Monday 29 February 2016

Vagrant Change default ssh forwarded port

Vagrant is a great tool for quickly setting up and destroying a development test environment. By default it will define a local port on your workstation to port forward ssh traffic to the Vagrant box. For a multi server set-up environment I prefer to be able to specify the exact port to use for ssh port forwarding.
For example to set the ssh port forwarding as 4001 in the Vagrantfile you can define :
db.vm.network "forwarded_port", guest: 22, host: 4001, id: 'ssh'
It does require the id: section to be set for ssh. I find this really useful for Ansible so I can define the exact ssh port and IP address within my Ansible File.

Sunday 28 February 2016

Ansible Facts Caching With Redis

Ansible is an amazing tool for automation of tasks. Facts are details about the host that Ansible gathers when it connect to the machine. It will gather a significant amount of useful information that can be used in Playbooks e.g. OS version, IPv4/IPv6 addresses. To make Ansible go faster we can store the facts in a cache the first time in connects to the hosts. On subsequent Playbook executions Ansible will only look up the facts in the cache instead of gathering them again. There is a cache option fact_caching_timeout that can be modified to define how long the cache should be valid for in seconds.

Setup Redis for Ansible Caching

On Arch Linux install redis and enable it
  $ pacman -S redis
  $ systemctl enable redis
  $ systemctl start redis
Install the Python Redis packages
$ pacman -S python2-redis python-redis
Check redis is responding
$ redis-cli ping
PONG
Update /etc/ansible/ansible.cfg in a text editor
gathering = smart
fact_caching = redis
fact_caching_timeout = 86400
fact_caching_connection = localhost:6379:0
After running a Playbook redis-cli can be used to view the keystore e.g.
$ redis-cli 
127.0.0.1:6379> keys *
1) "ansible_cache_keys"
2) "ansible_factsDB1"

Sunday 21 February 2016

ssh agent and forwarding on Arch Linux for Ansible

I have been using Ansible a lot for automation of deployments recently. One of my deployments had the need to clone a git hosted project from a server in the cloud. I did not want to have to place my private key on the cloud server for security reasons. The answer for me was setting up an ssh agent on my Arch Linux workstation to simplify working for ssh keys. With the ssh agent in place I could use ssh agent forwarding to authenticate using the private key on my workstation. The same process would work for any version of Linux.

SSH Agent set-up

On the Arch Linux Wiki there is a number of suggestions but the one I found was the easiest was from this StackOverflow article by adding the following to my ~/.bash_profile
SSH_ENV="$HOME/.ssh/environment"

function start_agent {
echo "Initialising new SSH agent..."
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
echo succeeded
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
/usr/bin/ssh-add;
}

# Source SSH settings, if applicable

if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
    start_agent;
}
else
start_agent;
fi
This will check if you already have an ssh-agent running and if not will start a new agent. You can always check its running:
$ pgrep -a ssh-agent
23409 /usr/bin/ssh-agent
The ssh-agent daemon will automatically import the private key ~/.ssh/id_rsa which can be listed with:
$ ssh-add -L
Other private keys can be included for use by the ssh-agent with :
$ ssh-add <path to private key>

Agent Forwarding

Within my /etc/ansible/ansible.cfg file I set the following ssh settings
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
When Ansible is on the remote machine and clones from the git project the authentication will automatically be forwarded to my Arch workstation to be authenticated by the ssh-agent.

Obtain Random Words from a Dictionary in Linux

It can be very useful to be able to quickly generate random words from a dictionary in Linux. One common use case I have is generating random responses for the Security Questions on web sites. This is to avoid anyone easily guessing what the answers are. Typically the questions tend to be the same and not very difficult to guess. I save the actual responses in the Notes section of the Password Manager than I use.

Obtain A Dictionary Text File

There is a great dictionary list that is available with GNU Aspell (ftp://ftp.gnu.org/gnu/aspell/dict/0index.html) which provides a collection of International ‘words’ files for /usr/share/dict.
To install on Arch Linux :
$ pacman -S words
$ wc -l /usr/share/dict/usa
119095 /usr/share/dict/usa
There are a number of dictionaries installed under /usr/share/dict/ that you can choose from
$ ls /usr/share/dict/
american-english british british-english catala catalan finnish french german italian ngerman ogerman spanish usa

shuf - generate random permutations

We can use the shuf command to generate random words using a dictionary. Install shuf if its not installed :
$ pacman -S shuf
Then use the n argument to define the number of words you would like e.g.
$ shuf -n5 /usr/share/dict/usa
macroeconomic
visualizes
shabbiest
sen
chortler
To easily access this I have an alias :
alias GenerateRandomWord=’shuf -n5 /usr/share/dict/usa’