Sunday, May 4, 2014

Using Puppet to open port 80 through the iptables command

Puppet provides an add-on module called firewall to manage firewall configuration on your system. I tried it out, and ended up locking myself out of my Vagrant box. All I needed to do was open port 80 on my VM, and the steps mentioned in the Puppet Firewall module setup page seemed like an overkill for something so simple.

So, I decided to understand the iptables command better. This writeup on centos website is an excellent introduction to understanding iptables. Armed with this knowledge, I realized all I needed was:
  1. Make a single rule entry on my Centos VM for allowing incoming traffic on port 80.
  2. Save the state of the iptables rule, so that on restart of the iptables service, this new rule is not lost.
Note: I am working on puppet v3.2.3 and Cento v6.4 Minimal Version.

If you google, most places you will find this command for opening port 80 (didn't work!):

sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

What this command essentially says is append (-A) a new rule to INPUT traffic chain, where for NEW connections of type tcp, and destination port (-dport) 80, perform ACCEPT connections.

This command did not actually open the port for me because this command "APPENDS" the rule right at the end of the iptable chain. By default, Centos already came with a rule:

-A INPUT -j REJECT --reject-with icmp-host-prohibited

The line I added, got appended AFTER this rule. Meaning, all requests were getting blocked anyways, and hence my rule to allow incoming traffic to port 80 was never evaluated.

Therefore, what we need to do is to insert our rule before the REJECT rule. To do that, we use the -I (insert) switch, instead of the -A (Append) switch. The -I switch needs to know the line number of the rule to insert at. To see the line numbers of various, use the following command:

ipTables with Line Number (Notice Line 5 Has the Reject Rule)

Using the "sudo iptables -L -n -v --line-numbers" you can see that by default line number 5 has the REJECT rule for all traffic.

Hence the command that we need to allow incoming traffic to port 80 is (works!):

sudo iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT

Now, our rules gets inserted at line 5, and everything works. Based on this knowledge, our puppet script now looks like this (using two execs):



The first exec fires the command only if it does not detect a port 80 entry (using the unless attribute). The unless attribute tests that a grep on iptables-save command contains port 80 entry. The iptables-save command allows us to see the current iptables rule configuration in a parseable format.

The second exec fires the service iptables save  command to save the configuration to disk. This command needs to be fired only if the first exec actually makes an entry. Hence we specify notify attribute in exec and also mark this exec with refreshonly => true so that it is executed only as part of the notify process, and should not be executed otherwise.

That's it! You should be good to go now! You can do the same thing if you also want to make an entry for port 443 (SSL) or anything similar.

Sunday, April 13, 2014

Reading Environment Variables in Puppet

Puppet uses a tool called Facter to discover facts about the system it is going to provision. Some examples of these facts are: $operatingsystem, $hostname, $processorcount, etc. These facts are available as variables in puppet to use in manifests. You can see the full list here: Factor 2.0 Core Facts.

If you want an environment variable, or a bash script parameter to be available to puppet, you need to make it available as a Facter fact. You can do that by simply setting a variable whose name is prefixed with the "FACTER_" string.

So for instance, if you wanted to make a variable called say $my_module_name available within puppet, and wanted its value to be equal to environment variable PRODUCT_MODULE_NAME, you could do the following in a bash script that invokes puppet:

export FACTER_my_module_name=$PRODUCT_MODULE_NAME

Now, $my_module_name variable will be available within your puppet manifests.


Setting a Default if Environment Variable is not set


To take this further, if you wanted your puppet variable to have a default value, if no environment variable was set, you could specify it in puppet manifest (.pp) file like this:

$module_name = $my_module_name ? {
      undef => "Admin_Module",
      default               => $my_module_name 
}

Note that the above code uses a different variable name called "module_name", whose value will be set to "Admin_Module" if $my_module_name is un-defined, else it will be set to value of "my_module_name" variable.
Now you can use $module_name in all your puppet manifests (instead of using $my_module_name).

To see a sample code where I did this in Bahmni Hospital Management System provisioning scripts, check out this Github commit: Example.

Tip: If you wish to debug what facts are being set in your system, you can use this snippet to print all facts to a file: Printing all puppet facts.

Tip: If your puppet script is running with "sudo", then the environment variables set in current environment won't be passed to the sudo environment. If you want that, then use "-E" switch with sudo to pass environment variables forward.


Saturday, March 1, 2014

Autojump: A neat command line utility that saves me tons of time

Autojump is a really neat utility that complements the cd command very nicely. For instance if I have a folder called "my_project", I can just say "j project", and the auto jump command will directly jump to this directory (wherever it is in my filesystem).

How does it work?

Autojump tracks how much time you spend in your command line on a specific folder. And builds a weight chart. So, if you have spent enough some time in your my_project directory on command line, and you say "j project", it will check its registry and jump to the highest match. And, the best thing is you don't even need to specify the full name. Partial names work!

Autojump in action

Install zsh. And install autojump. You will see a super productivity increase on command line.

Platforms Supported: Linux and Mac.

To install on Mac:
brew install autojump
And then copy the single line printed by brew install into your .bashrc or .zshrc file. After that go to command line, cd into a directory. Then cd to some other directory. And type "j ". You will see it work! 

Thanks to my colleague Ankit Dhingra for introducing me to auto jump. Goodbye to cd aliases.

Related Links:
https://github.com/robbyrussell/oh-my-zsh
https://github.com/joelthelion/autojump




Saturday, February 1, 2014

Displaying a Bootstrap Modal in Rails with an AJAX call

I am in the process of building a simple Learning Management Solution. I wanted to display a Bootstrap modal pop-up on click of the Add Capsules button. The idea was that on click of this button, an AJAX call should be made to the server, with the current Learning Path ID, so that it can query the DB, and find the potential capsules to be returned for the learning path. I would return an HTML snippet as response, which I wanted to insert into the body of the modal.

See screenshot below of how it looks:

Bootstrap Modal Pop up on click of Add Capsules button (with Ajax response body)












Check out this commit on Github to see the work that was needed: Bootstrap Modal Commit. The comment on the Github explains the details. It was actually quite easy once you know how.

I believe instead of sending an HTML snippet from the backend, a better practice is to send JSON data, and then construct the HTML at the browser via javascript. I guess, I could do that too, but this was really simple to do. I might modify it to return JSON some time in the recent future.

Reference:

Friday, January 10, 2014

Using Capybara and RSpec assertions in Page Objects

On my Rails project, I am using RSpec and Capybara to write functional tests.  I did not want to specify any HTML elements in my Capybara feature files, since that makes the feature files brittle to HTML / CSS changes. It also violates the DRY principle and basic code hygiene.

So, I decided to refactor out my HTML centric Capybara code into separate Page Objects. If you are unfamiliar with Page Objects, then read the following:



The Page Object pattern for encapsulating HTML centric DSL is a common pattern followed while writing UI level functional tests in ThoughtWorks.

The problem I was facing when I refactored my code into Page objects was that I was unable to use the RSpec 'expect' syntax in Page Objects. Turns out all I had to do in my page objects was:

include RSpec::Matchers

Here is the full code from my project on Github.
https://github.com/gsluthra/dakshina/tree/master/spec/features

The appropriate feature files and page objects in a GIST:

Saturday, September 21, 2013

Transferring all contacts from BlackBerry to Android Galaxy Phone

Yesterday, I was attempting to switch over from my Blackberry, to a Samsung Galaxy S, and spent quite some time figuring out.

There are many links on the internet. Finally here is what I did:

1. Bluetooth Option: I tried pairing my galaxy with blackberry in bluetooth. The pairing was successful. Then in bluetooth menu of Blackberry itself, when you select a bluetooth device, you will find an option saying "Transfer Contacts". I did that, and BB said -- 400 Contacts Transferred, but the Galaxy only added the FIRST contact! So basically, this method did not work for me :(

2. Using BlackBerry Desktop Software (for Mac):

  • I chose to "Sync Contacts" with Computer. There it gave me a warning, that this is the first time you are syncing contacts what should it do. I chose "MERGE", since I didn't anyways have any contacts on my Mac. 
  • After this, when I typed "Address Book" in my SpotLight, I saw all my Contacts had been successfully imported into my Local Address Book of Mac.
  • In Address Book preferences, if you select "Local On My Mac", there was an option for syncing Address book with Google Account. I gave it credentials of a new Gmail account I have created solely for Contact syncing with my android. Once I did that, all my contacts were sent to GMAIL. Then I unchecked the Gmail sync option from AddressBook since I didn't want any more sync to happen. 
  • I registered that particular GMAIL account in my Android (in Settings -> Account), and chose to sync only the CONTACTS. 




That's it. The contacts are now in my phone.. and they will stay 2 way synch with my Android-only GMAIL account, which is kinda neat.

Bye Bye Blackberry. I will miss the tiny red blinking light of my Blackberry.

Friday, June 21, 2013

Tata Photon & Reliance USB Dongle Connection Settings

TATA PHOTON

In India, if you want to manually enter your TATA Photon connection settings (on a Mac or Linux or Windows), here is what you need to do:

Telephone Number: #777
Account Name: 9XXXXXXXXX@photon.ttsl.in (prefix your tata photon phone number which usually starts with a 9)
Password: internet


RELIANCE NON-3G DONGLE

In India, if you want to manually enter your Reliance USB dongle connection settings (on a Mac or Linux or Windows), here is what you need to do:

Telephone Number: #777
Account Name: 9XXXXXXXXX (your reliance phone number which usually starts with a 9)
Password: Same as your reliance phone number which you entered above as account name

This should do the trick, since this is what worked for me on my Mac.