profile
viewpoint
Aaron Trout aaron-trout @limejump London, UK about.me/aarontrout

aaron-trout/vsphere_file_manager 2

Small CLI utility on top of rbvmomi to upload and download files to/from vcenter datastores

aaron-trout/kube-plex 1

Scalable Plex Media Server on Kubernetes -- dispatch transcode jobs as pods on your cluster!

aaron-trout/redirecter 1

Simple Python aiohttp web redirecter

aaron-trout/awesome-osx-command-line 0

Use your OS X terminal shell to do awesome things.

aaron-trout/aws-ecr-orb 0

CircleCI orb for interacting with Amazon's Elastic Container Registry (ECR)

aaron-trout/bitbucket-branch-source-plugin 0

Bitbucket Branch Source Plugin

aaron-trout/cert-manager 0

Automatically provision TLS certificates for Kubernetes

aaron-trout/charts 0

Curated applications for Kubernetes

aaron-trout/charts-1 0

Helm Charts

issue commenttailscale/tailscale

Force routing over Tailscale (prefer Tailscale routes over LAN)

Hmm my apologies, I shall triple check this and get back to you!

aaron-trout

comment created time in a month

issue openedtailscale/tailscale

Force routing over Tailscale (prefer Tailscale routes over LAN)

Is your feature request related to a problem? Please describe.

One of our use-cases is to set up a relay node in our AWS VPC and advertise the VPC CIDR through Tailscale, so that users can access internal services securely (kinda like a traditional "enterprise" VPN solution I guess).

Now, it just so happens that our VPC CIDR is 192.168.0.0/16, which is causing some issues since a lot of home internet providers default configuration is to use 192.168.0.0/24 or 192.168.1.0/24. This means that the 'local' route takes precedence, and the users are unable to access anything on the AWS side which happens to sit in the same range as their LAN.

The behaviour I have seen with other VPN solutions like Cisco Anyconnect is that once you connect to the VPN, everything goes through the tunnel and you lose direct access to things on your LAN. TBH I am not really sure how that is implemented, and obviously this would be a bad default behaviour for Tailscale, but it would be useful to have this as a configuration option.

This may also overlap slightly with the "route all traffic through tailscale" feature... Perhaps @danderson has some comments / thoughts around this? Perhaps when in this "route all the things" mode, we could also (optionally??) capture anything which would normally be on the local network as well?

Describe the solution you'd like

Option to prefer Tailscale tunnel over the LAN if an advertised route in Tailscale overlaps with the local network, perhaps as part of the default routing / capture all traffic feature.

Describe alternatives you've considered

  • Install tailscaled on things which people need to access which fall within 192.168.0.0/23 on AWS side, use tailscale internal addresses (bit of a pain seeing as we already have a relay node to this network, would cause traffic from those boxes to go out through tailscale to the relay node and back in to the same network again, and also many of these internal services are Kubernetes services exposed via a VPC internal load balancer so can't really install the daemon there easily)
  • Stop using 192.168.0.0/23 (or maybe 192.168.0.0/16 all together!) in AWS; could work, but is more a workaround/hack than really fixing the problem, since it is possible that someones home network would use something in one of the other RFC1918 ranges.

Additional context

🤷

created time in a month

PR opened squalrus/merge-bot

Test commit
+1 -0

0 comment

1 changed file

pr created time in a month

pull request commentsqualrus/merge-bot

Fork pr test

Whoops, forgot to change the target branch!

aaron-trout

comment created time in a month

PR closed squalrus/merge-bot

Fork pr test
+505 -7

0 comment

9 changed files

aaron-trout

pr closed time in a month

pull request commentsqualrus/merge-bot

Add support for forks

@squalrus sure thing! #42

squalrus

comment created time in a month

PR opened squalrus/merge-bot

Fork pr test
+505 -7

0 comment

9 changed files

pr created time in a month

create barnchaaron-trout/merge-bot

branch : fork-pr-test

created branch time in a month

pull request commentsqualrus/merge-bot

Optionally delete source branch

Just pushed an update adjusting the tests based on these changes.

@squalrus looks good to me!

aaron-trout

comment created time in a month

issue commentsqualrus/merge-bot

Not detecting reviews?

Yeah, I've been having a poke about in the Github API as well. Seems in this specific flow where the reviewers are automatically assigned by CODEOWNERS and it happens to be a group, then when this event happens:

Screenshot 2020-09-03 at 14 49 09

Seem to end up with no "requested" reviewers:

Screenshot 2020-09-03 at 14 48 19

But if you call the endpoint to list the reviews:

Screenshot 2020-09-03 at 14 50 10

So maybe it is because they were not explicitly "requested" as reviewers?

aaron-trout

comment created time in 2 months

issue openedsqualrus/merge-bot

Not detecting reviews?

Describe the bug Hi again @squalrus, sorry to bombard you with PR's and issues 😅

Seeing a weird behaviour and was hoping you could help me figure out what is happening? I had this PR where reviewers were auto assigned from CODEOWNERS, but once all the conditions were met the auto merge didn't happen.

Before approvals it said Waiting on code owner review from limejump/platform and/or limejump/sig-kubernetes.

After approvals I see this in the logs:

pull: {"labels":["automerge","ready"],"owner":"limejump","pull_number":1375,"reviews":[],"ref":"heads/automerge-fixes","repo":"k8s-gitops","requested_reviewers":[],"checks":{}}

Notice how reviews and requested_reviewers are just an empty list! So all the jobs passed, but it didn't merge.

Screenshot 2020-09-03 at 14 21 04

Any ideas / extra things to check?

created time in 2 months

PR opened squalrus/merge-bot

Optionally delete source branch

This is useful if you have "Automatically delete head branches" enabled on your repo:

Screenshot 2020-09-03 at 13 45 52

+16 -9

0 comment

3 changed files

pr created time in 2 months

create barnchaaron-trout/merge-bot

branch : optional-delete-branch

created branch time in 2 months

pull request commentsqualrus/merge-bot

Add 'await' on call to pr merge and branch delete

Managed to get the permissions error fixed! I had only granted access to pull requests for the app / integration, needed to add read access to checks as well.

aaron-trout

comment created time in 2 months

pull request commentsqualrus/merge-bot

Add 'await' on call to pr merge and branch delete

@aaron-trout If we integrate this, would you mind opening another PR from your fork so we can debug the fork workflow?

@squalrus sure thing! It looks like a similar problem to what I'm getting on our private repo actually 😅

##[error]You're not authorized to push to this branch. Visit https://docs.github.com/articles/about-protected-branches/ for more information.

I tried to swtich to using a Github App integration and doing some plumbing to give the merge bot a token for the app, but then I got this error:

##[error]Resource not accessible by integration
aaron-trout

comment created time in 2 months

issue commentpyenv/pyenv

Unable to build Python on macOS Big Sur with Xcode 12 beta

Thanks @htp! I managed to make this working for installing Python 3.5 using this script:

#!/bin/bash

set -ex

export CFLAGS="-I$(brew --prefix openssl)/include -I$(brew --prefix readline)/include -I$(xcrun --show-sdk-path)/usr/include"
export LDFLAGS="-L$(brew --prefix openssl)/lib -L$(brew --prefix readline)/lib -L$(xcrun --show-sdk-path)/usr/lib -L/usr/local/opt/zlib/lib"
export CPPFLAGS="-I/usr/local/opt/zlib/include"
export PKG_CONFIG_PATH="/usr/local/opt/zlib/lib/pkgconfig"

pyenv install --patch 3.5.9 < <(curl -sSL https://github.com/python/cpython/commit/8ea6353.patch)

I also did brew reinstall -s make cmake as someone else suggested earlier, not sure if that helped or not!

Sjors

comment created time in 2 months

pull request commentsqualrus/merge-bot

Add 'await' on call to pr merge and branch delete

Thanks @mbellgb for helping to spot this 👍

aaron-trout

comment created time in 2 months

PR opened squalrus/merge-bot

Add 'await' on call to pr merge and branch delete

I am no Javascript developer, but I think there should be some await here :D

So the bot was failing to merge my PR, it would just delete the branch and close the PR. Now I added these awaits and used my fork, I get a build fail on the merge step saying this:

##[error]You're not authorized to push to this branch. Visit https://docs.github.com/articles/about-protected-branches/ for more information.

I'm not sure exactly why it is failing / being blocked, but that is a separate problem! At least we wait for the call to merge to return successfully before going ahead and deleting the branch now!

+2 -2

0 comment

1 changed file

pr created time in 2 months

create barnchaaron-trout/merge-bot

branch : await

created branch time in 2 months

fork aaron-trout/merge-bot

A GitHub action that manages pull request integrations

fork in 2 months

issue commentsqualrus/merge-bot

Feature: on commit, remove label(?) or Re-request review(?)

You can make this happen by comboing this with another action. I have the "dismiss pull reviews when new commits are added" thing in the repo settings checked, then using the following action to remove the "ready" label:

name: Remove ready label
on:
  pull_request_review:
    types:
      - edited
      - dismissed
jobs:
  remove_label:
    runs-on: ubuntu-latest
    name: remove ready label
    steps:
      - name: removelabel
        uses: buildsville/add-remove-label@v1
        with:
          token: ${{secrets.GITHUB_TOKEN}}
          label: ready
          type: remove
squalrus

comment created time in 2 months

startedspacesiren/spacesiren

started time in 2 months

delete branch aaron-trout/aws-ecr-orb

delete branch : fix-duplicate-aws-cli-install

delete time in 3 months

startedpoteto/hiring-without-whiteboards

started time in 3 months

startedfelixrieseberg/macintosh.js

started time in 3 months

issue commentfelixrieseberg/macintosh.js

Mouse cursor jumps around rapidly when moved

This happens for me as well on a MacBook Pro running the latest MacOS 11 public beta (11.0 Beta (20A4300b)).

MQDuck

comment created time in 3 months

pull request commentCircleCI-Public/aws-ecr-orb

[semver:minor] Make 'build-image' command more friendly

@gmemstr raised https://github.com/CircleCI-Public/aws-ecr-orb/pull/110 with a fix

aaron-trout

comment created time in 3 months

PR opened CircleCI-Public/aws-ecr-orb

Reviewers
The 'aws-cli/setup' step includes install, no need to call it manually

Fixes #109

Checklist

  • [ ] All new jobs, commands, executors, parameters have descriptions
  • [ ] Examples have been added for any significant new features
  • [ ] README has been updated, if necessary

Motivation, issues

Currently the AWS CLI gets installed twice, this should fix that

Description

In the latest version of the aws-cli orb, the setup command includes the install, so we don't need to run that from this orb.

https://github.com/CircleCI-Public/aws-cli-orb/blob/v1.2.1/src/commands/setup.yml#L59

+0 -2

0 comment

1 changed file

pr created time in 3 months

create barnchaaron-trout/aws-ecr-orb

branch : fix-duplicate-aws-cli-install

created branch time in 3 months

issue openedCircleCI-Public/aws-ecr-orb

AWS CLI gets installed twice

Orb version

6.12.0

What happened

AWSCLI gets installed twice

Screenshot 2020-07-28 at 17 33 16

Expected behavior

It only gets installed once

created time in 3 months

pull request commentCircleCI-Public/aws-ecr-orb

[semver:minor] Make 'build-image' command more friendly

@gmemstr thanks for the merge, this is now working with version 6.12.0 however I am getting a couple steps duplicated when using build-image:

Screenshot 2020-07-28 at 17 33 16

I'll raise an issue and a PR for this, I think I found the issue :-)

aaron-trout

comment created time in 3 months

delete branch aaron-trout/aws-ecr-orb

delete branch : just-build

delete time in 3 months

more