My tech week 2024ww22

2024, Jun 01    

Notes from this week

Cloud init

getting cloud init info

Something like

vmtoolsd --cmd "info-get guestInfo.metaData" | base64 -d

will show you what cloud-init has received at boot up using the “vmware” data source.

More here

Bonus info: There is a difference between vApp and guestinfo based info to cloudinit

Cloud init datasource OVF is the one for vApp, and datasource vmware is for guestinfo.

I tried to “info-get guestinfo.ovfenf” to no avail. It was suggested in an old post here.

You can use cloud-init query for some of this. I didn’t explore it further.

Software architecture

When the architecture has code smells reeks, you should do something. I knew this already, but I had failed in convincing my colleagues.

Now we have a software that has a hidden defect that we have not found for 6-12 months, that may or may not break most functionality,

We have not found it due to errors in our tests suite, but mostly due to sloppiness, where we don’t react properly to warnings signs.

Streaming IO in python

This rocks. And saves you from saving everything on disk. We discussed it, and a colleague implemented it.

This is important if the stuff you are copying is a big zip file, or many small files.

Before

Webserver A

Copy to local ws

Temp storage
Local caches
on ws

Copy from local ws

Webserver B

Local caching is smart, if copy speeds are low compared to disk speeds, if not - skip the caching and just download.

If the data copied are changed often, you will end up with lots of data in the cache on the ws, and you need to start having some sort of cleanup system.

After

Webserver A

Stream data
through ws

Webserver B

This can be implemented in a couple of simple classes in python, and used as a task in ansible.

Not sharing code here, since it is part of my day job, and I don’t know the IP policy.

(mermaid rocks)

FF send

This is a cool non-continued mozilla project that has been picked up by others. To its core, it allows you to upload a file, generate a link, and decide availability duration and allowed download count.

The idea of just uploading something and it gets automatically deleted appeals to me.

I must set up a system with this at some point. Perhaps it will be my first LXC on proxmox.

See here

Troubleshooting Wireguard

This was a previous week, but important.

no logs, then what?

From a trouble shooting point of view, the fact that wireguard does not “establish” a connection, but relies of just sending and receiving the relevant data gives you less to work with than e.g. openvpn.

The trick is to see the interface as an interface, and then use the usual tools.

  1. Use tcpdump on the uplink interface to see the packet going to the wg server
  2. Use `tcpdump on the wg interface to see the actual packets
  3. Use ip route or similar to ensure that the traffic is routed as you expect
  4. If you only do outgoing traffic, check encryption keys

Debian security updates and apt default

I found a bad one in my default debian setup

In /etc/apt/apt.conf, I set

APT::Default-Release "bookworm";

This omit any defined repos except “bookworm” - including security updates.

It must be changed to

APT::Default-Release "/^bookworm/";

which also includes “bookworm-security”. This is probably what you want.

ChatGPT4 tests

We had a conversation with it. It understood us. Impressive stuff.

I need to figure out how to use these new systems. I cannot just wait until it can run on a machine at home in a “safe” way.

This a new category of hammers and we must all figure out the possibilities and limitations of such a new tool.

Share on Twitter
# Ansible # python # vmware # chatgpt # architecture # wireguard # cloud init