Mar 222015
 

echo package-name hold | sudo dpkg --set-selections

So that it will not be upgraded.

Reason: a package’s ppa has a brand new version that is not compatible with previous version, but since the new version is there so Ubuntu downloaded and installed the new version, and it made almost everything on my system broken.

Have to lock down that package, unless I’m so sure I can upgrade it.

Mar 052015
 

I don’t like or dislike upstart or whatever system service management facility, however, I do hope Ubuntu can give me a single solution to handle system service.

So to disable a service, you can try System-V style:
update-rc.d apache2 disable

or upstart style:
echo manual > /etc/init/cron.override

or try chkconfig though it’s less common on Ubuntu. Sure, you may want to check /etc/rc.local as well for auto-start services that are not system service.

Feb 222015
 

I need to find out a good configuration to fail2ban attackers who targeting my blog, I checked log and found that 404 may not be a good indicator as some themes have 404 for all the time, I will check to see if I can use non-media resources to do rate-limit like solution.

Jan 032015
 

Actually it is not that hard to avoid race condition, as long as you have that concept in mind. I have to say, some people don’t know how to avoid race condition.

I think the diff would be a better explanation.

+import tempfile
 
 # Import salt libs
 import salt.crypt
 @@ -668,12 +669,15 @@ def _pillar(self, load):
             if not os.path.isdir(cdir):
                 os.makedirs(cdir)
             datap = os.path.join(cdir, 'data.p')
-            with salt.utils.fopen(datap, 'w+b') as fp_:
+            tmpfh, tmpfname = tempfile.mkstemp(dir=cdir)
+            os.close(tmpfh)
+            with salt.utils.fopen(tmpfname, 'w+b') as fp_:
                 fp_.write(
                         self.serial.dumps(
                             {'grains': load['grains'],
                              'pillar': data})
                             )
+            os.rename(tmpfname, datap)
         return data
 
Sep 182014
 

I, personally, still don’t think saltstack is a configuration management tool, it’s more like a remote execution engine that allow you launch command to multiple hosts at the same time. saltstack does not do well in maintaining configuration up-to-date, or maybe it does, but we are using it in a wrong way.

Now I’ve done most of my part with monitoring, after migrating to AWS I think the next thing is to review configuration management, I would still prefer CFEngine, though keep saltstack as a remote execution engine, as anyway we (read: ops) need this.

So the next question is, how to migrate saltstack’s state to CFEngine’s promise?