I've been making LXC containers in Proxmox like a fiend. I'm toally loving Proxmox, if you want several virtual machines I highly recommend it.

Anyhow, trying to run avahi-daemon in the containers often fails. I'm not the first to notice this but the answers were unsatisfying until I found a suggestion to try running with --no-rlimits. That seems to do the trick!

But how to get systemd to run it that way? Very simply as it turns out.

systemd

systemctl edit avahi-daemon.service

Add then in the text editor that opens up, enter the following:

[Service]
ExecStart=
ExecStart=/usr/sbin/avahi-daemon -s --no-rlimits

see comment #2 for a script friendly way to do this

libnss-mdns

libnss-mdns sometimes doesn't install properly though. If you can't ping/lookup other .local hosts then edit /etc/nsswitch.conf and change…

hosts:          files dns

to

hosts:          files mdns4_minimal [NOTFOUND=return] dns

If anybody wants to write me an ansible script to do that I would totally buy you a beer.

Too late, I had to write it myself, container.yml.

At work we have a large project that is comprised of several nested git repos so having your bash prompt get updated with some vital information such as repo, branch, etc makes life much easier.

Here's an example of my prompt and how it shows the current git repo:

[kurt@machine-1 ~/src/foo/bar/baz venv:foo git:bug_branch repo:bar]
$

more…

I've recently been wasting time on Empire of Code instead of doing productive and paying work.

Anyhow, the description of the Speed Boost puzzle Landing Holes was the most confusing thing I've ever read.

I'm pretty sure they're describing a Gatling gun. But then mentally s/pipe/barrel/ and s/canon/breach/ and then the description starts to make sense.

As for the function, the first list is a list of barrels, the second is a list of working breaches. The puzzle is asking you for a list of how many times you can rotate the barrels so they align with working breaches.

Well, I finally released alkali into the wild.

Alkali is a simple database that makes it very easy to specify the on-disk format of your data. This makes it easy to use your existing data files as tables in a database. Plus the api is based off of Django models.

This is my first real project that I've released and it's a surprising amount of work. I have a new level of appreciation for all the libraries that I just blithely download and use without a second's thought.

For instance, it took about the same amount of time to write the docs as it did to write the actual code. Plus there are a lot of moving pieces to release open source software the right way.

• use git as your source code control
• write documentation, learn Sphinx and reStructuredText
• when you push to github, triggers are fired
  • run tests in travis-ci, learn how that works
  • regenerate docs at readthedocs.io, learn how that works
  • measure code coverage of tests at codecov.io and coveralls.io, learn how that works
• push release to PyPi, writing setup.py is very non-trivial, learn how that works
• try to do some marketing on Reddit. Given my zero karma I suck at marketing and/or programming.

So yeah… please go check out alkali!

While trying to proxy my main nginx instance to a GitLab docker container I wasted hours and hours and hours trying to fix the following error:

fatal: unable to access 'https://gitlab.burgundywall.com/kneufeld/myproject.git/': \
SSL read: error:00000000:lib(0):func(0):reason(0), errno 54

It turns out that nginx config option ssl_session_cache is super f'n important to not screw up. I'm not totally sure what the problem is, but in my main server clause i had

ssl_session_cache shared:SSL:1m;

and I didn't have any such option in my server gitlab stanza. So something something something I could not do any git commands via https.

And even with logging everything looked okay

GIT_CURL_VERBOSE=1 git clone https://gitlab.burgundywall.com/kneufeld/myproject.git
Cloning into 'myproject'...
* Couldn't find host gitlab.burgundywall.com in the .netrc file; using defaults
*   Trying 192.168.5.6...
* Connected to gitlab.burgundywall.com (192.168.5.6) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/etc/openssl/cert.pem
  CApath: none
* NPN, negotiated HTTP1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=gitlab.burgundywall.com
*  start date: Sep  3 16:53:00 2016 GMT
*  expire date: Dec  2 16:53:00 2016 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /kneufeld/myproject.git/info/refs?service=git-upload-pack HTTP/1.1
Host: gitlab.burgundywall.com
User-Agent: git/2.9.3
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 54
* Closing connection 0
fatal: unable to access 'https://gitlab.burgundywall.com/kneufeld/myproject.git/': SSL read: error:00000000:lib(0):func(0):reason(0), errno 54

except it didn't work.

Anyhow, when I finally figured out that ssl_session_cache was the issue and did some reading I just made sure that each ssl server has it's own cache.

ssl_session_cache shared:SSL-gitlab:1m;

Hours.

I was trying to get Plex to run in a container on CoreOS and for the life of me I couldn't get it to start. I kept getting the following error:

Error: Unable to set up server: bind: Cannot assign requested address (N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_6system12system_errorEEEEE)

It turns out that at some point I had enabled IPv6 and that caused the problem.

So edit your Preferences.xml and disable IPv6 via EnableIPv6="0"

Here's my plex.service for completeness.

[Unit]
Description=plex media server
After=docker.service
#After=docker-registry.service

[Service]
TimeoutStartSec=0
Restart=always
KillMode=none
EnvironmentFile=/media/metadata/plex/environment
ExecStop=-/usr/bin/docker stop plex
ExecStartPre=-/usr/bin/docker kill plex
ExecStartPre=-/usr/bin/docker rm plex
ExecStartPre=/usr/bin/docker pull timhaak/plex:latest
ExecStart=/usr/bin/docker run --name plex --rm \
--net=host \
--env-file /media/metadata/plex/environment \
-v /home/plex:/config \
-v /home/media:/media \
timhaak/plex:latest

Yesterday I was working on Pygments during a Pycon 2016 sprint and added markdown syntax highlighting (with help from Tim Hatch). My pull request just got merged so version 2.2 will finally highlight GitHub flavored markdown (issue).

I was working on Magic Wormhole during a Pycon 2016 sprint and noticed that zipfiles don't preserve file permissions. I'm not the only one who's noticed this (some posts go back over five years) but it still doesn't appear to be fixed.

Anyhow, here's how I did it…

more…

At work I upgraded to Ubuntu 16.04 LTS and every time I ran gvim I got a bunch of errors.

(gvim:19805): Gtk-WARNING **: /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/immodules/im-fcitx.so: cannot open shared object file: No such file or directory
(gvim:19805): Gtk-WARNING **: Loading IM context type 'fcitx' failed

more…

Even after watching a bunch of YouTube videos and reading some websites I still didn't have the foggiest clue on how to actually enter any records in my current accounting software of choice, webzash.org.

In fact I was losing my mind, figuring the two demo programs I was using were both wrong but knowing that couldn't be the case. That's how hard it was for me to wrap my head around these concepts.

So here's how I think this stuff works. It's likely wrong and/or incomplete so take everything I'm about to say with a huge grain of salt.

more…