Classics Challenge 03 Paris to Nemours

It’s Friday night and I am at this fashionable new italian restaurant in Paris called Pizza Populare. I am looking at this enormous dessert called “Profiterole”. I am just about to eat it having the guilt that it may be not going to go down well and may need need to go easy on it before the morning after ride for the third classics challenge going from Paris to Nemours.

The classics challenge is a long ride organised every month with multiple groups going at different speed to cities around Paris. I have done the last two rides. the first one was a ride going to Rouen and the second one to Evreux!

This time was no joking, 163km going via the south-east near the Fontainebleau Forest looping by picturesque town around and around until reaching Nemours.

6AM, the alarm is waking me up, it’s only a very short sleep that could have been even shorter if i have joined my friends for a ‘last drink’ to a pub for the birthday (they finished at 8h30 on Saturday).  I am trying to think about all the stuff I need for this long ride :

  • Café
  • Put the Porridge in the fridge
  • Remove my tri bar from my bike (it’s going to be a bunch ride, tri bar can be dangerous there and take weight)
  • Adjust the seat’s height and reach to more confortable than tri bar position.
  • Pump the tyres
  • Take gels
  • Prepare a sandwich (some peloton never stop for a pause and just go straight)
  • Fill up bidons with cold water
  • Credit card, money, ID etc..
  • Bibs, Jersey

I am almost ready until I realise that my white helmet wasn’t matching my outfit (black and red) so there I am looking everywhere losing 10mn for my red helmet that I can’t find anywhere.

With that fashion faux pas in the way I am quickly texting my expaTRIes triathlon teammate Kathryn who is joining me on this morning ride that I am going to be 10 minute late!

I am quickly moving in high gear to get to the departure which is this time the “velodrome jacques anquetil” in vincennes. We get a picture taken with Kathryn pick up a freebie in the form of a cycling hat and we start with the 30/35kh group ride. (there is multiple groups, from 25kh and under to 35 and more)

The thing is, we were going with the 30/35kh ride but the 35kh+ group was also mixed in there too and after 30mn riding at over 40kh  we decided to drop out of the group and do some proper 30kh riding.

As I have the Ironman Frankfurt in three weeks it was perfect for me to get some time in the wind, and since Kathryn has a pyrenees crossing to do too it would be some good training for her!

As we went thru we passed by some wonderful places from the Seine-et-Marne (77), we kept a good 30kh pace flying with a light wind behind and a flat road. Kathryn was able to make friends along the way as she catches some wasps entering her jersey and stung her a few times until she realised that the wasp was stil inside her jersey and had let her go 10 minutes after.

We stoped by the chateau of Branly where we had a quick sandwich break and left just before the group of the 27/30kh was about to catch up and went on by some other picturesque town like bois le roi (where the trialong L distance triathlon is held) , bombon (noting special if only just for the name),  Chartrettes and others. Some places there were truly and having grown up in paris i would never imagine there was such a beautiful places just a few hours from Paris.

After going around and around in the Fontainebleau forest  the course was quite evil in a way since we could always see the nemours sign but it never went that way and always getting around it until we finally arrived there, after a stagering 170km ride in 6h05 with an average of over 28kh

It was a very nice ride and the home made organic tea and lunch we had (this random place we choose for lunch was hardcore organic people) we were ready to go back. The thing that wasn’t nice is that we missed the train back to Paris only a few seconds and we missed the start of the expatries for the 5k OpenSwim start.

After all, the ride was nice and i loved it, the classics challenge never fail to deliver beautiful routes.

 

Deploying minishift on a remote laptop.

Part of my new job working with Fabric8 is to having it deployed via minishift.
Everything is nice and working (try it it’s awesome https://fabric8.io/guide/getStarted/gofabric8.html) as long you deploy it on your local workstation.

The thing is that my desktop macosx laptop has only 8GB of RAM and is not very well up to the task to get all the services being deployed when I have my web browser and other stuff hogging the memory. I would not do on a remote VM since I want to avoid the nested virtualisationt part that may slow down things even more.

Thanksfully I have another linux laptop with 8GB of RAM which I use for my testing and wanted to deploy minishift on it and access it from my desktop laptop.

This is not as trivial as it sounds but thanks to minishift flexibility there is way to set this up.

So here is the magic command line :

minishift start --public-hostname localhost --routing-suffix 127.0.0.1.nip.io

What do we do here? We bind everyting to localhost and 127.0.0.1, what for you may ask? Cause we then are going to use it via SSH. First you need to get the minishift IP :


$ minishift ip
192.168.42.209

and now since in my case it’s the 192.168.42.209 IP I am going to forward SSH it :


sudo ssh -L 443:192.168.42.209:443 -L 8443:192.168.42.209:8443 username@host

Change the username@host and the 192.168.42.209 to your IP. I use sudo here since to be able to forward the privileged 443 port need root access,

When this is done if the stars was aligned in the right direction when you typed those commands you should be able to see the fabric8 login page :

The story of Abou Abdallah, the running champion refugee who is about to get deported

 

 

[Abou has just been freed, thanks everyone for helping]

Photo by Bomain Bouvren

A couple of months ago, in one of our weekly runs in the Parisian northeastern suburb (Jaures), someone special joined our team. A quiet man from Sudan who spoke no French and a little English but shook everyone’s hand with a smile, not asking for anything else than go running.

Little did we know at that time until later that he was a refugee who sleeped by the winter in street’s tents set by the Stalingrad area (see article about it here). His journey to France was not without dramas as you may imagine, he had crossed multiple times the Mediterranean Sea hiding in boats until getting to Paris.

Even if he had to move further away from our area in the northeast, he kept coming every Tuesday with us to run, always with the fastest group but he never once took the lead up front.

At first I thought it was because he was struggling with the pace but when we were asking, he never answered with something else than a smile and a “Yes no problem, I’m good, I’m good”. If I only knew that he was actually much much faster than every one of us combined.

A few months later, he did his first race picking up a bib at the last minute and won the 10k race in ~31m. Three weeks later, he did the same at the 10k of the “Course du Grand Paris” and won it even though he took a wrong turn multiple times.

Sadly, two days ago he was arrested for illegal stay on the French territory and he’s about to get deported away. We are trying to get as much signatures as possible on this change.org petition :

https://www.change.org/p/pr%C3%A9fecture-de-police-freeabu-c5b378b8-1bc4-4286-aae1-0bed7686f441

It would be great if we can have much signatures as possible here so we can build up the case with the lawyers.

Triathlon de Troyes L distance race report

On Sunday 4 of June I was near the Lac de L’Aube around 25km west of Troyes to do an approximate distance of a standard L or half ironman distance.

The approximation for the L distance here is because the distances are different from the standard L which usually has a swim/bike/run of 1.9k/90k/21k, this one was more like 2.7k/80k/20k.

When I saw two weeks ago that I had the week-end free and that it was only a short drive from Paris I sent an email to the organiser to see if there was still entries available (since it was announced as sold out) and I was able to convinced Benji and David from my tri club (the expaTriates) to get into this.

Benji and myself decided to sleep near Troyes instead of driving early by the race morning  so we can get some good sleep before the relative late start of 11AM.

After a 2 hours and half drive and a pasta filled lunch we went to pick up our bibs and watch the podium  for the S distance. The weather that day was pretty bad with a big rain and the lake and its 2.7km of swimming was looking scary (at least for very bad swimmer like me).

A good night sleep and a hotel style breakfast buffet full of proteins (and flans!!!! for benj) we then were the first by the transition area to start setting up our bikes and ‘things’.

David by that time arrived with his family just in time so we can take a club picture. It was nice for me to meet David since I he’s the other one from the club doing the Ironman Frankfurt in July.

The swim was a mass start and it was a difficult one for me, I am used to get the people punching you or grabbing your legs by now but this time it was a bit of panic and went by the left to avoid most people and recovered from a bad time where my lungs got filled with water.

The end was long, very long and lonely. You know those lonely times where you mind getting filled with bad thoughts of DNFing. One of the main thing that kept me going and not giving up is to think that I had a race report to write for Karen and the expaTRIates blog and could not bare to write one about how I justify a thousands fake excuses for DNFing.

T1 done with only a few bike left in the transition I started cycling to hope to catchup people. Since the cycling was three loops by the time I was doing my first one the pros were already passing me for their second loops. I had quite a bit of good cycling training this year since January but I was nowhere able to do the 45/50kh those guys were doing on this looks full of rolling hills and “faux plats”.

By my third loop I already passed a lot of people and kept going strong to finish with an average of 31kh, my tummy wasn’t feeling good probably with all the water I had when swimming and after t2 I was worried if I was going to do a “Paula Radcliff” during my run.

I started the run very slowly (5’30/6’) waiting that my tummy ache was going away and only after the second loop after drinking cocas and burping I was feeling better. I started chatting with some guy from Ivry triathlon and convinced him we should do a strong finish ! so then we went and hit 4’45/4’40/4’30 on the last kilometers sprinting to join benji to the finish line.

It was difficult but since it was more of a preparation race before the full ironman in July for me I wasn’t worried about my performanced. I did passed 150 people between the end of the swimming and the finish line and really not DNFing when you kept thinking about it during the 3km of Swimming was the true victory here.

A nice dinner in a very nice place in Sens on the way to Paris and I was back home in a very accomplished week-end feeling.

Half IronMan Aix en Provence 2017 race report

 

On Sunday I raced the Half of IronMan Aix en Provence 2017 and finished with an honorable place of just under 6h.

I am not so sure why I end up being here again a year and two weeks after the last edition which ended windy and cold and a canceled swim. Even though there wasn’t any swim which is traditionally my weakest discipline I had such a bad race that day I didn’t think I would be back here.

Since Aix is actually perfect timing for my July full IronMan training and that I have a couple of friends living in the area and a revenge to take I duly racked my 250€ (!!!) to have the honor to race an IronMan© branded race.

The train ride and the bib pickup was mostly uneventful hanging out most of the day on the cafe terasse of the “Cours Mirabeauhanging out with friends and doing all the usual (at least for IM branded) pre race duties like packing the different colored bags with the different clothes making sure I am not missing anything. Dropping the bike bag to the Lake start with the organised shuttle, dropping the shoes bag near the start of the running portion etc...


Tried to sleep early this time going to bed by 22:00 and getting awake by 4:00. For this race I decided to not do a big breakfast like I usually do, I just had a cup of tea and a very light porridge. By experience if I eat too much the morning or the day before I get pretty bloated. I just made sure I had my carb loads done by Thursday/Friday and packed plenty of gels.

By 07:00 I am watching the pros and other good swimmers starting their swim in the Lac Peyrolles. 1h15 later I was myself getting wet with the other people of my rolling start group. As I was mentioning before, swimming is really not my speciality. I just do my thing swimming until I arrive to T1. Unfortunately, I did a couple of zigzaging around and finished with a distance of 2300m instead of the usual 1900m. I had a time for the swim of just under 45mn. I probably could do better and I definitely should go for at least under 40mn next time!


T1 went pretty fast, just 6mn10 which include the sprint from the lake to the changing area and straight on the bike.

Now cycling I did a lot this year (over 3000km since Jan), I was confident that it would get well. And I did pretty well, I spent my time passing people and enjoyed every moment of it, I tried to chat to most people passing by and encouraging some friends along the way. With over a thousand meters of elevation gained the course is quite hilly but the only real difficulty is the Col du Cengle which is a climb of 3.6km with an average of 6% and some steep part.

I was pretty happy finishing the bike part in 2h57mn. For nutrition I never stopped for food refill, I had attached gels on my bike and kept eating them every 30mn or so (thanks Garmin timer alarm) and had two large bidons on my bike.

I was feeling fresh I was feeling good, and I was expecting to hit a PB (my target just under 5h30). My T2 went pretty quick, just under 3mn to rack my bike and get my running shoes on,

Running now is something I would say I am more natural with and usually would finish in the top tiers. But today wasn’t the day, as soon I started running, my custom soles made by my podologist starting to hurt me. I am not sure why it did just now, I made them just two weeks before and I have tested on a couple of long runs, I thought it was going to be only a temporary niggle that would go away. After the first lap of 7.5km it was obvious that it wasn’t going to go away, my feet were filled with blisters and I could hardly walk. The cheering of some of my friends kept me going and after trashing away my soles (70€ custom sole rage quit!) I could finally walk to the finish line in a very horrible time of 2h06mn.

My total finish time was 5h58. I was sure disappointed by the time but the real win here is that I didn’t have any knee pains, sure some blisters due of some stupid soles but no real jury and I could not be less happy with this.

Getting a letsencrypt SSL certificate for the OpenShift console and API

By default when you install an OpenShift install it would automatically generate its own certificates.

It uses those certificates for communication between nodes and as well to automatically auth the admin account. By default those same certificates are the one provided for the OpenShift console and API.

Since it is auto generated you will when connecting  to the website with you webbrowser get an ugly error message :

2016-09-28__23-40-01-20126

 

 

and as the error message says that’s not very secure #sadpanda.

There is an easy way to generate certificate these days and it is to use letsencrypt, so let’s see how to connect it to the openshift console.

There is something to understand first here,  when you want to use an alternate SSL certificates for your console and API you can’t do that on your default (master) URL, it has to be another url. Phrased in another way here is a quote from the official documentation  :

2016-09-28__23-55-03-27531

with that in mind let’s assume you have setup a domain being a CNAME to your default domain. For myself here since this is a test install I went to use the easy way and I will use the xp.io service as I have documented in an earlier post. This give me easily a domain which would look like this :

lb.198.154.189.125.xip.io

So now that you have defined it, you need first to generate the letsencrypt certificate usually you would use certbot from RHEL EPEL to generate them but unfortunately at the time of writing this blog post the package was  uninstallable for me which probably would get fixed soon. In the meantime I have used letsencrypt from git directly as like this:

$ git clone https://github.com/letsencrypt/letsencrypt

before you do anything, you need to understand the letsencrypt  process, usually you would have an apache or nginx (etc…) serving the generated files for verifications  (the /.well-known/ thing) since we can’t do that for us in openshift you can use the letsencrypt builtin webserver for that.

But to start the builtin webserver you need to be able to do it to bind it on port 80  but for us on master there is the router running which bind to it (and 443), so you would need to make sure it’s down and the most elegant way to do that with openshift is like this :

$ oc scale –replicas=0 dc router

now that you have nothing on port 80 you can tell letsencrypt to do its magic with this command line :

$ ./letsencrypt-auto –renew-by-default -a standalone –webroot-path /tmp/letsencrypt/ –server https://acme-v01.api.letsencrypt.org/directory –email email@email.com –text –agree-tos –agree-dev-preview -d lb.198.154.189.125.xip.io auth

change the lb.198.154.189.125.xip.io here to your own domain as the email address, if everything goes well you should get something like this :

2016-09-29__00-08-22-10578

now you should have all the certificates needed in /etc/letsencrypt/live/${domain}

So there is a little caveat here, there is a bug in openshift-ansible currently with symlinks and certificates and the way it operates. I have filled the bug here and it has already been fixed in GIT so hopefully by the time you will read this article this would be fixed in the openshift-ansible rpm if it’s not you can directly use the GIT openshift-ansible instead of the package.mber (3) here is going to change so you would have to adjust.

now you just need to some configuration in your /etc/ansible/hosts file :

openshift_master_cluster_public_hostname=lb.198.154.189.125.xip.io
openshift_master_named_certificates=[{"certfile": "/etc/letsencrypt/live/lb.198.154.189.125.xip.io/full.pem", "keyfile": "/etc/letsencrypt/live/lb.198.154.189.125.xip.io/privkey.pem", "names":["lb.198.154.189.125.xip.io"]}]
openshift_master_overwrite_named_certificates=true

after you run your playbook (with ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml) you should have it running properly and now when accessing by the console you should the reassuring secure lock :

2016-09-29__10-11-32-12477

NB:

  • If you need to renew the certs just do the steps where you oc scale the router quickly and renew the certificate with the letsencrypt auto command line mentioned earlier.
  • There is probably a way more elegant way to do that with a container and a route. I saw this on dockerhub but this seems to be tailored to apps (and kube) and I don’t think this could be used for the OpenShift console.
  • Don’t forget to oc scale –replicas=1 dc/router (even tho the ansible rerun should have done for you.

Easily test your OpenShift applications exposed by the router

OpenShift integrate[1] a router based on HAproxy to expose your services to the outside world. Whenever your do a :

oc expose servicename

it would expose by default the servicename this URL :

servicenameprojectname.defaultSubDomain

The defaultSubdomain is usually a wildcard DNS record that you have configured in your domain server by your system administrator. 

Now for your openshift testing if you don’t want to ask your system administrator to configure a new CNAME going to your testing environement you can just use the free service xp.io

The XP.IO service is a special DNS service which would take a an IP address and xp.io and report back the IP of this IP address to itself and to all subdomain so that the IP:

blah.1.2.3.4.xp.io

will go to 1.2.3.4 same goes for foo.1.2.3.4, bar.1.2.3.4 etc…

You just then need to configure it in OpenShift by editing the value (assuming 1.2.3.4 is your public IP which come back to your router) :


routingConfig:
    subdomain: "1.2.3.4.xip.io"

Or if you use the openshift-ansible scripts to add this your /etc/ansible/hosts

osm_default_subdomain=1.2.3.4.xip.io

and then you get all your route exposed properly without bother your always busy system admin.

[1] Which lately got merged into kubernetes as the “ingress” feature

How to view openshift router (haproxy) stats

After you have installed your fancy openshift install and that it kicked the haproxy router automatically after install you may want to see the stats of the router.

The HAproxy stats are exposed on the port 1936 where the router is located (usually on the master node) so first you need a way to access it. You can open it via your firewall (not ideal) or you can just port forward the port to your workstation via SSH :

$ ssh -L 1936:localhost:1936 master.openshift

Now that it’s done and you have 1936 tunelled you need to figure out the password of the haproxy stats. It’s stored in its environment variables so you just do a oc describe to see it for example :

2016-09-27__12-58-57-15400

Now that you have the password (uo5LtC6mac in my case), you just point your workstation web browser to :

http://admin:password@localhost:1936

just make sure to replace the password with your own password and you should be all set.

2016-09-27__13-01-20-4942

Controlling Yamaha AV RX-A830 from command line

At home I have been using a Yamaha AV RX-A380, it’s an home teather audio video solution where you can plug about everything you need (like 7 hdmi channel, spoiler alert there is something wrong with you if you have that many devices) and output to two other hdmi channel (like a tv and a projector).

It has integration for spotify, airplay, netradio and billions of connection to everything, just look at the damn back of this device :

Since I wanted to control it from the command line to automate it for home automation, I firebugged the web interface and reversed some of the REST calls in a nice bash script.

Here it is at your convenience to using or hack it :

This doesn’t support multi-zone and assume the web interface is resolvable to http://yamaha.local/ (it should be by default) so be aware. This may support other Yamaha AV devices but since I don’t have it I can’t say and you may have try, if it does kindly add a comment here soother would know 🙂

The trick to get your wordpress behind a reverse proxy

I have been meaning to get this blog SSL protected for a while and since solution like letsencrypt makes it easy I have generated some SSL keys for my domain  and configured it in apache.

So far so good, but the thing is my VM at my hosting provider is pretty small and I have been using varnish for quite some time or I would get out of memory quickly some the kernel OOM killer kicking[1] it.

Varnish don’t do SSL so you have to do something else, I went ahead and used Nginx to provide my SSL endpoint which then would look like this :

nginx-varnish-apache

I could have done it with apache virtualhosts which look like this :

apache-virtualhosts-varnish-ssl

I went finally for nginx since most people seems to say that it was more lean and quick for those kick of ssl accelerator job.

So far so good for the configuration, you can find those informations all over the internet, the nginx ssl configuration was a bit special so I can have the higher secure end of SSL encryption :

Now the thing didn’t work very well when accessing the website, I could not see any of th medias including JS and SSL since they were served on the old non ssl url. I tried to force the wordpress configuration to serve SSL but I would end up in a http redirect loop.

Finally I stumbled on this guy blog and looked at a hack to put in the wp-config.php file. I streamlined it to :

    
if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) ||
     (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) {
    $_SERVER['HTTPS'] = 'on';
}
    

and that’s it, wordpress would then understand it would serve as HTTPS and would add its https url properly.

Hope this helps

[1] I had even a cron sometime ago to mysqlping my mysql server and restart it automatically if it was down since I was so sick of it