Green Thinking
  • About Me
  • Contact
  • Posts
October 9, 2016

Glastonbury Ticket Site Update - Comments

Old Article Comments

I exported these from my old wordpress blog, so they are a bit out of date, but I thought I’d keep them around for posterity.

[James Simpson] - Oct 0, 2016 Yep i know this struggle too - drop me an email for a collaboration approach. Although yes, it may be the case of rate limiting, there is more of an issue with actually getting connected in the first place. Think of the mass amounts of visitors over that short space of 45 min, its like an organised DDos attack on the servers… There is only so many concurrent connections a load balancer can take and redirect, and there will be thousands of people trying to get through that load balancer every second. It may be a good way to script something (which I am at the moment) to check for a connection straight through into the server, and then open a browser window with the same cookie/session id as if you were on a browser going straight through. It’s a hard one to call without knowledge of their server setup and how their scripts are set to load up pages or who gets access or not.

More!
June 17, 2015

Install a Babun (Cygwin) Shell and Ansible for Windows

Update: You might find this thread useful if you have issues getting ansible to work in babun/cygwin  - thanks mcfo for the comments. Update2: Another option is to run ansible inside a docker container using Docker for Windows.  This way you are actually using Linux to run ansible in, so are likely to have less problems.  Startup time, (after the first time you run it), should be very quick, so has none of the disadvantages of running inside a heavy VM. Babun is a nice distribution of cygwin with lots of pre-installed packages, and also a built in package manager called pact. It has an auto update tool, and includes most of the ansible requirements already, such as python and gcc. Another advantage is that it won’t affect your existing Cygwin install, should you already have one.  As such, it’s a pretty good way to get started with ansible on a windows workstation.  Note that this is not officially supported, but it is often needed, and works pretty well for the most part, with a few tweaks. This guide covers installing Babun, and the appropriate packages to get ansible working on Windows.

More!
June 17, 2015

Install a Babun (Cygwin) Shell and Ansible for Windows - Comments

Old Article Comments

I exported these from my old wordpress blog, so they are a bit out of date, but I thought I’d keep them around for posterity.

[mat] - Oct 1, 2015 Thanks for sharing this !

mirzawaqasahmed - Nov 6, 2015 Hi Chris, Thanks for sharing this. However when i am running ansible-playbook it first gave me following error…

GATHERING FACTS \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* 0 \[main\] python2.7 8168 child\_info\_fork::abort: address space needed by '\_speedups.dll' (0x6D0 000) is already occupied Traceback (most recent call last): File "/opt/ansible/bin/ansible-playbook", line 324, in sys.exit(main(sys.argv\[1:\])) File "/opt/ansible/bin/ansible-playbook", line 264, in main pb.run() File "/opt/ansible/lib/ansible/playbook/\_\_init\_\_.py", line 348, in run if not self.\_run\_play(play): File "/opt/ansible/lib/ansible/playbook/\_\_init\_\_.py", line 739, in \_run\_play self.\_do\_setup\_step(play) File "/opt/ansible/lib/ansible/playbook/\_\_init\_\_.py", line 629, in \_do\_setup\_step accelerate\_port=play.accelerate\_port, File "/opt/ansible/lib/ansible/runner/\_\_init\_\_.py", line 233, in \_\_init\_\_ cmd = subprocess.Popen(\['ssh','-o','ControlPersist'\], stdout=subprocess.PIPE, stderr=subprocess. PIPE) File "/usr/lib/python2.7/subprocess.py", line 710, in \_\_init\_\_ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1223, in \_execute\_child self.pid = os.fork() OSError: \[Errno 11\] Resource temporarily unavailable then after running the ansible-playbook command gain, its giving me the following error: GATHERING FACTS \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* fatal: \[default\] => private\_key\_file (/.ssh/ansible-windows-ssh-key) is group-readable or world-readable and thus insecure - you will probably get an SSH failure TASK: \[ensure ntpd is at the latest version\] \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* FATAL: no hosts matched or all hosts have already failed -- aborting

ANY IDEA OF WHY IT IS HAPPENING. Thanks in advance Waqas

Ansible tutorial - part 1 - intro to Ansible - Jun 6, 2016 If you are using Windows, it’s a bit more hassle, unless you already have the Windows with Bash terminal! If you do, simply use APT for installing Ansible. However if you don’t have it yet, you need to install more things. On our Windows machines we use Babun (much better version of Cygwin, if you didn’t hear about it, check it out right now!). To install Ansible with Babun, please use this tutorial. […]

[mcfo] - Sep 3, 2016 Thanks! Regarding right-click pasting into vim: Add the line set mouse-=a to your ~/.vimrc and it should work.

[Zoran] - Sep 0, 2016 I see the issue below: jinja2 is installed but seems to be unknown to ansible. Any suggestions? Thanks.

More!
May 13, 2015

Off to Hudl

Hudl_PrimaryAfter almost 10 years at Servelec-Corelogic I’ll be starting in a new position at Hudl on 1st June. I’m excited and nervous about the change and looking forward to meeting my new colleagues and learning about how they do things over there! Some of thethings to look forward to are their open-minded approach to technology, working culture and cutting edge continuous deployment processes. I’m sure I’ll learn a lot, and hopefully I can add some of my experiences to the team. It looks like I’ll be off to Lincoln, Nebraska in June to do some training and meet everyone. It’s going to be really tough leaving Corelogic. But it’s about time to see what the outside world is like - and I hope it will be a fun and positive move for me.

More!
March 31, 2015

Some Thoughts on Almost 9 Years of Remote Working

Since I started working for Corelogic in 2005, I only spent the first year working in the office every day. I lived in London for that year, within walking distance of the office, in a nice, albeit small 1 bed flat. That flat probably cost around the same price as our4 bed semi in Nottinghamshire (and that was years ago). But I digress. Anyway, I didn’t enjoy living in London too much. It’s a nice place to visit, but it will always be there to visit. That doesn’t mean I had to live there. I found it too noisy, expensive and crowded for me. It’s still noisy and crowded, but even more expensive than it used to be. There’s a lot of good things about it, but I am not a particularly outgoing person, and I felt there was a lot of chaos there that you have to put up with day to day. Since I moved back to Notts, I have worked remotely, in various different arrangements, and have been doing that for the last (almost) 9 years.

More!
August 11, 2014

Sysdig - A general purpose system capture and analysis tool

I’ve just been looking at a nice new tool called sysdig, which seems to be really useful for analysing and troubleshooting on production systems.  There’s a great blog post by Gianluca Borello, detailing how he set up a number of honey-pot servers with poor passwords, and then captured system activity with sysdig, showing exactly how his server was compromised, and what the hacker did at each stage.  The level of detail he was able to garner is astounding, and I can see how powerful this tool could be in the future, for any sort of troubleshooting where it’s not clear exactly what has happened/is happening on a system.

More!
April 4, 2014

Active Directory to OpenLDAP Sync with LSC

Old Article Comments

I exported these from my old wordpress blog, so they are a bit out of date, but I thought I’d keep them around for posterity.

[vinay shetty] - Nov 1, 2014 Super explanation.. Thanks lot

[Anderson] - Mar 5, 2015 Hi Chris, how I can synchronizing passwords (no plain text) between the openldap and Active Directory ?

Synchronizing users with LSC-project | Opencloud engineering - Sep 1, 2015 […]  -w ‘xxx’ Useful links: 1) Official LSC tutorial OpenLDAP to AD 2) Good blogpost AD to OpenLDAP 3) Official LSC documentation This entry was posted in Uncategorized and tagged ad, java, ldap, […]

[ebooster] - Nov 5, 2016 Hi Chris, Thanks for this. I was curious, did this config allow you to receive event notifications from Active Directory ? Namely, when an entry changed there, did lsc receive that change event automatically and near instantly ? That is what I am looking to do with no luck so far but I’m looking a bit closer at your configuration.

[chrisgilbert42] - Nov 5, 2016 Hi, if I remember correctly, this just synced on a schedule. It didn’t have a way of receiving events at the time. I am not sure if LSC can do that or not - it worked well for me as a scheduled tool, and is very flexible, but not that easy to get working for all purposes. It’s worth looking into AD LDS and federation as alternative approaches. If an external organisation needs access to AD records, then something like using federation on Azure is worth a look too (https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-azure-adfs/). But in our case we just cared about having a strongly enforced DMZ.

[chrisgilbert42] - Nov 5, 2016 Oh, I almost forgot, at Hudl we use Okta as a powerful alternative for authenticating to cloud services. Worth a look.

[ebooster] - Nov 5, 2016 Thank you much Chris.

[chrisgilbert42] - Mar 3, 2017 I’ve had a quick look around and I can’t find it now either. My article is a few years old now, and I work somewhere different, so can’t be sure I’m giving you great advice. However - first check this method is the best one to meet your use case. Since I wrote it, ADFS (federation services) are much better, and Microsoft also host a Azure based AD which can sync with your on-prem one. We were trying to create a strict DMZ, which we believed at the time was required, but there were other ways of solving the problem too. Also look at using newer real authentication protocols like OAuth, SAML and so on to solve single-sign on problems. LDAP is really an old fall back these days, and is not a particularly secure way of authenticating. Also, check out Okta SSO - this is a good way to control access to cloud products that your team use, hooked into AD auth. It works well and has Chrome/Firefox plugins and mobile apps, that’s something we use at hudl. If you give me a bit more information on the problems you are trying to solve I can maybe help further. For most companies, I’d start looking at a cloud first solution to SSO and authentication sharing because most people are accessing cloud apps all over the place now, with or without the IT department’s consent.

[chrisgilbert42] - Mar 3, 2017 Oh, I also found this for a similar comericial tool: https://www.manageengine.com/products/self-service-password/active-directory-password-synchronizer.html

[Jens] - Mar 3, 2017 Thanks for the article. I didn’t find anything in the web about hkpassword. Is the tool still available? Are you aware of other ways to sync the passwords from the AD?

More!
April 4, 2014

Active Directory to OpenLDAP Sync with LSC

I have recently had to sync accounts and groups from Activc Directory to OpenLDAP, for a requirement for a directory server in the DMZ.  A DMZ (De-millitarised zone) is an area of the network open to the internet.  It’s supposed to be separate from the rest of your LAN, so you can have services running on the internet without fear that people can break into your LAN from these. There are other options for doing this, including a read-only domain controller (RODC), a AD LDS (Lighweight Directory Server) and so on, but they all require connectivity back from the DMZ to the LAN, which is precisely what we are trying to avoid. If you start from the premise that no traffic at all be allowed to flow into the LAN from the DMZ, then how do you authenticate your user’s accounts?  The only real answer is a directory server in the DMZ, and to save our own users having to have multiple logins, clearly some sort of account sync would be required. We looked at a tool called LSC (LDAP Syncronisation Connector) which is designed for syncing various directory sources to and from each other.  It’s a very capable product, and now I’ve gone through the learning process, I will have to remember if for similar functions in the future (it can’t read/write from databases, CSV files and so on too). In order to get it set up, there are some gotchas, not least password sync, which requires another method.  But I will leave discussion of that until later.  First of all, I needed to get our users and groups into OpenLDAP from Active Directory. To set this up required a config file, a modified version of which is below:

More!
January 13, 2014

Non-Default Oracle Listener

A nice detailed description of how the oracle listener behaves in different scenarios, including the LOCAL_LISTENER parameter. http://edstevensdba.wordpress.com/2011/07/30/exploring-the-local_listener-parameter/

More!
November 12, 2013

HTTP 2.0 Is Coming

It’s been almost 15 years since the last standard of HTTP was ratified. HTTP is the protocol which transports web pages across the internet.  It’s a brilliantly thought out and quite simple protocol.  It’s beginning to show it’s age though, especially with the rise of many requests across multiple web servers. AJAX and newer technologies like WebSockets have worked around it’s limitations.  It’s inefficient at connections, is designed to be stateless, so doesn’t maintain data in it’s headers between requests, and it’s not great at doing lots of requests in parallel.  So, some clever bods at Google and elsewhere have come up with a new standard, which is due to join browsers next year. There’s some technologies like Google’s SPDY which have helped in the meantime, but this protocol change is really what the web needs for efficiency improvement, especially on mobile devices. When this makes it to browsers, (and web servers) we’ll see some real speed ups on many web sites. http://www.youtube.com/watch?v=E9FxNzv1Tr8

More!
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
© Green Thinking 2026