PissedOffAdmins

so a couple of weeks ago i decided to write an rfc-reader that is usable from the command line.

Here it is.

you can search for a bcp, fyi, ien, std, and an rfc.

then when you select one to read, a formatted term will pop up with it open.

i know there are hundreds of these, but i wrote one up anyway.

Usage: rfc-editor <name (-n)|read (-r)|search (-s)> <####> <bcp|fyi|ien|std|rfc>

Usage examples:
  rfc-editor name 3334 rfc     # displays RFC #3334 name
    ex: 3334 Policy-Based Accounting. T. Zseby, S. Zander, C. Carle. October
             2002. (Format: TXT=103014 bytes) (Status: EXPERIMENTAL)

  rfc-editor search  rfc # Displays index of matches with RFC #'s
    ex: rfc-editor search transport rfc

        0905 ISO Transport Protocol specification ISO DP 8073. ISO. April
             1984. (Format: TXT=249214 bytes) (Obsoletes RFC0892) (Status:
             UNKNOWN)

        0939 Executive summary of the NRC report on transport protocols for
             Department of Defense data networks. National Research Council.
             February 1985. (Format: TXT=42345 bytes) (Status: UNKNOWN)

  rfc-editor read 38 fyi       # read fyi #38

so i added two different password generator functions into my .zshrc.

one for regular:

function genpasswd() { 
    if [ -z $1 ]; then 
        echo "need a character count"
    else 
        tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${1} | xargs
    fi 
    }

and one for strong:

function genpasswd_strong() { 
    if [ -z $1 ]; then 
        echo "need a character count"
    else 
        tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?=' < /dev/urandom | head -c ${1} | xargs
    fi 
    }

using them:
% genpasswd 12
Z14QsnEPKvOt
% genpasswd_strong 12
3%^d!Ze}-$_@

simple enough.

here is a link to my .zshrc.

nothing in this post of any relevant value other than to show genoo running both spotify and steam.

steam:

click image to enlarge

spotify:

click image to enlarge

love me some gentoo….

this article will cover using mutt with pgp, it is a work in progress.

this is gentoo centric and assumes that you are most likely using a google apps enabled domain or gmail address.

at time of writing :
mail-client/mutt-1.5.21-r12
app-crypt/gnupg-2.0.19-r2
app-crypt/pinentry-0.8.2

---

first things first, lets install some software:

for non-gentoo systems:
install mutt, gnupg, and pinentry.

for gentoo systems :

% USE="crypt gnutls imap nls sasl smime smtp ssl" sudo emerge mutt
% USE="bzip2 nls readline usb" sudo emerge gnupg
% sudo emerge pinentry

---

lets move onto the configuration.

lets first create a gpg key :
% gpg --gen-key
(follow all the steps here)

now lets list our keys, to make sure they are right :
% gpg --list-keys
we need to copy the key ID since we will need that later

if you have not done so, i recommend uploading your keys (public) the the pgp key servers:
% gpg --send-keys "KEY ID"

---

now lets start creating the muttrc accounts section.

i tend to keep my accounts info separate from the muttrc file,
so at the bottom of the muttrc file just add a line that reads source ~/muttrc-accounts
but make sure to point to the right location of that file.
here is a sample of my muttrc-accounts file.

now lets start editing “muttrc-accounts”
for our config email we will use “foo@bar.com“,
and foo@baz.com which we will assume are google apps enabled domain.
for our key ID we will use “0xABCD1234”
for our password we will use “P4SSW0RD”

lets add a mailboxes section :

mailboxes 'imaps://foo@bar.com@imap.gmail.com:993/INBOX'
or for multiple accounts:
mailboxes 'imaps://foo@bar.com@imap.gmail.com:993/INBOX' \
'imaps://foo@baz.com@imap.gmail.com:993/INBOX'

now lets add an fkey macro so we can access these accounts by pressing either F5 or F6 (change to whatever suits you):

macro generic,index,pager  "c imaps://foo@bar.com@imap.gmail.com:993/INBOX/\n"

or for multiple accounts:

macro generic,index,pager  "c imaps://foo@bar.com@imap.gmail.com:993/INBOX/\n"
macro generic,index,pager  "c imaps://foo@baz.com@imap.gmail.com:993/INBOX/\n"

now for the account password management:

## we need to add this line to set up our account hooks
account-hook . 'unset preconnect imap_user imap_authenticators'

#### passwords ####
# to create gpg file : gpg -r foo@bar.com -e 
set my_tmp=`gpg -q --no-verbose -o /tmp/.passwords.tmp -d ~/.mutt-cfg/.passwords.gpg`
set my_pass_bar=`cat /tmp/.passwords.tmp | grep bar | awk '{ print $2 }'`
set my_pass_baz=`cat /tmp/.passwords.tmp | grep baz | awk '{ print $2 }'`
set my_del=`rm -f /tmp/.passwords.tmp`
#### end passwords config ####

now let me explain this section
the format that i use for the .passwords.tmp file is:
DOMAIN PASSWORD
or:
bar P4SSW0RD

which will then get an initial encrypting using : gpg -r foo@bar.com -e
the password that you set up here will be entered when you enter mutt using “my_tmp”, then stored into
variables “my_pass_bar” & “my_pass_baz”.
then the file is deleted once the passwords are set into vars by line set my_del=`rm -f /tmp/.passwords.tmp`

make sense so far ?

now lets add the account hook for our account (which is somewhat explained here):

#### foo@bar.com ####
account-hook 'imaps://foo@bar.com@imap.gmail.com:993/' \
' set imap_user = "foo@bar.com" \
imap_pass = $my_pass_bar '

folder-hook 'imaps://foo@bar.com@imap.gmail.com:993/INBOX' \
' set imap_user = "foo@bar.com" \
imap_pass = $my_pass_bar \
smtp_url = "smtp://foo@bar.com@smtp.gmail.com:587/" \
smtp_pass = $my_pass_bar \
from = "foo@bar.com" \
realname = "foo" \
folder = "imaps://imap.gmail.com:993" \
spoolfile = "+INBOX" \
postponed="+[Gmail]/Drafts" \
mail_check=60 \
imap_keepalive=300 \
signature="" \
pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f" \
pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f" \
pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f" \
pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f" \
pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" \
pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xABCD1234 -- -r %r -- %f" \
pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xABCD1234 -- -r %r -- %f" \
pgp_import_command="gpg --no-verbose --import -v %f" \
pgp_export_command="gpg --no-verbose --export --armor %r" \
pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r" \
pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r" \
pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r" \
pgp_autosign=yes \
pgp_sign_as=0xABCD1234 \
pgp_replyencrypt=yes \
pgp_timeout=1800 \
pgp_good_sign="^gpg: Good signature from" '
#### end foo@bar ####

for the snippet above, remember to replace all instances of “foo”, “foo@bar.com”, & “0xABCD1234″.

if you want to add a second account :

#### foo@baz ####
account-hook 'imaps://foo@baz.com@imap.gmail.com:993/' \
' set imap_user = "foo@baz.com" \
imap_pass = $my_pass_baz '

folder-hook 'imaps://foo@baz.com@imap.gmail.com:993/INBOX' \
' set imap_user = "foo@baz.com" \
imap_pass = $my_pass_baz \
smtp_url = "smtp://foo@baz.com@smtp.gmail.com:587/" \
smtp_pass = $my_pass_baz \
from = "foo@baz.com" \
realname = "foo" \
folder = "imaps://imap.gmail.com:993" \
spoolfile = "+INBOX" \
postponed="+[Gmail]/Drafts" \
mail_check=60 \
imap_keepalive=300 \
signature="" '
#### end foo@baz ####

---

after all this is sourced from the main muttrc file, lets give it a start up.

you should be greeted by a pin entry box (“Enter passphrase” from encrypting the passwords file), like so :

click image to enlarge

after pin entry, press “F5″ to get your mail.

now lets try to send encrypted mail.

so compose an email to yourself (press “m”).

once done composing and before sending, you will see your “Mutt: Compose” window like so:

click image to enlarge

From here you can verify “sign as” and “Security”, but if you press “p”, you will get the options to:
“PGP (e)ncrypt, (s)ign, sign (a)s, (b)oth, (i)nline format, or (c)lear?”, like so:

click image to enlarge

so lets encrypt and sign, so press “b”.
now press “y” to send.
once you press “y” it will ask you for your PGP passphrase, enter that, then mail is sent.

here is a sample of my muttrc-accounts file.

YMMV

---

sources : http://www.mutt.org/doc/PGP-Notes.txt

so i have forgotten over the years how to add color to text in my terminal. so i wrote this script to show me some color combinations.

here is what the output looks like:

click image to enlarge

so after some initial struggling with the wonderful fog and specific versions of it to get chef rackspace tools working properly, i hit another bit of weirdness:

% knife rackspace server create -f6 -I  -r 'role[base]' -E <env> -S  -N  -VV --rackspace-version v2
DEBUG: version v2
DEBUG: version v2
DEBUG: rackspace_api_key xxxxxxxxxxxxxxxxxxxx
DEBUG: rackspace_username
DEBUG: rackspace_api_username xxxxxxxxxxxxxxxxxxx
DEBUG: rackspace_auth_url 
DEBUG: rackspace_auth_url auth.api.rackspacecloud.com
DEBUG: rackspace_endpoint 
DEBUG: rackspace_endpoint https://dfw.servers.api.rackspacecloud.com/v2
Instance ID: xxxxxxxxxxxxxxxxxxxx
Name:  Flavor: 8GB  Standard InstanceImage: 
Metadata: []

Waiting server................................................................................................................................................................................................................................
        /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/fog-1.10.0/lib/fog/core/wait_for.rb:10:in `wait_for': The specified wait_for timeout (600 seconds) was exceeded (Fog::Errors::TimeoutError)
        from /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/fog-1.10.0/lib/fog/core/model.rb:65:in `wait_for'
        from /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/knife-rackspace-0.6.2/lib/chef/knife/rackspace_server_create.rb:183:in `run'
        from /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.0/lib/chef/knife.rb:460:in `run_with_pretty_exceptions'
        from /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.0/lib/chef/knife.rb:173:in `run'
        from /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.0/lib/chef/application/knife.rb:123:in `run'
        from /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.0/bin/knife:25:in `'
        from /opt/chef/bin/knife:23:in `load'
        from /opt/chef/bin/knife:23:in `
'

hmmh. 600 second timeout. the rackspace api is slow creating a > 8gb v2 box.

here is a temp fix:

edit the fog core timeout.rb file to make up for this:
% vi /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/fog-1.10.0/lib/fog/core/timeout.rb

and replace @timeout = 600 with a more sane number.

i used 1500 to be on the safe side :
@timeout = 1500

again, this is a temp fix. YMMV

As the title implies, this article is a bit gentoo centric, but that is only for packages and USE flags. It can be applied to other distros if you can grab the appropriate packages (pretty straight forward).

This article is also not using certs, i will write another article to deal with that at a later time and date.

On to the show.

First things first, we need to install postfix and mailx. These are the versions and USE flags i used at time of writing :

% eix postfix
[I] mail-mta/postfix
     Available versions:  2.9.4 2.9.5 (~)2.9.6 (~)2.10.0 [M](~)2.11_pre20130211 {+berkdb cdb doc dovecot-sasl hardened ldap ldap-bind mbox memcached mysql nis pam postgres sasl selinux sqlite ssl vda}
     Installed versions:  2.10.0(08:38:20 PM 03/07/2013)(berkdb pam sasl ssl -cdb -doc -dovecot-sasl -hardened -ldap -ldap-bind -mbox -memcached -mysql -nis -postgres -selinux -sqlite -vda)

% eix mailx
[I] mail-client/mailx
     Available versions:  8.1.2.20050715-r6                                                                                      
     Installed versions:  8.1.2.20050715-r6(03:31:15 PM 03/07/2013)

% eix mailx-support
[I] mail-client/mailx-support
     Available versions:  20060102-r1
     Installed versions:  20060102-r1(03:31:00 PM 03/07/2013)

lets run our emerge line :
% sudo emerge -av postfix mail-client/mailx mail-client/mailx-support

once these are installed, lets edit the postfix main.cf file:

% sudo vi /etc/postfix/main.cf

and add this to the top of the file:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes

now we need to add our authentication info to /etc/postfix/saslpass:
% sudo vi /etc/postfix/saslpass

which will look something like this:
[smtp.gmail.com]:587 FOO@gmail.com:PASSWORD
dont forget to change the upper case to match your settings

if you are using your own domain name instead of gmail, you can just change it to:
[smtp.gmail.com]:587 FOO@BAR.com:PASSWORD

now lets add saslpass to the postfix lookup table:
% sudo /usr/sbin/postmap /etc/postfix/saslpass

now, lets restart postfix:
% sudo /etc/init.d/postfix restart

If it started with no issues, lets test it:
% echo "this is a test of postfix" | /bin/mail -s "postfix test" FOO@BAR.com

VOILA!!!

again, YMMV.

so for work we use hipchat which is pretty cool for what we use it for, but i discovered a little issue when copy/pasting configs in there to send to coworkers; it adds extra bytes to the file.

example:
this is what was originally passed through the wire :

2013-02-19 22:19:25,144 INFO    [config] Logging Configured
2013-02-19 22:19:25,144 INFO    [config] ROOT_PATH: /home/vagrant/real_outland
2013-02-19 22:19:25,206 INFO    [config] init called, test mode: False

but, lets look at it through od (octal, decimal, hex, ASCII dump) with “-c” switch (-c Output C-style escaped characters. Equivalent to -t c.)

first on osx using iterm2 and tmux:

0000000    2   0   1   3   -   0   2   -   1   9       2   2   :   1   9
0000020    :   2   5   ,   1   4   4       I   N   F   O      **  **
0000040       **  **       [   c   o   n   f   i   g   ]       L   o   g
0000060    g   i   n   g       C   o   n   f   i   g   u   r   e   d  \n
0000100    2   0   1   3   -   0   2   -   1   9       2   2   :   1   9
0000120    :   2   5   ,   1   4   4       I   N   F   O      **  **
0000140       **  **       [   c   o   n   f   i   g   ]       R   O   O
0000160    T   _   P   A   T   H   :       /   h   o   m   e   /   v   a
0000200    g   r   a   n   t   /   r   e   a   l   _   o   u   t   l   a
0000220    n   d  \n   2   0   1   3   -   0   2   -   1   9       2   2
0000240    :   1   9   :   2   5   ,   2   0   6       I   N   F   O
0000260   **  **          **  **       [   c   o   n   f   i   g   ]
0000300    i   n   i   t       c   a   l   l   e   d   ,       t   e   s
0000320    t       m   o   d   e   :       F   a   l   s   e  

now in gentoo using urxvt:

0000000   2   0   1   3   -   0   2   -   1   9       2   2   :   1   9
0000020   :   2   5   ,   1   4   4       I   N   F   O 342 200 202
0000040 342 200 202       [   c   o   n   f   i   g   ]       L   o   g
0000060   g   i   n   g       C   o   n   f   i   g   u   r   e   d  \n
0000100   2   0   1   3   -   0   2   -   1   9       2   2   :   1   9
0000120   :   2   5   ,   1   4   4       I   N   F   O 342 200 202
0000140 342 200 202       [   c   o   n   f   i   g   ]       R   O   O
0000160   T   _   P   A   T   H   :       /   h   o   m   e   /   v   a
0000200   g   r   a   n   t   /   r   e   a   l   _   o   u   t   l   a
0000220   n   d  \n   2   0   1   3   -   0   2   -   1   9       2   2
0000240   :   1   9   :   2   5   ,   2   0   6       I   N   F   O 342
0000260 200 202     342 200 202       [   c   o   n   f   i   g   ]
0000300   i   n   i   t       c   a   l   l   e   d   ,       t   e   s
0000320   t       m   o   d   e   :       F   a   l   s   e  

you see the “** **” & “342 200 202″ that are being added in some of the lines ?

here is the same thing when the hipchat client is removed all together:

0000000   2   0   1   3   -   0   2   -   1   9       2   2   :   1   9
0000020   :   2   5   ,   1   4   4       I   N   F   O
0000040   [   c   o   n   f   i   g   ]       L   o   g   g   i   n   g
0000060       C   o   n   f   i   g   u   r   e   d  \n   2   0   1   3
0000100   -   0   2   -   1   9       2   2   :   1   9   :   2   5   ,
0000120   1   4   4       I   N   F   O                   [   c   o   n
0000140   f   i   g   ]       R   O   O   T   _   P   A   T   H   :
0000160   /   h   o   m   e   /   v   a   g   r   a   n   t   /   r   e
0000200   a   l   _   o   u   t   l   a   n   d  \n   2   0   1   3   -
0000220   0   2   -   1   9       2   2   :   1   9   :   2   5   ,   2
0000240   0   6       I   N   F   O                   [   c   o   n   f
0000260   i   g   ]       i   n   i   t       c   a   l   l   e   d   ,
0000300       t   e   s   t       m   o   d   e   :       F   a   l   s
0000320   e

this wreaked havoc on our chef knife.rb files and was giving us a couple of weird errors.

when in doubt, od -c.

so i was trying to install the patched version of mutt with sidebar from source on my gentoo box when i realized that there is a use flage (sidebar) which will do all the work for me.

eix mutt:

[I] mail-client/mutt
     Available versions:  1.5.21-r1 (~)1.5.21-r11 (~)1.5.21-r12 {berkdb crypt debug doc gdbm gnutls gpg idn imap mbox nls nntp pop qdbm sasl selinux sidebar smime smtp ssl tokyocabinet}
     Installed versions:  1.5.21-r12(06:02:02 PM 02/05/2013)(berkdb crypt debug gdbm gnutls imap nls nntp pop sasl sidebar smime smtp ssl -doc -gpg -idn -mbox -qdbm -selinux -tokyocabinet)
     Homepage:            http://www.mutt.org/
     Description:         A small but very powerful text-based mail client

screenshot :

click image to enlarge

the config for this:

set sidebar_width=30
set sidebar_visible=yes
set sidebar_delim='|'
set sidebar_sort=yes
color sidebar_new brightblue black

macro index G 'toggle sidebar_visible'
macro pager G 'toggle sidebar_visible'

# bind index,pager \CP sidebar-prev
bind index,pager \CK sidebar-prev
bind index,pager \CN sidebar-next
bind index,pager \CO sidebar-open

or grab it from here.

This article is part one for installing vagrant & veewee (using virtualbox) on a gentoo workstation.

What makes this cool, is that now you can build a vm through vagrant for remote (headless) usage in an ssh session, and it allows you to create a build of a stock machine quickly once you have an image built.
More updates to come.

---

first step is to install virtualbox, virtualbox additions, and virtualbox guest additions.
we need the guest additions since vagrant looks for these for being able to call virtualbox.
sudo emerge -av app-emulation/virtualbox app-emulation/virtualbox-additions app-emulation/virtualbox-guest-additions

next we need to ensure that you have rubygems (dev-ruby/rubygems) installed (at time of writing : Available versions: 1.3.7^t 1.3.7-r1^t (~)1.3.7-r5^t 1.8.15 1.8.24) :
eix dev-ruby/rubygems
if not installed then lets emerge it :
sudo emerge -av dev-ruby/rubygems

next, we need to install vagrant.
we could install this from portage, but to keep all versions and deps consistent in ruby, lets install it from gems (at time of writing : vagrant (1.0.6)) :
gem install vagrant --no-ri --no-rdoc -V

now we need to install veewee.
veewee allows us to easily build base vagrant boxes or virtualbox images (at time of writing : veewee (0.3.7)) :
gem install veewee --no-ri --no-rdoc -V

next we need to install a couple of gems that are requirements for veewee / vagrant
gem install -r rake -V --no-ri --no-rdoc

I am only putting these here since I needed to install them.
YMMV according to your setup.
gem install archive-tar-minitar --no-ri --no-rdoc -V
gem install childprocess --no-ri --no-rdoc -V
gem install ffi --no-ri --no-rdoc -V
gem install erubis --no-ri --no-rdoc -V
gem install i18n --no-ri --no-rdoc -V
gem install json --no-ri --no-rdoc -V

now, lets make a folder to store our setups & configs
mkdir vagrant ; cd vagrant

this is where veewee tools come in: basebox.
To see all the options run: vagrant basebox
vagrant basebox templates will list all the available templates that it can use (stock) for initial box creation
vagrant basebox templates
we will use template “Debian-6.0.6-amd64-netboot”

now we define the name of the box we want and the template that we want to use using
vagrant basebox define "boxname" "template"

we will call the box “debian”

so lets run the command :
vagrant basebox define debian Debian-6.0.6-amd64-netboot

now, lets build the box by using vagrant basebox build “boxname”
vagrant basebox build debian

now we wait for a bit for this to build.
during the wait, the machine gets updated according to what is defined in “vagrant/definitions/‘boxname’“.
there are a couple of scripts in here (depending on template chosen) that will run a bunch of commands during and post-install:
definition.rb – is where you can specify disk size, memory, and a bunch of other vm options
preseed.cfg – is where the pre-configurations are for your box

once the wait is over, lets validate our build:
vagrant basebox validate debian

now lets export our vm to a vagrant box file:
vagrant basebox export debian

if you get an error on “Executing vagrant voodoo” after the last command, just run this to force the voodoo and export the box:
vagrant package --base 'debian' --output 'debian.box'

now we import it into vagrant:
vagrant box add debian debian.box

now lets test it:
mkdir test/ ; cd test
this is to create the initial Vagrantfile that is called by vagrant at “vagrant up”:
vagrant init debian

lets vi the Vagrantfile that was created to change some base options.
mine looks like this:

Vagrant::Config.run do |config|
   config.vm.box = "debian"
   config.vm.network :hostonly, "192.168.100.190"
   config.vm.network :bridged
end

I will explain these options a bit more in a later article.

now lets start the debian box:
vagrant up

now lets ssh into the box:
vagrant ssh

now lets suspend our session:
vagrant suspend

if we need to resume from a suspend:
vagrant resume

or if we need to halt it:
vagrant halt

Thats it for this part of using vagrant with veewee on gentoo.
Next ill go through configurations and settings to make this more robust.