0 notifications
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal systemd[1]: sysmon.service: Failed with result 'exit-code'.
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal systemd[1]: Failed to start Sysmon event logger.
Sep 09 10:36:37 ip-172-31-10-70.us-west-1.compute.internal systemd[1]: sysmon.service: Consumed 5.781s CPU time.

The error suggests issue with the package, so no solution was tried. 

  • Debian 10 & Debian 11
    Error was the same for both versions (beside version number OFC)
fatal: [X.XXX.XX.XXX]: FAILED! => {"changed": true, "cmd": "sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install sysmonforlinux
", "delta": "0:00:03.241709", "end": "2022-09-06 10:24:14.629355", "msg": "non-zero return code", "rc": 100, "start": "2022-09-06 10:24:11.387646", "stderr": "W: GPG error: https://packages.microsoft.com/debian/10/prod buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
E: The repository 'https://packages.microsoft.com/debian/10/prod buster InRelease' is not signed.
W: GPG error: https://packages.microsoft.com/debian/10/prod buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
E: The repository 'https://packages.microsoft.com/debian/10/prod buster InRelease' is not signed.
E: Unable to locate package sysmonforlinux", "stderr_lines": ["W: GPG error: https://packages.microsoft.com/debian/10/prod buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF", "E: The repository 'https://packages.microsoft.com/debian/10/prod buster InRelease' is not signed.", "W: GPG error: https://packages.microsoft.com/debian/10/prod buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF", "E: The repository 'https://packages.microsoft.com/debian/10/prod buster InRelease' is not signed.", "E: Unable to locate package sysmonforlinux"], "stdout": "Hit:1 http://security.debian.org/debian-security buster/updates InRelease
Hit:2 http://cdn-aws.deb.debian.org/debian buster InRelease
Hit:3 http://cdn-aws.deb.debian.org/debian buster-updates InRelease
Get:4 https://packages.microsoft.com/debian/10/prod buster InRelease [29.8 kB]
Err:4 https://packages.microsoft.com/debian/10/prod buster InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
Hit:5 http://cdn-aws.deb.debian.org/debian buster-backports InRelease
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
apt-transport-https is already the newest version (1.8.2.3).
0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Hit:1 http://security.debian.org/debian-security buster/updates InRelease
Hit:2 http://cdn-aws.deb.debian.org/debian buster InRelease
Hit:3 http://cdn-aws.deb.debian.org/debian buster-updates InRelease
Hit:4 http://cdn-aws.deb.debian.org/debian buster-backports InRelease
Get:5 https://packages.microsoft.com/debian/10/prod buster InRelease [29.8 kB]
Err:5 https://packages.microsoft.com/debian/10/prod buster InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...", "stdout_lines": ["Hit:1 http://security.debian.org/debian-security buster/updates InRelease", "Hit:2 http://cdn-aws.deb.debian.org/debian buster InRelease", "Hit:3 http://cdn-aws.deb.debian.org/debian buster-updates InRelease", "Get:4 https://packages.microsoft.com/debian/10/prod buster InRelease [29.8 kB]", "Err:4 https://packages.microsoft.com/debian/10/prod buster InRelease", "  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF", "Hit:5 http://cdn-aws.deb.debian.org/debian buster-backports InRelease", "Reading package lists...", "Reading package lists...", "Building dependency tree...", "Reading state information...", "apt-transport-https is already the newest version (1.8.2.3).", "0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.", "Hit:1 http://security.debian.org/debian-security buster/updates InRelease", "Hit:2 http://cdn-aws.deb.debian.org/debian buster InRelease", "Hit:3 http://cdn-aws.deb.debian.org/debian buster-updates InRelease", "Hit:4 http://cdn-aws.deb.debian.org/debian buster-backports InRelease", "Get:5 https://packages.microsoft.com/debian/10/prod buster InRelease [29.8 kB]", "Err:5 https://packages.microsoft.com/debian/10/prod buster InRelease", "  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF", "Reading package lists...", "Reading package lists...", "Building dependency tree...", "Reading state information..."]}

There were two solutions applied, but none resolved the issue

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com EB3E94ADBE1229CF
sudo apt update 

curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

Posted by at No comments:

Monday, March 16, 2020

How to train remotely?

I (re)started the blog after months of mental preparations ... and thought it will be for DevOps, scripting or related things.
On the other hand, I feel internal pressure to share experience that teachers may find useful now.

I was high school and academic teacher for a few years.
That experience helped me to become a trainer in my company. I was leading up to two, 3-hour, remote, training sessions a day for almost 2 years. There were from few to ~150 attendees.
Despite my role was more technical after the 2 years period, I was still leading training sessions:

  • remotely -- I was not in class room and students were not in class room as well
  • on site -- me and students were in the same class room
  • "hybrid" -- me and some students were in the same class room and some students were remote
  • "remotely" -- students were in class room and I had to lead session from home office (extraordinary situation, happened once and didn't work at all)
You know a little bit about me, so let's focus on question given in the post subject:
  1. You will need some TeleConf tool
    1. There are quite many available -- you may just give a try to zoom. You'll get your personal meeting number that you can share with your students
    2. Test the tool just to make sure it works well for you
  2. Announce the training session
    1. Write on facebook, WhatsApp, blog, email or use any communication channel you normally using when contacting your students (pupils or their parents)
    2. Share meeting url, meeting time, if people should confirm, etc.
  3. Check the content you are to share with your students
    1. you may want to record your training session and share with those who were not able to attend
    2. even if you are not recording, some attendee may record confidential information 
  4. Start training session at given time 
    1. share your screen with some slide
    2. wait up to 5 minutes so everyone who wants to attend is able to join
  5. Say "hello" to joining persons
    1. to make sure they can hear you and you can hear them
    2. make sure they are able to see what you are sharing
  6. Start training session setting "social contract"
    1. students are asked to mute and stay on mute
    2. questions can be raised on chat during training session
      1. Type on chat something like : "Write your questions here"
      2. Ask students to check they can see your message; you'll confirm chat works fine and students see where the chat is
    3. unmute when there is a Q&A or discussion
  7. B E    S L O W
    1. there may be weak connection and some words may be missed
    2. if you switch forward and backward, users may see not clear picture
      1. before you switch to next view, think if everything to be said about current view was said
      2. check chat to make sure there was any question related to current view
  8. You've got set of individuals instead of a class.
  9. Be aware, not seeing them, you loose a lot of information
    1. Check awareness of the attendees from time to time during training session (2 - 4 x more often than you'd do in class room)
    2. Talk to your students after the session to get feedback. Use the feedback to be better prepared for next session
Feel free to comment if you think some crucial information was missed.
Posted by at No comments:

Sunday, March 15, 2020

Via HAProxy to two nginx (on docker) static pages

I did recently an exercise formulated as below:
  1. There should be a static, html, content available on two host machines (eg. "hello 1" and "hello 2" respectively)
  2. The content, should be served by nginx on docker
  3. HAProxy in front of the nginx showing alternately content from one or another machine
  4. Technological stack to be used:
    1. Azure
    2. Terraform
    3. Ansible
Solution can be found @ https://github.com/hsekowski/devops01
Points for further development are documented as the project issues : https://github.com/hsekowski/devops01/issues
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Comments (Atom)