Author Archives: Danny Silverman

Geeking Out

Running GitHub Enterprise in Amazon EC2

Update (2015-03-29): GitHub now supports an EC2 appliance and this information is no longer accurate. It is useful only for historic reasons or general background when confronting similar challenges from other vendors.

GitHub’s hosted offering allows companies to run their own private GitHub appliance behind their firewall.  It is distributed as an OVF container that runs under VMWare or VirtualBox.  But what if you want to run it, along with your other infrastructure, on AWS?  Here is the (completely unsupported) way to do it!

The goal is to get the base GHE virtual appliance running on AWS so that we can install the latest GHE software package on top of it.  This package takes care of updating and configuring everything.  Once the software package is installed, the appliance behaves just like its on-prem cousins.

Break into the virtual appliance

First we need the virtual appliance in a form that can be moved into AWS.  Download the current virtual appliance from the GHE dashboard and find a way to get at it.  You may be able to just launch it locally in VMWare or VirtualBox, if you are able to get root, but I did not do this Instead I extracted the archive (it is just a tar file) to get at the VMDK disk image inside, and attempted to import it into EC2 using the AWS VM Import/Export tool.

This requires some fiddling, because you have to install the old EC2 command line tools and get all the options right, with some plausible guesses about what is inside.  Here is the command I ended up running:

ec2-import-volume /var/tmp/github-enterprise-11-10-320-x86-64-disk1.vmdk \
 -f vmdk -z us-east-1a -b agperson-ghe -o $AWS_ACCESS_KEY -w $AWS_SECRET_KEY

Once the import is complete (you can check the status with ec2-describe-conversion-tasks) I attempted to launch it — and failed due to an unsupported kernel.  But never fear!

Figure out what’s under the hood

If you don’t want to do this yourself skip to the end of this section where I tell you the secrets.

The VM import creates an EBS volume.  It may not be runnable, but it is mountable!  So start up a one-off Linux instance and attach the volume to it.  The data is stored in LVM, so you may need to install the lvm2 package and then run lvmdiskscan to see the volume group.

Run vgdisplay to get the name of the volume group (“enterprise”) and activate it by running vgchange -a y enterprise. Now you can mount the root volume:

mkdir /ghe
mount /dev/mapper/enterprise-root /ghe

Poke around in this volume a bit and you will establish that the virtual appliance comes with Ubuntu 11.10 Oneiric (wow!) and is 64-bit. With this information, we can launch an equivalent instance in EC2.

Setup an Amazon-happy instance

Launch a new EC2 instance using the publicly available community AMI from Ubuntu for 64-bit Oneiric (make sure you are using the released version — in us-east-1 I used ami-13ba2d7a). I chose an m3.large which is a good baseline based on GHE’s requirements. Make sure to attach a second volume for data or make the root volume large enough to hold all your repositories, and use SSD storage because it makes life better. Put your new instance in a security group that allows traffic on ports 22, 80, 443, and, if necessary, 9418 (the git:// port, which is non-authenticated so often not used on GHE installs).

When the instance launches, login as the “ubuntu” user and become root. Modify the /etc/apt/sources.list to point all archive stanzas at old-releases.ubuntu.com (including the security ones). Run an apt-get update && apt-get upgrade and wait a few minutes.

Now you need to copy over all of the files from the virtual appliance. You can either do this via SSH from the one-off instance you launched earlier, or detach the volume from that instance and repeat the steps to get LVM running and attach it to the new instance. Either way, use rsync to get everything important onto your new VM. Rackspace offers a helpful tutorial on doing this, including a good set of directory paths to exclude. I used their list and everything worked fine. The command I ran with the volume mounted locally was:

rsync --dry-run -azPx --exclude-from="exclude.txt" /ghe/ /

(and once I was satisfied, I ran it again without the “–dry-run” flag).

Bombs away!

Before rebooting, copy your SSH key into /root/.ssh/authorized_keys in case anything goes wrong (and take a moment to ponder who Ben is and why his “HacBook-Air.local” key is on our server!). Then restart the instance and, when it is done booting, visit it via HTTPS to see the beautiful GHE setup screen! Upload the latest software package and your license key and give it half an hour or so, and if everything goes well, you will have a fully-functional GitHub Enterprise instance in the cloud.

Note that after the software package installs you will no longer have root access to the server. A pity.

A few other important steps are left as an exercise to the reader — lock down access, setup SES or some other email sending capability, stay in compliance with your license, and take frequent backup snapshots! Good luck!

★★★★☆
Review

The Internet’s Own Boy

Aaron Swartz

I’ve written before (and on several more occasions) about Aaron Swartz, a complicated and amazing person and digital activist who I followed and loosely orbited for many years.  Aaron did incredible work for and on behalf of the Internet as a democratizing medium, and he caused me to frequently question my own life and career choices.  He was targeted by an overreaching federal prosecution due to some of his activism work on the edges of the law, and after two years of pressure and abuse at the hands of the federal government, he tragically took his life in January 2013.

The Internet’s Own Boy: The Story of Aaron Swartz is a documentary film by Brian Knappenberger that traces Aaron’s life, his successes and failures, his political action and digital activism, his run-ins with the law, and his too-soon death.  Along the way several internet luminaries, journalists, activists, congresspeople, and other smart individuals weigh in and provide context.  I knew much of what the film presented but I still found it compelling.  While clearly opinionated, this film does a good job of portraying who Aaron was, what he believed in, and where things went so very wrong.

Many people feel that technology and politics together are too complicated, too confusing, and too inscrutable.  Many in government dismiss technology experts and inventors of things that have fundamentally changed our lives as mere “nerds”.  Aaron lived his whole life thoughtfully and fully, and his story is one that is approachable to anyone, technological or not.  The things he fought for are important, and they are comprehensible, and they should not be dismissed.  He showed how we can use technology and the internet to make this world a better one, and what we should do to stop others from using it to make the world worse.

The movie is imperfect, as was Aaron.  And it does a few funny things with time and ordering that slightly distort some of the major events in Aaron’s saga.  But on the whole it is thoughtful, and it is powerful, and it is worth watching.

You can view The Internet’s Own Boy: The Story of Aaron Swartz in its entirety for free on the Internet Archive.

Travel

European Conning

Meghan and I are currently attending a conference on a small island (!) in the Côte d’Azur — better known in English as the “French Riviera.” If this one is the norm, European-style tech conferences are quite a bit different from their American counterparts! Breakfast is early (7:30am), sessions run all day, and every evening includes dinner and drinks that start around 8:30pm and go past 11. The next morning, we wake up and start again.

Did I mention that every lunch and dinner is three courses and includes copious amounts of wine? And did I further mention that the wine is produced on this very island’s vineyards? Because yes, that’s a thing. And if you aren’t eating lots of paté and frequently emptying your glass, people start to wonder if you are ill.

We cut out early — it is only 10:30 — so Meghan can put the finishing touches on the talk she is giving tomorrow about user experience design. We also took a bit of time in the afternoon to wander around the island, which is quite a sight to behold — a few pictures above are a preview of the forthcoming album.

So far we have made friends with some Canadians, met some French and Italians, and had dinner with a contingent from Belarus. We learned that last year’s conference was held in a circus tent in Warsaw, so take that American conference centers!

It is fascinating to see people of all different languages and cultures come together to discuss their shared interest in technology. The opening speaker said that he hoped that everyone here would learn something new and then spread that knowledge by teaching it when they got home. I am reminded of how easy I have it as a native English speaker who never has to worry about a lack of documentation, examples, or online help. It is also interesting to hear from people in countries where there is much less appetite for working with modern, fast-moving languages and frameworks. Many of the people here really are ambassadors for and teachers of these technologies.

We are here for a couple more days, and then we will take a (ferry + bus + train) ride back up to Paris to spend some more time exploring that city’s wonders.

Citizens in a democracy make a certain pact with one another: to answer speech with more speech, not violence. No matter how angry what I say makes you, you do not have a right to pull a gun on me. But now the gun has already been drawn, nominally as an act of symbolic speech — and yet it still remains a gun. A slippage has occurred between the First and Second Amendments, and the First suffers as a result.

Patrick Blanchfield, “What Do Guns Say?“, New York Times
Geeking Out

Sending automated notifications to HipChat rooms

At work we have been piloting HipChat’s new self-hosted on-premises option for the last few months.  It has been great having a bunch of people who work in different buildings and on different schedules using shared chat rooms for communication.

I have also been experimenting with hooking HipChat into our toolchain. We now have a chat room where every Capistrano deployment is announced, and another where all of our high-priority Zabbix alerts are collected. HipChat makes this easy with their version 2 API’s room notifications feature. A room owner can simply generate a room-specific API token and plug it into a script to send notifications.

Here is an example:HipChat Zabbix Alerts

And to make it easy for the next person who wants to do this, I’ve released the code on GitHub.

Instructions for setting it up are in the README. And 15 minutes later, you’re in business with pretty and useful Zabbix notifications in HipChat.

Adventure

Moosilauke revisited

On Saturday Mat and I hiked Mount Moosilauke, one of New Hampshires “4000-footers.”  The weather was warm (40s), although the day was overcast and the summit was fogged in.  We got a late start after a wrong turn (kids, bring maps!), so we were a bit concerned about daylight.

A trail report from a few days earlier indicated that it would be smooth going, but apparently we mis-read it, because everyone else on the mountain that day had either skis, snowshoes, or both.  We had neither, and for the first 3+ miles almost ever step resulted in snow up to our knees.

We held out hope that as we gained elevation (and colder weather) the base would be harder-packed.  That was the case eventually, but the slow going coupled with our late start made us decide to turn back prior to the summit.  It was an adventure regardless, and on the way down we got in a lot of “sledding” on our behinds, which was a blast.

View photo slideshow

The eighth iteration

The last time I substantially changed this blog was in 2009, and in the last few years it has languished. I’m very happy with this modern update, which is very clean, simple, and content-focused. I’ve removed almost everything else, which should help me focus on the writing.  I plan to back-fill some posts from things I’ve written on Facebook and elsewhere, and go from there.  Welcome to AgBlog version 8, now with a new name and location!

Travel

A brief California whirlwind

On Friday I headed out to the West coast for a brief visit in order to surprise Aunt Linda on the occasion of her 60th birthday party. Well, she was surprised, thanks to some excellent planning, scheming, and misdirection. It was a really nice party.

On Saturday the out-of-town partygoers gathered at Strand Terrace for brunch.  I always love it when we host meals while I am in town because it is fun to cook together as a family.  Shaina made quiche, I chopped things and cooked up bacon, Mom made an apple cake, and Dad and Jess cooked as well as taking care of all the grocery shopping. The parents have redone their patio to give it more of an “outdoor living room” feel, and I think it really works — definitely a good fit for the California climate.

On Monday Jessica, Mom and I went paddle boarding in Newport Beach, which is fun once you recognize how absurd and inefficient it is.  The high winds kept pushing us back and threatening to topple us over, but we made it to our arbitrary goal (a bridge) and back without major incident.  In the morning Mom and I had also hiked at Santiago Oaks, so it was an active sort of day.

Throw in some family time, pool time, meal time, and beach time, and cap it with lunch at In-N-Out — a pretty good few days in the sun!  I’m sad that the trip is already over, but I’m spending a few days in Portland with Jessica before heading back home.

Geeking Out

Docking the hype of Docker (sort of)

Update 4/22/14: James Turnball has covered similar territory and reached similar conclusions. In fact the more I look, the more I see this debate playing out and the first generation of solutions beginning to take form. In just two months I’m now much more optimistic about the immediate applicability and viability of Docker to real-world problems.

I originally posted this entry on the HUIT DevOps community blog

DockerWhen I first heard about Docker I knew it was something to watch.  In a nutshell Docker is a mechanism on top of Linux Containers (LXC) that makes it easy to build, manage, and share containers.  A container is a very lightweight form of virtualization, and Docker allows for quickly creating and destroying containers with very little concern for the base OS environment they are running on top of.

Because Docker is based around the idea of running “just enough” OS to accomplish your goals, and because it is focused on applications rather than systems, there is a lot of power in this model.  Imagine a base server that runs absolutely nothing but a process manager and the Docker daemon, and then everything else is isolated and managed within its own lightweight Docker container.  Well imagine no longer, because it is being built!

But with power always come responsibility, and Docker has a caveat you can drive a truck through — the ephemeral, process-oriented nature of Docker strongly favors moving back to the old “Golden Master Image” approach to software deployment.  That is to say, its great that you can easily distribute a completely isolated application environment that will run everywhere with no effort.  But in doing so, it is very easy to ignore all of the myriad problems that modern configuration management (CM) systems such as Puppet were built to address.

Continue reading “Docking the hype of Docker (sort of)”

Geeking Out

New to Mac or Linux? Try this basic shell configuration

I originally posted this entry on the HUIT DevOps community blog

I’ve recently worked with several folks who live in a Windows world and are either moving to a Mac laptop or have to do work on a Linux server.  In the DevOps world, developers are often pushed outside of their comfort zone.  Having to work in a UNIX shell can be quite disconcerting.

While I can’t give you a 5-minute primer that takes all the pain away, I can point you in the right direction.  I have created a Bash shell configuration that provides some sane and useful command line defaults, much better than what you get out of the box.

Continue reading “New to Mac or Linux? Try this basic shell configuration”

★★★★★
Review

Moonrise Kingdom (2012)

This movie is absolutely wonderful. A boy and girl who are outsiders and without friends find solace in one another and run away together on an island in New England. All the typical Wes Anderson charm and whimsy is on display, and the plot takes an unexpected turn half-way through. Excellent performances by all involved, and some amazing faux-1960s kitsch.

Some people love Wes Anderson, some hate him, for me it really varies by movie — I couldn’t stand Royal Tenenbaums, but I couldn’t get enough of this. Just perfect.

Our Feel-Good War on Breast Cancer

This week’s New York Times Magazine cover story is an in-depth and pretty devastating critique of three decades of breast cancer awareness campaigns, especially focused on the Susan Komen foundation. The one sentence summary: Komen’s campaigns aren’t helping to cure or prevent cancer, they aren’t dispensing good medical advice, but they are causing women to live in unnecessary fear.