Page of Sebastian Gfeller

2017-07-18: Botch-up

What to do this week:

Always roll forward.

2017-07-02: Dedication

I had a lot of fun projects these last 6 months. But it was mostly to pass the time. If I could only bring up the same stubbornnes for non-computer-related projects I could be happy. But the rapid feedback loop is either not there or really scary.

Rainy Sunday in Bern.

2016-10-29: Desired State and Maneuverability

I want to talk about my recent advances on infrastructure as code below. But first, did you know about the garden of the Ferme de Budé? I was just strolling around Petit-Saconnex and decided that after some years of being around I may actually explore what’s there. Another turn to quickly escape the main roads, at the least. I haven’t been there during market time, but I just might next time.

I walked along the garden on a sunny but cold day while the first leaves were falling.

Ok, now to the main topic: First of all, excuse the militant title, it must have rubbed off from the Lean Enterprise book I’m just reading — it’s strange to think about the work in these terms, as usually the military implies a lot of suffering and terror. But anyway, I’ll suspend my criticism of the form for now, I mostly wanted to get some new ideas.

One of the things I have been focusing on at work is to make all the infrastructure choices for our enviroments explicit, which meant a lot of PowerShell, and, most recently Chef.

The Mac

Today’s achievement was to get some recipes to my Mac in the cloud (tried out macincloud).

On my Mac desktop I now have a file with some content written by Chef

The steps I followed were activating public key authenticated ssh connections, changing to not prompt for the password during sudo, setting up an SSH tunnel to VNC for verification, bringing up a chef server and then bootstrap my Mac node with something like

knife bootstrap --ssh-user admin \
    --sudo --identity-file ../ssh_keys/macincloud \
    --node-name node1-macincloud --run-list 'recipe[mac_readme]'

Now the next, harder part, will be to figure out whether the prerequisites to one of our cool products we did at work (sorry, can’t go into more details about what it does) can actually be installed this way. It would be cool because it would mean we can actually scale out and get away from a model that involves one guy knowing all the quirks, walking around with a USB key. We’ll see.

Oh, of course if you have some experience with provisioning macs, do not hesitate to talk to me.

The Windows Servers

Of course on the Microsoft side, there’s a whole toolchain in the works around PowerShell DSC. One thing that bothered me until now was that when writing these resources, I had to execute some of them with domain accounts. There is, as always, a plain-text-password option that’s easy to set up, but that would have been bad for my self-esteem.

So I ventured into securing our MOF files, which got a lot easier once I actually understood the separation of environmental from structural configuration, something I didn’ even think of before (of course parametrizing the calls was obvious, but having an actual second file for it with all the convention support didn’t occur to me).

Now that’s achieved. I have a repeatable way to modify my MOFs, typing the necessary credentials and encrypting them with the correct public keys, which means I can check in what actually matters, the configuration and the environment data without credentials in source control and not worry about it anymore.


This whole experience taught me again that the actual time spent focusing on articles, listening to talks and podcasts is really required to make smart choices here. I would say that talking to my colleagues on the infrastructure side helped as well, but I’m not yet at the stage where this would be natural.

There are many interesting non-tech side projects where I would like to apply this approach to as well, but it’s harder to get motivated (even though the increased options after having learnt about a subject should be an obvious win). Who knows, maybe it’ll work out.

2016-08-28: Active Directory Lab via pywinrm

If you have grabbed me for a beer recently and heard me talk about what I'm interested in right now relating to work, I may have mentioned the whole Infrastructure-as-code thing.

However I was not and am still not ready competence-wise and emotionally to actually go down that road during 9 to 5, I wanted to learn a bit more of what a Microsoft-based infrastructure actually consists of, and one of the stumbling blocks I had at home was an Active Directory setup I could toy around with.

The goal was to have a two-VM setup which could be built from scratch given VirtualBox images created with Packer before (mostly inspired by entries on Matt Wrock’s blog).

Some tired late-night Googling later (did you notice Internet search is still much harder when you’re not that fluent in the terminology of the subject you’re searching for?), I stumbled upon Vagrant Based Windows Lab, which seemed to fit most of my requirements, except for the Vagrant part.

You can find the resulting Python script here: It ensures two machines, a domain controller and a management VM.

This should be enough to actually code through this MVA course and go from there.

I’m halfway up the mountain

But not today. There’s a long week with a lot of different challenges ahead.

2016-08-05: OK, PHP then

So my hosting provider did some manipulation that my old Python implementation of the site doesn’t work any more. In the meantime I quickly patched together something in (ghasp) PHP.

Maybe I’ll get the features back working soon, we’ll see. But at least the top news are back. As for Python, I’ll use it for my VM Aquarium.