Dealing with secrets and sensitive data in Puppet is daunting, right? Nope, not at all. Let me show you how to do it. I've wrapped my head around the options available and want to share my journey in hopes of saving you from a few trials and tribulations. Just interested in the end result? Feel free to scroll down to the last section fittingly entitled The final product. Preface Puppet’s InfraCore team manages engineering's core infrastructure from hardware to the actual host configuration of running applications and services. The InfraCore team was already utilizing hiera-eyaml in their control repo when I joined them last April. That control repo is used by all of SRE at Puppet so this meant other teams could take advantage of having secrets, like passwords and AWS keys, versioned in git without fear of exposure to everyone with access to the repo. That's a big » Read more

 genebean        

This is a step-by-step walkthrough for dual booting a MacBook Pro (Mid-2015 aka MacBookPro11,5) that already has macOS High Sierra on it with Linux Mint. The hard drive is formatted APFS and has File Vault turned on. Before beginning I suggest reading this entire post to see how involved it is or, at a minimum, read the known issues at the bottom. Full Backup Any time you start messing with the partitions of existing drives its a good idea to have a full backup you can fall back on as its really easy to have your drive become unbootable. One way to do this is to use Carbon Copy Cloner. It'll take care of backing up all your files along with the special partitions needed to make things work including the recovery partition. Be sure to put the backup on an external hard drive. Formatting your external drive When » Read more

 genebean        

Not long ago Puppet released version 5 to the open source world so, naturally, it was time to start updating all my projects to be compatible with it. The first stop along the way was at the house of Vagrant... only, there's a catch: it's been relocated. That's right, my Vagrant boxes got a shiny new home at app.vagrantup.com/genebean as part of some restructuring done by HashiCorp. After getting my new door key (aka account) I went next door to visit my friend Packer. I hung out in his workshop massaging my templates with the goal of updating and simplifying the boxes I build. The end result included combining all the versions of RVM into a single build and creating a new box for Puppet 5. Now, if you've ever hung around Mr. Packer for any length of time then you know he loves to create multiple » Read more

 genebean        

This is just a quick note for anyone else out there who recently ran brew update && brew upgrade and then found that Python no longer worked as expected. Here are the important points: The issue is that Homebrew introduced a breaking change and did a crappy job of documenting it. The fix is to prefix your path with /usr/local/opt/python/libexec/bin More details can be found at https://github.com/Homebrew/homebrew-core/issues/15746 For me, the fix was to add this to my .zshrc file: export PATH="/usr/local/opt/python/libexec/bin:$PATH" » Read more

 genebean        

I've been using GoAccess to look at my logs for a while now. The other day I decided I wanted be able to look at these stats for the different sites on my web server in a variety of ways including: all data from all sites combined all data on a per-site basis daily stats from each site kept for a week The thing with wanting daily stats is it helps if they are created in a way that only covers that day. That sounds simple, but the logrotate generally runs around around 3am. So what's the solution? Cron. To be more exact, run logrotate from cron and generate stats while you're at it. # Puppet Name: rotate nginx logs 0 0 * * * /root/updatestats.sh Now, if you are going to run logrotate from cron you'd better turn of the original one. Here's how I did that: $ cat /etc/logrotate.d/ » Read more

 genebean