Wednesday, July 8, 2015

Effective Git messages and history inspection

Embedded below is my presentation from YAPC.na 2015 on Effective Git: better commits via inspecting history and code archeology.

I showed the elements of an effective commit message, why they're useful during inspection of the code, and how to coerce your rough draft feature branch into a production ready artifact.

The slides in the video are washed out, so follow along with the Slides (pdf)

From the talk description:

Harness the power of Version Control to view a project’s evolution over time. We have the luxury of moving forward and backwards through the history of our projects, viewing changes through time and reading sign posts along the journey. Experience reading commit messages will prove how useful they are at sharing the mental model behind the code. Reading historical commit messages and viewing diffs improves our ability to document and stage our own commits. Commits are not write-only! They are messages from the past that tell us about our present.

I’ll show you the tools I use for diving into a new code base and how I interact with my current projects on a daily basis. I’ll show how I answer the questions that come up when reading and debugging code. I’ll show you how I stage and rebase my commits to make a readable history. You’re keystrokes away from pivoting from code to annotation to arbitrary diffs then cross-corelate commit messages with your ticketing system.

Wednesday, April 22, 2015

Renew expiring GeoTrust HTTPS/SSL certificate in Amazon AWS for S3 and CloudFront

Key Insight

AWS doesn't let you modify the key for server-credentials, forcing you to create new ones and then update CloudFront(CF) and Elastic Load Balancer(ELB) configurations to use the new cert.

My corporate https/ssl certificate is expiring. I need to renew it and get it pushed to AWS IAM for use in S3 and CloudFront. If you're in the same boat, I hope these instructions help you out.

PS. Hi Future me, I'll see you in about a year when this round of certs expires.

Materials Needed:

  1. CSR and private key file.
    1. The current set is preferred.
    2. If you don't have the original files, you can create a new pair.
    3. If you are changing the CSR, your certificate authority may need to spend time re-validating you.
  2. account & password to your certificate authority.
  3. aws credentials and access to modify IAM certificates
  4. aws command line tools installed.

Basic Steps:

  1. Renew the certificate:
    1. Connect to certificate authority.  For me this is GeoTrust
    2. Click the big [renew]  button by your current certificate.  
      1. pick the new certificate term,  
      2. confirm admin and billing contacts
      3. update the CSR for confirmation
      4. pay.
      5. wait for confirmation
  2. Download and prep the certificate files:
    1. Download the certificate bundle.  Choose type "other" which will provide a zipped bundle of files. Unzip and enter the directory.
    2. crossRootCA.cer
      getting_started.txt
      IntermediateCA.cer
      ssl_certificate.cer
    3. Create a certificate bundle from the root and intermediate file:
    4. cat IntermediateCA.cer crossRootCA.cer > geotrust-chain.pem
    5. Copy the original secure key to the local dir.  For me this is company.rsa.key.  This must be a RSA key in x509 format.
    6. cp secret_files/company.rsa.key ./
  3. Create a new AWS IAM server-certificate.
    1. AWS doesn't support modifying the keyfile in existing server-certificates, we need to create new ones.
    2. CloudFront requires a separate server-certificate with a path starting with 'cloudfront/', so we'll upload the key twice to create two server-c
    3. aws iam upload-server-certificate \
      --server-certificate-name company-test \
      --certificate-body file://ssl_certificate.cer \
      --private-key file://company.rsa.key \
      --certificate-chain file://geotrust-chain.pem \
      --path /
      aws iam upload-server-certificate \
      --server-certificate-name company-test-cf \
      --certificate-body file://ssl_certificate.cer \
      --private-key file://company.rsa.key \
      --certificate-chain file://geotrust-chain.pem \
      --path /cloudfront/
  4. Update AWS to use the new server-certificates
    1. Cloudfront:
      1. For each CloudFront distribution using the expiring server-certificate: 
        1. In the console: Console -> CloudFront -> Distribution Name -> [General] -> [Edit] 
        2. Then choose the new certificate from the drop-down.
    2. ELB:
      1. Console -> EC2 -> (pick region) -> Load Balancers
      2. For each load balancer that uses HTTPS with the old cert:
        1. right-click -> 'edit listeners'
        2. Use the "change" link in the SSL Certificate column.
          1. Certificate Type: Choose an existing certificate
          2. Certificate Name: choose new certiicate from the drop-down
Today I learned about and used the aws iam *-server-certificate* commands. Next steps would be bypassing the console and automating detection and updates of ELB and CF entries.

Links

Sunday, February 8, 2015

haskell on centos 6.5

Use justhub rather than version in epel repo.

Don't bother with the version of haskell-platform in epel repo. It is sufficiently out-of-date (circa 2010) that it can't update via cabal install cabal-install. Jump straight to using justhub.

Justhub example for centos 6.x:

# install the justhub yum repo:
sudo rpm -ivh http://sherkin.justhub.org/el6/RPMS/x86_64/justhub-release-2.0-4.0.el6.x86_64.rpm

# install single current haskell version into /usr/bin
yum install haskell

# update cabal
cabal update

# e.g. install some packages via cabal
cabal install haskell-src-exts
Now I can get back to coding for exercism.io. Come review my first haskell program.