Jun 132016
Ansible - Thoughts

One draw of Ansible is the ability to use ready-to-use roles doing things. Similar to CPAN, Docker Hub and other places where users share their work with others. Ansible’s solution is Ansible Galaxy where you find roles which you can (in theory) just use like this:

ansible-galaxy install resmo.ntp -p ~/ansible/roles/
mv ~/ansible/roles/resmo.ntp ~/ansible/roles/ntp
cat <<_EOF_ >ntp-server.yaml
- hosts: ntpserver.lan 
  become: yes 
    - role: ntp 
      ntp_config_server: [ntp1.jst.mfeed.ad.jp, ntp2.jst.mfeed.ad.jp] 
ansible-playbook -i hosts.ini ntp-server.yaml

What this does is:

  • Install resmo’s ntp role
  • Apply this to the host ntpserver.lan

The first run will install the ntp package, configure ntp.conf and start the ntp daemon. The next runs will ideally do nothing, in practice this implementation does restart the ntp daemon regardless.

Danger here is that some modules run as root and do unexpected things, so reading those roles found in the Ansible Galaxy is critical. It’s also a nice learning exercise how to organize things.

In the end, making another server a ntp server now is a snap. And once I have some more of those roles, installing a WordPress blog and a MySQL server including configuring it is as easy as using Docker containers. Except Docker containers don’t touch an existing system and Ansible (by design) does…well, you can’t have everything I guess.

 Posted by at 20:21  Tagged with:
Jun 052016
Using ESP8266-12

Some time ago I bought 5 ESP8266-12 modules including a SMD-to-DIP adapter. Since it’s a bit of  waste to not use, I programmed them (2 out of 5).

It’s quite simple:

  • Connect Vcc to 3.3V (usually from the serial adapter)
  • Connect TxD and RxD to RxD and TxD from the serial adapter
  • Connect GND
  • Connect GND to GPIO0 as this signifies that you want to program
  • Connect the serial adapter (AE-UM232R in my case)

Then program

./esptool.py -p /dev/ttyUSB0 write_flash 0x00000 nodemcu-integer.bin
./esptool.py verify_flash 0x00000 nodemcu-master-17-modules-integer.bin

It’s normal to get verify errors in the first 16 bytes and I never had a verify problem, so make this an optional step.

When programming is completed, remove the GND connection for GPIO0.

Note that when in use, the ESP8266 takes quite some power which can overload the internal and weak 3.3V source from the serial adapter. 300mA is the maximum (WiFi on and sending). So have a capable 3.3V source (3 NiMH cells will do fine).

During programming, the power draw is not that high. Presumably as the WiFi is off.


Jun 052016
Linode DNS API

When you have those items

  • use Linode to host DNS zones
  • use Let’s Encrypt and use DNS TXT record to proof you own the domain

you should automate the process of renewal certificates since it’s required every 3 months.

Turns out that Linode has an API for DNS changes, and using it is very simple. To look at TXT records like this:

linode domain -a record-show -l studiokubota.com -t TXT

which shows all TXT records. Add “-j” to get JSON output. Filter via jq if you need specific items as the CLI does not seem to be able to filter by itself. jq fixes that:

linode domain -a record-show -l studiokubota.com -t TXT -j | 
  jq '."studiokubota.com".records[] | select(.name=="_acme-challenge.harald")'

Update a particular TXT record like this:

linode domain -a record-update -l studiokubota.com -t TXT -R zXwdu1_lMOdYhAp4cS12JxZV3Wuv1YZG001U3E
mJMck -m _acme-challenge.harald

to update the DNS challenge for harald.studiokubota.com.