Monthly Archives: December 2016

Configure Webstorm to use Github Desktop for Windows git-bash

If you have installed Github Desktop on Windows, you may have noticed that the application itself comes with a “Git Shell” which is basically a linux terminal emulator running on windows and its very useful for developers or linux users that are familiar with bash.

The problem I recently encountered was trying to find the executable PATH of the git-bash.exe so that I can configure my Webstorm IDE to use it. All the documentation on the internet seems to point to C:/Program Files/Git folder but Github may have changed this as in the latest release I downloaded (v 3.3.3.0) the files reside elsewhere and I will share where to find them.
Continue reading

Fix Webstorm “Plugin ‘Go Lang Plugin’ is incompatible with this installation

If you are running Webstorm IDE (my version as of writing is 2016.3.2) and you are trying to ‘install from disk’ the Golang plugin and get this error:

You may have tried to upload a .zip version 0.171.XXX and got this error. To fix it:

  1. Download plugin version (0.13.xxx) just download the latest one that begins with 0.13 (disregard the top of the list that has a version 0.171.xx as they are incompatible with Webstorm.
  2. Go-0.13.1924.zip is the latest one as of writing.
  3. After loading the .zip file into the program it should ask to restart Webstorm.
  4. You should now have successfully installed the Golang plugin on Webstorm IDE… confirm by going to Settings > Plugins


That’s all folks¬† ūüôā

My LASIK research for hyperopia and astigmatism

This will probably be part 1 of my research into getting LASIK surgery to correct my hyperopia (also called hypermetropia or farsightedness) combined with some mild astigmatism. Continue reading

Plex mediaserver on FreeNAS allowing anyone to stream without login

I’ve been a user of Plex mediaserver for over two years, I set this up on a FreeNAS jail a long time ago and in the past few days I noticed something funny.

Out of nowhere there were two additional streams going on in my server onto the internet, I usually share my library with friends and family but what was curious about this traffic was that Plex was claiming that these two streams were “on my local network”
Continue reading

cPanel DNSonly bind recursion

In case you may be running into issues with named/bind domain service on cPanel DNSonly not responding to DNS queries recursively, I have a fix for you.

In older versions of named/bind9 used by cPanel if you wanted to allow anyone (or if you wanted security you could have setup an ACL, let’s assume you want to allow all) you could simply edit the configuration file and change “recursion no;” to “recursion yes;” to allow anyone to make queries to your DNS server for those domains or records that are not kept in your local server (ie: resolve yahoo.com)
Newer versions of BIND9/named changed their past behavior and now require a more specific configuration, just add these under “options” section

options {
...
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
...
};

I found a detailed explanation on why bind/named dns server changed its behavior, on the next page  a copy of the support bulletin from July 2007:

Overriding Google Compute Engine hostname from getting reset

On my last post, I explained how I am experimenting with Google Compute Engine (GCE) to host my backup DNS service and my post about configuring mailjet as an exim mail relay.

I have run into a few issues on Google Compute Engine, it looks like every time the instance gets a DHCP offer the hostname of the machine will get reset to the internal hostname, overriding whatever setting you may have set… this is bad news for a server that needs to respond to DNS settings.

After a few hours of digging and testing out different approaches, including trying to setup a DHCP hook to run the “hostname” linux command I came across documentation from Google talking about “custom metadata”.

How to setup Mailjet on exim for cPanel dnsonly on Google Cloud

I have been experimenting with Google Compute¬†Engine (GCE) for the past few days. I wanted to migrate a slave DNS server to Google as an experiment and this blog post will talk about the shortcomings, my workarounds, configuration and tips to achieve the goal of having cPanel DNSonly installed and setup using Google’s infrastructure.

What is Google Compute Engine?

Google Compute Engine (or “GCE”) is Google’s answer to Amazon’s AWS, it basically offers you the ability to deploy Virtual Machines (VMs) at Google’s datacenters. In the most simplistics of setups you would use a single VM or “compute instance” and if you wanted to have a more complex setup you could deploy multiple instances in different geographic locations spread across different datacenters in the United States to achieve a more redundant setup or to provide you with better capacity for large traffic workflows.

It all depends on what your goals are, myself I am just starting out with a simple requirement. I would like to use a single compute instance running CentOS linux that runs cPanel DNSonly (proprietary control panel/dns clustering solution for cPanel servers).

The goal is not to host websites or any critical services on this instance, but rather only keep a copy of my DNS zones. If my experiment fails or my instance goes down or gets destroyed there won’t be any losses or damages for this experiment as my primary server is still running on Proxmox PVE.

The limitations of GCE… What I learned so far

GCE instances run behind Google’s firewalls and depending on the datacenter you decide to host your instance your VM will have an internal IP within that datacenters network scope/range (for example: us-central1 datacenter zone has a 10.128.0.0/20 range for all VMs).

This means that assigning a IPv4 public static IP, which is needed to allow anyone to query the DNS server we’ll be hosting inside this instance will actually have to forward packets to the instances internal network. Not really a big deal unless your application can’t be behind a NAT firewall like it is the case here.

For our intensive use and purposes it is fine. One important issue that I found is that doing any kind of e-mail server related activities on GCE is prohibited (source). You won’t be able to use SMTP (Simple Mail Transfer Protocol) port 25, 465 or 587 to send or receive email.

Now for a DNS server that will not be a mailserver this is not a blocker, but it is really a pain in the ass. Why? because monitoring scripts running on the server need to email the administrator to notify me of issues or errors so they can be investigated.

Continued on the next page.

My first post in 5 years. I’m alive and well

A lot changes in 5 years, where it be in your personal life, social circle or career. It’s been a pretty busy five years since my last post on my website (just checked and it was on¬†2011/10/20)… so wow 5 years is a long time and a lot has changed since then.

You may be wondering why I stopped posting System Administration tips/code snippets and solutions to problems I have had for the past five years, mainly I have nobody but myself to blame for not dedicating time to writing up more articles but the trigger that caused me to go offline for so long had to do with a security vulnerability that my blog software (wordpress) suffered; back then in 2011 someone had decided to exploit my blog and redirect all my web traffic elsewhere.

As a “nuke it all” overkill solution I decided to take down the website, place a simple index.html site and thought to myself “I will fix my website when I get some free time and wordpress fixes their security” – this also happened during my senior year in college so my time was limited. I was running around trying to finish my last couple of high level courses and my final project to graduate while at the same time working part-time to pay for school.

The good news? In mid 2012 after 5 years at California State University Fullerton (CSUF) I had finally completed all my courses and obtained my Business Management Computer Information Systems degree. Shortly after that I started concentrating on my career. My internship at a major bank in southern California had yielded me a nice full-time job offer right out of college and so I went from being a full-time student into becoming a full-time Network Operations Center Technician.

During my time working in a Network Operations Center (NOC) I learned a lot about being a part of corporate america, but I learned way more about networking. This incentivized me to pursue and become better in networking by studying and successfully obtaining the Cisco Certified Entry Networking Technician (CCENT).

The thirst for more career growth

Work at the bank was good, but my learning had plateau for a good 12 months and opportunities to transfer into a Network Engineer role was non-existent, so I started looking elsewhere for opportunities while still working full-time at the NOC.

A few weeks into my job search I came across an opportunity on LinkedIn for a very small company I had never heard from before, they claimed on their website that their business was digital media and asset delivery. At the time I did not understand much other than some sort of transcoding in the cloud was what they did.

Sure enough, submitted my resume and the next day received a phone screen and an invite to come for an onsite interview in their office in Los Angeles. The job opportunity was for a linux system administrator role with networking duties in a datacenter environment.

Although in my professional career I had never used Linux, I did have some personal experience with Linux as I had been experimenting and using Redhat Linxu 7.2 since the early 2000s (back when Redhat was free! and wayy before Fedora even existed). After a written technical test on linux, of 25 questions or so I did get about 17 of my answers right and so I ended up with a job offer as a System & Network Engineer.

I was excited, I decided to take the plunge and leave a relatively safe position at a bank with no growth into the unknown of a job that depended on my linux skills. It was a perfect mix as I would still be able to use my networking skills by being responsible of the datacenter deployments in Los Angeles for this little company that had just hired me.

The green card crusade is finally over… and the job at Google

Fast forwarding a couple of years, I was able to finally get my green card after waiting in line and dealing with all the red tape that is involved with trying to become a permanent resident the right way.

Around the same time, I had accepted a job offer with Google in their Los Angeles office and that is where I have been for almost two years. During my time at Google I still try to learn new skills on my own and play around with new technologies, just a few months ago in October 2016 I attended PuppetConf 2016, studied and passed their Puppet Certified Professional 2016 exam.

As you can see, it has been a pretty busy five years for me. A lot of learning, growth, career moves and finally achieving one of my most ambitious goal, becoming a U.S. permanent resident.

What’s next for 2017?…

Learning never stops and if there is something I regret is not bringing back my website back online sooner. I have worked on some cool things and have found a couple tips and solutions that originally took me several days or even weeks to learn. As a first step for the next year I am hoping to be able to use my blog again to help people find all this information and help others grow.

The technology landscape also keeps continually changing, recall my post discussing building a vmware ESXi (all-in-one) server. Nowadays there are exciting new technologies like Docker that I am hoping to dig into it myself sometime soon.