Twitter Weekly Updates for 2011-02-27

• @ArjenNL reboot vanwege kernel upgrade :) in reply to ArjenNL #
• @ArjenNL De nieuwe kernel wordt door Ksplice ondersteunt, dus als het goed is voorlopig de laatste reboot. in reply to ArjenNL #
• Anyone know why http://www.apache.org is down? #apache #isdown #
• @PieterKirkels Extra biertje aanbieden! in reply to PieterKirkels #
• Trouble sleeping again. Luckily not due to the dog this time. #
• As of next month, Kumina is larger then it has ever been. Three full-time workers and one part-time. #yay #
• Google Adwords just advised me to triple our Adwords daily allowance so it could send 22% more visitors to our site… #fail #
• @baseonmars hey man, they released quad core macbook pros, did ya hear? #obliging in reply to baseonmars #

Powered by Twitter Tools

Tags: tweets

HowTo: Reset a cryptostick

We use this cryptostick a lot and always thought that there was no way to reset it once you entered the admin PIN incorrectly three times. Well, there is a way to reset it! Found it here and describing it below for future reference.

Create a file with the following contents:
/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo card has been reset to factory defaults

And make the key accept those commmands:

gpg-connect-agent < FILE

That's it!

Twitter Weekly Updates for 2011-02-20

• Dog forced open the door to the hallway and ran up the stairs. Twice already. No idea what's wrong. Left a light on, now. Hope it helps! #
• Nope, that's not it. Guess I'm sleeping on the couch tonight. #
• @channtalle Waarom moet je verplicht solliciteren als je al werk hebt? in reply to channtalle #
• We're looking for a new guy at Kumina! Read about it here: http://bit.ly/gIdPL8 #vacature #eindhoven #
• @Dankjewelske Vrouwen die reageren hebben voorrang, maar die zijn er bijna niet :s in reply to Dankjewelske #
• Argh! Is there an earthquake coming or what? Sleeping on the couch again. #sillydog #
• @ariejan Actually, she's known the trick for years, she does the same with fireworks. I think she's scared of my bunny… in reply to ariejan #
• Anyone want to foster a four year old bunny? She's a bit shy, but not really afraid! #
• @chantallemouwer chanster? :) in reply to chantallemouwer #
• @davecoveney Depends on how far they go. I don't think it's unreasonable to ask for the reason of default choices. in reply to davecoveney #

Powered by Twitter Tools

Tags: tweets

Job opening

Kumina is looking for a new full-time junior systems administrator per April 2011. Are you the person we’re looking for?

We’re looking for someone who…

• … doesn’t quit when the going gets tough
• … has an interest in system maintenance
• … is comfortable with responsibility
• … wants to go the extra mile if that results in higher quality of the end-product
• … is versatile and wants to learn new things all the time
• … can work with a team, but not necessarily in a team

Linux knowledge is not necessarily required, if you’re willing to learn fast. You can find info about what we do on our website. Some keywords:

• Do it right or don’t do it at all
• Puppet
• Debian Linux
• Apache, nginx, etc.
• Tomcat, GlassFish, Rails, Django, etc.
• KVM, Xen, libvirt, etc.

We’re looking for a full-time employee starting April 2011. Interested? Send your resumé and an introductory letter to jobs@kumina.nl!

Twitter Weekly Updates for 2011-02-13

• @zipkid ouch… Sterkte! Hopen dat ze em snel fixen! in reply to zipkid #
• RT @fietske How great entrepreneurs think very good article http://bit.ly/ea4yKH #fb #
• @fietske Awesome article, thanks for sharing! in reply to fietske #
• Those who believe in telekinetics, raise my hand ~ Kurt Vonnegut (via spike in ##infra-talk) #
• @Dankjewelske In Eindhoven? Of ergens anders? in reply to Dankjewelske #
• Zo, weer klaar bij de bank. Snel weer naar Eindhoven. #
• Gratz Egypt! Nice example of how far you can get with peaceful protests and perseverance! #

Powered by Twitter Tools

Tags: tweets

Hetzner Failover IP OCF script

At Hetzner you can get very cheap servers. If your application stack can handle failovers and the like, it’s a cheap venue to setup a fairly large setup. One thing that’s a bit different than at most other colocators I know, is their network setup. They actually route all traffic via managed switches to your machine. So all machines are in their own network. That can be a problem if you want to do cool stuff like moving an IP address on the fly.

Luckily, they have provided “Failover IP” addresses, which you can allocate to a server and which you can switch to another server. But only via a web interface. The web interface also has an API, which makes things a bit easier. For one of our customers, we wrote an OCF script that can perform the failover, so we can user heartbeat and pacemaker over there.

Due to the fact that pacemaker expects all variables to be the same on both machines, we need to use several data sources. We’ve created it as follows:

• An OCF script that calls a Python script for assigning the failover IP
• The aforementioned Python script, which reads some variables from a local file (defaults to /etc/hetzner.cfg) and which actually talks to the API to switch the IP address or check if the IP address is currently assigned to this host
• A local config file which is read by the Python script and contains the Hetzner API credentials and the local machine IP address.

The local IP address in the configuration file is needed because we run all important stuff in VMs and the API expects the IP address of the iron to which you want the failover IP to point. Usually, you do not have access to the local IP address, which is why we simply set it up in the configuration file. The Python script is fairly simple. You can run it with -h to see the possible commands you can give it. The config file probably requires some explanation:

[dummy]
user = #12345+RaNdM
pass = sEcReT
local_ip = 1.2.3.4

The user and pass can be generated from the Hetzner Robot interface. When you have selected the server to which the failover IP is assigned, select the Admin option and request new credentials. These are specific to that machine and all resources assigned to that machine. This is a safety measure. The local IP is the primary IP address of the local machine. So if you want to be able to switch the failover IP address to the machine with the local IP address of 2.3.4.5, that machine will have local_ip = 2.3.4.5 in it’s /etc/hetzner.cfg file. Are you still following this? Good!

Now, the using the OCF script is simple. Add it to /usr/lib/ocf/resource.d/kumina/hetzner-failover-ip and setup your CRM configuration as follows:

primitive IP_mysql ocf:kumina:hetzner-failover-ip \
	op start interval="0" timeout="300s" \
	op monitor interval="60s" timeout="300s" \
	params ip="1.1.1.1" script="/usr/local/sbin/parse-hetzner-json.py"

The 1.1.1.1 should be replaced with your failover IP, of course. The script needs to be added. If you want to use another configuration file, you can change it into /usr/local/sbin/parse-hetzner-json.py -c /etc/myconfig.hetz or something that suits your fancy. The timeout is needed, because the Hetzner API is a slow beast. (On a related note, I think it’s possible to change the OCF script to use this as a default, but I couldn’t find it quickly.)

Do let us know if you have questions or if this helped you!

The files:

• OCF script
• Python script

Update: Add monitor statement to CRM configuration, to work with scenarios where failover addresses are modified manually.

Twitter Weekly Updates for 2011-02-06

• Monday morning is definitely not my favourite time of the week. Especially when it's below zero. Brrr #
• @Dankjewelske Ja, zodra ik weer in een warme ruimte ben ipv deze koude trein :( in reply to Dankjewelske #
• I do so enjoy watching ksplice upgrade production machines from our clients without reboots! So worth it. #ksplice #
• MySQL binlog corruption, I haz it. #
• @woutlemmens gratz! Ow en ik zou mailen, he… Meteen maar even doen. in reply to woutlemmens #
• Meteen de eerste dag lopen op nieuwe schoenen was een slecht idee… Gelukkig kwam ik erachter terwijl ik nog thuis was! #au #
• Any ruby on rails dev looking for a job in Amsterdam? Awesome little company with big aspirations is looking for you! #
• Really not feeling well. Considering not attending #fosdem tomorrow. :( #
• @spikelab I'm home, sick :( in reply to spikelab #
• @spikelab Really feeling aweful, if it was just a cold, I would've jumped in the car anyway :S in reply to spikelab #

Powered by Twitter Tools

Tags: tweets