anoncvs1/cvsup14

November 30, 2011 by · Leave a Comment 

My old anoncvs/cvsup server (anoncvs1.freebsd.org/cvsup14.freebsd.org) finally died and I am working on building up a new one.

I have setup the hardware and I am prepared to ship the server out. Just need to confirm the new IP info and ship it out. Hopefully I will get this done this week prior to heading out to LISA.

The FreeBSD Forums are now available via IPv6

July 20, 2011 by · Leave a Comment 

Give it a try and let me know of any problems: http://forums.freebsd.org.

BSDCan: FreeBSD Developer Summit

May 11, 2011 by · 1 Comment 

I am attending the FreeBSD Developer Summit for the next two days proceeding BSDCan. It is good to see everyone again and wonderful to sit down and talk with them face to face. Simon and I will be getting together and working on some clusteradm@ topics. I am currently in the Documentation Working Group meeting and we have covered many different subjects, but one of interest to me is.. We are talking about converting from SGML to XML for the Handbook and Articles. There are many benefits, such as making digital publishing easier.

The Right Way(tm) to change password hashes on FreeBSD with Puppet

April 5, 2011 by · 3 Comments 

Describing what I really wanted to happen a coworker of mine, Andrew Hust, was able to help me write up the ruby to get it done. So without further delay:

http://freebsd.so14k.com/puppet/pw_managespasswords.diff

I will be sending this to the FreeBSD puppet port maintainer and submitting it as a patch to the port soon. I wanted to get it out there so we could get some feedback.

Update: See the new patch I posted in the comments.

Changing password hashes on FreeBSD with Puppet

February 17, 2011 by · 5 Comments 

I finally hacked together a Puppet recipe to update password hashes on FreeBSD!

Let me first say that I want to get native support for this to work like it should. According to this page: https://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Free_Bsd. FreeBSD is missing something in the shadow libraries. I have added a note to that comment requesting someone add more info, so that we can tackle that problem.

On to the solution..

I have a custom function called `setupuser’ to manage users/groups/homedirs. I inherited this function from a coworker, so I am not sure if it is the best or right way. It did happen to make tackling the problem easy. Here is the custom function:

define setupuser($realname, $username, $password, $uid, $gid, $groups = false, $shell, $homedir) {

        group { "$username":
                ensure => present,
                gid => $gid
        }

        user { "$username":
                require => Group[$username],
                ensure => present,
                password => $password,
                uid => $uid,
                gid => $gid,
                comment => "$realname",
                groups => $groups,
                home => "$homedir",
                shell => "$shell"
        }

        file { "$homedir":
                require => User[$username],
                ensure => directory,
                owner => $username,
                group => $username,
                mode => 0700
        }

        case $operatingsystem {
                freebsd: {
                        exec { "$username hash":
                                command => "echo '$password' | pw user mod $username -H 0",
                                unless => "grep -q '$username:$password:' /etc/master.passwd",
                                path => "/bin:/usr/sbin:/usr/bin",
                                require => User[$username],
                        }
                }
        }

}

For reference here is what a call to that function looks like:
(the hash has been modified of course)..

setupuser { "brd":
        realname => "Brad Davis",
        username => brd,
        password => '$1$fffffffffffffffffffffffffffffffffffff,
        uid => 2012,
        gid => 2012,
        groups => $admingroup,
        shell => $defaultshell,
        homedir => "/home/brd"
}

Puppet on FreeBSD

August 31, 2010 by · Leave a Comment 

If you need to set a users password hash like I do, the following link might save you some time:

http://projects.puppetlabs.com/projects/1/wiki/User_And_Homedir_Recipe_Patterns

I am working on getting something along these lines included into Puppet proper, but until then.

Tricky tricky Firewalls

May 16, 2010 by · Leave a Comment 

A few weeks ago I installed a the first firewall in the brand new “yet to be named” datacenter that we are building out for The FreeBSD Project. I wrote a quick PF ruleset to get things going and make sure we could ssh back in before I left the datacenter. I started it and immediately lost my ssh from the outside and could not get back in. I flushed the rules and decided it would have to wait for later because I had a plane to catch.

At BSDCan I finally got some time to look at the rules and figure out what was going wrong. A handy thing to do is setup a cronjob to automatically flush the rules every 5 minutes while you work on them to prevent locking yourself out. After setting up the cronjob I noticed that I could get in just fine if I explicitly added the IP to the rule I was using instead of using the following:

pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state

So I started looking at the interfaces and I noticed I had accidentally put the IPs on the wrong interfaces. I had the CARP IP on the main interface and the main IP on the CARP interface. Once I noticed this I was able to move the IPs to where they should be and everything worked like it should.

« Previous Page