Rants by a crazy cloud architect and dev-ops guy

Unblock NVIDIA Control Panel Store App for other nvida cards

Makathe Sanda — Wed, 10 Oct 2018 03:49:18 GMT

Repost from https://withinrafael.com/2018/10/09/napkin-notes-unblock-nvidia-control-panel-store-app/

"
I wanted to get an early look at NVIDIA's Control Panel app in the Microsoft Store and ran into the error: "Supported NVIDIA Driver is not installed on your system."
It appears this experience is currently bound to OEM machines, but can be turned on with a registry tweak.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvlddmkm\FTS\EnableRID69527=0x1

Link to store https://www.microsoft.com/en-us/p/nvidia-control-panel/9nf8h0h7wmlt

Python for the Windows users in us

Makathe Sanda — Mon, 16 Apr 2018 01:45:13 GMT

through out the years python has grown up from an alternative to perl to a serioulsy powerful langugae. one that rivals all other langugages around, beacuse of its simplicity, ease to read, and downright extensible feautre set. because of this and just how dynamic the langauge is, its one of the languages i recommend to all sysdevs and devops personel to learn. one of the big reasons windows users stayed away form this was because of the non-native windows solutions. this no longer is an issue. python is just as first class on windows as it is on linux. To simplyfy alot of the setup i scrippted this out using chocolately (that reminds me. I think my script has gotten big enough that i really need to modularize it. More to come in the future)

for the direct link to the script
https://github.com/msanda/freshsystem/blob/master/chocolatelysetupscript.ps1

for those that want to know what i am doing stay tuned.

Set-ExecutionPolicy Unrestricted

Chocolatey

iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex
choco install github --force --force-dependencies -y
choco install git --force --force-dependencies -y
choco install poshgit --force --force-dependencies -y
choco install visualstudiocode --force --force-dependencies -y

python code editor. comment it out if you dont need it. i prefer vscode either way

choco install pycharm-professional --force --force-dependencies -y

to be installed if writing python specific code

choco install python --force --force-dependencies -y
choco install ctags --force --force-dependencies -y
python -m pip install --upgrade pip
pip install pylint

Make SSH directory in you user space

mkdir $env:USERPROFILE.ssh

restart Computer after everything has been installed

shutdown /r /t 0 /d P:0:0

All that happens above is to setup your environment to get python binaries and install on your local machine. once this is done just start your editor and install plugins..

Since i use vscode there are 3 plugins i use for python development.
Python extension
Code Runner
dev skim
auto pep

if you are using virtual environments then you will need to edit your user settings with

// Place your settings in this file to overwrite default and user settings.
{
"python.pythonPath": "${workspaceRoot}/venv/bin/python",
"python.formatting.formatOnSave": true,
}

these tools are all awesome and should get you setup with code coverage as well as linting. be sure to also select file -> Auto save. this will allow automatic code linting as you progress

How to skip Stages in jenkins

Makathe Sanda — Wed, 11 Apr 2018 15:34:29 GMT

Jenkins 1.x and 2.x offer 2 differnt views to the same issue. in jenkins 1.x you only had the jenksin view plugin. so you just write your work jenkisn pipeline and skip the stages.

for this case you have

import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
// .....
stage('I am skipped') {
    Utils.markStageSkippedForConditional(STAGE_NAME)
}

for jenkins 2.X you have the blueocean view which has conditions for skipped steps. so to skip a sage you simply have to wrap the stage in a "when" condition

stage('My Conditional Stage') {
    when {
        branch 'master'
    }
    steps {
        echo 'Do that only on master branch'
    }
}

Some jenkins helpful links

Makathe Sanda — Wed, 11 Apr 2018 15:30:03 GMT

dont ususally post these. but in using jenkins alot i have to come to appreciate some useful pipelines that i modify alot. here are some links to some very useful jenkinss "stuff"

https://github.com/HRMPW/pipeline-examples - Pipeline examples written in groovy

Controlling jenkins pipelines

Makathe Sanda — Wed, 11 Apr 2018 15:26:52 GMT

3 steps can be used to control a jenkins pipeline

Stage
Lock
Milestone

stage the stage step remains but is now focused on grouping steps and providing boundaries for Pipeline segments.

example

stage('Build') {
steps{
script{
startbuild()
sh "echo $PATH"
}
}
}
}

This creates a simple visualize view in "stage view" of your pipeline plugin called build. which executes the startbuild() function

Lock this step limits concurency to a single build

stage('Build') {
steps{
script{
startbuild()
lock('lockedresource'){
sh "echo $PATH"
}
}
}
}
}

Lock can be used for restricting steps in a stage or for wrapping multiple stages to a single run path.

milestone ensures that older builds of a job do not overwrite a newer build

example

Build 1 is triggered

Build 2 is triggered

Build 2 builds faster than Build 1 and enters the Test stage sooner.

Rather than allowing Build 1 to continue and possibly overwrite the newer artifact produced in Build 2, you can use the milestone step to abort Build 1:

stage('Build') {
milestone()
echo "Building"
}
stage('Test') {
milestone()
echo "Testing"
}

Music, why have we not evolved yet.

Makathe Sanda — Tue, 23 Jan 2018 17:02:06 GMT

Jumping on the Audiophile bandwagon for a minute and you will realize there is a clear divide between, Acceptable audio and pristine audio. The fight between audio engineers that put loudness at the top of the charts and musicians wanting their fans to listen to their music The way it was intended has never been greater. but why is all of this happening. We already have several different more advanced compression technologies as well as better bandwidth than yesteryear. I have been thinking about this for some time, and I really thought I should get this idea out there. Why have we not innovated in the media space for decades. The last great invention in audio is the MQA format. while this is closed source and you need to be accepted into some sort of program. I was thinking of a possible compatible open source version which more or less was based on my thoughts of HDR1.0 and Dolby vision and how they utilize metadata to define the HDR scenes. Why isn't audio formats dynamic in its nature. So hear me out on this.

Currently, the way you listen to music is to first download a track ( forgive me for talking about downloads for now) from iTunes or whatever it's a 256/320 kbps MP3 file.
you then load it up on your music player of choice (AIMP is my fav).
now you sit back load up your EQ settings and enjoy.

Now I know for most people you either listen to a set of music types, so using eq settings is convenient. But what if by default the audio engineer mastering the track customizes audio eq settings and adds that to the metadata of the file.
My thoughts about this are that a music producer can have 2 or three preferred eq settings that the audio player will then set itself to the audio experience. If you preferred the "way it was intended" you can set that as the default profile in the app, if you prefer a more neutral sound you then set that in the app and you can have a DAC or custom external setting be used. I figure this is one-way audio engineers can solve the issue of the loudness profile. Where an iPod/iPhone could be set to the default setting or even digital headphones could decide which profile works best. this will also allow users to have a per-track eq change and amplification. now all of this will be silly if it involves a new format. But what if this is put in the id3tags. now I know iTunes has a per track EQ setting that you can apply to a song, but the settings can only be transferred between devices if you choose a preset eq

The proposed will be a new EQ Frame ( not the Equalization from in id3 v2.4)

property name   property value
32                +/-12
63                +/-12
125               +/-12
250               +/-12
500               +/-12
1k                +/-12
2k                +/-12
4k                +/-12
8k                +/-12
16k               +/-12
32k               +/-12

Also with this, streaming apps will be able to send pre-track eq settings to their respective apps, and will allow a better audio experience even with those on iPod headphones ( yuck)
Just a thought.

Photo by Mohammad Metri / Unsplash

Jenkins for the Crazy (using Jenkinsfiles) part 1

Makathe Sanda — Mon, 22 Jan 2018 15:53:12 GMT

One of the craziest CI/CD tools out there is Jenkins. Now the reason why this tool is by far the most popular tool out there is that of how you can bend and break it to do things that it was never intended for. I have worked in organizations that have used Jenkins ask a CI tool, A Scheduler (cron box), and advance vault (credential injections), Build system etc. one the less know uses of jenkins is the Jenkinsfile usage. now, this was introduced in Jenkins 1.X as a plugin using and was formally introduced as the Jenkins workflow. in Jenkins 2.0 it was renamed to the jenkins pipeline.

so what is a jenkins file.
In its basic form is a Groovy script that is executed as several steps thereby creating a more intelligent dev CI/CD system.

So here is a simple jenkins file

pipeline {
    agent none 
    stages {
        stage('Example Build') {
            agent { docker 'maven:3-alpine' } 
            steps {
                echo 'Hello, Maven'
                sh 'mvn --version'
            }
        }
        stage('Example Test') {
            agent { docker 'openjdk:8-jre' } 
            steps {
                echo 'Hello, JDK'
                sh 'java -version'
            }
        }
    }

Using CloudFlare SSL with AWS and Azure

Makathe Sanda — Wed, 23 Aug 2017 20:14:35 GMT

Using CloudFlare SSL with AWS and Azure

After a period of time of creating resources in either AWS or azure you will come to the point where you will need to use a SSL certificate. In this post, i will talk about how to use cloudflare's wildcard cert and how to import it into AWS and Azure for use in the respective clouds.

Cloudflare SSL setup

This is the easiest step of this process.
For a shared SSL cloudflare provides 1 free SSL cert per account. To claim your free ssl cert.

login to Cloudflare
Head to crypto, Scroll down to Origin Certificates and click create certificates.
From here generate an Origin certificate with private key of type PEM and continue with the setup
you will be present with a screen with an Origin certificate and Private Key. Copy these keys and treat them as passwords. once you hit ok on this screen you will not be able to get the data.
- Copy the Origin cert and save as Origincert.pem
- Copy the Private key and save as privatekey.key
- Go to https://support.cloudflare.com/hc/en-us/articles/218689638-What-are-the-root-certificate-authorities-CAs-used-with-CloudFlare-Origin-CA- and Copy the Cloudflare Origin CA - RSA root to a file called cloudflare_certificatechain.pem

Open up a terminal ( Use Windows Subsytem for Linux or just upload the files and do this on a linux box)

openssl pkcs12 -export -inkey privatekey.key -in Origincert.pem -name wildcard -out wildcard_withchain.pfx -certfile certificatechain_Cloudflare_origin.pem

Enter a password to have greater security.

copy wildcard_withchain.pfx to the same directory as the other files above.

note
moving forward all sites that need the SSL key will need to have the cloud icon enabled in cloudflare. this allows cloudflare to verify and ssl Chain.

AWS import Certificate

Open up Aws in the browser and head to Certificate manager (https://console.aws.amazon.com/acm/home)
click on Import Certificate
- for Certificate body copy the contents of Origincert.pem and paste in the field
- for Certificate Private Key Copy the contents of privatekey.key and paste in the field
- for certificate chain copy the contents of cloudflare_certificatechain.pem and paste in the field
Hit Review and Import.

Once verified you will see your certificate in the certificate manager and this can be used by your Load-balancer and other AWS resources

Azure

There are 2 ways to use certificates in Azure as of 8/23/2017 . The easy way and the harder way.

Easy way

Find the appservice of the WebApplication you want to Protect in the portal (Portal.azure.com)
Go to settings -> Custom domains
Click the + next to hostname and Associate the service with a custom domain name, and hit validate
Close the blade and go to settings -> SSL Certificates
Click upload certificate.
upload wildcard_withchain.pfx
click + next to Add binding
Select the hostname needed and the Certificate you just uploaded. Leave SSL type as SNI SSL

Hard Way

In this scenario We will be using the Azure Key vault. This allows us to do SSL key rotation. If the Newly uploaded ssl cert is the same name as the one already existing,all new deployments and existing deployment will pull down the new certificate. This allows you to change your SSL in one place instead of many.

Working with dual clouds ( AWS and Azure) - part 1

Makathe Sanda — Wed, 26 Jul 2017 15:55:19 GMT

while working with cloud providers one has to take extreme lengths with trying to be locked in. One of the areas that is extremely difficult to avoid lock-in, is with user management. Ther is nothing worse that working in one organization and having several different user accounts to get access to your cloud resources. so you really have 2 options at this point.

Suffer the management of 2 different IAM ( identity access management) services, and have cranky devs bothering you left and right to reset passwords
use a cloud SAML provider.

I choose to take on option 2 for the easy of management and access to online password resets. AKA things I don't want to waste my time on. Yes, you do lose a degree of freedom if you are going pure cloud IAM. but you also have much less late night calls.

For my solution, i decided to test the limits of Azure Active Directory. Yes i am perfectly aware i could have gone the other route and used Identacor (https://www.identacor.com), auth0 or gone native to Amazon clouddirectory or made the super far jump with Amazon cognito but since we have a bunch of local application and we use sql server at work anything Active directory base had my interest ( sorry SAML providers, but i will get back to you guys in a second).

So how does this work out..
Pretty simple actually. If you have an ldap directory or an Active directory on prem/or in the cloud. all you need to do is install an application that creates the sync between your on prem with the cloud.

In the next blog series, i will be talking about the gotcha and why in some cases the free version of Azure active directory is all you need.

Clipboard Windows trick

Makathe Sanda — Mon, 05 Jun 2017 22:07:48 GMT

You can pipe any file or output into your clipboard using the command clip ( for CMD) and set-clipboard ( for powershell).

This is stupid handy for the crazy situations such as piping the output of a file to your clipboard and pasting in a word doc or blog post

clip < testme.txt

get-content "c:\testme.txt" - Totalcount 50 | set-clipboard

The above powershell command gets the first 50 lines of text from testme.txt and saves it to the clipboard.

Chef notes and usage scenarios using chefdk on windows

Makathe Sanda — Mon, 08 May 2017 17:52:11 GMT

install chef on windows via winrm to (ssl over winrm 5986)

knife bootstrap windows winrm ncsqldr.cloudapp.net --winrm-user --winrm-password ''--node-name ncsqldr --winrm-transport ssl --winrm-port 5986

install chef on windows via winrm. currently there is an issue with verifying ssl certs that were created for the domain you are registered to ( typically if you create a vm in azure or aws) so we are going to use use the non ssl

knife bootstrap windows winrm  --winrm-user  --winrm-password '' --node-name ncsqldr --winrm-port 5985 -r "role[-windows]"

install chef on linuux via ssh

knife bootstrap  --ssh-password ''--ssh-user --node-name cortexnodeapp --run-list "role[-cortex]" --use-sudo-password  --ssh-port 6022 --sudo

install chef on linuux via ssh using public key

knife bootstrap  -i "C:\Users\Mak Sanda\OneDrive\mak_linux" --ssh-user --node-name cortexpythonapp --run-list "role[-cortex]" --use-sudo-password  --ssh-port 7022 --sudo

https://supermarket.chef.io/ - to get new publicly availble recipes

Upload users via knife to server

knife data_bag from file users data_bags\users\

upload admins via knife to server

knife data_bag from file admins data_bags\admins\

Create Databag for users

mkdir data_bags/users
knife data bag create users
Create your .json files

Admin

mkdir data_bags/admins
knife data bag create admins

Use knife to encrypt passwords in a role

knife encrypt password --search "role:web_server" --username "install" -- password "password" --admins "install, mak"

Create a cookbook

cd ~/chef-repo
knife cookbook create

upload cookbooks

cd to directory
knife cookbook upload --all

To upload a specific cookbook

cd to cookbooks
knife cookbook upload

upload roles

cd to roles directory
knife role from file .\.rb

to list all roles on servers

knife role list

Change into the chef-cookbooks directory on your Workstation:

cd ~/chef-cookbooks

git checkout the master branch:

git checkout master

Pull the latest code:

git pull

git checkout the v4.2.1 tag:

git checkout v4.2.1

Initialize your local configuration file:

git submodule init

Sync the submodules:

git submodule sync

Fetch all data from the submodules:

git submodule update

This is optional, but to ensure only the latest cookbooks are used, delete all of the current cookbooks (only perform this on a Chef Server dedicated to Rackspace Private Cloud):

knife cookbook bulk delete .

This is optional, but to ensure only the latest roles are used, delete all of the current roles (only perform this on a Chef Server dedicated to Rackspace Private Cloud):

knife role bulk delete .

Upload cookbooks to the Chef Server:

knife cookbook upload -a -o cookbooks

Upload roles to the Chef Server:

knife role from file roles/*.rb

Why the boat may have already sailed for Microsoft.

Makathe Sanda — Wed, 26 Apr 2017 18:10:50 GMT

I am one person and there are many different views, but I thought this might be a good place.
So why is it that no matter what Microsoft attempts to do no one will care?

Now, this piece is based on my own experience and those I have spoken with. some of them have been Microsoft mvp's and other friends in the business. so here are some points I have made

Microsoft is laser focused on its big customers, and that is business considered to be large enterprises. Microsoft will bend backward to make sure they get these contracts and this is inherently their problem. they don't play well with the customers google, apple and amazon are targeting. the new customers, the new startup, the new age mobile-first users. which brings me to the next issue.
Millennials. Millenials are now getting into a position that is managerial or big decision drivers. these are also the customers who don't want an association with Microsoft ( you will be surprised how many of them talk about Internet explorer and Netscape days but little to none of them ever programmed in those days). which is inherently one of the biggest problems Microsoft faces. These customers are comfortable using notepad/electron/OpenOffice (if needed)/ google docs. All of these alternatives are subpar to office word and to be honest, 'word' is not needed by most people. unless a millennial had come from a large enterprise company the words office will not be muttered.
Microsoft sucks at marketing. Let us be frank. Microsoft has 0 marketing skills. Microsoft is more than willing to give the sales pitch to sales and premier customers and wants them to do their dirty work ( AKA every consumer product Microsoft has ever had. kin, zun, windows phone, Casio spot smart watch, tablets). But these sales and premier providers are also selling other vendors software or platforms and those companies want to eat up all of Microsoft customers no matter what it takes. not to mention the pitch for other companies is easy. how many different google works solutions are there? 1 how many office 365 plans are there? depends there can be as little as 3 or as many as 11.
.net developers do not want to invest in Microsoft. this is a hard one. but this is what I have seen with my years as a programmer and as an operation's personnel. .net future is wishy-washy, and this is because of Microsoft. they have brought in beautiful stacks (WCF, Silverlight, net core) but Microsoft over the years has been quick to make no mention of their stack and has spent more time talking about other peoples stack. this has cause developers including me on really trying to invest in Microsoft. if Microsoft is so quick to dismiss some of its creation that will mean I will have no jobs when Microsoft kills a product. a known application that is used by a lot of my friends is the optimum tv app. this app was written in Silverlight, and its still being published by optimum but you can bet your sweet *** that the next version will be re-written in another stack and not uwp
the name Microsoft in front or associated with anything has got an image problem. you mention the word c# and everyone flocks to other languages. even though the language is amazing the tie-ins with .net are so great it might as well be a windows only language. I have invested deeply in windows azure, but every time I meet developers in aws or google cloud compute and tell them I in azure, first I see a level of disgust in their face, then they automatically say " oh you are a Microsoft stack". after correcting them and showing my Linux powers they reply "why are you in azure I thought azure is windows only". This in no way shape and form does this help Microsoft in any way and its because of the "Microsoft name" associated with it. sure Microsoft will win big long time customers with azure, but little to no startups will ever look at azure first because of the word Microsoft. another example, I interviewed a couple of developers from boot camps for my last company, and all of them had gmail address, and out of curiosity I asked if they have ever heard of outlook ( i was just finishing up some fixes on exchange so it was on my mind) and 2 of them replied yes. I asked if they ever used it and all of them said it was their primary account so I asked why they did not put that on their resume what they said next shocked me. " we were advised that nowadays recruiters that see Hotmail in an email address will think they are old and don't move well with technology, so in the bootcamp they made them all make Gmail accounts". This is the reality we live in Google cool, Microsoft bad.
Microsoft solution to solve any of its problems is to use enterprise solutions first. the reality is companies want a simple solution. this is why windows cloud is bound for failure. I am currently working on an education project and I will tell you, no system admin I have seen even talk about windows cloud has anything positive to say. because Microsoft solution will undoubtedly be more complicated and less intuitive for any of the current districts I have seen use chrome books. Chromebooks are winning in the schools for a few reason

its easy to configure
a signout to lock screen essentials resets all cookies and cache aka a clean laptop
0 maintenance. if its broken replace with another Chromebook sign on and all setting get carried over. broken laptops can be shipped back to the OEM
configuration and maintenance are done on the cloud for free. no need fo intune or MDM 0 things to install
you only get a browser
etc

Microsoft cloud first mobile first strategy is DOA. Because people have moved on and Microsoft can not convince the new managers and boss where Microsoft stands. if outlook dies today no consumer will care most are already on Gmail.
Licensing has to die. as a consumer is easy to forget about this, but us an enterprise customer you can love every product Microsoft has ever had but there is one thing every one will agree on Licensing form Microsoft is the 7th circle of hell.
New Microsoft gives up way to easy. this has been hell for supporters and for people that have to work with Microsoft. how does one company try and sell Microsoft band to a health sector then in 2 years cant even say the product is dead. I have spoken with several Microsoft employees and not one can be straight with me and just says a product is dead. heck, i cant get them to tell me Silverlight is dead, all I get we will support it to its eol.
Microsoft is not honest with its customers. this is painful because everything is on a roadmap, and unless you work for Microsoft you are only guaranteed that a product is functional so long as its currently under support. and support can change at any time. look at windows phone. last year Microsoft promise was that there was nothing to talk about windows phone that year because they were going to be talking big at mobile this year. well build is around the corner and customers still have no idea what Microsoft is talking about. windows phone has been on life support for 2 years and Microsoft can not be honest with us about this. I will be more than happy if Microsoft forked android and made their own version, but to just keep banking on the hope that its customers will come when they are not willing to put their money where their mouth is, is just pure evil.

These are a couple of thought I decided to throw down. but all is not lost I believe Microsoft can make drastic changes, heck they were able to take an os and evolve its development time from 2 years to a couple of weeks, ask any programmer if their company can do that I bet you it is going to be no. And yet still Microsoft has been able to make the change no one thought it was possible. but a company like Microsoft needs faithful and needs people willing to die by the sword, but it is getting too late and Microsoft is running out of time training the new generation. I believe for one Microsoft has to separate its name from lots of products as it does not serve them well at all. azure should be spawned and treated as a new company, products need to be simple, windows should be tied to nothing, hololense should be set free even if it dies like kinetic we need more customer innovations.

Moving over

Makathe Sanda — Mon, 27 Feb 2017 06:11:10 GMT

Just started so this will take some time to update