Srijan Choudhary, all posts

2025-12-29-001

Srijan Choudhary — Mon, 29 Dec 2025 22:20:00 +0000

Faced a failing disk in my raidz2 ZFS pool today.

Recovery was pretty simple:

Asked the service provider to replace the disk

Find new disk ID etc using:

lsblk -o NAME,SIZE,MODEL,SERIAL,LABEL,FSTYPE
ls -ltrh /dev/disk/by-id/ata-*

Resilver using:
```
sudo zpool replace lake  
```
Watch status using:
```
watch zpool status -v
```

Re-silvering is still ongoing, but hopefully completes without issues. Will run a manual zpool scrub at the end to make sure everything is okay.

2025-12-15-001

Srijan Choudhary — Mon, 15 Dec 2025 06:55:00 +0000

A small elisp snippet that I found useful. I often switch between terminals and #Emacs, and they have slightly different behaviors for C-w. This makes it behave the same in Emacs as it does in bash/zsh/fish etc - deletes the last word. It retains the kill-region behavior if a region is actually selected.

(defun kill-region-or-backward-word ()
  "If the region is active and non-empty, call `kill-region'.
Otherwise, call `backward-kill-word'."
  (interactive)
  (call-interactively
   (if (use-region-p) 'kill-region 'backward-kill-word)))
(global-set-key (kbd "C-w") 'kill-region-or-backward-word)

Ref: https://stackoverflow.com/questions/13844453/how-do-i-make-c-w-behave-the-same-as-bash

2025-12-09-002

Srijan Choudhary — Tue, 09 Dec 2025 22:50:00 +0000

tramp-hlo looks interesting. Anything that can make tramp on #Emacs snappier is a good thing in my books.

2025-07-21-001

Srijan Choudhary — Mon, 21 Jul 2025 16:45:00 +0000

gcloud_ssh

A simple script that finds a google cloud compute VM by IP address across all projects of an organization and runs gcloud ssh to it.

#!/bin/bash

GCLOUD_SSH_FLAGS="--internal-ip"

# Get organization ID dynamically
get_org_id() {
    gcloud organizations list --format="value(name)" --limit=1 2>/dev/null | sed 's|organizations/||'
}

search_and_connect() {
    local ip_address=$1

    echo "Searching for IP: $ip_address across organization..."

    # Get organization ID
    ORG_ID=$(get_org_id)
    if [ -z "$ORG_ID" ]; then
        echo "Failed to get organization ID. Make sure you have organization-level access."
        exit 1
    fi

    # Search for instance with this IP address
    RESULT=$(gcloud asset search-all-resources \
        --scope=organizations/$ORG_ID \
        --query="$ip_address" \
        --asset-types='compute.googleapis.com/Instance' \
        --format=json 2>/dev/null)

    if [ -z "$RESULT" ] || [ "$RESULT" = "[]" ]; then
        echo "IP address $ip_address not found in organization."
        exit 1
    fi

    # Parse JSON to extract instance details
    INSTANCE_NAME=$(echo "$RESULT" | jq -r '.[0].name' | sed 's|.*/||')
    PROJECT=$(echo "$RESULT" | jq -r '.[0].parentFullResourceName' | sed 's|.*/||')
    ZONE=$(echo "$RESULT" | jq -r '.[0].location' | sed 's|.*/||')
    STATE=$(echo "$RESULT" | jq -r '.[0].state')

    if [ "$INSTANCE_NAME" = "null" ] || [ "$PROJECT" = "null" ] || [ "$ZONE" = "null" ]; then
        echo "Failed to parse instance details from search result."
        echo "Raw result: $RESULT"
        exit 1
    fi

    # Check if instance is running
    if [ "$STATE" != "RUNNING" ]; then
        echo "Instance $INSTANCE_NAME is not running (state: $STATE)."
        echo "Cannot connect to a non-running instance."
        exit 1
    fi

    echo "Found instance: $INSTANCE_NAME in zone: $ZONE (project: $PROJECT)"

    # Generate and display the SSH command
    SSH_COMMAND="gcloud compute ssh $INSTANCE_NAME --zone=$ZONE --project=$PROJECT ${GCLOUD_SSH_FLAGS}"
    echo "SSH command: $SSH_COMMAND"

    # Execute the SSH command
    echo "Connecting to $INSTANCE_NAME..."
    exec $SSH_COMMAND
}

# Main script logic
case "${1:-}" in
    "")
        echo "Usage: $0 "
        echo "    - Connect to instance with this IP"
        exit 1
        ;;
    *)
        search_and_connect "$1"
        ;;
esac

2025-06-11-001

Srijan Choudhary — Wed, 11 Jun 2025 02:35:00 +0000

Quick note for me to generate #Emacs TAGS file for an #Erlang project:

find {src,apps,_build/default,$(dirname $(which erl))/../lib} -name "*.[he]rl" | xargs realpath --relative-to="$(pwd)" | etags.emacs -o TAGS -

The relative path ensures that this works over tramp as well.

2025-05-02-001

Srijan Choudhary — Fri, 02 May 2025 16:50:00 +0000

I didn't know that Aloe Vera can have flowers!

2025-03-24-002

Srijan Choudhary — Mon, 24 Mar 2025 20:55:00 +0000

Read Jeremy's post on quickly switching the default browser.

I had a shell script to do this as well. Doing it from Emacs makes more sense because I can have a completion UI.

So, here's my modified version for Linux:

(defun sj/default-browser (&optional name)
  "Set the default browser based on the given NAME."
  (interactive
   (list
    (completing-read
     "Browser: "
     (split-string
      (shell-command-to-string
       "find /usr/share/applications ~/.local/share/applications -name \"*.desktop\" -exec grep -l \"Categories=.*WebBrowser\" {} \\;")
      "\n" t))))
  (let ((browser-desktop (file-name-nondirectory name)))
    (shell-command (format "xdg-mime default %s text/html" browser-desktop))
    (shell-command (format "xdg-mime default %s application/xhtml+xml" browser-desktop))
    (shell-command (format "xdg-mime default %s application/x-extension-html" browser-desktop))
    (shell-command (format "xdg-settings set default-web-browser %s" browser-desktop))))

As a plus, it automatically lists the installed browsers based on .desktop files on your system.

2025-01-15-001

Srijan Choudhary — Wed, 15 Jan 2025 02:20:00 +0000

I had been facing an issue in #Emacs on my work Mac system: C-S- was somehow being translated to C-. I tried to look into key-translation-map to figure out the issue, but could not find anything.

Finally, turned out that I had bound C- to tab-line-switch-to-next-tab and C- to tab-line-switch-to-prev-tab, but the actual C-S- was unbound. C- only works on linux: something to do with how X11 sends the event to the application (and probably some compatibility mode due to which wayland was doing the same).

On Mac, once I explicitly bound C-S- in my Emacs config, it started working correctly.

Triggering Orgzly sync on Android when Org file changes

Srijan Choudhary — Mon, 13 Jan 2025 18:20:00 +0000

Introduction

To use my org GTD system on the go, I use the excellent Orgzly Revived mobile app for Android. To sync the org files between my laptop and my phone, I use syncthing (specifically, the Syncthing Android Fork by Catfriend1).

This allows me to quickly capture things from my phone, get reminder notifications of time-sensitive tasks, and mark tasks complete from my phone. The widgets are also useful for quickly looking at some contexts like errands or calls.

Sync Issues

However, Orgzly works by contructing a copy of the contents in it's own database and synchronizing it against the files periodically or when some action is taken in the app. Right now, it does not support synchronizing the data when the file changes.

For me, this has sometimes lead to a conflict between the Orgzly database and the actual files in the org folder. This only happens if the org file is edited on my laptop and something is also edited in the Orgzly app before syncing.

But, the Orgzly app supports intents that can be used from Tasker, Automate, etc to trigger an event-based sync.

Tasker Profile

So, I created a tasker profile to do this. It was surprisingly easy (I've used tasker before, though not too much). It can be found here: https://taskernet.com/?public&tags=orgzly&time=AllTime called "Run Orgzly Sync When Org Files Change".

Here's the basic flow of the profile:

Profile: Run Orgzly Sync When Org Files Change
Settings: Notification: no
Variables: [ %orgfolder:has value ]
    Event: File Modified [ File:%orgfolder Event:* ]



Enter Task: Orgzly Sync
Settings: Run Both Together

A1: If [ %evtprm1 ~ *.org & %evtprm2 ~ ClosedWrite/MovedTo ]

    A2: Send Intent [
         Action: com.orgzly.intent.action.SYNC_START
         Cat: None
         Package: com.orgzlyrevived
         Class: com.orgzly.android.ActionReceiver
         Target: Broadcast Receiver ]

A3: End If

How it works

When importing this profile, it will ask for your org folder in the local Android filesystem.
Once selected and the profile is activated, it will start monitoring this folder for inotify events.
When any file is modified (or created or moved to/from the folder or deleted), this profile is triggered. It received the parameters: full path of the affected file, and the actual event.
Then, it checks if the affected file is an org file (ending in .org) AND if the event is one of ClosedWrite or MovedTo. I filtered to these events because they are usually the last event received for an edit.
If yes, then Orgzly sync is triggered using an intent.

I've been using this for the last several months, and it works well as long as both devices are online when making edits. Conflicts can still happen if, for example, I make some edits on my laptop and subsequently on my phone but the phone is not online or the syncthing app is not running due to data saver or battery saver active. In those cases, eventually syncthing creates a conflicted file that I can manually resolve.

Limitations

It does not support recursive files inside the folder. Tasker right now does not support recursively watching a folder, but if it's added this can be a good edition; specially because Orgzly Revived supports that.
Since this watches the files in the folder, it also triggers a sync if Orgzly app was used to change the file. Not sure if this can be filtered somehow. Maybe based on foreground app? But it seems flakey.

Alternatives

Orgzly Revived has a git sync backend in beta. This might work better with auto-commit & push.
Using Emacs on Android instead of Orgzly is also an option, but I felt it did not work very well without an external keyboard. Also, it does not have widgets.

My Default Apps at the End of 2024

Srijan Choudhary — Tue, 31 Dec 2024 15:10:00 +0000

I saw a few blog posts with people sharing their default apps for the year, and I wanted to share mine as well.

Here's the list:

📨 Mail Service: Fastmail
📮 Mail Client: Fastmail web, mu4e (Emacs), FairEmail (Android)
📝 Notes: Markdown and Org files in denote (Emacs), Markor (Android)
✅ To-Do: GTD using Orgmode (Emacs), Orgzly Revived (Android)
📆 Calendar: Google Calendar
🙍🏻‍♂️ Contacts: Google Contacts
📖 RSS Service: Miniflux
🗞️ RSS Client: Miniflux WebUI, Miniflutt (Android), Elfeed (Emacs)
⌨️ Launcher: Krunner (KDE) and Alfred (Mac)
☁️ Cloud storage amd Sync: Google Drive, Syncthing
🌅 Photo library: Google Photos
🌐 Web Browser: Zen and Firefox
💬 Chat: WhatsApp and Slack
🔖 Bookmarks: Linkding
📑 Read Later: Linkding
📚 Reading: Kindle Oasis
📜 Word Processing: NA
📈 Spreadsheets: Google Sheets
📊 Presentations: NA
🛒 Shopping Lists: Orgmode
💰 Personal Finance: YNAB
🎵 Music: Roon
🎤 Podcasts: Pocketcasts
🔐 Password Management: 1Password
🤦‍♂️ Social Media: Mastodon
🌤️ Weather: Today Weather
🔎 Search: Kagi
🧮 Code Editor: Emacs and VSCode
🏡 Home Automation: HomeAssistant

I realized that I didn't need Word Processing or Presentations at all this year.

Capturing slack messages directly into Emacs orgmode inbox

Srijan Choudhary — Fri, 27 Dec 2024 11:50:00 +0000

Org capture button in Slack message popup

Ever since switching to orgmode as my GTD system, I've been trying to (slowly) optimize my capture system for things coming to me from different places. One of the things that I was not satisfied with was capturing and processing inputs from Slack.

Slack messages can easily get lost in the fast-paced stream of conversations. Manually copying and pasting messages introduces too much friction, and also removes some context (backlinks), unless a link to the original message is also manually copied. There are ways to save messages in Slack itself, but it just makes it another Inbox to check, and I'm trying to reduce that.

I started by using the saved messages feature to save messages in a single place, and later either shifting them to my org inbox manually, or directly working on them and completing them. Then, I shifted to using the Slack Todoist integration to save slack messages to Todoist, and pulling them from Todoist into my org Inbox.

I've now found a better mechanism that allows me to seamlessly capture Slack message with it's context into orgmode. Here's a demo:

Demo video showing a custom slack button to trigger org capture with the selected message's contents and a link back to the message

Demo breakdown

This method uses userscripts to add a custom button to the hover menu that comes up for any message in slack, and triggers org protocol capture with the message details when the button is clicked. The message details include the sender, message text, and a direct link back to the message. I've set up this protocol handler to ask me to enter the heading of the capured item, but it can be as easily set up to directly capture the message without user input.

Setup and Implementation

Prerequisites

Slack running in a browser (instead of a desktop app)
Browser extention for userscripts (Tampermonkey, Violentmonkey, Greasemonkey, etc)
Emacs with orgmode installed
Org protocol setup

I didn't find a good way to inject userscripts into the Slack destop app, so for now, this method requires using Slack in a browser. It also works when Slack is installed using the "Install Page as App" feature of the browser.

Update: I got a comment that using this in the Slack app is also possible, though I've not evaluated this yet. You can check this comment for details.

Setting up Org Protocol Capture

Setting up org protocol capture involves two steps: configuring your OS to use Emacs to open org-protocol:// links, and configuring Emacs to save the captured data as you want.

For OS setup, please check the guides for your OS here: https://orgmode.org/worg/org-contrib/org-protocol.html#orge00964c

On Emacs side, this is the minimal config required:

(server-start)
(setq-default org-agenda-files '("~/org"))
(setq-default my-org-inbox
    (expand-file-name "inbox.org" "~/org"))
(setq-default org-capture-templates
      '(    
    ("i" "Inbox" entry (file my-org-inbox)
         "* %?\n%i\n%U"
         :kill-buffer t)
    ("l" "Inbox with link" entry (file my-org-inbox)
         "* %?\n%i\n%a\n%U"
         :kill-buffer t)))
(setq-default org-protocol-default-template-key "l")
(require 'org-protocol)

An optional enhancement that can be seen in the demo is: open a new emacs frame to capture this message, then close it automatically after the capture has been done. For this, I use the config snippet from prot's excellent post: https://protesilaos.com/codelog/2024-09-19-emacs-command-popup-frame-emacsclient/

To run emacsclient with the popup frame parameter, I use:

emacsclient --create-frame -F \
    '((prot-window-popup-frame . t) (name . "org-protocol-capture") (width . 80))' \
    -- %u

Emacsclient's args can be set in the desktop entry file (linux) or org-protocol.app file (OSX) when setting up org-protocol.

The userscript

For the userscript, I searched for an existing published userscript for Slack that adds a button, then tweaked it a bit to configure the button according to my needs.

I've published the userscript here: https://greasyfork.org/en/scripts/521908-slack-org-protocol-capture

From this, I learned about an interesting API called MutationObserver that seems very useful for userscripts.

Notes

Using emacs-slack

Another simple approach for this can be to use the emacs-slack package to directly use Slack from Emacs. I tried this, and it does not work very well for me because:

My org limits Slack session authentication to 1 week, and authenticating in emacs-slack is a little cumbersome.
We also use Slack huddles, and it does not work well with emacs-slack.

Possible Improvements

Make org capture template configurable
Add tooltip to the button
Pass even more metadata like message timestamp, channel name, emojis, etc.
Maybe some keyboard shortcuts to trigger the capture?

Limitations / Drawbacks

Since this is dependent on the HTML structure of the slack web app, it can be fragile and can break easily if there are changes in the app.

This userscript uses the MutationObserver API to observe DOM changes in the whole slack workspace. So, it has some impact on performance. However, I've been using this daily for the last several months and I have not noticed any issues.

2024-10-08-002

Srijan Choudhary — Tue, 08 Oct 2024 07:40:00 +0000

Read an interesting set of posts today: https://lethain.com/extract-the-kernel/ and https://lethain.com/executive-translation/ . The basic concept is:

... executives are generally directionally correct but specifically wrong, and it’s your job to understand the overarching direction without getting distracted by the narrow errors in their idea.

This resonates well with my experience. I have been doing this unconsciously, but it's good to put it in these words.

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l5yd3rfbbn2j

2024-10-08-001

Srijan Choudhary — Tue, 08 Oct 2024 03:45:00 +0000

Tried using X11 on #Linux the last few days due to some issues with Zoom screensharing in Wayland with the latest pipewire, and I already miss #Wayland.

Issues I faced with X11:

Smooth scrolling broken
Apps work noticeably slower
Screen tearing
This bug in Emacs GTK build: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=67654 (To be fair, this is a GTK-specific issue, not X11 specific)

I will go back to Wayland as soon as Zoom fixes this: https://community.zoom.com/t5/Zoom-Meetings/share-screen-linux-wayland-broken/m-p/203624/highlight/true#M112235

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l5ycxn4gak27

2024-10-01-002

Srijan Choudhary — Tue, 01 Oct 2024 22:50:00 +0000

I have been using #karousel on #KDE for several weeks, and yesterday shifted to #PaperWM on #GNOME. Took some time to configure things like I wanted, but it's much smoother than karousel (and fancier).

Overall, I like the scrolling tiling pane paradigm. I realized I've been manually doing something like this using workspaces with 1-2 windows per workspace with two keybindings - one to change workspace and one to switch windows inside a workspace. So, this window management model really clicks for me.

I switched from GNOME to KDE several years ago due to getting burnt by extensions breaking too frequently, but hopefully things are better now.

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l5icw34klr2e

2024-09-24-001

Srijan Choudhary — Tue, 24 Sep 2024 17:20:00 +0000

#Emacs #TIL : I learned about save-interprogram-paste-before-kill - which saves the existing system clipboard text into the kill ring before replacing it. This ensures that Emacs kill operations do not irrevocably overwrite existing clipboard text.

A common workflow for me is to copy some text from a different application and paste it inside Emacs. But, if I want to first delete a word or region to replace, the deleted word or region goes to the system clipboard and replaces my copied text. This config saves the previous entry in the system clipboard so I can do a C-p after paste to choose the previous paste.

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l4w53avhjw2b

Emacs 30.1 highlight - intuitive tab line

Srijan Choudhary — Sun, 15 Sep 2024 04:45:00 +0000

Emacs NEWS file for 30.1

The first Emacs 30.0.91 pretest for what will be the 30.1 release of Emacs was announced on the mailing list a few days ago. I was going through the NEWS file, and found something that I've wanted in Emacs for a while now.

One of the niggles I had with Emacs was its tab behavior. It worked differently from how other applications that I'm used to work (firefox, kitty, etc).

In emacs, tab-per-buffer can be achieved by using the tab-line-mode. But, before now, it had the following problems:

Since tab-line-mode listed buffers sorted by recently visited, so the order or tabs kept changing
There was no wrap-around when trying to go to the next tab from the last tab

Here's a video showing the old behavior:

A video showing tab-line-mode behavior when switching to next/prev tabs. The tab selection does not wrap around and behaves in an unexpected manner. It also starts showing buffers that have not previously been shown in this window.

To solve this, there is package called intuitive-tab-line-mode that solves the above two problems. But, I had problems with it because it did not work well with the beframe package that I also use.

Now, with Emacs 30.1, this behavior is what comes out-of-the-box with Emacs. The only config needed is to enable global-tab-line-mode. And because it's built-in, it works with other modes like beframe.

A video showing an intuitive tab-line-mode behavior. Tab selection wraps around and only cycles between buffers already showing in current window.

Here's my config for minimal intuitive per-buffer tabs in Emacs >= 30.0.91:

(use-package tab-line
  :demand t
  :bind
  (("C-" . tab-line-switch-to-prev-tab)
   ("C-" . tab-line-switch-to-next-tab))
  :config
  (global-tab-line-mode 1)
  (setq
   tab-line-new-button-show nil
   tab-line-close-button-show nil))

Here, I've also added keybindings to switch to next/prev tab using C-TAB and C-S-TAB keys.

More details about this change can be found in it's bug report mail thread.

Aside: why show buffers as tabs

One of the common questions is the need to show buffers as tabs at all. After all, in a long running Emacs session, there might be hundreds of buffers, and showing all of them as tabs becomes useless.

For me, I find that I usually work on a 2 to 5 buffers for a "purpose" at a time. These might be some files on a project I'm working on, or org-agenda + a couple of org files, or mu4e-main + headers + one or two emails and a reply. When in this mode, I think looking at all of these buffers in the tab bar gives me a good understanding of where I am in the project and makes it easy to switch to the next or previous buffer easily.

I also use frames and beframe to make sure that only a single "project" is showing in a frame at a time. So, even if there are hundreds of buffers in my Emacs session, only a handful are shown as tabs. This makes it useful to me without overwhelming me with too many tabs.

2024-09-02-001

Srijan Choudhary — Mon, 02 Sep 2024 15:15:00 +0000

Something precious stolen by magic.
#WitchHatAtelier #Manga #Magic

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l36vuzxpbp24

2024-09-01-002

Srijan Choudhary — Sun, 01 Sep 2024 21:45:00 +0000

My small #emacs #orgmode #gtd customization of the day:

org-edna is a plugin that can be used to setup auto triggers (and blockers) when completing a task. org-gtd uses it to auto-forward the next TODO item in a project to NEXT when a task in the project is marked as DONE. The #orgedna trigger it uses is: relatives(forward-no-wrap todo-only 1 no-sort) todo!(NEXT).

This works okay for me, but also results in tickler tasks configured as repeated tasks to go to NEXT state instead of TODO state when they are completed. This results in them showing up in the org agenda even before they are due.

To fix this, I had to add this property to the top-level headings of the tickler file:

:PROPERTIES:
:TRIGGER: self todo!(TODO)
:END:

This overrides the global triggers configured by org-gtd for these org subtrees.

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l35iccfebi2o

2024-08-26-001

Srijan Choudhary — Mon, 26 Aug 2024 07:25:00 +0000

Note to followers of my site using RSS feeds - I've removed the microblog replies/likes etc kind of posts from the "All Posts" feed. I feel social interaction posts like that should not be part of the default feed of my website.

There is always the notes feed that includes all microblog posts including reactions / interactions.

A list of feeds available can be found here: https://srijan.ch/feed/

#IndieWeb #Feeds

2024-08-22-001

Srijan Choudhary — Thu, 22 Aug 2024 03:20:00 +0000

I have been reading books mostly on Kindle for the last 10 years or so. Visited a nearby library today.

I didn't realize I was missing the experience of browsing shelves, stumbling upon unexpected gems, getting lost in the recommendations section, and choosing something physical to checkout.

Syndicated to:

https://bsky.app/profile/did:plc:6koasqt256b6jwfrn74vwbg5/post/3l2br4drpjc2r

2024-08-20-001

Srijan Choudhary — Tue, 20 Aug 2024 16:25:00 +0000

Webmention rocks tests

Redoing these tests with indieConnector v2.1.0

Discovery Tests 1-22: PASS
Discovery Test 23: FAIL
Update Test 1: PASS
Update Test 2: FAIL
Delete Test 1: Not Tested
Receiver Tests 1-2: PASS

#IndieWeb #Webmention

2024-04-29-001

Srijan Choudhary — Mon, 29 Apr 2024 03:10:00 +0000

Using sysrq on my laptop - documenting mostly for myself.

My laptop has started freezing sometimes, not sure why. Usually, I can just force power off using the power button and start it again, but it has happened twice that I had to recover the system by booting via a USB drive, chrooting, and recovering the damaged files using fsck or pacman magic.

The linux kernel has:

a ‘magical’ key combo you can hit which the kernel will respond to regardless of whatever else it is doing, unless it is completely locked up.

(More details on archwiki and kernel doc)

To enable, I did:

echo "kernel.sysrq = 244" | sudo tee /etc/sysctl.d/sysreq.conf
sudo sysctl --system

However, to trigger this on my laptop, I was not able to find the right key combination for SysRq. I was able to make it work using an external keyboard that has a PrintScreen binding on a layer, by using the following:

Press Alt and keep it pressed for the whole sequence: PrintScreen - R - E - I - S - U - B

Currently, PrintScreen on my external keyboard is bound to Caps lock long press + Up arrow.

Using Todoist as a cloud inbox for GTD in Emacs orgmode

Srijan Choudhary — Tue, 16 Jan 2024 12:10:00 +0000

Photo by Austin Distel on Unsplash

I've been using Emacs' orgmode as my GTD system for the last several months. I migrated from Todoist, and one of the things I missed was integration with other services that make things easy to capture tasks into the inbox.

There are ways to capture org data via email, and this can be a good enough alternative, because most (though not all) services allow some kind of email forward to capture tasks. But, this depends on a complex email setup and would probably work on a single machine.

The main integrations/features I wanted to use were:

Slack: Todoist has a native app for Slack using which any Slack message can be captured into Todoist as a task.
Google Assistant: Todoist has integration with Google Assistant which can be used to capture tasks by talking to the google assistant.
Todoist quick entry on mobile with date recognition: The Todoist apps have a more polished mobile capture system that can be triggered from a widget and can recognize dates using natural language entry.

The workflow would look something like this:

I found an existing Todoist integration for emacs, but it's more suitable for using Todoist as the source of truth for tasks, and keeping a local buffer for operations on it in Emacs.

But, I was able to use it's functions to achieve what I wanted. Here's my elisp:

(use-package todoist)

(defun fetch-todoist-inbox ()
  (interactive)
  (let ((tasks (todoist--query "GET" "/tasks?project_id=")))
    (mapcar (lambda (task)
              (todoist--insert-task task 1 t)
              (todoist--query
                "DELETE"
                (format "/tasks/%s" (todoist--task-id task))))
            tasks)))

Here, the project_id is the Todoist project id of the project from which tasks have to be imported. This can be found by opening the project in the todoist web app - the project id is the last part of the URL.

The elisp function fetch-todoist-inbox can be called when in any org buffer (or any buffer actually). It will fetch all tasks in the specified project, insert then into the current buffer, and delete them from Todoist. It can be bound to any keybinding for easy access. Note that it requires setting the todoist token using elisp or an environment variable.

Improvements Ideas

Show number of un-fetched items in status bar
Fetch comments and attachments
Fetch task labels and show as orgmode tags

#GTD #Emacs #OrgMode

2023-11-30-001

Srijan Choudhary — Thu, 30 Nov 2023 18:10:00 +0000

Found Samuel's nice post on capturing data for org via email.

This is very close to what I was looking for to be able to do GTD capture on-the-go either from phone apps like Braintoss or from any email app.

One addition I would like to make is handling attachments in the email by downloading them and attaching to the org entry.
This would be useful for voice notes from Braintoss - it does transcription of the audio and adds it to the email body, but sometimes it doesn't work so well and I have to fall back to listening to the audio. It will also be useful for forwarded emails containing attachments.

#GTD #Emacs #OrgMode

Testing ansible playbooks against multiple targets using vagrant

Srijan Choudhary — Tue, 21 Nov 2023 06:55:00 +0000

I recently updated my Install docker and docker-compose using ansible post and wanted to test it against multiple target OSes and OS versions. Here's a way I found to do it easily using Vagrant.

Here's the Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

targets = [
  "debian/bookworm64",
  "debian/bullseye64",
  "debian/buster64",
  "ubuntu/jammy64",
  "ubuntu/bionic64",
  "ubuntu/focal64"
]

Vagrant.configure("2") do |config|
  targets.each_with_index do |target, index|
    config.vm.define "machine#{index}" do |machine|
      machine.vm.hostname = "machine#{index}"
      machine.vm.box = target
      machine.vm.synced_folder ".", "/vagrant", disabled: true

      if index == targets.count - 1
        machine.vm.provision "ansible" do |ansible|
          ansible.playbook = "playbook.yml"
          ansible.limit = "all"
          ansible.compatibility_mode = "2.0"
          # ansible.verbose = "v"
        end
      end
    end
  end
end

The targets variable defines what Vagrant boxes to target. The possible list of boxes can be found here: https://app.vagrantup.com/boxes/search

In the Vagrant.configure section, I've defined a machine with an auto-generated machine ID for each target.

The machine.vm.synced_folder line disables the default vagrant share to keep things fast.

Then, I've run the ansible provisioning once at the end instead of for each box separately (from: https://developer.hashicorp.com/vagrant/docs/provisioning/ansible#tips-and-tricks).

The test can be run using:

$ vagrant up

If the boxes are already up, to re-run provisioning, run:

$ vagrant provision

This code can also be found on GitHub: https://github.com/srijan/ansible-install-docker

2023-11-20-001

Srijan Choudhary — Mon, 20 Nov 2023 06:45:00 +0000

@rogerlipscombe@hachyderm.io has a nice post on using git with multiple identities. His recommended way (using includeIf to include different config files for different parent folders) also makes sense to me the most.

2023-11-10-001

Srijan Choudhary — Fri, 10 Nov 2023 13:55:00 +0000

My new #IndieWeb enabled website is now live!
You can follow my microblog posts or blog articles by entering @srijan.ch@srijan.ch in your Fediverse app search bar or reply and interact with any post using #Webmention or your Mastodon/Fediverse app.

Site Features:

Indieauth
Webmentions
Federation with the fediverse (via Bridgy Fed)
Structured author, posts, and feeds using microformats
Microsub

Syndicated to:

IndieNews

2023-11-09-001

Srijan Choudhary — Thu, 09 Nov 2023 19:25:00 +0000

New #Coffee #BlueTokai

This new packaging from BlueTokai looks nice. And the coffee tastes amazing. Chocolatey flavour with very little bitterness.

2023-10-27-001

Srijan Choudhary — Fri, 27 Oct 2023 16:05:00 +0000

#Patterns

2023-10-26-001

Srijan Choudhary — Thu, 26 Oct 2023 06:05:00 +0000

Test webmention + fed.brid.gy:

Two naked tags walk into a bar. The bartender exclaims, "Hey, you can't come in here without microformats, this is a classy joint!"

2023-10-25-001

Srijan Choudhary — Wed, 25 Oct 2023 06:20:00 +0000

Added an RSS feed for notes

2023-10-21-001

Srijan Choudhary — Sat, 21 Oct 2023 07:45:00 +0000

I've been working on an Indieweb-enabled site redesign using Kirby CMS + TailwindCSS.

Exploring conflicting oneshot services in systemd

Srijan Choudhary — Thu, 08 Jun 2023 19:20:00 +0000

Midjourney: two systemd services fighting over who will start first

Background

I use mbsync to sync my mailbox from my online provider (FastMail - referer link) to my local system to eventually use with mu4e (on Emacs).

For periodic sync, I have a systemd service file called mbsync.service defining a oneshot service and a timer file called mbsync.timer that runs this service periodically. I can also activate the same service using a keybinding from inside mu4e.

[Unit]
Description=Mailbox synchronization service
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/mbsync fastmail-all
ExecStartPost=bash -c "emacsclient -s srijan -n -e '(mu4e-update-index)' || mu index"

[Install]
WantedBy=default.target

mbsync.service

[Unit]
Description=Mailbox synchronization timer
BindsTo=graphical-session.target
After=graphical-session.target

[Timer]
OnBootSec=2m
OnUnitActiveSec=5m
Unit=mbsync.service

[Install]
WantedBy=graphical-session.target

mbsync.timer

Also, for instant download of new mail, I have another service called goimapnotify configured that listens for new/updated/deleted messages on the remote mailbox using IMAP IDLE, and calls the above mbsync.service when there are changes.

This has worked well for me for several years.

The Problem

I recently split my (huge) archive folder into yearly archives so that I can keep/sync only the recent years on my phone. [ Aside: yearly refile in mu4e snippet ]. This lead to an increase in the number of folders that mbsync has to sync, and this increased the time taken to sync because it syncs the folders one by one.

It does have the feature to sync a subset of folders, so I created a second systemd service called mbsync-quick.service and only synced my Inbox from this service. Then I updated the goimapnotify config to trigger this quick service instead of the full service when it detects changes.

But, this caused a problem: these two services can run at the same time, and hence can cause corruption or sync conflicts in the mail files. So, I wanted a way to make sure that these two services don't run at the same time.

Ideally, whenever any of these services are triggered and the other service is already running, then it should wait for the other service to stop before starting, essentially forming a queue.

Solution 1: Using systemd features

Systemd has a way to specify conflicts in the unit section. From the docs:

If a unit has aConflicts=setting on another unit, starting the former will stop the latter and vice versa.
[...] to ensure that the conflicting unit is stopped before the other unit is started, anAfter=orBefore=dependency must be declared.

This is different from our requirement that the conflicting service should be allowed to finish before the triggered service starts, but maybe a good enough way to at least prevent both running at the same time.

To test this, I added Conflicts= in both the services with the other service as the conflicting service, and it works. The only problem is that when a service is triggered, the other service is SIGTERMed. This itself might not cause a corruption issue, but if this happens with the mbsync-quick service, then there might be a delay getting the mail.

This is the best way I found that uses built-in systemd features without any workarounds or hacks. Other solutions below involve some workarounds.

Solution 2: Conflict + stop after sync complete

This is a variation on solution 1 - add a wrapper script to trap the SIGTERM and only exit when the sync is complete. This also worked.

But, the drawback with this method is that anyone calling stop on these services (like the system shutting down) will have to wait for this to finish (or till timeout of 90s). This can cause slowdowns in system shutdown that are hard to debug. So, I don't prefer this solution.

Solution 3: Delay start until the other service is finished

This is also a hacky solution - use ExecStartPre to check if the other service is running, and busywait for it to stop before starting ourselves.

[Unit]
Description=Mailbox synchronization service (quick)
After=network-online.target

[Service]
Type=oneshot
ExecStartPre=/bin/sh -c 'while systemctl --user is-active mbsync.service | grep -q activating; do sleep 0.5; done'
ExecStart=/usr/bin/mbsync fastmail-inbox
ExecStartPost=bash -c "emacsclient -s srijan -n -e '(mu4e-update-index)' || mu index"

mbsync-quick.service

Here, we use systemctl is-active to query the status of the other service, and wait until the other service is not in activating state anymore. The state is called activating instead of active because these are oneshot services that go from inactive to activating to inactive without ever reaching active.

To not make this an actual busywait on the CPU, I added a sleep of 0.5s.

This worked the best for my use case. When one of the services is triggered, it checks if the other service is running and waits for it to stop before running itself. It also does not have the drawback of solution 2 of trapping exits and delaying a stop command.

But, after using it for a day, I found there is a race condition (!) that can cause a deadlock between these two services and none of them are able to start.

The reason for the race condition was:

A service is marked as activating when it's ExecStartPre command starts
I added a sleep of 0.5 seconds

So, if the other service is triggered again in between those 0.5 seconds, both services will be marked as activating and they will indefinitely wait for each other to complete. This is what I get for using workarounds.

Solution 4: One-way conflict, other way delay

So, the final good-enough solution I came up with was to break this cyclic dependency by doing a hybrid of Solution 1 and Solution 3. I was okay with the mbsync.service being stopped for the (higher priority) mbsync-quick.service.

So, I added mbsync.service in Conflicts section of mbsync-quick.service, and used the ExecStartPre method in mbsync.service.

💡Let me know if you know a better way to achieve this.

References

Graphical password prompt for disk decryption on ArchLinux

Srijan Choudhary — Thu, 23 Feb 2023 17:30:00 +0000

In my last post, I described how I enabled encryption on my Linux root partition. However, during boot up, it asked the password using a plain text prompt. I was not satisfied with the design and found that there's a better way: Plymouth.

Plymouth is a package that provides a themeable graphical boot process / splash screen all the way up to the login manager. This includes a graphical password prompt as well. Here are the steps I took to set this up:

1. First, I installed plymouth-git from the AUR. ArchWiki suggests plymouth-git instead of plymouth because it is actually less likely to cause problems for most users than the stable package.

2. Next, I updated the HOOKS section in my /etc/mkinitcpio.conf to include sd-plymouth:

HOOKS=(base systemd plymouth autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

3. And regenerated the initramfs:

# mkinitcpio -P

4. Next, I added the following kernel parameters:

quiet splash

ArchWiki also suggests adding vt.global_cursor_default=0, but my experience was better without it. With this option, the cursor in TTY terminals becomes hidden, not just for the boot sequence but even later.

With the above changes, after reboot, a nice password prompt is shown with a spinner image. But, this hid the beautiful OEM ROG logo that comes first at boot up. So, here are further tweaks I did to make it look as I wanted.

5. First, I tried using the built-in BGRT theme. This is a variation of the spinner theme that keeps the OEM logo if available (BGRT stands for Boot Graphics Resource Table).

# plymouth-set-default-theme -R bgrt

This did not show the spinner, but it still hid the OEM logo when asking for decryption password. Although it did show the logo again after password was entered. So, I guessed it just needed a little customization.

6. So, I made a copy of the bgrt theme to make my customizations.

# cd /usr/share/plymouth/themes
# cp -r bgrt bgrt-custom
# cd bgrt-custom
# mv bgrt.plymouth bgrt-custom.plymouth

7. These are the changes I had to make in bgrt-custom.plymouth to make it show the prompt like I wanted:

diff --git a/../bgrt/bgrt.plymouth b/bgrt-custom.plymouth
index e8e9713..ca7a293 100644
--- a/../bgrt/bgrt.plymouth
+++ b/bgrt-custom.plymouth
@@ -30,8 +30,8 @@ Name[he]=BGRT
 Name[fa]=BGRT
 Name[fi]=BGRT
 Name[ie]=BGRT
-Name=BGRT
-Description=Jimmac's spinner theme using the ACPI BGRT graphics as background
+Name=BGRT-Custom
+Description=Customized Jimmac's spinner theme using the ACPI BGRT graphics as background
 ModuleName=two-step

 [two-step]
@@ -39,9 +39,9 @@ Font=Cantarell 12
 TitleFont=Cantarell Light 30
 ImageDir=/usr/share/plymouth/themes//spinner
 DialogHorizontalAlignment=.5
-DialogVerticalAlignment=.382
+DialogVerticalAlignment=.75
 TitleHorizontalAlignment=.5
-TitleVerticalAlignment=.382
+TitleVerticalAlignment=.75
 HorizontalAlignment=.5
 VerticalAlignment=.7
 WatermarkHorizontalAlignment=.5
@@ -52,7 +52,7 @@ BackgroundStartColor=0x000000
 BackgroundEndColor=0x000000
 ProgressBarBackgroundColor=0x606060
 ProgressBarForegroundColor=0xffffff
-DialogClearsFirmwareBackground=true
+DialogClearsFirmwareBackground=false
 MessageBelowAnimation=true

 [boot-up]

Basically, I tweaked DialogClearsFirmwareBackground, DialogVerticalAlignment, and TitleVerticalAlignment to my liking. To set this custom theme, I ran:

# plymouth-set-default-theme -R bgrt-custom

8. This looked perfect. But, I noticed that this increased by boot up time considerably. Plymouth was taking a long time before displaying the password prompt. On further digging, I found a parameter called DeviceTimeout in /etc/plymouth/plymouthd.conf with default value of 8 seconds.

According to this merge request, this was needed to keep support for certain AMD GPUs. I don't have and AMD GPU, and anyway I think Plymouth is using the EFI framebuffer for this splash screen, not the GPU. So, I reduced it to 2 seconds to make things faster.

Encrypting an existing Linux system's root partition

Srijan Choudhary — Wed, 22 Feb 2023 19:45:00 +0000

Introduction

I have an Arch Linux system with an unencrypted root partition that I wanted to encrypt. I've documented the steps I followed to achieve this here.

I selected the "LUKS on a partition" option from here. I don't have an LVM setup on this system and didn't need to encrypt the boot partition.

The first step was to have a backup so that if something failed, I could at least recover my critical files. I don't have filesystem-level backups configured, so I used kopia to back up my home folder. Details on this might be in a future blog post.

Process

1. To begin, I set up a USB flash installation medium so that I could boot into a live environment to perform the actual actions. Since I needed to encrypt the root partition, this could not be performed from inside the system running off that partition.

2. After booting into the live environment using the above USB medium, I first shrank the existing filesystem by 32MiB to make space for the LUKS encryption header, which is always stored at the beginning of the device. My filesystem size is exactly 500GiB, so I set the new size to 511968M.

# echo "Check the filesystem"
# e2fsck -f /dev/nvme0n1p7

# echo "Resize"
# resize2fs -p /dev/nvme0n1p7 511968M

3. Now, I encrypted it using the default cipher. This took 37 minutes on my 500GiB partition, which was about 55% full.

# cryptsetup reencrypt --encrypt --reduce-device-size 16M /dev/nvme0n1p7

WARNING!

========

This will overwrite data on LUKS2-temp-12345678-9012-3456-7890-123456789012.new irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for LUKS2-temp-12345678-9012-3456-7890-123456789012.new: 
Verify passphrase:

4. Next, I extended the original ext4 file system to occupy all available space again on the now encrypted partition:

# cryptsetup open /dev/nvme0n1p7 root
Enter passphrase for /dev/nvme0n1p7: 

# resize2fs /dev/mapper/root

5. Now, I mounted the filesystem and chrooted into it:

# mount /dev/mapper/root /mnt
# mount /dev/nvme0n1p1 /mnt/boot
# arch-chroot /mnt

6. Since I have a systemd-based initramfs, I added keyboard, sd-vconsole, and sd-encrypt hooks in the HOOKS section of /etc/mkinitcpio.conf:

HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

/etc/mkinitcpio.conf

7. Next, I regenerated the initramfs ( -P regenerates it for all presets ):

# mkinitcpio -P

8. Next, I configured the boot loader by adding to kernel parameters:

rd.luks.name==root root=/dev/mapper/root

I found the device UUID using: sudo blkid -s UUID -o value /dev/nvme0n1p7. Surprisingly (for me), the UUID had changed after encrypting the partition.

My final bootloader conf file looked like this:

title    Arch Linux
linux    /vmlinuz-linux
initrd   /amd-ucode.img
initrd   /initramfs-linux.img
options  rd.luks.name=1df8ea89-4274-4ef9-a670-76c13e612901=root root=/dev/mapper/root rw

/boot/loader/entries/arch.conf

9. Lastly, I updated /etc/fstab:

/dev/mapper/root  /  ext4  rw,relatime  0 1

/etc/fstab

10. All done. To test it out, I logged out of the chroot environment and rebooted the system.

It asked me for the disk encryption password. After entering the password selected in step 3, the system booted up as usual, and everything looked to be working.

Final Thoughts

This was surprisingly easy to do and did not take much time. The ArchWiki was helpful, even if the information was spread over multiple pages/sections. Taking a backup before starting also made me feel safe about the process.

I did not like the design of the decryption password prompt at bootup. Maybe there's a way to customize it to look better. Update: I found a way. Details here.

Download a file securely from GCS on an untrusted system

Srijan Choudhary — Sun, 27 Nov 2022 19:30:00 +0000

The Problem

We publish some of our build artifacts to Google Cloud Storage, and users need to download these to the target installation system. But, this target system is not always trusted and can have shared local users, so we don't want to store long-lived credentials.

As a user, I can download the artifact on my (secure) laptop and transfer it to the target system. But, the artifact can be large (several GBs). So, downloading and uploading again makes it cumbersome and slow.

Option 1: use gcloud CLI on the target system

$ gcloud storage cp gs://$BUCKET/$FILE ./

This has two problems:

The user must install (and maybe update) gcloud CLI on the target system.
The user needs to store their credentials on the target system. These credentials have full access to whatever resources the user has. So, it's a huge security risk, especially if we don't trust the target system.

To mitigate (2), the user can log out of gcloud CLI after downloading. But, this is a manual step they might miss.

Option 2: use gcloud CLI with a service account

This is a variation of the above solution - we log in using a service account instead of the user account. This service account can have restricted access to only the resources needed.

$ gcloud iam service-accounts create $SA_NAME \
    --description="Service Account for downloading artifacts"
$ gsutil iam ch \
    serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com:roles/storage.objectViewer \
    gs://$BUCKET

This partially mitigates problem (2) above. If the user forgets to log out of gcloud CLI, the damage will be restricted to the resources accessible by the service account.

Option 3: Short-lived access token

Gcloud CLI supports creating short-lived credentials for the end-user account or any service account.

This credential can be used to download the artifact using wget with an authorization header - no need to install gcloud CLI.

Here's a small script that asks for the auth token as input, parses various GCS bucket URL formats, and downloads the requested artifact directly using wget:

#!/bin/bash
# Download artifact from GCS bucket

set -e

echo -e "====> Run \`gcloud auth print-access-token\` on a system where you've setup gcloud to get access token\n"
read -r -p "Enter access token: " StorageAccessToken
read -r -p "Enter GCS artifact URL: " ArtifactURL

if [[ "${ArtifactURL:0:33}" == "https://console.cloud.google.com/" ]]; then
    BucketAndFile="${ArtifactURL#*https://console.cloud.google.com/storage/browser/_details/}"
elif [[ "${ArtifactURL:0:33}" == "https://storage.cloud.google.com/" ]]; then
    BucketAndFile="${ArtifactURL#*https://storage.cloud.google.com/}"
elif [[ "${ArtifactURL:0:5}" == "gs://" ]]; then
    BucketAndFile="${ArtifactURL#*gs://}"
else
    echo "Invalid GCS artifact URL"
    exit 1
fi

StorageBucket="${BucketAndFile%%/*}"
StorageFile="${BucketAndFile#*/}"
StorageFileEscaped=$(echo "${StorageFile}" | sed 's/\//%2F/g')
OutputFileName="${StorageFile##*/}"

echo -e "\n====> Downloading gs://${StorageBucket}/${StorageFile} to ${OutputFileName}\n"

wget -O "${OutputFileName}" --header="Authorization: Bearer ${StorageAccessToken}" \
    "https://storage.googleapis.com/storage/v1/b/${StorageBucket}/o/${StorageFileEscaped}?alt=media"

Option 4: Signed URLs

Google Cloud Storage also supports signed URLs - which give time-limited access to a specific Cloud Storage resource. Anyone possessing the signed URL can use it while it's active without any further credentials. This fits our use case brilliantly.

To do this, first we need to give ourselves the iam.serviceAccountTokenCreator role so that we can impersonate a service account.

$ gcloud iam service-accounts add-iam-policy-binding \
	$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com \
    --member=$MY_EMAIL \
    --role=roles/iam.serviceAccountTokenCreator

Then, we can generate a signed URL:

$ gcloud config set auth/impersonate_service_account \
    $SA_NAME@$PROJECT_ID.iam.gserviceaccount.com

$ gsutil signurl -u -r $REGION -d 10m gs://$BUCKET/$FILE

$ gcloud config unset auth/impersonate_service_account

And we can use wget to download the artifact from this URL without any further authentication.

Slackbot using google cloud serverless functions

Srijan Choudhary — Fri, 04 Nov 2022 19:15:00 +0000

At my org, we wanted a simple Slack bot that posts a roundup of new channels created recently in the workspace to a channel. While writing this is easy enough, I wanted to do it using Google Cloud Functions with Python, trying to follow best practices as much as possible.

Here's how the overall flow will look like:

Google Cloud Functions Slack Bot

We want this roundup post triggered on some schedule (maybe daily), so the Cloud Scheduler is required to send an event to a Google Pub/Sub topic that triggers our cloud function, which queries the slack API to get channels details, filter recently created, and post it back to a slack channel. Secret Manager is used to securely store slack's bot token and signing secret.

Note that the credentials shown in any screenshots below are not valid.

Create the slack app

The first step will be to create the slack app. Go to https://api.slack.com and click on "Create an app". Choose "From scratch" in the first dialog; enter an app name and choose a workspace for your app in the second dialog. In the next screen, copy the "Signing Secret" from the "App Credentials" section and save it for later use.

Next, go to the "OAuth and Permissions" tab from the left sidebar, and scroll down to "Scopes" -> "Bot Token Scopes". Here, add the scopes:

channels:read: required to query public channels and find their creation times
chat:write: required to write to a channel (where the bot is invited)

Next, scroll up on the same screen and click "Install to Workspace" to install to your workspace. Click "Allow" in the next screen to allow the installation. Next, copy the "Bot User OAuth Token" from the "OAuth Tokens for Your Workspace" section on the same page and save it for later use.

💡Keep track of the Bot User OAuth Token and Signing Secret you copied above.

Post to a Slack channel from a Google Cloud Function

Next, we will try to use the credentials copied above to enable a Google Cloud Function to send a message to a Slack channel.

Google Cloud Basic Setup

We will use gcloud cli for the following sections, so install and initialize the Google Cloud CLI if not done yet. If you already have gcloud cli, run gcloud components update to update it to the latest version.

Create a new project for this if required, or choose an existing project, set it as default, and export the project id as a shell environment for using later. Also export the region you want to use.

export PROJECT_ID=slackbot-project
export REGION=us-central1

gcloud config set project ${PROJECT_ID}

You will have to enable billing for this project to be able to use some of the functionality we require.

You may also have to enable the Secret Manager, Cloud Functions, Cloud Build, Artifact Registry, and Logging APIs if this is the first time you're using Functions in this project. Note that some services like Secret Manager need billing to be setup before they can be enabled.

gcloud services enable --project slackbot-project \
        secretmanager.googleapis.com \
        cloudfunctions.googleapis.com \
        cloudbuild.googleapis.com \
        artifactregistry.googleapis.com \
        logging.googleapis.com

Create a service account

By default, Cloud Functions uses a default service account as its identity for function execution. These default service accounts have the Editor role, which allows them broad access to many Google Cloud services. Of course, this is not recommended for production, so we will create a new service account for this and grant it the minimum permissions that it requires.

SA_NAME=channelbot-sa
SA_EMAIL=${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com

gcloud iam service-accounts create ${SA_NAME} \
    --description="Service Account for ChannelBot slackbot" \
    --display-name="ChannelBot SlackBot SA"

Store secrets and give permissions to service account

First, we need to store the secrets in Secret Manager.

printf $SLACK_BOT_TOKEN | gcloud secrets create \
    channelbot-slack-bot-token --data-file=- \
    --project=${PROJECT_ID} \
    --replication-policy=user-managed \
    --locations=${REGION}

printf $SLACK_SIGNING_SECRET | gcloud secrets create \
    channelbot-slack-signing-secret --data-file=- \
    --project=${PROJECT_ID} \
    --replication-policy=user-managed \
    --locations=${REGION}

And give our service account the roles/secretmanager.secretAccessor role on these secrets.

gcloud secrets add-iam-policy-binding \
    projects/${PROJECT_ID}/secrets/channelbot-slack-bot-token \
    --member serviceAccount:${SA_EMAIL} \
    --role roles/secretmanager.secretAccessor

gcloud secrets add-iam-policy-binding \
    projects/${PROJECT_ID}/secrets/channelbot-slack-signing-secret \
    --member serviceAccount:${SA_EMAIL} \
    --role roles/secretmanager.secretAccessor

Create and deploy the function

Here's a simple HTTP function that sends a message to slack on any HTTP call:

import functions_framework
from slack_bolt import App

# process_before_response must be True when running on FaaS
app = App(process_before_response=True)

print('Function has started')

@functions_framework.http
def send_to_slack(request):
    print('send_to_slack triggered')
    channel = '#general'
    text = 'Hello from Google Cloud Functions!'
    app.client.chat_postMessage(channel=channel, text=text)
    return 'Sent to slack!'

src-v1/main.py

functions-framework
slack_bolt

src-v1/requirements.txt

Assuming main.py and requirements.txt are present in src-v1 folder, deploy using:

gcloud beta functions deploy channelbot-send-to-slack \
    --gen2 \
    --runtime python310 \
    --project=${PROJECT_ID} \
    --service-account=${SA_EMAIL} \
    --source ./src-v1 \
    --entry-point send_to_slack \
    --trigger-http \
    --allow-unauthenticated \
    --region ${REGION} \
    --memory=128MiB \
    --min-instances=0 \
    --max-instances=1 \
    --set-secrets 'SLACK_BOT_TOKEN=channelbot-slack-bot-token:latest,SLACK_SIGNING_SECRET=channelbot-slack-signing-secret:latest' \
    --timeout 60s

💡We're using --allow-unauthenticated here just to test it out. It will be removed in later sections.

Test it out

Once the deployment is complete, we can view the function logs using:

gcloud beta functions logs read channelbot-send-to-slack \
	--project ${PROJECT_ID} --gen2

If everything was successful above, once of the recent log statements should say: Function has started.

Next, add the bot to the #general channel using /invite @ChannelBot in the general channel on your slack workspace.

Next, find the service endpoint using:

gcloud functions describe channelbot-send-to-slack \
    --project ${PROJECT_ID} \
    --gen2 \
    --region ${REGION} \
    --format "value(serviceConfig.uri)"

This will give a URL like https://channelbot-send-to-slack-ga6Ofi9to0-uc.a.run.app.

To trigger the channel post, just do curl ${SERVICE_URL}. This should result in a test message from ChannelBot to the #general channel.

ChannelBot message from Google Cloud Functions

Trigger via Google Pub/Sub

Now, instead of an unauthenticated HTTP trigger, we would like to trigger this via Google Pub/Sub. We would also like to pass the channel name and the message to post in the event.

Google Pub/Sub basics

Pub/Sub enables you to create systems of event producers and consumers, called publishers and subscribers. Publishers communicate with subscribers asynchronously by broadcasting events. Some core concepts:

Topic. A named resource to which messages are sent by publishers.
Subscription. A named resource representing the stream of messages from a single, specific topic, to be delivered to the subscribing application.
Message. The combination of data and (optional) attributes that a publisher sends to a topic and is eventually delivered to subscribers.
Publisher. An application that creates and sends messages to a single or multiple topics.

In this section, we will create a topic, create a subscription for our cloud function to listen to messages to that topic, and produce messages manually to that topic using gcloud cli. The message will contain the channel name and message to post, and the cloud function will post that message to the specified slack channel.

Create pub/sub topic

First, we need to create a topic.

export PUBSUB_TOPIC=channelbot-pubsub
gcloud pubsub topics create ${PUBSUB_TOPIC} \
    --project ${PROJECT_ID}

Grant permissions to the service account

Next, we need to give the roles/pubsub.editor role to the service account we're using for the function execution so that it can create a subscription to this pub/sub topic.

gcloud pubsub topics add-iam-policy-binding ${PUBSUB_TOPIC} \
    --project ${PROJECT_ID} \
    --member serviceAccount:${SA_EMAIL} \
    --role roles/pubsub.editor

Update the function code

Here's the main.py we'll need to listen to pub/sub events, extract channel and text, and sent it to slack:

import base64
import json
import functions_framework
from slack_bolt import App

# process_before_response must be True when running on FaaS
app = App(process_before_response=True)

print('Function has started')

# Triggered from a message on a Cloud Pub/Sub topic.
@functions_framework.cloud_event
def pubsub_handler(cloud_event):
    try:
        data = base64.b64decode(
            cloud_event.data["message"]["data"]).decode()
        print("Received from pub/sub: %s" % data)
        event_data = json.loads(data)
        channel = event_data["channel"]
        text = event_data["text"]
        app.client.chat_postMessage(channel=channel, text=text)
    except Exception as E:
        print("Error decoding message: %s" % E)

src-v2/main.py

Before deploying, we also need to enable the Eventarc API in this project.

gcloud services enable --project ${PROJECT_ID} \
    eventarc.googleapis.com

Deploy and Test

Now, there's a slightly modified version of the deploy command to deploy this:

gcloud beta functions deploy channelbot-send-to-slack \
    --gen2 \
    --runtime python310 \
    --project ${PROJECT_ID} \
    --service-account ${SA_EMAIL} \
    --source ./src-v2 \
    --entry-point pubsub_handler \
    --trigger-topic ${PUBSUB_TOPIC} \
    --region ${REGION} \
    --memory 128MiB \
    --min-instances 0 \
    --max-instances 1 \
    --set-secrets 'SLACK_BOT_TOKEN=channelbot-slack-bot-token:latest,SLACK_SIGNING_SECRET=channelbot-slack-signing-secret:latest' \
    --timeout 60s

The main changes are:

Changed entry-point to the new function pubsub_handler
Replaced --trigger-http with --trigger-topic
Removed --allow-unauthenticated

Before sending a pub/sub message, we will also need to give the roles/run.invoker role to our service account to be able to trigger our newly deployed function.

gcloud run services add-iam-policy-binding channelbot-send-to-slack \
    --project ${PROJECT_ID} \
    --region ${REGION} \
    --member=serviceAccount:${SA_EMAIL} \
    --role=roles/run.invoker

To test this out, we can send a pub/sub message using gcloud cli:

gcloud pubsub topics publish ${PUBSUB_TOPIC} \
    --project ${PROJECT_ID} \
    --message '{"channel": "#general", "text": "Hello from Cloud Pub/Sub!"}'

ChannelBot message via pub/sub

Post new channels roundup using cloud scheduler

Manually post recently created channels

Now that we have gained the capability to trigger a message from pub/sub to slack, we can add some logic to fetch the recently created channels from slack and post it as a message on this trigger.

Here's the modified main.py to do this:

import base64
import json
import time
import functions_framework
from slack_bolt import App

# process_before_response must be True when running on FaaS
app = App(process_before_response=True)

print('Function has started')

# Triggered from a message on a Cloud Pub/Sub topic.
@functions_framework.cloud_event
def pubsub_handler(cloud_event):
    try:
        data = base64.b64decode(
            cloud_event.data["message"]["data"]).decode()
        print("Received from pub/sub: %s" % data)
        event_data = json.loads(data)
        max_days = event_data["max_days"] # Max age of channels
        channel = event_data["channel"]
        recent_channels = get_recent_channels(app, max_days)
        if len(recent_channels) > 0:
            blocks, text = format_channels(recent_channels, max_days)
            app.client.chat_postMessage(channel=channel, text=text,
                                        blocks=blocks)
        else:
            print("No recent channels")
    except Exception as E:
        print("Error decoding message: %s" % E)


def get_recent_channels(app, max_days):
    max_age_s = max_days * 24 * 60 * 60
    result = app.client.conversations_list()
    all = result["channels"]
    now = time.time()
    return [ c for c in all if (now - c["created"] <= max_age_s) ]

def format_channels(channels, max_days):
    text = ("%s channels created in the last %s day(s):" %
            (len(channels), max_days))
    blocks = [{
        "type": "header",
        "text": {
            "type": "plain_text",
            "text": text
        }
    }]
    summary = ""
    for c in channels:
        summary += "\n*<#%s>*: %s" % (c["id"], c["purpose"]["value"])
    blocks.append({
        "type": "section",
        "text": {
            "type": "mrkdwn",
            "text": summary
        }
    })
    return blocks, text

src-v3/main.py

After deploying this with the same command above (just change --source ./src-v2 to --source ./src-v3), we can send a pub/sub event to trigger it:

gcloud pubsub topics publish ${PUBSUB_TOPIC} \
    --project ${PROJECT_ID} \
    --message '{"channel": "#general", "max_days": 7}'

And it posts a message like this:

Recently created channels posted by ChannelBot

Create schedule

Next, we want to periodically schedule this message. For this, we will configure a cron job in Google Cloud Scheduler to send a Pub/Sub event with the required parameters periodically.

Before we create a schedule, we will have to enable the Cloud Scheduler API

gcloud services enable --project ${PROJECT_ID} \
    cloudscheduler.googleapis.com

To schedule the Pub/Sub trigger at 1600 hours UTC time every day:

gcloud scheduler jobs create pubsub channelbot-job \
    --project ${PROJECT_ID} \
    --location ${REGION} \
    --schedule "0 16 * * *" \
    --time-zone "UTC" \
    --topic ${PUBSUB_TOPIC} \
    --message-body '{"channel": "#general", "max_days": 1}'

After this, a Pub/Sub event should be fired to the channelbot-pubsub topic every day, which should result in a slack message to #general with a list of channels created in the last day.

Closing Thoughts

Full code samples for this can be found in this github repo. I've also included a Makefile with targets split into sections associated with the different steps in this post.

I also plan to follow this up with a part 2 where we will use slack's slash commands to allow the end-user of this bot to setup the channel and frequency of posting of the recent channels list, and even configure multiple schedules. Please comment below if this is something you will be interested in.

Automating custom routes and DNS setup on Windows

Srijan Choudhary — Wed, 05 May 2021 16:25:00 +0000

One of the problems I've faced working from home for the last one year is the rigidity of the VPN software used at my work. If we were using something like OpenVPN, then I could modify the client config to setup any overrides I wanted to the network routing table or DNS, but we use FortiClient SSL VPN, which does not have such a functionality. Also, I've been using Windows 10 on my work setup for some time now because WSL works very well for me.

But first, why did I even need to modify the routing table or DNS at all?

I use a slightly non-standard network setup for my home, and one of my home subnets actually clashes with one of the routed work subnets (which I don't need). So, the easy solution for me is to change this routing table entry to what works for me.
I use diversion on my home router to do central ad-blocking, and wanted to leverage that even when connected to the work VPN.

Here is the PowerShell script that does the changes I want:

Start-Transcript -Append -Path "C:\Users\srijan\Apps\network-post-connect.log"

if( (Get-NetConnectionProfile -InterfaceAlias Wi-Fi).Name -eq "Home Wifi" ) {
    echo "Home Wifi is connected"
    $FortinetAdapter = Get-NetAdapter -InterfaceDescription "Fortinet SSL*"
    if($FortinetAdapter.Status -eq "Up") {
        echo "Work VPN is connected"
        $FortinetAdapter | Set-DnsClientServerAddress -ServerAddresses ("192.168.2.1", "8.8.8.8")
        echo "[OK] DNS server set to 192.168.2.1,8.8.8.8"
        Get-NetRoute -DestinationPrefix 192.168.2.0/24 -RouteMetric 0 | Set-NetRoute -RouteMetric 500
        echo "[OK] 192.168.2.0/24 routed locally"
    }
    else {
        echo "Work VPN is not connected. Doing nothing."
    }
}
else {
    "Home Wifi is not connected. Doing nothing."
}

Stop-Transcript

network-post-connect.ps

Explanation of what it does:

Uses Start-Transcript and Stop-Transcript to log the output to a file.
Checks if the system is connected to SSID "Home Wifi".
If so, checks if the adapter with description with the pattern "Fortinet SSL*" is up
If so, changes the DNS server address
In the routing table, it increases the route metric of 192.168.2.0/24 with metric 0 - sets it to 500. This route is added by FortiClient, which I wanted to de-prioritize.

From the Set-NetRoute docs:

The computer selects the route with the lowest combined value.

Now, we just need to setup some automation to run this whenever the VPN is connected. For this, I used Windows Task Scheduler. Whenever windows activates any network profile, a Microsoft-Windows-NetworkProfile/Operational log is generated with Event Id 10000. Windows Task Scheduler has the capability to schedule a task to be run whenever any event is triggered.

Here are some screenshots of the task configuration:

Here's the exported XML of the task:



  
    2021-01-19T23:24:57.7398228
    srijan
    Currently:
1. Set local DNS
2. Route 192.168.2.0/24 locally
    \Network post connect automation
  
  
    
      true
      <QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[Provider[@Name='Microsoft-Windows-NetworkProfile'] and EventID=10000]]</Select></Query></QueryList>
      PT10S
    
  
  
    IgnoreNew
    false
    true
    true
    false
    false
    
      true
      false
    
    true
    true
    false
    false
    false
    PT1H
    7
  
  
    
      powershell
      -File C:\Users\srijan\Apps\network-post-connect.ps1 -WindowStyle Hidden

I have gotten used to the ease of setting up things like this for Linux, but was pleasantly surprised that it's easy enough for Windows as well. Windows Task Scheduler actually supports a lot of different conditionals for tasks as well. For example, only starting the task if the computer has been idle for some time, or only starting if connected to AC power, etc..

Let me know in the comments if you think there is an easier way, or if you have any improvement suggestions for the above.

Erlang: Dialyzer HTML Reports using rebar3

Srijan Choudhary — Sun, 25 Apr 2021 17:10:00 +0000

Introduction

Dialyzer is a static analysis tool for Erlang that identifies software discrepancies, such as definite type errors, code that has become dead or unreachable because of programming errors, and unnecessary tests, in single Erlang modules or entire (sets of) applications.

Dialyzer is integrated with rebar3 (a build tool for Erlang), and its default output looks like this:

rebar3 dialyzer output

This is a good starting point, but it's not very useful in some cases:

If you have lots of warnings, this output covers several screens, and it becomes difficult to parse through everything.
If you run this in some sort of continuous integration (like Jenkins), then the console output is not very friendly.

One way to improve this is to generate an HTML report which can be published/emailed/opened in the browser.

So, I build a rebar3 plugin that generates a nicely formatted color HTML report from the dialyzer output. The plugin can be found on hex.pm, or on github.

Usage

Make sure you're using rebar3 version 3.15 or later.

Add the plugin to your rebar.config:

{plugins, [
    %% from hex
    {rebar3_dialyzer_html, "0.2.0"}
    
    %% or, latest from git
    {rebar3_dialyzer_html, {git, "https://github.com/srijan/rebar3_dialyzer_html.git", {branch, "main"}}}
]}.

rebar.config snippet

2. Select raw format for the dialyzer warnings file generated by rebar3 (this is a new flag available from rebar 3.15):

{dialyzer, [
    {output_format, raw}
]}.

rebar.config snippet

3. Run the dialyzer_html rebar3 command:

$ rebar3 dialyzer_html          
===> Generating Dialyzer HTML Report
===> HTML Report written to _build/default/dialyzer_report.html

Here's how the report looks:

Sample HTML report for dialyzer

How I built the plugin

rebar3 dialyzer

The rebar3 built-in dialyzer plugin does the following:

Runs dialyzer with the options configured in rebar.config
Converts the output to ANSI color format and write it to console (it has a custom function for this formatting)
Converts the output to basic format (using built-in dialyzer:format/2) and write it to a dialyzer_warnings file.

I wanted to find out the easiest way to get a nicely formatted HTML report, ideally without forking the rebar3 project itself.

The first thing I needed was a way to save the raw (machine parse-able) dialyzer output to the warnings file instead of the default formatted output. For this, I submitted a new feature to the rebar3 project, and it introduces a new config to enable this. So, this plugin needs rebar3 version 3.15 or later.

Plugin vs Escript

Next, to actually parse and output the HTML file, I would need to run some Erlang code. There are two options I considered:

Escript called from Makefile/wrapper
This option works okay, but we cannot re-use any rebar3 internal function or State. I wanted to use rebar3's own custom function for formatting the dialyzer warnings, so decided to not go with this option.
Custom rebar3 plugin
Doing it this way makes it easy for anyone to use, and I can re-use things already implemented in rebar3 itself. So, I decided to use this option.

HTML output

Now, in the custom rebar3 plugin, I needed to convert the ANSI color-coded output given by rebar_dialyzer_format:format_warnings/2 into something for HTML.

I thought of the following options:

rebar3 uses the cf library to convert tagged strings to ANSI color codes. I can use something like dependency injection to replace the cf module with my own module so that the tagged strings are directly converted to HTML without even going to the intermediate ANSI color-coded format.

This method seemed very hacky, so I decided not to pursue it. But, if rebar3 makes the dialyzer format interface configurable, I can reevaluate this approach.
Convert by writing a library in Erlang for ANSI code to HTML tags conversion.
There is a library called ansi_to_html in elixir - but didn't want to add a huge dependency like that.
But writing a new Erlang library to do this can be a future optimization.
Convert using a JS library after page load. I found a javascript library called ansi_up which can convert ANSI codes to HTML color tags, or it can add CSS classes that can be styled as required.

I opted for approach #3 because it was the easiest. I also grouped the warnings by app name so that all warnings for a single app are in one place, and the report includes the number of warnings per app.

Also, if the JS library could not be loaded (for example due to no internet, or any security headers), then it will still show the basic formatted output using dialyzer:format/2.

Future Improvements

I want to remove the dependency on Javascript, and want to write/use a pure Erlang library that can convert the ANSI codes to HTML.
Ideally, rebar3 itself can separate the dialyzer warning parsing and formatting into different functions, and make it possible to override the formatting function so that any plugin can pass its own formatting function into the dialyzer plugin.
This can even run git commands in the shell to figure out if any lines changed in the most recent commit involve a warning, and maybe highlight them especially in the report. This can be useful CI reports on pull requests.
Maybe make the format plug-able so the report can be saved in any JSON / XML or any custom format.

Let me know in the comments below, or on twitter/github if you have any suggestions for this plugin.

Running multiple emacs daemons

Srijan Choudhary — Fri, 02 Apr 2021 14:00:00 +0000

I have been using Emacs for several years, and these days I'm using it both for writing code and for working with my email (another post on that soon).

As commonly suggested, I run Emacs in daemon-mode to keep things fast and snappy, with an alias to auto-start the daemon if it's not started, and connect to it if started:

alias e='emacsclient -a "" -c'

Config for single daemon

But, this has some problems:

The buffers for email and code projects get mixed together
Restarting the emacs server for code (for example) kills the open mail buffers as well
Emacs themes are global – they cannot be set per frame. For code, I prefer a dark theme (most of the time), but for email, a light theme works better for me (specially for HTML email).

To solve this, I searched for a way to run multiple emacs daemons, selecting which one to connect to using shell aliases, and automatically setting the theme based on the daemon name. Here's my setup to achieve this:

Custom run_emacs function in zshrc:

run_emacs() {
  if [ "$1" != "" ];
  then
    server_name="${1}"
    args="${@:2}"
  else
    server_name="default"
    args=""
  fi

  if ! emacsclient -s ${server_name} "${@:2}";
  then
    emacs --daemon=${server_name}
    echo ">> Server should have started. Trying to connect..."
    emacsclient -s ${server_name} "${@:2}"
  fi
}

This function takes an optional argument – the name to be used for the daemon. If not provided, it uses default as the name. Then, it tries to connect to a running daemon with the name. And if it's not running, it starts the daemon and then connects to it. It also passes any additional arguments to emacsclient.

Custom aliases in zshrc:

# Create a new frame in the default daemon
alias e='run_emacs default -n -c'

# Create a new terminal (TTY) frame in the default daemon
alias en='run_emacs default -t'

# Open a file to edit using sudo
es() {
    e "/sudo:root@localhost:$@"
}

# Open a new frame in the `mail` daemon, and start notmuch in the frame
alias em="run_emacs mail -n -c -e '(notmuch-hello)'"

The first 3 aliases use the default daemon. The last one creates a new frame in the mail daemon and also uses emacsclient's -e flag to start notmuch (the email package I use in Emacs).

Emacs config:

(cond
 ((string= "mail" (daemonp))
  (setq doom-theme 'modus-operandi)
 )
 (t
  (setq doom-theme 'modus-vivendi)
 )
)

This checks the name of the daemon passed during startup, and sets the doom theme accordingly. The same pattern can be used to set any config based on the daemon name.

Note that I'm using doom emacs, but the above method should work with or without any framework for Emacs. Tested with Emacs 27 and 28.

Erlang: find cross-app calls using xref

Srijan Choudhary — Sun, 28 Mar 2021 09:05:00 +0000

At work, we use the multi-app project pattern to organize our codebase. This lets us track everything in a single repository but still keep things isolated.

For isolation, we wanted to restrict apps to only be able to call the public interfaces of other apps (similar to facade pattern). However, since everything in Erlang is in a global namespace, nothing prevents code in one app to call the (exported) functions from another app.

Next best solution—detect the above scenario and raise warnings during code review/CI.

Xref to the rescue:

Xref is a cross reference tool that can be used for finding dependencies between functions, modules, applications and releases.

Xref includes some predefined analysis patterns that perform some common tasks like searching for undefined functions, deprecated function calls, unused exported functions, etc.

How it works: when xref server is started and some modules/applications/releases are added for analysis, it builds a Call Graph: a directed graph data structure containing the calls between functions, modules, applications or releases. It also creates an Inter Call Graph which holds information about indirect calls (chain of calls). It exposes a very powerful query language, which can be used to extract any information we want from the above graph data structures.

To demonstrate this, I created a sample multi-app repository: library_sample. There are some cross-app function calls in this code that we want to detect.

This repo is supposed to represent the functionality of a physical Library. It has four apps: library, library_api, library_catalog, and library_inventory. library_catalog has metadata about the books in the library, library_inventory has information about the availability of books, return dates, etc., library_api has HTTP handlers which call the above, and library is the main app which brings it all together.

Let’s say we want that library_api can call library_catalog and library_inventory functions, but catalog and inventory cannot call each other directly.

First, we clone the repo and run rebar3 shell:

$ git clone https://github.com/srijan/library_sample
Cloning into 'library_sample'...
remote: Enumerating objects: 29, done.
remote: Counting objects: 100% (29/29), done.
remote: Compressing objects: 100% (19/19), done.
remote: Total 29 (delta 3), reused 29 (delta 3), pack-reused 0
Unpacking objects: 100% (29/29), 910.62 KiB | 2.53 MiB/s, done.

$ cd library_sample

$ ./rebar3 shell
===> Verifying dependencies...
===> Analyzing applications...
===> Compiling library_inventory
===> Compiling library_catalog
===> Compiling library
===> Compiling library_api
Erlang/OTP 23 [erts-11.1.7] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe]

Eshell V11.1.7  (abort with ^G)
1>

Then, we start xref and add our build directory for analysis:

1> xref:start(s).
{ok,<0.185.0>}

2> xref:add_directory(s, "_build/default/lib", [{recurse, true}]).
{ok,[library_api,library_app,library_catalog,
     library_inventory,library_sample_app,library_sample_sup,
     library_sup]}

Using xref:q/2 for querying the constructed call graph:

3> xref:q(s, "E | library_inventory || library_catalog").
{ok,[]}

4> xref:q(s, "E | library_catalog || library_inventory").
{ok,[{{library_catalog,get_by_id,1},
      {library_inventory,get_available_copies,1}}]}

This means that there are no direct calls from the library_inventory application to the library_catalog application. But, there is a direct call from library_catalog:get_by_id/1 to library_inventory:get_available_copies/1.

The query E | library_catalog || library_inventory can be read as:

E = All Call Graph Edges
| = The subset of calls from any of the vertices. So | library_catalog creates a subset which contains calls from the library_catalog app.
|| = The subset of calls to any of the vertices. So, || library_inventory further creates a subset of the previous subset which contains calls to the library_inventory app.

To get both direct and indirect calls, closure E has to be used:

5> xref:q(s, "closure E | library_catalog || library_inventory").
{ok,[{{library_catalog,get_by_id,1},
      {library_inventory,get_all,0}},
     {{library_catalog,get_by_id,1},
      {library_inventory,get_available_copies,1}}]}

This tells us that there is an indirect direct call from library_catalog:get_by_id/1 to library_inventory:get_all/0.

The query language is very powerful, and there are more interesting examples in the xref user’s guide.

But this only runs the required queries manually in Erlang shell. We want to be able to run it in continuous integration. Luckily, rebar3 comes with a way to specify custom xref queries to run when running ./rebar3 xref, and to raise an error if they don’t match against the expected value defined.

Here’s the xref section from my rebar.config:

{xref_queries, [
                {"closure E | library_catalog || library_inventory", []},
                {"closure E | library_inventory || library_catalog", []}
               ]}.

rebar.config

This performs the two queries I want and matches them against the the target value of []. Sample output:

$ ./rebar3 xref
===> Verifying dependencies...
===> Analyzing applications...
===> Compiling library_inventory
===> Compiling library_catalog
===> Compiling library
===> Compiling library_api
===> Running cross reference analysis...
===> Query closure E | library_catalog || library_inventory
 answer []
 did not match [{{library_catalog,get_by_id,1},{library_inventory,get_all,0}},
                {{library_catalog,get_by_id,1},
                 {library_inventory,get_available_copies,1}}]

So, now this is ready for automation.

Advanced PostgreSQL monitoring using Telegraf, InfluxDB, Grafana

Srijan Choudhary — Thu, 11 Mar 2021 15:30:00 +0000

Introduction

This post will go through my experience with setting up some advanced monitoring for PostgreSQL database using Telegraf, InfluxDB, and Grafana (also known as the TIG stack), the problems I faced, and what I ended up doing at the end.

What do I mean by advanced? I liked this Datadog article about some key metrics for PostgreSQL monitoring. Also, this PostgreSQL monitoring template for Zabbix has some good pointers. I didn’t need everything mentioned in these links, but they acted as a good reference. I also prioritized monitoring for issues which I’ve myself faced in the past.

Some key things that I planned to monitor:

Active (and idle) connections vs. max connections configured
Size of databases and tables
Read query throughput and performance (sequential vs. index scans, rows fetched vs. returned, temporary data written to disk)
Write query throughput and performance (rows inserted/updated/deleted, locks, deadlocks, dead rows)

There are a lot of resources online about setting up the data collection pipeline from Telegraf to InfluxDB, and creating dashboards on Grafana. So, I’m not going into too much detail on this part. This is what the pipeline looks like:

PostgreSQL to Telegraf to InfluxDB to Grafana. View Source

And here’s what my final Grafana dashboard looks like

Grafana dashboard sample for PostgreSQL monitoring

Research on existing solutions

I found several solutions and articles online about monitoring PostgreSQL using Telegraf:

1. Telegraf PostgreSQL input plugin

Telegraf has a PostgreSQL input plugin which provides some built-in metrics from the pg_stat_database and pg_stat_bgwriter views. But this plugin cannot be configured to run any custom SQL script to gather the data that we want. And the built-in metrics are a good starting point, but not enough. So, I rejected it.

2. Telegraf postgresql_extensible input plugin

Telegraf has another PostgreSQL input plugin called postgresql_extensible. At first glance, this looks promising: it can run any custom query, and multiple queries can be defined in its configuration file.

However, there is an open issue due to which this plugin does not run the specified query against all databases, but only against the database name specified in the connection string.

One way this can still work is to specify multiple input blocks in the Telegraf config file, one for each database.

[[inputs.postgresql_extensible]]
  address = "host=localhost user=postgres dbname=database1"
  [[inputs.postgresql_extensible.query]]
    script="db_stats.sql"

[[inputs.postgresql_extensible]]
  address = "host=localhost user=postgres dbname=database2"
  [[inputs.postgresql_extensible.query]]
    script="db_stats.sql"

But, configuring this does not scale, especially if the database names are dynamic or we don’t want to hardcode them in the config.

But I really liked the configuration method of this plugin, and I think this will work very well for my use case once the associated Telegraf issue gets resolved.

3. Using a monitoring package like pgwatch2

Another method I found was to use a package like pgwatch2. This is a self-contained solution for PostgreSQL monitoring and includes dashboards as well.

Its main components are

A metrics collector service. This can either be run centrally and “pull” metrics from one or more PostgreSQL instances, or alongside each PostgreSQL instance (like a sidecar) and “push” metrics to a metrics storage backend.
Metrics storage backend. pgwatch2 supports multiple metrics storage backends like bare PostgreSQL, TimescaleDB, InfluxDB, Prometheus, and Graphite.
Grafana dashboards
A configuration layer and associated UI to configure all of the above.

I really liked this tool as well, but felt like this might be too complex for my needs. For example, it monitors a lot more than what I want to monitor, and it has some complexity to handle multiple PostgreSQL versions and multiple deployment configurations.

But I will definitely keep this in mind for a more “batteries included” approach to PostgreSQL monitoring for future projects.

My solution: custom Telegraf plugin

Telegraf supports writing an external custom plugin, and running it via the execd plugin. The execd plugin runs an external program as a long-running daemon.

This approach enabled me to build the exact features I wanted, while also keeping things simple enough to someday revert to using the Telegraf built-in plugin for PostgreSQL.

The custom plugin code can be found at this Github repo. Note that I’ve also included the line_protocol.py file from influx python sdk so that I would not have to install the whole sdk just for line protocol encoding.

What this plugin (and included configuration) does:

Runs as a daemon using Telegraf execd plugin.
When Telegraf asks for data (by sending a newline on STDIN), it runs the queries defined in the plugin’s config file (against the configured databases), converts the results into Influx line format, and sends it to Telegraf.
Queries can be defined to run either on a single database, or on all databases that the configured pg user has access to.

This plugin solves the issue with Telegraf’s postgresql_extensible plugin for me—I don’t need to manually define the list of databases to be able to run queries against all of them.

This is what the custom plugin configuration looks like

[postgresql_custom]
address=""

[[postgresql_custom.query]]
sqlquery="select pg_database_size(current_database()) as size_b;"
per_db=true
measurement="pg_db_size"

[[postgresql_custom.query]]
script="queries/backends.sql"
per_db=true
measurement="pg_backends"

[[postgresql_custom.query]]
script="queries/db_stats.sql"
per_db=true
measurement="pg_db_stats"

[[postgresql_custom.query]]
script="queries/table_stats.sql"
per_db=true
tagvalue="table_name,schema"
measurement="pg_table_stats"

Any queries defined with per_db=true will be run against all databases. Queries can be specified either inline, or using a separate file.

The repository for this plugin has the exact queries configured above. It also has the Grafana dashboard JSON which can be imported to get the same dashboard as above.

Future optimizations

Monitoring related to replication is not added yet, but can be added easily
No need to use superuser account in PostgreSQL 10+
This does not support running different queries depending on version of the target PostgreSQL system.

Let me know in the comments below if you have any doubts or suggestions to make this better.

Running docker jobs inside Jenkins running on docker

Srijan Choudhary — Wed, 24 Feb 2021 10:30:00 +0000

Jenkins is a free and open source automation server, which is used to automate software building, testing, deployment, etc.

I wanted to have a quick and easy way to run Jenkins inside docker, but also use docker containers to run jobs on the dockerized Jenkins. Using docker for jobs makes it easy to encode job runtime dependencies in the source code repo itself.

The official document on running Jenkins in docker is pretty comprehensive. But, I wanted a version using docker-compose (on Linux).

So, I started with a basic compose file:

version: '3.7'
services:
  jenkins:
  	image: jenkins/jenkins:alpine
    ports:
      - 8081:8080
    container_name: jenkins
    volumes:
      - ./home:/var/jenkins_home

docker-compose.yml

When using this ( docker-compose up -d ), things came up properly, but Jenkins did not have access to the docker daemon running on the host. Also, the docker cli binary is not present inside the container.

The way to achieve this was to mount the docker socket and cli binary to inside the container so that it can be accessed. So, we come to the following compose file:

version: '3.7'
services:
  jenkins:
    image: jenkins/jenkins:alpine
    ports:
      - 8081:8080
    container_name: jenkins
    volumes:
      - ./home:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/local/bin/docker

docker-compose.yml

But, when trying to run docker ps inside the container with the above compose file, I was still getting the error: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock. This is because the Jenkins container is running with the jenkins user, which does not have access to use that socket.

From my research, the commonly recommended ways to solve this problem were:

Run the container as root user
chmod the socket file to 777
Install sudo inside the container and give the jenkins user access to sudo without needing to enter password.

A more secure way is to create the docker group inside the container, and add the jenkins user to that group. But, this requires us to build a custom image.

Also, the group id of the docker group inside and outside the container have to be the same, so I had to add an extra check which deletes any existing group inside the container which uses the same group id, then creates the new docker group with the passed group id, and then adds the jenkins user to the docker group.

So, the final Dockerfile is:

FROM jenkins/jenkins:alpine
ARG docker_group_id=999

USER root
RUN old_group=$(getent group $docker_group_id | cut -d: -f1) && \
    ([ -z "$old_group" ] || delgroup "$old_group") && \
    addgroup -g $docker_group_id docker && \
    addgroup jenkins docker

USER jenkins

Dockerfile

And the final docker-compose.yml file is:

version: '3.7'
services:
  jenkins:
    build:
      context: .
      args:
        docker_group_id: 999
    ports:
      - 8081:8080
    container_name: jenkins
    volumes:
      - ./home:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/local/bin/docker

docker-compose.yml

The docker_group_id argument can be edited in the compose file. Command to get the group id of docker:

$ getent group docker | cut -d: -f3

With the above, everything works:

$ docker-compose up -d
Creating network "jenkins_test_default" with the default driver
Building jenkins
Step 1/6 : FROM jenkins/jenkins:alpine
alpine: Pulling from jenkins/jenkins
801bfaa63ef2: Pull complete
2b72e22c6786: Pull complete
8d16efe80b55: Pull complete
682cd8857a9a: Pull complete
29c6010e8988: Pull complete
fa466f5d199d: Pull complete
e047245de0ff: Pull complete
0cfb53380af7: Pull complete
c29612b1a095: Pull complete
cd7d4bd47719: Pull complete
21cd3d960a1f: Pull complete
f3962370d584: Pull complete
bd6f35a1ea17: Pull complete
bd0c271b250f: Pull complete
Digest: sha256:1c3d9a1ed55911f9b165dd122118bff5da57520effb180d36b5c19d2a0cfe645
Status: Downloaded newer image for jenkins/jenkins:alpine
 ---> e14be04b79e8
Step 2/6 : ARG docker_group_id=999
 ---> Running in f1922fa97177
Removing intermediate container f1922fa97177
 ---> 79460069fb98
Step 3/6 : RUN echo "Assuming docker group id: $docker_group_id"
 ---> Running in 11809f4ae767
Assuming docker group id: 999
Removing intermediate container 11809f4ae767
 ---> e89b345f6c74
Step 4/6 : USER root
 ---> Running in b2e311372bc9
Removing intermediate container b2e311372bc9
 ---> 9d4d8c3ad5b2
Step 5/6 : RUN old_group=$(getent group $docker_group_id | cut -d: -f1) &&     ([ -z "$old_group" ] || delgroup "$old_group") &&     addgroup -g $docker_group_id docker &&     addgroup jenkins docker
 ---> Running in 357046a8ac49
Removing intermediate container 357046a8ac49
 ---> 865b942324eb
Step 6/6 : USER jenkins
 ---> Running in dbc2976f62c0
Removing intermediate container dbc2976f62c0
 ---> c7e6fac0187c

Successfully built c7e6fac0187c
Successfully tagged jenkins_test_jenkins:latest
WARNING: Image for service jenkins was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating jenkins ... done

$ docker-compose exec jenkins docker ps
CONTAINER ID   IMAGE                  COMMAND                  CREATED          STATUS          PORTS                               NAMES
6c05ee1315e4   jenkins_test_jenkins   "/sbin/tini -- /usr/…"   47 seconds ago   Up 47 seconds   50000/tcp, 0.0.0.0:8081->8080/tcp   jenkins

Next Steps

Here is an excellent guide on how to setup Jenkins configuration as code. This will make this setup even better because nothing will need to be configured inside Jenkins manually - it will all be driven by code / files.

Telegraf: dynamically adding custom tags

Srijan Choudhary — Wed, 14 Oct 2020 00:00:00 +0000

Background

For a recent project, I wanted to add a custom tag to data coming in from a built-in input plugin for telegraf.

The input plugin was the procstat plugin, and the custom data was information from pacemaker (a clustering solution for linux). I wanted to add a tag indicating if the current host was the "active" host in my active/passive setup.

For this, the best solution I came up with was to use a recently released execd processor plugin for telegraf.

How it works

The execd processor plugin runs an external program as a separate process and pipes metrics in to the process's STDIN and reads processed metrics from its STDOUT.

Telegraf plugins interaction. View Source

Telegraf's filtering parameters can be used to select or limit data from which input plugins will go to this processor.

The external program

The external program I wrote does the following:

Get pacemaker status and cache it for 10 seconds
Read a line from stdin
Append the required information as a tag in the data
Write it to stdout

The caching is just an optimization - it was more to do with decreasing polluting the logs than actual speed improvements.

Also, I've done the Influxdb lineprotocol parsing in my code directly (because my usecase is simple), but this can be substituted by an actual library meant for handling lineprotocol.

#!/usr/bin/python

from __future__ import print_function
from sys import stderr
import fileinput
import subprocess
import time

cache_value = None
cache_time = 0
resource_name = "VIP"

def get_crm_status():
    global cache_value, cache_time, resource_name
    ctime = time.time()
    if ctime - cache_time > 10:
        # print("Cache busted", file=stderr)
        try:
            crm_node = subprocess.check_output(["sudo", "/usr/sbin/crm_node", "-n"]).rstrip()
            crm_resource = subprocess.check_output(["sudo", "/usr/sbin/crm_resource", "-r", resource_name, "-W"]).rstrip()
            active_node = crm_resource.split(" ")[-1]
            if active_node == crm_node:
                cache_value = "active"
            else:
                cache_value = "inactive"
        except (OSError, IOError) as e:
            print("Exception: %s" % e, file=stderr)
            # Don't report active/inactive if crm commands are not found
            cache_value = None
        except Exception as e:
            print("Exception: %s" % e, file=stderr)
            # Report as inactive in other cases by default
            cache_value = "inactive"
        cache_time = ctime
    return cache_value

def lineprotocol_add_tag(line, key, value):
    first_comma = line.find(",")
    first_space = line.find(" ")
    if first_comma >= 0 and first_comma <= first_space:
        split_str = ","
    else:
        split_str = " "
    parts = line.split(split_str)
    first, rest = parts[0], parts[1:]
    first_new = first + "," + key + "=" + value
    return split_str.join([first_new] + rest)

for line in fileinput.input():
    line = line.rstrip()
    crm_status = get_crm_status()
    if crm_status:
        try:
            new_line = lineprotocol_add_tag(line, "crm_status", crm_status)
        except Exception as e:
            print("Exception: %s, Input: %s" % (e, line), file=stderr)
            new_line = line
    else:
        new_line = line

    print(new_line)

pacemaker_status.py

Telegraf configuration

Here's a sample telegraf configuration that routes data from "system" plugin to execd processor plugin, and finally outputs to influxdb.

[agent]
  interval = "30s"

[[inputs.cpu]]

[[inputs.system]]

[[processors.execd]]
  command = ["/usr/bin/python", "/etc/telegraf/scripts/pacemaker_status.py"]
  namepass = ["system"]

[[outputs.influxdb]]
  urls = ["http://127.0.0.1:8086"]
  database = "telegraf"

telegraf.conf

Other types of dynamic tags

In this example, we wanted to get the value of the tag from an external program. If the tag can be calculated from the incoming data itself, then things are much simpler. There are a lot of processor plugins, and many things can be achieved using just those.

Install docker and docker-compose using Ansible

Srijan Choudhary — Thu, 11 Jun 2020 14:30:00 +0000

Updated for 2023: I've updated this post with the following changes:

1. Added a top-level sample playbook
2. Used ansible apt_module's cache_time parameter to prevent repeated apt-get updates
3. Install docker-compose-plugin using apt (provides docker compose v2)
4. Make installing docker compose v1 optional
5. Various fixes as suggested in comments
6. Tested against Debian 10,11,12 and Ubuntu 18.04 (bionic), 20.04 (focal), 22.04 (jammy) using Vagrant.

I've published a new post on how I've done this testing.

I wanted a simple, but optimal (and fast) way to install docker and docker-compose using Ansible. I found a few ways online, but I was not satisfied.

My requirements were:

Support Debian and Ubuntu
Install docker and docker compose v2 using apt repositories
Prevent unnecessary apt-get update if it has been run recently (to make it fast)
Optionally install docker compose v1 by downloading from github releases
- But, don’t download if current version >= the minimum version required

I feel trying to achieve these requirements gave me a very good idea of how powerful ansible can be.

The final role and vars files can be seen in this gist. But, I’ll go through each section below to explain what makes this better / faster.

File structure

playbook.yml
roles/
├── docker/
│    ├── defaults/
│    │   ├── main.yml
│    ├── tasks/
│    │   ├── main.yml
│    │   ├── docker_setup.yml

File structure

Playbook

This is the top-level playbook. Any default vars mentioned below can be overridden here.

---
- hosts: all
  vars:
    - docker_compose_install_v1: true
    - docker_compose_version_v1: "1.29.2"
  tasks:
    - name: Docker setup
      block:
        - import_role: name=docker

playbook.yml

Variables

First, we’ve defined some variables in defaults/main.yml. These will control which release channel of docker will be used and whether to install docker compose v1.

---
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
docker_compose_install_v1: false
docker_compose_version_v1: "1.29.2"

roles/docker/defaults/main.yml

Role main.yml

The tasks/main.yml file imports tasks from tasks/docker_setup.yml and turns on become for the whole task.

---
- import_tasks: docker_setup.yml
  become: true

roles/docker/tasks/main.yml

Docker Setup

This task is divided into the following sections:

Install dependencies

- name: Install packages using apt
  apt:
    name: 
        - apt-transport-https
        - ca-certificates
        - curl
        - gnupg2
        - software-properties-common
    state: present
    cache_valid_time: 86400

Here the state: present makes sure that these packages are only installed if not already installed. I've set cache_valid_time to 1 day so that apt-get update is not run if it has already run recently.

Add docker repository

- name: Add Docker GPG apt Key
  apt_key:
    url: "{{ docker_apt_gpg_key }}"
    state: present

- name: Add Docker Repository
  apt_repository:
    repo: "{{ docker_apt_repository }}"
    state: present
    update_cache: true

Here, the state: present and update_cache: true make sure that the cache is only updated if this state was changed. So, apt-get update is not run if the docker repo is already present.

Install and enable docker and docker compose v2

- name: Install docker-ce
  apt:
    name: docker-ce
    state: present
    cache_valid_time: 86400

- name: Run and enable docker
  service:
    name: docker
    state: started
    enabled: true

- name: Install docker compose
  apt:
    name: docker-compose-plugin
    state: present
    cache_valid_time: 86400

Again, due to state: present and cache_valid_time: 86400, there are no extra cache fetches if docker and docker-compose-plugin are already installed.

Docker Compose V1 Setup

WARNING: docker-compose v1 is end-of-life, please keep that in mind and only install/use it if absolutely required.

This task is wrapped in an ansible block that checks if docker_compose_install_v1 is true.

- name: Install docker-compose v1
  when:
    - docker_compose_install_v1 is defined
    - docker_compose_install_v1
  block:

Inside the block, there are two sections:

Check if docker-compose is installed and it’s version

- name: Check current docker-compose version
  command: docker-compose --version
  register: docker_compose_vsn
  changed_when: false
  failed_when: false
  check_mode: no

- set_fact:
    docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
  when:
    - docker_compose_vsn.stdout is defined

The first block saves the output of docker-compose --version into a variable docker_compose_vsn. The failed_when: false ensures that this does not call a failure even if the command fails to execute. (See error handling in ansible).

Sample output when docker-compose is installed: docker-compose version 1.26.0, build d4451659

The second block parses this output and extracts the version number using a regex (see ansible filters). There is a when condition which causes the second block to skip execution if the first block failed (See playbook conditionals).

Install or upgrade docker-compose if required

- name: Install or upgrade docker-compose
  get_url: 
    url : "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64"
    dest: /usr/local/bin/docker-compose
    mode: 'a+x'
    force: yes
  when: >
    docker_compose_current_version == ""
    or docker_compose_current_version is version(docker_compose_version, '<')

This just downloads the required docker-compose binary and saves it to /usr/local/bin/docker-compose, but it has a conditional that this will only be done if either docker-compose is not already installed, or if the installed version is less than the required version. To do version comparison, it uses ansible’s built-in version comparison function.

So, we used a few ansible features to achieve what we wanted. I’m sure there are a lot of other things we can do to make this even better and more fool-proof. Maybe a post for another day.

Riemann and Zabbix: Sending data from riemann to zabbix

Srijan Choudhary — Fri, 08 Jun 2018 18:55:00 +0000

Background

At my work, we use Riemann and Zabbix as part of our monitoring stack.

Riemann is a stream processing engine (written in Clojure) which can be used to monitor distributed systems. Although it can be used for defining alerts and sending notifications for those alerts, we currently use it like this:

As a receiving point for metrics / data from a group of systems in an installation
Applying some filtering and aggregation at the installation level.
Sending the filtered / aggregated data to a central Zabbix system.

The actual alerting mechanism is handled by Zabbix. Things like trigger definitions, sending notifications, handling acks and escalations, etc.

This might seem like Riemann is redundant (and there is definitely some overlap in functionality), but keeping Riemann in the data pipeline allows us to be more flexible operationally. This is specially in cases when the metrics data we need is coming from application code, and we need to apply some transformations to the data but cannot update the code.

The Problem

The first problem we faced when trying to do this is: sending data from Riemann to Zabbix is not that straightforward.

Surprisingly, the Zabbix API is not actually meant for sending data points to Zabbix - only for managing it's configuration and accessing historical data.

Solutions

The recommended way to send data to Zabbix is to use a command line application called zabbix_sender.

Another way would be to write a custom zabbix client in Clojure which follows the Zabbix Agent protocol, which uses JSON over TCP sockets.

The current solution we have taken for this is using zabbix_sender itself.

For this, we write filtered values to a predefined text file from Riemann in a format that zabbix_sender can understand.

(def zabbix-logger
  (io (zabbix-logger-init
       "zabbix" "/var/log/riemann/to_zabbix.txt")))
       
(streams
  (where (tagged "zabbix")
    (smap
     (fn [event]
       {:zhost  (:host event)
        :zkey   (:service event)
        :zvalue (:value event)})
     zabbix-sender)))

(defn zabbix-sender
  "Sends events to zabbix via log file.
  Assumes that three keys are present in the incoming data:
    :zhost   -> hostname for sending to zabbix
    :zkey    -> item key for zabbix
    :zvalue  -> value to send for the item key
  Requires zabbix_sender service running and tailing the log file"
  [data]
  (io (zabbix-log-to-file
       zabbix-logger (str (:zhost data) " " (:zkey data) " " (:zvalue data)))))

;; Modified version of:
;; https://github.com/riemann/riemann/blob/68f126ff39819afc3296bb645243f888dab0943e/src/riemann/logging.clj
(defn zabbix-logger-init
  [log_key log_file]
  (let [logger (org.slf4j.LoggerFactory/getLogger log_key)]
    (.detachAndStopAllAppenders logger)
    (riemann.logging/configure-from-opts
     logger
     (org.slf4j.LoggerFactory/getILoggerFactory)
     {:file log_file})
    logger))

(defn zabbix-log-to-file
  [logger string]
  "Log to file using `logger`"
  (.info logger string))

The above code writes data into the file /var/log/riemann/to_zabbix.txt in the following format:

INFO [2018-06-09 05:02:03,600] defaultEventExecutorGroup-2-7 - zabbix - host123 api.req-rate 200

Then, the following script can be run to sending data from this file to Zabbix via zabbix_sender:

$ tail -F /var/log/riemann/to_zabbix.txt | grep --line-buffered -oP "(?<=zabbix - ).*" | zabbix_sender -z $ZABBIX_IP --real-time -i - -vv

Further Thoughts

There should probably be a check on Riemann whether data is correctly being delivered to Zabbix or not. If not, Riemann can send out alerts as well.
The current solution is a little fragile because it's first writing the data to a file and is dependent on an external service running to ship the data to Zabbix. A better solution would be to integrate directly as a Zabbix agent.

My backup strategy to USB disk using duply

Srijan Choudhary — Thu, 04 Aug 2016 17:55:00 +0000

I don't have a lot of data to backup - just my home folder (on my Archlinux laptop) which just has configuration for all the tools I'm using and my programming work.

For photos or videos taken from my phone, I use google photos for backup - which works pretty well. Even if I delete the original files from my phone, the photos app still keeps them online.

Coming back to my laptop, I'm currently using duplicity (with the duply wrapper) to backup to multiple destinations. Why multiple locations? I wanted one local copy so that I can restore fast, and at least one at a remote location so that I can still restore if the local disk fails.

For off-site, I'm using the fantastic rsync.net service. For local backups, I'm using two destinations: a USB HDD at my home, and a NFS server at my work. Depending on where I am, the backup will be done to the correct destination.

This post will deal with the backups to my local USB disk.

Here's what I've been able to achieve: the backups will run every hour as long as the USB disk is connected. If it is not connected, the backup script will not even be triggered. I did not want to see backup failures in my logs if the HDD is not connected.

I've done this using a systemd timer and service. I've defined these units in the user-level part for systemd so that root privileges are not required.

Mounting the USB Disk

To automatically mount the USB disk, I've added the following line to my /etc/fstab:

UUID=27DFA4B43C8C0635 /mnt/Ext01 ntfs-3g nosuid,nodev,nofail,auto,x-gvfs-show,permissions 0 0

Duply config for running the backup

Here's my duply config file (kept at ~/.duply/ext01/conf) (mostly self-explanatory):

TARGET='file:///mnt/Ext01/Backups/'
SOURCE='/home/srijan'
MAX_AGE=1Y
MAX_FULL_BACKUPS=15
MAX_FULLS_WITH_INCRS=2
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
VOLSIZE=4
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
DUPL_PARAMS="$DUPL_PARAMS --exclude-other-filesystems "

This can be run manually using:

$ duply ext01 backup

Exclusions can be specified in the file ~/.config/ext01/exclude in a glob-like format.

Systemd Service for running the backup

Next, here's the service file (kept at ~/.config/systemd/user/duply_ext01.service):

[Unit]
Description=Run backup using duply: ext01 profile
Requires=mnt-Ext01.mount
After=mnt-Ext01.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/duply ext01 backup

The Requires option says that this unit has a dependency on the mounting of Ext01. The After option specifies the order in which these two should be started (run this service after mounting).

After this step, the service can be run manually (via systemd) using:

$ systemctl --user start duply_ext01.service

Systemd timer for triggering the backup service

Next step is triggering it automatically every hour. Here's the timer file (kept at ~/.config/systemd/user/duply_ext01.timer):

[Unit]
Description=Run backup using duply ext01 profile every hour
BindsTo=mnt-Ext01.mount
After=mnt-Ext01.mount

[Timer]
OnCalendar=hourly
AccuracySec=10m
Persistent=true

[Install]
WantedBy=mnt-Ext01.mount

Here, the BindsTo option defines a dependency similar to the Requires option above, but also declares that this unit is stopped when the mount point goes away due to any reason. This is because I don't want the trigger to fire if the HDD is not connected.

The Persistent=true option ensures that when the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is because I want to catch up on missed runs of the service when the disk was disconnected.

After creating this file, I ran the following to actually link this timer to mount / unmount events for the Ext01 disk:

$ systemctl --user enable duply_ext01.timer

That's it. Now, whenever I connect the USB disk to my laptop, the timer is started. This timer triggers the backup service to run every hour. Also, it takes care that if some run was missed when the disk was disconnected, then it would be triggered as soon as the disk is connected without waiting for the next hour mark. Pretty cool!

NOTES:

Changing any systemd unit file requires a systemd --user daemon-reload before systemd can recognize the changes.
The systemd documentation was very helpful.

Coming Soon

Although it would be similar, but I'll also document how to do the above with NFS or SSHFS filesystems (instead of local disks). The major difference would be handling loss of internet connectivity, timeouts, etc.

Clean boot in erlang relx release

Srijan Choudhary — Fri, 15 Apr 2016 04:50:00 +0000

We use relx to release out erlang applications, and faced a problem:

Our application was crashing at bootup, and therefore we were not able to even open a remote shell on which we can run any correction functions.

One way to solve this (which we've been using till now) is to also install erlang on the machine which has the release, and open an erlang shell with the correct library path set.

But, the release generated by relx provides another mechanism which does not need erlang installed.

The solution is: erlang boot scripts.

Detailed information about boot scripts can be found at: http://erlang.org/doc/system_principles/system_principles.html#id59026

relx ships a start_clean.boot boot script with the release, which loads the code for and starts the applications kernel and stdlib.

Sample command:

${RELEASE_DIR}/myapplication/bin/myapplication console_boot start_clean

PostgreSQL replication using Bucardo

Srijan Choudhary — Tue, 15 Sep 2015 18:05:00 +0000

There are many different ways to use replication in PostgreSQL, whether for high
availability (using a failover), or load balancing (for scaling), or just for
keeping a backup. Among the various tools I found online, I though bucardo is
the best for my use case - keeping a live backup of a few important tables.

I've assumed the following databases:

Primary: Hostname = host_a, Database = btest
Backup: Hostname = host_b, Database = btest

We will install bucardo in the primary database (it required it's own database
to keep track of things).

Install postgresql
```
 sudo apt-get install postgresql-9.4
```

Install dependencies on host_a

 sudo apt-get install libdbix-safe-perl libdbd-pg-perl libboolean-perl build-essential postgresql-plperl-9.4

On host_a, Download and extract bucardo source

 wget https://github.com/bucardo/bucardo/archive/5.4.0.tar.gz
 tar xvfz 5.4.0.tar.gz

On host_a, Build and Install

 perl Makefile.PL
 make
 sudo make install
 sudo mkdir /var/run/bucardo
 sudo mkdir /var/log/bucardo

Create bucardo user on all hosts

 CREATE USER bucardo SUPERUSER PASSWORD 'random_password';
 CREATE DATABASE bucardo;
 GRANT ALL ON DATABASE bucardo TO bucardo;

Note: All commands from now on are to be run on host_a only.

On host_a, set a password for the postgres user:

 ALTER USER postgres PASSWORD 'random_password';

On host_a, add this to the installation user's ~/.pgpass file:
```
 host_a:5432:*:postgres:random_password
 host_a:5432:*:bucardo:random_password
```
Also add entries for the other hosts for which users were created in step 5.

Note: It is also a good idea to chmod the ~/.pgpass file to 0600.
Run the bucardo install command:
```
 bucardo -h host_a install
```

Copy schema from A to B:

 psql -h host_b -U bucardo template1 -c "drop database if exists btest;"
 psql -h host_b -U bucardo template1 -c "create database btest;"
 pg_dump -U bucardo --schema-only -h host_a btest | psql -U bucardo -h host_b btest

Add databases to bucardo config

 bucardo -h host_a -U bucardo add db main db=btest user=bucardo pass=host_a_pass host=host_a
 bucardo -h host_a -U bucardo add db bak1 db=btest user=bucardo pass=host_b_pass host=host_b

This will save database details (host, port, user, password) to bucardo
database.

Add tables to be synced

To add all tables:

 bucardo -h host_a -U bucardo add all tables db=main relgroup=btest_relgroup

To add one table:

 bucardo -h host_a -U bucardo add table table_name db=main relgroup=btest_relgroup

Note: Only table which have a primary key can be added here. This is a
limitation of bucardo.

Add db group

 bucardo -h host_a -U bucardo add dbgroup btest_dbgroup main:source bak1:target

Create sync

 bucardo -h host_a -U bucardo add sync btest_sync dbgroup=btest_dbgroup relgroup=btest_relgroup conflict_strategy=bucardo_source onetimecopy=2 autokick=0

Start the bucardo service
```
 sudo bucardo -h host_a -U bucardo -P random_password start
```
Note that this command requires passing the password because it uses sudo,
and root user's .pgpass file does not have the credentials saved for bucardo
user.

Run sync once

 bucardo -h host_a -U bucardo kick btest_sync 0

Set auto-kick on any changes

 bucardo -h host_a -U bucardo update sync btest_sync autokick=1
 bucardo -h host_a -U bucardo reload config

That's it. Now, the tables specified in step 11 will be replicated from host_a
to host_b.

I also plan to write about other alternatives I've tried soon.

Slack bot for Phabricator Notifications

Srijan Choudhary — Tue, 04 Aug 2015 18:20:00 +0000

NOTICE: The solution mentioned in this post no longer works because Slack has closed down the IRC gateway. I recommend using the phabulous project for this now.

Phabricator is a collection of open source web applications useful for software development built on a single platform. We have been using phabricator tools for about a month now, and it seems great. The best thing is: all different components (code review, task/bug tracking, project management, repo browsing) are well-integrated with one another, and work really well together.

Except one thing, of course, and that is it's chat app (called Conpherence). This is what they say about it themselves:

Like Slack, but nowhere as good. Seriously, Slack is way better.

Well, we use Slack ourselves in our organization, and I tried to find out a way to integrate phabricator with slack.

My use case was something like this:

There are project specific channels (rooms?) in our slack
Important updates related to a project should be auto-posted to this channel
Discussions in this channel regarding the project should be enhanced by auto-linking of task ids or code review ids mentioned, to their URLs.

I found a few different ways:

Phabricator bots on github

There are a couple of projects on github which integrate phabricator with slack:

Both of these are good solutions for point 2 above, but don't (currently) solve point 3. A way to go forward would be to contribute new features to these projects.

Phabricator's in-built chatbot

Phabricator already has the concept of a chatbot which connects to IRC.

This bot covers both points 2 and 3 from my requirement, and also has some extra features, like recording chatlogs which can be browsed in the Phabricator web interface, which can in turn be referred to in comments for tasks, etc.

Slack has an IRC gateway which can be used for this purpose.

But the phabdev article on chatbot has an omnious note:

NOTE: The chat bot is somewhat experimental and not very mature.

Digging a little further, I found this task: T7829: PhabricatorBotFeedNotificationHandler is completely broken and unusable, which has one piece of bad news in the comments:

@epriestley: Bot stuff is generally a very low priority and I don't expect to review or merge any of it for a long time (roughly, around the Bot/API iteration of Conpherence, which is months/years away).

To make it work, @staticshock posted some fixes.

I made some changes of my own to make the bot filter the feed by project, so that one channel gets updates for only one or some of the projects.

My final diff can be found here: https://secure.phabricator.com/P1839.

And, my sample bot config is shared below:

{
  "server" : "organization.irc.slack.com",
  "port" : 6667,
  "nick" : "phabot",
  "pass": "random-password",
  "ssl": true,
  "join" : [
    "#project-updates",
  ],
  "handlers" : [
    "PhabricatorBotObjectNameHandler",
    "PhabricatorBotLogHandler",
    "PhabricatorBotFeedNotificationHandler"
  ],

  "conduit.uri" : "http://phab.example.com",
  "conduit.user" : "phabot",
  "conduit.token" : "api-token",

  "macro.size" : 48,
  "macro.aspect" : 0.66,

  "notification.channels" : ["#project-updates"],
  "notification.types": ["task"],
  "notification.projects": ["PHID-PROJ-ut55kdadskptl4he5iw39"],
  "notification.verbosity": 0
}

We have to pass a list of project PHIDs in notification.projects.

The way forward

So, the version shared above works fine for me, for now. Currently, it does not support connecting to multiple channels, having different config per channel, detecting projects for things other than tasks, ability to enter project name instead of PHID in config file, etc. These are some things I would want to add to my patch in the future.

Also, another good solution to all this would be to extend the chatbot code in phabricator in a generic way to be able to support bots for different services like slack, telegram, hipchat, etc.

Django, uWSGI, Nginx on Freebsd

Srijan Choudhary — Thu, 05 Mar 2015 00:00:00 +0000

Here are the steps I took for configuring Django on Freebsd using uWSGI and Nginx.

The data flow is like this:

Web Request ---> Nginx ---> uWSGI ---> Django

I was undecided for a while on whether to choose uWSGI or gunicorn. There are some blog posts discussing the pros and cons of each. I chose uWSGI in the end.

Also, to start uWSGI in freebsd, I found two methods: using supervisord, or using a custom freebsd init script which could use uWSGI ini files. Currently using supervisord.

Install Packages Required

$ sudo pkg install python py27-virtualenv nginx uwsgi py27-supervisor

Also install any database package(s) required.

Setup your Django project

Choose a folder for setting up your Django project sources. /usr/local/www/myapp is suggested. Clone the sources to this folder, then setup the python virtual environment.

$ virtualenv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

If required, also setup the database and run the migrations.

Setup uWSGI using supervisord

Setup the supervisord file at /usr/local/etc/supervisord.conf.

Sample supervisord.conf:

[unix_http_server]
file=/var/run/supervisor/supervisor.sock   

[supervisord]
logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB       ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10          ; (num of main logfile rotation backups;default 10)
loglevel=info               ; (log level;default info; others: debug,warn,trace)
pidfile=/var/run/supervisor/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=false              ; (start in foreground if true;default false)
minfds=1024                 ; (min. avail startup file descriptors;default 1024)
minprocs=200                ; (min. avail process descriptors;default 200)

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///var/run/supervisor/supervisor.sock
history_file=~/.sc_history  ; use readline history if available

[program:uwsgi_myapp]
directory=/usr/local/www/myapp/
command=/usr/local/bin/uwsgi -s /var/run/%(program_name)s%(process_num)d.sock
        --chmod-socket=666 --need-app --disable-logging --home=venv
        --wsgi-file wsgi.py --processes 1 --threads 10
stdout_logfile="syslog"
stderr_logfile="syslog"
startsecs=10
stopsignal=QUIT
stopasgroup=true
killasgroup=true
process_name=%(program_name)s%(process_num)d
numprocs=5

supervisord.conf

And start it:

$ echo supervisord_enable="YES" >> /etc/rc.conf
$ sudo service supervisord start
$ sudo supervisorctl tail -f uwsgi_myapp:uwsgi_myapp0

Setup Nginx

Use the following line in nginx.conf's http section to include all config files from conf.d folder.

include /usr/local/etc/nginx/conf.d/*.conf;

Create a myapp.conf in conf.d.

Sample myapp.conf:

upstream myapp {
    least_conn;
    server unix:///var/run/uwsgi_myapp0.sock;
    server unix:///var/run/uwsgi_myapp1.sock;
    server unix:///var/run/uwsgi_myapp2.sock;
    server unix:///var/run/uwsgi_myapp3.sock;
    server unix:///var/run/uwsgi_myapp4.sock;
}

server {
    listen       80;
    server_name  myapp.example.com;
 
    location /static {
        alias /usr/local/www/myapp/static;
    }

    location / {
        uwsgi_pass  myapp;
        include uwsgi_params;
    }
}

myapp.conf

And start Nginx:

$ echo nginx_enable="YES" >> /etc/rc.conf
$ sudo service nginx start
$ sudo tail -f /var/log/nginx-error.log

Accessing http://myapp.example.com/ should work correctly after this. If not, see the supervisord and Nginx logs opened and correct the errors.

Read only root on Linux

Srijan Choudhary — Sat, 28 Feb 2015 00:00:00 +0000

In many cases, it is required to run a system in such a way that it is tolerant of uncontrolled power losses, resets, etc. After such an event occurs, it should atleast be able to boot up and connect to the network so that some action can be taken remotely.

There are a few different ways in which this could be accomplished.

Mounting the root filesystem with read-only flags

Most parts of the linux root filesystem can be mounted read-only without much problems, but there are some parts which don't play well. This debian wiki page has some information about this approach. I thought this approach would not be very stable, so did not try it out completely.

Using aufs/overlayfs

aufs is a union file system for linux systems, which enables us to mount separate filesystems as layers to form a single merged filesystem. Using aufs, we can mount the root file system as read-only, create a writable tmpfs ramdisk, and combine these so that the system thinks that the root filesystem is writable, but changes are not actually saved, and don't survive a reboot.

I found this method to be most suitable and stable for my task, and have been using this for the last 6 months. This system mounts the real filesytem at mountpoint /ro with read-only flag, creates a writable ramdisk at mountpoint /rw, and makes a union filesystem using these two at mountpoint /.

The steps I followed for my implementation are detailed below. These are just a modified version of the steps in this ubuntu wiki page. I am using Debian in my implementation.

Install debian using live cd or your preferred method.
After first boot, upgrade and configure the system as needed.
Install aufs-tools.
Add aufs to initramfs and setup this script to start at init.

# echo aufs >> /etc/initramfs-tools/modules
# wget https://cdn.rawgit.com/srijan/383a8d7af6860de6f9de/raw/ -O /etc/initramfs-tools/scripts/init-bottom/__rootaufs
# chmod 0755 /etc/initramfs-tools/scripts/init-bottom/__rootaufs

Remake the initramfs.

# update-initramfs -u

Edit grub settings in /etc/default/grub and add aufs=tmpfs to GRUB_CMDLINE_LINUX_DEFAULT, and regenerate grub.

# update-grub

Reboot

Making changes

To change something trivial (like a file edit), just remount the /ro mountpoint as read-write, edit the file, and reboot.

# mount -o remount,rw /ro

To do something more complicated (like install os packages), press e in grub menu during bootup, remove aufs=tmpfs from the kernel line, and boot using F10. The system will boot up normally once.

Another method could be to use a configuration management tool (puppet, chef, ansible, etc.) to make the required changes whenever the system comes online. The changes would be lost on reboot, but it would become much easier to manage multiple such systems.

Also, if some part of the system is required to be writable (like /var/log), that directory could be mounted separately as a read-write mountpoint.

Notes on atom feeds

Srijan Choudhary — Sun, 21 Sep 2014 00:00:00 +0000

For implementing feeds for the Isso commenting server, I was researching about atom feeds, and though I would jot down some notes on the topic.

RSS2 vs Atom

Both are mostly accepted everywhere now a days, and it seems like a good idea to provide both. This particular post only talks about Atom feeds.

Nested Entries

Comments are threaded, at least to one level deep, but Atom does not allow nested entries. So, for the feed page for a post, we have two choices: listing all comments, or just top level comments. If we have a feed page for each top level comment, then that would be a flat list of all replies to the comment.

Feed URI

Every Atom entry must have a unique ID. This page has some intersting ways to generate the ID. I think the best way is to generate a tag URI at the time of comment creation, store it, and use it forever for that resource.

Reduce load/bandwidth by using `If-None-Match`

If we give out ETags with the feeds, then a client can do conditional requests, for which the server only sends a full response if something has changed.

Trying Emacs

Srijan Choudhary — Fri, 16 Aug 2013 00:00:00 +0000

I have been using Vim as my text editor for the last few years, and have been very happy with it. But lately, some features of Emacs have got me interested (especially org-mode), and I wanted to try it out. After all, I won't know the difference until I actually try it, and opinions on text editors vary widely on the internet.

So, I decided to give it a try. First I went through the built-in Emacs Tutorial, and it seemed easy enough. I got used to the basic commands fairly quickly. I guess the real benefits will start to show a little later, when I try to optimize some ways of doing things.

For now, I just wanted to do some basic configuration so that I could start using emacs right now. So, I did the following changes (scroll to the bottom of this page for the full init.el file):

Hide the menu, tool, and scroll bars
Add line numbers
Hide splash screen and banner
Setup Marmalade
Marmalade is a package archive for emacs, which makes it easier to install non-official packages.
Maximize emacs window on startup
My emacs was not starting up maximized, and I did not want to maximize it manually every time I started it. I found this page addressing this issue, and tried out one of the solutions for linux, and it worked great.

For now, it all looks good, and I can start using it with only this small configuration.

For example, for writing this post, I installed markdown-mode using marmalade, and I got syntax highlighting and stuff.

I will keep using this, and adding to my setup as required, for a few weeks, and then evaluate whether I should switch completely.

Complete ~/.emacs.d/init.el file:

; init.el

; Remove GUI extras
(menu-bar-mode -1)
(tool-bar-mode -1)
(scroll-bar-mode -1)

; Add line numbers
(global-linum-mode 1)

; Hide splash screen and banner
(setq
 inhibit-startup-message t
 inhibit-startup-echo-area-message t)
(define-key global-map (kbd "RET") 'newline-and-indent)

; Set up marmalade
(require 'package)
(add-to-list 'package-archives 
    '("marmalade" .
      "http://marmalade-repo.org/packages/"))
(package-initialize)

; Make window maximized
(shell-command "wmctrl -r :ACTIVE: -btoggle,maximized_vert,maximized_horz")

Speeding up compilation times for Libreoffice / C++ projects

Srijan Choudhary — Wed, 14 Aug 2013 00:00:00 +0000

I got interested in LibreOffice a few days ago, and wanted to contribute. I wanted to see how a large project is run, and the Easy Hacks section looked easy enough to begin.

But, there was one problem: LibreOffice is huge, and takes a long time to compile (especially for the first time). It took ~40 minutes to build on the best workstation I have access to (a 24 core intel server). It would take more than a day to build on my laptop, and I wanted to be able to build and iterate on my laptop.

The How to Build wiki had a few pointers, and I decided to look into them.

CCache

As noted on their website, ccache is a compiler cache, and speeds up compilation by storing stuff, and reusing them on recompilation. This won't decrease the first compile time (in fact, it might increase it), but future compilations would be faster.

To use ccache, I made an exports file (see below) which I source before doing any LibreOffice related stuff. Programs like ondir can help automate this. I decided on a max cache size of 8GB, and set it with:

$ ccache --max-size 8G

Icecream

Icecream enables distributing the compiling load to multiple machines, like distcc. I decided to go with icecream because support for it is built into LibreOffice's autogen.sh.

Using icecream turned out to be as simple as installing and starting services on the build machines, doing ./autogen.sh --enable-icecream, followed by make. For projects that don't have such icecream flags, its enough to add icecream's bin directory to the beginning of $PATH, and everything works.

Icecream can do a distributed build even if the machines in the cluster are of different types. This section of their readme gives more information about that.

Building LibreOffice on my laptop using icecream took about 50 minutes (for a clean build).

My exports.sh file

export CCACHE_DIR=/mnt/archextra/libreoffice/ccache
export CCACHE_COMPRESS=1
export ICECC_VERSION=/mnt/archextra/libreoffice/i386.tar.gz

Basic Implementation of A* in Erlang

Srijan Choudhary — Sat, 03 Aug 2013 00:00:00 +0000

Recently I had to write some path finding algorithms in Erlang. The first version I chose was A*. But, there is no easy way to implent A* in a distributed way. So, this is the simplest implementation possible. I may rewrite it later if I find a better way.

This code is mostly a modified version of this one.

The code hosted on gist follows below, followed by some notes.

-module(astar).

-type cnode() :: {integer(), integer()}.

-define(MINX, 0).
-define(MINY, 0).
-define(MAXX, 10).
-define(MAXY, 10).

-export([
         astar/2,
         neighbour_nodes/2
        ]).

%% @doc Performs A* for finding a path from `Start' node to `Goal' node
-spec astar(cnode(), cnode()) -> list(cnode()) | failure.
astar(Start, Goal) ->
    ClosedSet = sets:new(),
    OpenSet   = sets:add_element(Start, sets:new()),

    Fscore    = dict:store(Start, h_score(Start, Goal), dict:new()),
    Gscore    = dict:store(Start, 0, dict:new()),

    CameFrom  = dict:store(Start, none, dict:new()),

    astar_step(Goal, ClosedSet, OpenSet, Fscore, Gscore, CameFrom).

%% @doc Performs a step of A*.
%% Takes the best element from `OpenSet', evaluates neighbours, updates scores, etc..
-spec astar_step(cnode(), set(), set(), dict(), dict(), dict()) -> list(cnode()) | failure.
astar_step(Goal, ClosedSet, OpenSet, Fscore, Gscore, CameFrom) ->
    case sets:size(OpenSet) of
        0 ->
            failure;
        _ ->
            BestStep = best_step(sets:to_list(OpenSet), Fscore, none, infinity),
            if
                Goal == BestStep ->
                    lists:reverse(reconstruct_path(CameFrom, BestStep));
                true ->
                    Parent     = dict:fetch(BestStep, CameFrom),
                    NextOpen   = sets:del_element(BestStep, OpenSet),
                    NextClosed = sets:add_element(BestStep, ClosedSet),
                    Neighbours = neighbour_nodes(BestStep, Parent),

                    {NewOpen, NewF, NewG, NewFrom} = scan(Goal, BestStep, Neighbours, NextOpen, NextClosed, Fscore, Gscore, CameFrom),
                    astar_step(Goal, NextClosed, NewOpen, NewF, NewG, NewFrom)
            end
    end.

%% @doc Returns the heuristic score from `Current' node to `Goal' node
-spec h_score(Current :: cnode(), Goal :: cnode()) -> Hscore :: number().
h_score(Current, Goal) ->
    dist_between(Current, Goal).

%% @doc Returns the distance from `Current' node to `Goal' node
-spec dist_between(cnode(), cnode()) -> Distance :: number().
dist_between(Current, Goal) ->
    {X1, Y1} = Current,
    {X2, Y2} = Goal,
    abs((X2-X1)) + abs((Y2-Y1)).

%% @doc Returns the best next step from `OpenSetAsList'
%% TODO: May be optimized by making OpenSet an ordered set.
-spec best_step(OpenSetAsList :: list(cnode()), Fscore :: dict(), BestNodeTillNow :: cnode() | none, BestCostTillNow :: number() | infinity) -> cnode().
best_step([H|Open], Score, none, infinity) ->
    V = dict:fetch(H, Score),
    best_step(Open, Score, H, V);

best_step([], _Score, Best, _BestValue) ->
    Best;

best_step([H|Open], Score, Best, BestValue) ->
    Value = dict:fetch(H, Score),
    case Value < BestValue of
        true ->
            best_step(Open, Score, H, Value);
        false ->
            best_step(Open, Score, Best, BestValue)
    end.

%% @doc Returns the neighbour nodes of `Node', and excluding its `Parent'.
-spec neighbour_nodes(cnode(), cnode() | none) -> list(cnode()).
neighbour_nodes(Node, Parent) ->
    {X, Y} = Node,
    [
     {XX, YY} ||
     {XX, YY} <- [{X-1, Y}, {X, Y-1}, {X+1, Y}, {X, Y+1}],
     {XX, YY} =/= Parent,
     XX >= ?MINX,
     YY >= ?MINY,
     XX =< ?MAXX,
     YY =< ?MAXY
    ].

%% @doc Scans the `Neighbours' of `BestStep', and adds/updates the Scores and CameFrom dicts accordingly.
-spec scan(
        Goal :: cnode(),
        BestStep :: cnode(),
        Neighbours :: list(cnode()),
        NextOpen :: set(),
        NextClosed :: set(),
        Fscore :: dict(),
        Gscore :: dict(),
        CameFrom :: dict()
       ) ->
    {NewOpen :: set(), NewF :: dict(), NewG :: dict(), NewFrom :: dict()}.
scan(_Goal, _X, [], Open, _Closed, F, G, From) ->
    {Open, F, G, From};
scan(Goal, X, [Y|N], Open, Closed, F, G, From) ->
    case sets:is_element(Y, Closed) of
        true ->
            scan(Goal, X, N, Open, Closed, F, G, From);
        false ->
            G0 = dict:fetch(X, G),
            TrialG = G0 + dist_between(X, Y),
            case sets:is_element(Y, Open) of
                true ->
                    OldG = dict:fetch(Y, G),
                    case TrialG < OldG of
                        true ->
                            NewFrom = dict:store(Y, X, From),
                            NewG    = dict:store(Y, TrialG, G),
                            NewF    = dict:store(Y, TrialG + h_score(Y, Goal), F), % Estimated total distance from start to goal through y.
                            scan(Goal, X, N, Open, Closed, NewF, NewG, NewFrom);
                        false ->
                            scan(Goal, X, N, Open, Closed, F, G, From)
                    end;
                false ->
                    NewOpen = sets:add_element(Y, Open),
                    NewFrom = dict:store(Y, X, From),
                    NewG    = dict:store(Y, TrialG, G),
                    NewF    = dict:store(Y, TrialG + h_score(Y, Goal), F), % Estimated total distance from start to goal through y.
                    scan(Goal, X, N, NewOpen, Closed, NewF, NewG, NewFrom)
            end
    end.

%% @doc Reconstructs the calculated path using the `CameFrom' dict
-spec reconstruct_path(dict(), cnode()) -> list(cnode()).
reconstruct_path(CameFrom, Node) ->
    case dict:fetch(Node, CameFrom) of
        none ->
            [Node];
        Value ->
            [Node | reconstruct_path(CameFrom, Value)]
    end.

Notes

Variables MINX, MINY, MAXX and MAXY can be modified to increase the size of the map. The function neighbour_nodes/2 can be modified to add obstacles.
To test, enter in erlang shell:

c(astar).
astar:astar({1, 1}, {10, 10}).

The cnode() structure represents some sort of coordinate. To use some other structure, the functions neighbour_nodes/2, h_score/2, and distance_between/2 have to be modified for the new structure.
The current heuristic does not penalize for turns, so the resultant path tends to follow a diagonal looking shape. For correcting this, either diagonal movements can be allowed (by modifying the neighbours function), or turning could be penalized in the heuristic function (current direction would have to be tracked).

Erlang Profiling Tips

Srijan Choudhary — Wed, 20 Feb 2013 00:00:00 +0000

I have been using erlang recently for some of my work and private projects, and so I have decided to write about a few things there were hard to discover.

Profiling is an essential part of programming in erlang. Erlang's efficiency guide says:

Even experienced software developers often guess wrong about where the performance bottlenecks are in their programs.
Therefore, profile your program to see where the performance bottlenecks are and concentrate on optimizing them.

Using profiling tools in releases (using rebar/reltool)

So, after finishing a particularly complicated bit of code, I wanted to see how well it performed, and figure out any bottlenecks.

But, I hit a roadblock. Following the erlang manual for fprof, I tried to start it, but it wouldn't start and was giving the error:

** exception error: undefined function fprof:start/0

To make this work, I had to add tools to the list of apps in my reltool.config file. After adding this and regenerating, it all works.

Better visualization of fprof output

So, after I got the fprof output, I discovered it was a long file with a lot of data, and no easy way to make sense of it.

I tried using eprof (which gives a condensed output), and it helped, but I was still searching for a better way.

Then I stumbled upon a comment on stackoverflow, which linked to erlgrind - a script to convert the fprof output to callgrind output, which can be visualized using kcachegrind or some such tool.