Stuff you will wonder about when installing Bamboo

Bamboo is software by Atlassian that will build your software and do stuff https://www.atlassian.com/software/bamboo You might also know Jira, Confluence, Crowd & Stash. Their PR machine is excellent (Like that time when they hijacked 10 years GIT. They made a beautiful congratulatory page & article that had half my twitter feed think Atlassian invented git.  They released Stash in 2012 that incorporates git amongst others. Git was creaded in 2005.)

Installing Atlassian software leads to frustrations, about the most stoopid shit. Mostly lack of full information. Like default port numbers, etc. So in my horrible search, I’ll write some of the shit I found out here, for those who care. This might grow after posting as the frustrations continue.

I don’t feel like I’m pushing the envelope either, we just need our software installs to be fully automated in Ansible, repeatable without human interaction and flexible. Something we achieve for our own software, for a bunch of other middleware, but that fails horribly for the Atlassian stack.

Bamboo Network Ports?

This depends on your config, but by default, you’ll need to open port 8085 for http access and port 54663 for your remote agents.

 

Elastic Bamboo EC2 IAM policy

In short, there is no official EC2 IAM policy.

https://twitter.com/g3n/status/608633282826252288

Atlassian wants you to just give Bamboo full access to your account. You don’t want that.  Horror stories about what can go wrong, like auto terminating unrelated machines in this question “What permissions does the bamboo IAM user need for Elastic Bamboo?” You don’t want to give Bamboo rights to any account running anything serious. But if you need security, you’ll need it in the same account for VPC reasons, etc. A request for such a policy (this is less that 50 short lines of text) has been filed in July 2012 as BAM-11932 and there has been no answer to date except that they will not provide a IAM security policy for this big  bamboo feature.

You can at least restrict the accunt to the services it needs, as to not have full priviliged accounts floating around, but ultimately, this does not solve any real problem, where your Bamboo instance might shut down all your production machines.

{
 "Statement": [
 {
 "Action": "ec2:*",
 "Effect": "Allow",
 "Resource": "*"
 },
 {
 "Effect": "Allow",
 "Action": "elasticloadbalancing:*",
 "Resource": "*"
 },
 {
 "Effect": "Allow",
 "Action": "cloudwatch:*",
 "Resource": "*"
 },
 {
 "Effect": "Allow",
 "Action": "autoscaling:*",
 "Resource": "*"
 }
 ]
}

I am working on a policy that would allow Bamboo to only control his own buildnodes, but so far I have no code to post here.

Bamboo behind a Proxy

The documentation here is not that horrible. It’s all there, just read it very carefully & twice. Also, there are multiple pages for this.  The very official looking “Integrating Bamboo with Apache HTTP server” in the documentation; and the actually much more helpful “How to set up Bamboo behind proxy (Apache)

These documents however do not touch on the considerations for running remote agents with a proxied setup. (see further the remote agents point later)

 

Remote agents

The documentation about remote agents makes them seem MAGICAL. Just run the provided line & shit ‘ll work. This might be the case when you just dump all your machines in the network, connect directly to the Bamboo machine, etc. If you need to run this on internet with (god forbid) security, VPCs and a reverse proxy, this won’t do.

The main resource here for starting the configuration is “Troubleshooting Remote Agents” and you’ll want to look at what addresses to use for the bamboo.jms.broker.client.uri & bamboo.jms.broker.uri that you set in the general settings page

The URL provided for starting the remote agent will probably contain the URL you put in the config as Base URL. If you’re proxying, this will not work and you will need to replace this with the actual IP of your bamboo server.  This is because the broker communication is over a different port, you might also proxy or tunnel this port from your Proxy to solve this.

java -jar atlassian-bamboo-agent-installer-5.8.1.jar http://<ip>/agentServer/

Hipchat.

So, like .. (I’m in simple mode, because my mind is still blown. I’m not surprised, mind you, just a blown mind.) We use Atlassian Hipchat & the previous build tool uses that extensively. As one would expect :) So when moving to Atlassian Bamboo, I’d expected near automagic Atlassian Hipchat connecting, a bit like what they try with Jira & Confluence, but simpler, because it’s only chat. ….. No.

Note that Bamboo does not yet support using HipChat as a global IM server. HipChat can only be used in the plan notifications area as shown here
source: Integrating Bamboo with HipChat

There is an IM server pane in the setup. Ignore that, Hipchat is not meant to go there. You can try, but I didn’t get it to decently work, even though “succesfully” sending messages into the aether.  Trying to get this working none the less meant making a paying user on Hipchat instead of an API key, etc.  Spare yourself the time.

The ONLY official way today to connect Hipchat to Bamboo is to configure it per build plan in the notifications pane. The “add notification” button has a Hipchat option.. never mind the “no IM server” message. There you can add an API key.
Getting this to work on a Hipchat server you run yourself is .. well, creatively solved by editing /etc/hosts (you see where this is going, I’m really trying to stay positive though)
You can NOT hoewever add this server wide & the only real option is to provide an admin level api key to everyone who needs this in their build plans. (Before you ask, I don’t want to let users create those api keys with their accounts, I don’t need half the build plan notifications to stop working after we delete his account for any reason) The Hipchat API at admin level alows full access to everything, including creating and deleting users, rooms, etc. Licences are per user, so you’re essentially putting user details with access to actions that generate extra costs out in your user base. Just so your hipchat users can read that there’s a build ready. (I wish I was making this up)

The only hope for a better solution lies in a user comment by “asdf asdf” on the Integration page. The sad truth is that they used a third party plugin to connect Atlassian Bamboo with Atlassian Hipchat. I am loathe to go find out how much it costs. (I’m not adverse to spending money for good reasons but this would be absurd)

We are using the 3rd party plugin “HipChat rooms” as a workaround.

It has a global configuration to specify hosted HipChat host and as a bonus room name is easily selected from a list that is presented to the user.

The plugin when configured is available as “Hipchat Rooms”, but the plugin itself is called “HipChat plugin for Bamboo“. Made by Go2Group, Vendor supported and Free. (They must be saints.) And more importantly, It Just Works. And it keeps my credentials safe. Like any “Connect to a chat server” thing should, this day and age.

Consider & fix as you prefer, but we ended up installing a third party plugin to get 2 Atlassian products to work together. (Try reading that last bit out loud.)

Some links of relevance and hope, yet ultimately only sadness & frustration.

MORE questions!

The questions keep coming & most of these aren’t rocket science, it’s just that for a commercial product, the solutions aren’t very professional and the search to find them is often simply horrible. And sometimes, the functionality is Just Not There.

Questions I’ve figured out & will update on

Where is the database config etc?
Can I automatically install Bamboo
What about the bamboo init script & how good is it?

 Questions I have still to figure out

Can the remote buildnodes detect their Agent-specific capabilities, like different java versions?
How do I provide the buildnode with a list of his Agent-specific capabilities, so that it can tell the server?

 

Provided for the courtesy of anyone who needs this info.

Because I don’t feel I’m asking anything spectacular here & the information is simply lacking.  So in the hopes of sparing if only one person the frustration.

I was recently asked to speak at the fresh local Atlassian User Group meeting, but honestly, I don’t feel my current experiences make me a good spokesperson, unless the point is to wallow in collective disgust at how horrible some things work.

The fact that I was prompted to make a page like this honestly says it all.

One fights the enemies of the state, the other serves and protects the people.

I sometimes quote this to people

There’s a reason you separate military and the police.
One fights the enemies of the state, the other serves and protects the people.
When the military becomes both, then the enemies of the state tend to become the people.
– Commander William Adama, Battlestar Galactica (imdb)

painfully relevant, considering there’s military personnel on duty in our cities these days.

Visit Russia.

Why are we not going there more?

In a country covering nine time zones and one-sixth of the world’s land mass, stretching from the Pacific to the Baltic, from the Arctic to the Central Asian deserts, from near-medieval villages where people still draw water from wooden wells by hand, through single-factory towns and back to the blue glass and steel skyscrapers of the new Moscow — TV is the only force that can unify, rule and bind the people.

From: http://www.politico.com/magazine/story/2015/01/putin-russia-tv-113960.html#ixzz3PNl9bQNq

Ignore the fear striking your hearts at words like Russia, rule, bind and Moskow. And read the other parts. About time zones, wooden wells & futuristic New- cities.

Why is nobody I know going there?!

..
The answer is probably in the article itself. It’s a scary overview of Russian gov’t media control, molding the public through TV & media control with some poignant examples.
Who’d want to go to a country like that?
Pieces like this one remind me of how easily influenced large groups of people are. And remind me that we too are a large body of citizens, gobbling up media & seeing the wider world through a lense that’s shaped by agendas that we have no clue to or most of the time don’t even realize exist. And honestly even if we do realize, it’s hard to step away from it. If all around you is that image, there is no turning away. And even if there is, the cost is casting yourself from the society that does, en masse, subscribe to that image, those views, that idea.
There are people deciding what shows get made & shown everywhere. And a look into this scary Russia might as wel serve as a mirror to what we ourselves are subject to. Even in this very article, by the way.

So why is nobody going there? Because our society isn’t into Russia & likes to portray a scary otherworldly society where everything is bad and different and scary. Even though glimpses of their society, like a recent one of their export products, Masha & Bear, somehow seem to reveal a people much like us, with kids that like being entertained by a very funny little girl.

So next time you think about Russia, don’t think about the propaganda on either side, but realise that they’re all just people (almost quoting Sting here). And try something different. Try to name 10 positive things you know about Russia. And if you don’t manage that, realize that should be easy for a country that big, that many people, all living lives, in nine time zones.. There are, beyond a doubt, 10 things that are good about Russia. And if you can’t make that list? That probably says something about you. About us, because I can’t either.. About the culture we live in.

And wonder with me,
Why am I not traveling to Russia for my next globetrotting trip?!

De Android Bancontact app is super handig!

Een stukje hangouts conversatie ..

bcc app is nochtans suuuuperhandig
Mijn Babysit Aanvaardt BCC!!!!!!!
:)

das obsceen
dat is waarom wij allemaal in tech werken

omdat IK dan niet meer ‘s nachts, moe, koud & te laat aan een bank moet staan om een nog te berekenen aantal euri’s uit de muur te halen en dan nog niet te kunnen passen

De bewuste Bancontact / Mister Cash app. (Wist je trouwens dat het niet “Bankcontact”, maar “Bancontact” is?! I checked op de bank kaart!!)

10 songs which played a major role in your life.

As with all things social media, sometimes you can’t escape the memes. As this one. I was asked about songs which played a major role in my life. It also says not to think too much, so I chose for that part & went for the experience. All these are important. Some for obscure reasons, some in different versions, but all, none the less, important.

Music was my first love & it will be my last. Fuck 10 songs, even this list of unknown length only touches some little years, nothing near the conclusive list.

Alanis Morisette – Ironic
Meat Loaf – bat out of hell
Police – Roxane
Phil Collins – the roof is leaking
The Police – 7 days
Maria Carey – emotions
Tori Amos – Smells like teen spirit
Counting Cross – Round Here
Paul Weller – You do something to me
Guns n Roses – November rain
David Bowie – Little Wonders
ELO – Mr blue sky
Screaming Jay Hawkins – I put a spell on you
Billy Joel – Uptown Girl
Wham! – Wake Me Up Before You Go-Go
Rene Froger – Een eigen huis
Wim Sonneveld – Het Dorp
Reef – place your hands
Oasis – Champaign Supernova
Marc Cohn – Walking In Memphis
Tracy Chapman – Fast Car
Leonard Cohen – Take this waltz
Aznavour – La Boheme

Being concise is sometimes an important excercise. In this however, just a frustrating waste of otherwise pure emotion. I don’t even know how much there are. Let me go make a youtube playlist!

Now, Since I went through that intense process of making The List (a list), I require you to listen to it’s entirety, it’s current 22 tracks of Life. This playlist will grow.

Send it to your chromecasts!!

A bit on Ello & making friends

I wrote this on the Ello.co, spontaneous piece, but as writing something on a platform that has no reach (yet) is a bit senseless, it’s blog post time.

One thing I really Really miss about modern day social networks is the social aspect of meeting new people. Most of the tools SUCK for that. ICQ used to do that back when it was the first, MSN scrapped that feature. (yeah, that old) Facebook sucks, try talking to a new person, I double dare you. There’s some niche social networks that might in some way or form cultivate that, but going on Fetlife (nsfw) to make friends might be a stretch.
Twitter & G+ have a community that at least supports the idea, but it’s not really about making friends either..

Question is though.. Is anyone looking for a new way to make friends online? Facebook says no. The lean startup chat software example (can’t remember the name at all) says yes.. Sort of sounds like at least some people are..

Is ello.co going to do that any better?

https://ello.co/gertschepens/post/Q5aTx_kmK_oGTvgdt4UzEw

A quick bit on Ello

There’s a new kid on the social media block and it’s called ello. Its minimalistic by design aesthetic and looks very smooth. Others say it looks clinical, and it’s been called the start of the Miserable Web.

There’s a new kid on the block and the writers smell blood. Everyone is putting in their 2 cents and lots is read into all sorts of things. The sad truth is though that its an incomplete set of features like many before it, names like diaspora & friendica come to mind. And there is still a long way to go to come near the smaller players, let alone the de facto leader, Facebook.

@desiknr on twitter:
There’s federated GNU Social, pump.io, Friendica, Diaspora. Somehow Ello gives me an http://App.net dejavu.

It’s also not so cute as it seems.
The project is VC funded by FreshTracks Capital, says Aral Balkan in a recent blog post where he says goodbye to the service, hoping to stop it before it gets traction.
Honestly though. Nothing wrong with VC funding but it’s a long way from “we made a site & shared it with friends, now you can have it too! And some time we’ll let you pay small money for extra features” as they put it on their pages. The question lingers, how will this investment firm capitalise on their investment.

Is it a Facebook killer though? Moving all those users is not just about a better experience or a better set of features. Its impossible to seriously assess that with what we know now.

It looks though that Ello.co is here to stay & planning to make a decent splash. And while you wait for that invite, log into VK.com as a reminder that Facebook is only king in part of the world.

Thinking about waiting for trains, online productivity tools, solutions & Smiles

Sitting in the station, waiting for the next train because I missed the previous one, what do you know, it was actually on time. I started wondering.. What if I pour all that time a day I spend waiting into blog posts? That should amount to a pretty interesting amount of blog posts..
Well.. A considerable amount of posts if nothing else..

So let’s look into that :)

Continue reading Thinking about waiting for trains, online productivity tools, solutions & Smiles

Ansible exit statuses

I need the exit codes for Ansible for reporting purposes.

The exit status or return code of a process in computer programming is a small number passed from a child process (or callee) to a parent process (or caller) when it has finished executing a specific procedure or delegated task.
wikipedia.org/wiki/Exit_status

Google can’t seem to show me information about the Ansible commandline exit statuses though. So I looked them up & here they are. The exit states were different in older versions, only the more recent versions are compliant with standard Linux exit behaviour.

Ansible exit 0
OK
This includes “no hosts matched”.

Ansible exit 1
Something’s wrong.
Includes wrong options, missing arguments, errors in the playbook, ansible specific errors.

Ansible exit 2
Failed hosts

Ansible exit 3
Dark hosts

source: source code VERSION 1.7, bin/ansible file.

This should be in the Docs & if I ever figure out where to submit this & what hoops to jump through to get this in there, I will. But first some more work! And in the mean time, at least it’ll be on here..

Ansible-pull unknown hostkey.

I encountered an Ansible-pull “unknown hostkey” error.

Starting ansible-pull at 2014-06-03 11:17:00
localhost | FAILED >> {
    "failed": true, 
    "msg": "git.repo.com has an unknown hostkey. Set accept_hostkey to True or manually add the hostkey prior to running the git module"
}

After some digging around, turns out the latest Ansible has no such problem, but the installed “ansible 1.5.5″ running the pull has. Apparently that used to be a bug.

Simple solution is obviously to upgrade, but why go for the simple solution. Turns out this ignores most of the options concerning host-keys, except /etc/ssh/ssh_known_hosts

That means that adding the repository ssh-key will enable you to pull the repository.

ssh-keyscan git.repo.com >> /etc/ssh/ssh_known_hosts

Fun fun.

Atlassian stack Frustrations

Most of these are rethorical questions since I know that most of the reasons are design flaws, oversight, money grab and similar constraints. Setting it for auto post in about a week!

Why doesn’t Jira & Confluence integrate better? Like decent issue widgets without having to manually create rss exports in Jira. They feel like 2 separate products with some very very basic integration!

Why can’t I have all Confluence emails as notifications in their interface? How can I enable more notifications types?!

why doesn’t the Jira Kanban board automatically refresh?

Why does it take so bloody long to load the Jira Kanban board and whats with that spinner once it’s half loaded?!

Why aren’t the Jira/Confluence pages responsive?? (ie responsive web design)

Who ever thought it a good idea to display comments chronologically on the issue page (I like) and reverse chronologocally on the Kanban board issue zoom?! (Yes I get that that way & with a bit of luck we’ll always see the most recent comment first, but just no.)

Why do some pages not decently load, but stay blank instead? I mean, what has to be going on on that page for shit like that to happen?!