Blog posts

2013-01-17 – Gitano – git hosting with ACLs and other shininess

gitano is not entirely unlike the non-web, server side of github. It allows you to create and manage users and their SSH keys, groups and repositories from the command line. Repositories have ACLs associated with them. Those can be complex (“allow user X to push to master in the doc/ subtree) or trivial (“admin can do anything”). Gitano is written by Daniel Silverstone, and I’d like to thank him both for writing it and for holding my hand as I went stumbling through my initial gitano setup. (read more …)

2012-09-04 – Driving Jenkins using YAML and a bit of python

We recently switched from Buildbot to Jenkins at work, for building Varnish on various platforms. Buildbot worked-ish, but was a bit fiddly to get going on some platforms such as Mac OS and Solaris. Where buildbot has a daemon on each node that is responsible for contacting the central host, Jenkins uses SSH as the transport and centrally manages retries if a host goes down or is rebooted. All in all, we are pretty happy with Jenkins, except for one thing: The job configurations are a bunch of XML files and the way you are supposed to configure this is through a web interface. (read more …)

2012-07-23 – Automating managing your on-call support rotation using google docs

At work, we have a rotation of who is on call at a given time. We have few calls, but they do happen and so it’s important to ensure both that a person is available, but also that they’re aware they are on call (so they don’t stray too far from their phone or a computer). In the grand tradition of abusing spreadsheets, we are using google docs for the roster. (read more …)

2011-10-21 – Today's rant about RPM

Before I start, I’ll admit that I’m not a real RPM packager. Maype I’m approaching this from completely the wrong direction, what do I know? I’m in the process of packaging Varnish 3.0.2 which includes mangling the spec file. The top of the spec file reads: %define v_rc %define vd_rc %{?v_rc:-%{?v_rc}} Apparently, this is not legal, since we’re trying to define v_rc as a macro with no body. It’s however not possible to directly define it as an empty string which can later be tested on, you have to do something like: %define v_rc %{nil} %define vd_rc %{?v_rc:-%{?v_rc}} Now, this doesn’t work correctly either. (read more …)

2011-10-05 – The SugarCRM rest interface

We use SugarCRM at work and I’ve complained about its not-very-RESTy REST interface. John Mertic a (the?) SugarCRM Community Manager asked me about what problems I’d had (apart from its lack of RESTfulness) and I said I’d write a blog post about it. In our case, the REST interface is used to integrate Sugar and RT so we get a link in both interfaces to jump from opportunities to the corresponding RT ticket (and back again). (read more …)

2011-08-31 – Bizarre slapd (and gnutls) failures

Just this morning, I was setting up TLS on a LDAP host, but slapd refused to start afterwards with a bizarre error message: TLS init def ctx failed: -207 The key and certificate was freshly generated using openssl on my laptop (running wheezy, so OpenSSL 1.0.0d-3). After a bit of googling, I discovered that -207 is gnutls-esque for “Base64 error”. Of course, the key looks just fine and decodes fine using base64, openssl base64 and even gnutls’s own certtool. (read more …)

2011-08-03 – libvmod_curl – using cURL from inside Varnish Cache

It’s sometimes necessary to be able to access HTTP resources from inside VCL. Some use cases include authentication or authorization where a service validates a token and then tell Varnish whether to proceed or not. To do this, we recently implemented libvmod_curl which is a set of cURL bindings for VCL so you can fetch remote resource easily. HTTP would be the usual method, but cURL also supports other protocols such as LDAP or POP3. (read more …)

2011-07-23 – Keep calm and carry on.

We will not be consumed by hate. We will not restrict fundamental freedoms, nor become a surveillance state. We will keep calm and carry on. We will grieve for those lost and hurt in this terrible tragedy. (read more …)

2011-05-21 – Upgrading Alioth

A while ago, we got another machine for hosting Alioth and so we started thinking about how to use that machine. It’s a used machine and not massively faster than the current hardware, so just moving everything over wouldn’t actually get us that much of a performance upgrade. However, Alioth is using FusionForge, which is supposed to be able to run on a cluster of machines. After all, this was originally built for, which certainly does not run on a single host. (read more …)

2010-11-30 – My Varnish is leaking memory

Every so often, we get bug reports about Varnish leaking memory. People have told Varnish to use 20 gigabytes for cache and they discover the process is eating 30 gigabytes of memory and they get confused about what’s going on. So, let’s take a look. First, a little bit of history. Varnish 2.0 had a fixed per-object workspace which was used for both header manipulations in vcl_fetch as well as for storing the headers of the object when vcl_fetch was done. (read more …)