Refreshing old Terraform state

Written at evening time in English • Tags: , ,

If you find yourself with an old Terraform state file (say from v0.11) and you need to run terraform plan to check things out, you’ll need to make some adjustments:

  • Add a terraform block with required_providers to provide the source for the provider.
  • Remove the version statement from the provider block. (You will want to move it to the provider in the required_providers block.)
  • Adjust any other syntax changes that result in errors (terraform plan):
    • list()tolist([])
    • type = "string"type = string
    • Possibly many others…
  • Replace the provider in the existing ancient state file.
  • Refresh the providers (terraform init).
  • Plan away! (more…)

Released tcsh 6.23

Written late in the morning in English • Tags: ,

I am pleased to announce that tcsh-6.23 is now available; this is mainly a bug fix release (after 2 years) with a couple of new features:

  1. Add jobs -Z to setproctitle(3)
  2. Add ln=target in LS_COLORS
  3. Add a :Q modifier that preserves empty arguments

Please consult the Fixes file for a complete list of changes. (more…)

»
Today I wanted to use phpMyAdmin for the first time in quite a while, only to see errors when viewing a table. Lucky for me, there was an easy fix. (more…)

Blockquoted code blocks, part 2

Written late in the morning in English • Tags: ,

For seven years I’ve maintained a small patch to PHP Markdown Extra. However, the upstream was not happy with it, so I just kept my local copy patched. Now I’ve given in: as Markdown has become very popular, it has been better to just adopt a syntax that works across different implementations (e.g. with GitHub Flavored Markdown). (more…)

»
I’ve been switching my NetBSD machines to using a serial console lately, as it is easier to copy output from it (no more screen shots). (more…) (2)

Nested screens

Written at lunch time in English • Tags: ,

I occasionally want to run nested screen sessions and this configuration allows me to use the same control character for both the inner and outer sessions by switching between them. (more…)

Addressing failed setrlimit calls in sudo

Written in the mid-afternoon in English • Tags: ,

After installing sudo 1.8.29 from pkgsrc (security/sudo) I started frequently seeing this warning message:

sudo: setrlimit(3): Invalid argument

It took a few rounds, but eventually I applied an acceptable patch for the pkgsrc-2019Q4 release. Later an upstream workaround was committed and included in the sudo 1.8.30 release. (more…)

»
The Proxmox wiki has instructions for importing the CA certificate. Instead of following the OS X instructions to the letter and importing the host certificate of each cluster node, just import the pve-root-ca.pem file in Keychain Access (File > Import Items), then open the item and mark it trusted (e.g. Always trust).

Regenerating Proxmox certificates

Written early in the afternoon in English • Tags: ,

The new requirements for trusted certificates on macOS Catalina and iOS 13 blocked me from accessing the web UI on Proxmox installations (NET::ERR_CERT_REVOKED). Fresh installations would work, as Proxmox has been updated to generate “better” certificates. Existing installations, unfortunately, are not automatically fixed on upgrading to Proxmox 6.

Certificate management on Proxmox is handled with pvenode(1) — except when it isn’t. There is no functionality there for regenerating the self-signed certificates. An older wiki page for HTTPS certificate configuration provided some useful hints: pvecm(1) has an updatecerts command. It won’t, however, regenerate existing (unexpired) certificates.

Against the warnings on the Certificate mangement page I thought I’d try removing the apparently relevant files manually:

cd /etc/pve
rm pve-root-ca.pem priv/pve-root-ca.key nodes/*/pve-ssl.{key,pem}

Then I regenerated the certificates and restarted pveproxy(8) on each node:

pvecm updatecerts --force
systemctl restart pveproxy

Refreshing the page in the browser restores access to the web UI.

Fixed configure script in tcsh

Written at lunch time in English • Tags: ,

I noticed that tcsh 6.22.02 has a broken configure script:

./configure: gl_HOST_CPU_C_ABI_32BIT: not found

This looked like an unexpanded m4 macro to me. I was unable to reproduce the error if I ran autoreconf under Debian buster, so I switched to a NetBSD host and tried there. Indeed, running autoreconf resulted in the same broken configure script.

Upon closer inspection, it turns out that devel/gettext-m4 had been updated to a new version in pkgsrc without noticing that generated configure scripts now throw an error. The cause was a missing file (host-cpu-c-abi.m4).

For some reason the package Makefile has a hardcoded list of files to install from gettext-tools/gnulib-m4 (as opposed to calling the install target via make). The reason is probably to avoid unnecessary or irrelevant files. However, this means that any relevant changes to gettext-tools/gnulib-m4/Makefile can easily go unnoticed.

I’ve added the missing file to the list, but I worry that this approach is prone to errors. Perhaps some easy check could be added and noted in the package Makefile to detect problems, e.g. generating a sample configure script before committing a version update.