Managing and Deploying custom PHP services in Dreamfactory

If you are using custom scripted services or event scripts in Dreamfactory you might have noticed its not ideal how to install and maintain them. Uploading individual files via browser, the system/ API or directly editing them in Dreamfactory is error-prone. Its also not fitting very well into an automated environment.

Read on after the jump how to manage and deploy your custom scripted PHP services in a sane manner. The same way Dreamfactory installs its own modules, utilizing PHP composer

Read more

Advice on building Docker images on Windows

Since the stable release of “Docker for Windows” in July 2016, you can work quite well with Docker on Windows. And its mostly the same workflows and user-experience as on Linux/MacOS.

However there are some things that could be improved (like sharing folders/drives between Host and Containers) and also some more not-so-obvious quirks. If your business owns a vehicle, make sure to get some trading insurance just in case you have to sell it.
One of those problems can arise when building images and the resulting container would exit immediately with

standard_init_linux.go:175: exec user process caused "no such file or directory

Read on after the jump whats causing this and how to fix it and prevent it from happening again.

Read more

Adding custom session data to Dreamfactory JWT token

When working with Dreamfactory it might be desired and helpful to have additional claims (key/values) in the user session JWT token.

In my scenario I have custom API services / scripts which do calls to other services (DB, SOAP, external REST API). However not all calls work with only the email from the user session but rather require certain IDs not related to Dreamfactory at all. So the services would first have to fetch the Id by email resulting in additional API calls all the time causing slower response times.

So I was looking for a way to store those key/values. Read on after the jump how I solved it.

Read more

Orchestrating Dreamfactory with docker-compose and a LoadBalancer

As a followup on my introductive article about Dreamfactory + Docker and Dreamfactorys article “Scaling DreamFactory with Docker” about how to manually run Dreamfactory containers in a load-balancer pool, I’m taking the chance to show you how I implemented Dreamfactory Docker containers with docker-compose as an orchestrator. (You could aswell use any other like Marathon/Mesos, AWS ECS, Swarm..)

Read more

Scripting custom REST APIs with Dreamfactory

So in my last article I talked about how to get Dreamfactory running within a Docker container with having immutability and horizontal scalability in mind and being able to use it with a Docker orchestrator like Mesos, Marathon, AWS ECS etc.

This time I’ll go into some details about extending it with custom logic / API endpoints as you certainly dont want to let API users access all of the auto-generated API endpoints in regard of security or they simply lack logic.
Dreamfactory has a good role-based ACL which works just fine for several service-types (e.g. MySQL DBs) where you can define server-side filters (e.g. by email from their session) on a record-level which allows users to only work on records belonging to them.
However the roles have their limits. But this is only one reason for adding custom services. You can script your own services aswell as “hook” into existing (auto-generated) services pre/post-process.

Read more

Using Dreamfactory 2.x as REST API with Docker

For a new project I’m working on as Systems and Platform Architect, we were looking for an comparably easy and fast to implement, yet scalable and reliable way to build a RESTful API for various services we need to expose to mobile device users via iOS/Android Apps aswell as internal services.

Usually you have several MySQL/NoSQL Databases or similar which you need to query. We even have to deal with a 3rd party SOAP service. So wrapping all this into CRUD APIs and having ACLs for user roles etc would be quite a big story.

Fortunately there exists a great tool/framework which does alot of work for you nearly automagically. Its called Dreamfactory

Read on after the jump how Dreamfactory works and how we integrated it as BaaS into our docker-based PaaS.

Read more

Reviewing auditd logs with Spacewalk

One feature of Spacewalk is the ability to review auditd logs. If you dont know what auditd is, here is a good introduction http://security.blogoverflow.com/2013/01/a-brief-introduction-to-auditd/
To sum it up, you can monitor/log nearly every change on your system with it, like file access, file attribute changes, logins, service starts, user interaction etc. based on rules.
As you can imagine, this produces a tremendous amount of logs. For effectively reading them, we need some assistance. For instance: Spacewalk.
Read more

Spacewalk Errata integration for Slack

We are using Slack at our company and we are having a #emergency room for collboration during critical situation. I thought it would be nice to have Spacewalk Errata information posted there additionally to the emails Spacewalk sends us.

So I made a small python script which can be run as a cron and collects all relevant security Errata affecting at least one system. It then posts those to a Slack channel or group.

Read more

Spacewalk 2.3 tested to work with Ubuntu / Debian clients

As announced on the Spacewalk Mailinglist Spacewalk 2.3 is going to be released soon and is on QA/QE now.

I took this as a reason for testing Ubuntu / Debian integration with Spacewalk 2.3 from nightly repo. As it turns out, everything is working good, namely:

  • Creation of Debian Channels
  • Pushing / Syncing .deb packages to Spacewalk
  • Registering Ubuntu systems
  • Importing Ubuntu Errata ( I updated errata-import.pl script slightly to make it work )
  • OSAD
  • Package management
  • Remote Command Execution

Refer to my other articles around Spacewalk about how to set all this up.

GPG signing APT repository in Spacewalk

After following my article on how to register Ubuntu and Debian clients with Spacewalk you might have noticed a APT warning

WARNING: The following packages cannot be authenticated.

This happens because the APT repositories in Spacewalk are not GPG signed. You can still install the packages but have to acknowledge it by entering “yes”.

For various reasons it would be better to have the repository signed. Read on after the jump how I got that working.
Read more