Rubenerd

In case my love for Ansible weren’t obvious, I thought this line in their best practices section was great:

Keep It Simple

When you can do something simply, do something simply. Do not reach to use every feature of Ansible together, all at once. Use what works for you. For example, you will probably not need vars, vars_files, vars_prompt and –extra-vars all at once, while also using an external inventory file.

If something feels complicated, it probably is, and may be a good opportunity to simplify things.

One of my old programming lecturers once said clear code was better than clever code. I think that applies to sysadmins as well.

Below are a list of names from spam email over the last week, and the first association that came to me.

• Silas Gamble: I hope they didn’t lose much.
• Nila Martin: I wonder if they’re also short.
• Terrell Cain: You’ve done it again.
• Vicente Paul: And he’ll make you pay for it!
• Claudine Russell: Floral teapots.
• Violet Russo: A pilot who thinks women aren’t developers.
• Elmer Watson: A clumsy hunter in a Harry Potter film.
• Earl Foster: Classy name can’t save bad beer.
• Maude Guzman: And then there’s Guzman.
• Ryan Smith: Saving someone going to Washington.
• Mr Business School: He must be huge.
• Clement Carney: Pope on a ferris wheel.
• Sue Nunez: Why, what did Nunez do?
• Dean Collins: Su-Su-Ssudio!

Last week I talked about using Ansible for FreeBSD automation, but forgot to address the other elephant in the room: Ansible can’t find Python on FreeBSD hosts.

The problem

As per its Linux heritage, Ansible defaults to the following Python path:

/usr/bin/python

FreeBSD (and NetBSD, and Solaris, and macOS with Homebrew, et.al) put Python elsewhere, which Ansible can’t find. It’s a curious design decision, we’ve had the following portable shebang recommended for years:

#!/usr/bin/env python

This issue thread suggests the Ansible developers don’t see this as a bug. So it’s up to us to work around it for platform-agnostic playbooks.

Solution 1: Symlinks

As part of your bootstrapping process, you can install Python from pkgng or ports, then symlink:

# ln -s /usr/local/bin/python /usr/bin/python

This works, but is fragile and nasty. We can do better.

Solution 2: Grouped FreeBSD hosts

In your Ansible hosts or inventory files, group your FreeBSD hosts and apply a var to them:

[freebsd]
houki
charlotte
[freebsd:vars]
ansible_python_interpreter="/usr/local/bin/python"

Solution 3: All hosts

If you only target FreeBSD hosts, you can set the var for all hosts:

[freebsd:vars]
ansible_python_interpreter="/usr/local/bin/python"

Solution 4: All hosts for env Python

Hey wait a minute, I’ve got an idea. You can do the same thing as above, even if you have a mix of different hosts:

[all:vars]
ansible_python_interpreter="/usr/bin/env python"

Huzzah, it works! This will now become part of my Ansible boilerplate.

Galen Gruman wrote this interesting tidbit at the end of a CIO review for Microsoft Teams:

Microsoft is the underdog here, and relying on its installed base is a dangerous strategy—as Microsoft should know from its Yammer, Windows 8, and Windows Phone debacles. Microsoft’s imprimatur no longer guarantees a product’s adoption. It needs to actually be good. Yes, there are IT shops that will give Microsoft years to get things right—they prefer it to relying on a small company like Slack or Atlassian—but that’s the same miscalculation Microsoft made with Windows Phone and Windows 8.

It’s amazing how this has changed from the 1990s and 2000s.

I also had to look up what imprimatur means:

An official license to publish or print something, especially when censorship applies. [..] (by extension) Any mark of official approval.

It’s also a noun in Czech, French and Latin, for those who wanted to know. Imprimatur, not Microsoft Teams.

I used Safari as my default browser for a week in 2015, but went back to Firefox. I wondered if much had changed in the intervening time, so I tried again.

The bad

• The lack of favicons still make horizontal tabs difficult to differentiate.

• The narrow address bar persists, with a huge waste of space either side. I appreciate the Apple UX teams are trying to reduce the need for user-facing URLs, but we’re not there yet, and we need to see them.

• No sidebar tabs, or extensions to get them. Once you’ve used a browser with stacked tabs this, shoehorning everything into a thin horizontal bar feels like madness.

But the good

• Ellis Tsung’s uBlock Origin for Safari has mitigated many of the problems I had with Safari two years ago. For privacy and ad whitelisting, you needn’t look further.

• It’s still smooth as silk; definitely the fastest browser on the Mac.

I’m a bit of an Iomega aficionado. They were the quintessential 1990s consumer IT company, and even had coloured peripherals before the original iMac.

They made a name for themselves with their early Bernoulli boxes, but the Zip drive was their breakout device. It never reached critical mass like the floppies they attempted to usurp, but they had the creative and business markets cornered until writable CDs came around.

Most of their devices came in external and internal versions, with parallel port, SCSI, IDE/ATAPI and later USB. They had some pretty clever tricks; the parallel port Zip could pass through a printer connector, and the external SCSI Jaz drive could be connected to a parallel port with an active adaptor if needed.

My first Iomega device was an internal, 100MB ATAPI Zip drive. The width of the disks meant the drive fit (barely!) into the spare 3.5" bay I had. I loved that little beige drive, but was a bit envious of friends who had the external blue one. It looked so cool.

A year later, I loaded up the “Iomega Tour” included in the Zip drive’s driver CD, and saw this slide for an internal Zip drive that looked nothing like the one I had:

So cool! Granted it took up an entire, larger 5.25" drive bay, but it had the same colours and lines of their external drive. It was so much cooler than the tiny beige box that I had.

Problem was, nobody seemed to stock this obscure drive. In one of my nerdier escapades, I even took the step of printing out the slide and showing it to bemused Sim Lim Square and Funan Centre staff, without success. It never appeared in eBay searches, not for want of trying. I couldn’t find any reference to it online. Reverse image searches didn’t show up anything. After a while, I assumed it must have been a prototype.

That is, until today! The unit above is an original Zip Insider, bought from eBay almost 20 years after I got my first drive. Not to get all Malcolm Gladwell on you, but turns out this was their earliest internal SCSI variant. They must not have sold well given SCSI was limited to Macs and high end PCs at the time, but IDE was everywhere.

I only have a small problem right now; I don’t have a spare machine to put this in. I’m thinking it’ll end up in the Supermicro homelab box I’m building, just because.

I use Ansible where possible at work; it’s really wonderful stuff for Linux. Unfortunately, its support for the BSDs has never been fantastic, evidenced by their zero-dependency claim when a Python interpreter is required!

Given the dearth of BSD Ansible material online, I thought I’d share some tips I’ve learned since trying it out. This is all valid as of Ansible 2.2.1.0.

Bootstrapping a fresh FreeBSD install

Since I wrote my first playbooks, the Ansible BSD docs now list a process using the “raw” method to bootstrap dependencies on a fresh FreeBSD install:

ansible -m raw -a "pkg install -y python" bsd_host

This itself makes some assumptions. The pkgng binary package manager is only available by default on 10.x and above, and requires bootstrapping with the “pkg” command first.

The Joviam Cloud makes it trivial to create a base FreeBSD image with required packages (such as Python, the Saltstack client, etc), clone from it as a template, and inject your SSH keys on start. I’ll probably stick with this approach, but it’s good to know we can get closer to starting from scratch.

Using pkgng

Pkgng has been the default FreeBSD package manager since 10.0-RELEASE. Ansible includes a module for it, albeit with less support than the standard Linux tools. It should look familar to apt and yum users:

- name: install/upgrade/confirm figlet package is installed
  become: yes
  become_method: sudo
  pkgng: 
    name: figlet
    state: latest

Unfortunately, it doesn’t have a provision for package pinning. This is important so your custom builds from ports don’t get clobbered by newer, generic builds in pkgng.

Using Portinstall

Thesedays I try to use binary packages where possible. nginx-devel is the exception, because it doesn’t include the headers_more extension which is all but mandatory now for privacy and SSL headers.

The portinstall module gives you:

- name: verify nginx package is installed
  become: yes
  become_method: sudo
  portinstall: 
    name: www/nginx-devel
    state: present

What’s not clear is how to define custom build options. You can drop to a shell to define them during the make process, but this isn’t idempotent. Regardless of whether its installed or running, you’ll be building it each time.

As I said above, because the pkgng module doesn’t have a provision for pinning, a pkg upgrade will potentially overwrite your custom ports when a new version comes out. It should be easy enough to drop to a shell to do this, but its part of the workflow that still needs to be done manually.

Conclusion

Ansible is a cinch on Debian, and I want to use it on my personal FreeBSD boxes as well. Provided you only use binary packages and bootstrap it using the first process above, it works great. For custom ports, things get complicated quickly.

When I have more answers to these ambiguous cases, I’ll share them here.

EMM386 was a MS/PC DOS utility for loading TSRs into high memory. QEMM, UMBPCI and others were arguably more efficient, but EMM386 was broadly compatible and always there.

I always wanted to know the specific EMM386 versions shipped with systems. Partly out of curiosity, but also so I wouldn’t inadertedly load an older version when they were available from DOS and Windows.

I couldn’t find it directly on the Microsoft Knowledge Base site, but this mirror lists all the different versions. I’ve refactored it into an HTML table for your delight, amusement and convenience:

Product	EMM386.EXE Version
Windows for Workgroups 3.1	4.44
MS-DOS 6.0	4.45
MS-DOS 6.2 and 6.21	4.48
Windows for Workgroups 3.11	4.48
MS-DOS 6.22	4.49
Windows 95	4.95

What’s missing from this table is MS/PC DOS 5, PC DOS 2000, and Windows 3.0. Perhaps if I find them I’ll go back and add them in here.

Our last family DOS machine was upgraded to MS-DOS 6.2 and Windows 3.1. For my current nostalgia project I’m sticking with our original 6.2 disks, but I’m cheating a little and using 3.11 for Workgroups for the networking, 32bit disk access, and (cough!) stability.

It’s been a crazy few weeks. 2016 was a storm for the world, but 2017 is already shaping up be that for the family. The good news is we’re approaching a semblence of normalacy again.

All those hours of waiting, and trying hard to distract my mind lead to some surprisingly interesting places, some of which have been queued up for blog posts and/or podcast episodes.

Most of all, it’s added some clarity.

(As an aside, I’m not sure whether it’s semantically or physically possible to add clarity; the term sounds more like clearing away clutter. Maybe it’s akin to chlorine in pool water, or activated carbon filters in water jugs. Those would be preferable to adding chlorine to a water jug, or activated carbon filters to a swimming pool; the former sounds disgusting, the latter would be ineffective).

Let me rephrase; it’s clarified some things. I’ve said it a few times now, but I’ll be trying harder not to write about what angers, frustrates or annoys me. All those do is anger, frustrate and annoy me, when writing them, and when seeing them plastered on the site after. Life’s too short to dwell on nonsense like that.

I’m also considering re-activating blog comments. After going through family hell again, I can take the pedants and trolls. I’m not sure how I’d do this, but we’ll see.

Rubenerd hasn’t had many updates for a week, in part because I was scared about what I’d need to write about if something bad happened. Fortunately, I’m happy and relieved beyond words to report everything is fine, and my sister and I still have a dad.

Our smaller family had another scare two weeks ago, when my dad was admitted to hospital with chest pains. He was one episode away from a serious heart attack; the doctors said it was miraculous he caught it early. The next day, he was having a five-level heart bypass and followup surgery.

They say these are routine, but there’s nothing routine about seeing your dad unconscious in an ICU bed with breathing machines and morphine. For a family used to seeing hospitals, it was still confronting and terrifying.

There were complications, and he’s still in pain, but he’s recovering well. I’m so proud of him, and happy there’ll still be plenty of weekend chats over coffee or lunch in the future.

The nurses and doctors at the Sydney Adventist Hospital were stellar; when I have their names I’ll include them here. They treated my dad with great respect, professionalism and care.

It’s also been a wakeup call again about health. My dad was otherwise in good health; he didn’t have a beer gut, never ate junk food. Whether it was a combination of stress, built up cholesterol over a long period of time, or genetic factors, there all the more reason not to be complacent. Life may deal you a shitty hand, but it’s all the more reason to do as much as you can for yourself to help even the score.

Welcome back <3