How I fixed WSL 2 filesystem performance issues
In my development workflow (DevOps and scripting, mainly – I’m a security practitioner, not a programmer) I frequently switch between Windows and WSL. I work a lot with Ansible, and I love the fact that with WSL, I can enable full Ansible linting support in Visual Studio Code. The problem is that there are known cross-OS filesystem performance issues with WSL 2. At the moment, Microsoft recommends that if you require “Performance across OS file systems“, you should use WSL 1. Yuck.
What I want to do is to have a folder on my Windows hard drive, C:\Repos
, that contains all the repositories I use. I want that same folder to be available in WSL as the directory /repos
. Network file shares are out of the question, because, performance. (Have you tried git
operations on a CIFS share? Ugh.)
The old way – share from Windows to WSL
Until this week, I’d been sharing the Windows directory into WSL distros using /etc/fstab
and automount options. Fstab contained this line:
C:/Repos /repos drvfs uid=1000,gid=1000,umask=22 0 0
And /etc/wsl.conf
:
[automount]
options="metadata,umask=0033"
But with this setup, every so often WSL filesystem operations would grind to a halt and I’d need to terminate and restart the distro. It could be minutes or days before the problem resurfaced.
The Windows Subsystem for Linux September 2023 update, currently available only for Windows Insider builds, was supposed to fix some of the issues. I tried it. The fixes broke Docker and didn’t improve filesystem performance sufficiently. Even after a Docker upgrade (the Docker folks in collaboration with the WSL team), port mapping remained broken.
The new way – share from WSL to Windows
So let’s fix this once and for all. Maybe the WSL filesystem perfomance issues will go away one day, but I need to get on with my work today, not at some unspecified point in the future. I also don’t like running insider builds, and neither did my endpoint protection software. (That’s another story.) In the meantime, we need to move the files into WSL, where the performance issues disappear. It’s cross-OS access that causes the problems.
Now I know about \\wsl.localhost
, but unfortunately this confuses some of the programs I use day-to-day, including some VS Code plugins. I really need all Windows programs to believe and act like the files are on my hard drive.
After much pulling together of information from dark, dusty corners of the internet, I discovered that, with the latest versions of Windows, you can create symbolic links to the WSL filesystem. So the files move into WSL (as /repos
) and we create a symbolic link to that directory at C:\Repos
. This can be as simple as uttering the following PowerShell incantation:
New-Item -ItemType SymbolicLink -Path "C:\Repos" -Target "\\wsl.localhost\AlmaLinux9\repos"
This should be fairly self-explanatory. In my case, I’m actually mapping to /mnt/wsl/repos
, for reasons I’ll explain in the next section.
I have two VS Code workspaces – one for working directly in Windows, and the other for working in remote WSL mode. The Windows workspace points to C:\Repos
and the WSL workspace points to /repos
. When I restarted both workspaces after making these changes and moving the files into WSL, VS Code saw no difference. The files were still available, as before. But remote WSL operations now ran quicker.
Bonus: share folder with multiple distros
Ah, but what if you need the same folder to be available in more than one distribution? The same /repos
folder in AlmaLinux, Oracle Linux and Ubuntu? Not network mapped? Is that even possible?
Absolutely it is. It’s possible through the expedient of mounting an additional virtual hard disk, which becomes available to all distros. This freaks me out slightly, because – what about file system locking? Deadlocks? Race conditions? Okay, calm down Rob, just exercise the discipline of only opening files within one distro at a time. You got this.
Create yourself a new VHDX file. I store mine in roughly the same place WSL stores all its VHDX files:
$DiskSize = 10GB
$DiskName = "Repos.vhdx"
$VhdxDirectory = Join-Path -Path $Env:LOCALAPPDATA -ChildPath "wsl"
if (!(Test-Path -Path $VhdxDirectory)) {
New-Item -Path $VhdxDirectory -ItemType Directory
}
$DiskPath = Join-Path -Path $VhdxDirectory -ChildPath $DiskName
New-VHD -Path $DiskPath -SizeBytes $DiskSize -Dynamic
This gives you a raw, unformatted virtual hard drive at C:\Users\rob\AppData\Local\wsl\Repos.vhdx
. Mount it within WSL. From the PowerShell session used above:
wsl --mount --vhd $DiskPath --bare
Now inside one of your distros, you’ll have a new drive, ready to be formatted to ext4. Easy enough to work out which device is the new drive – sort by timestamp:
ls -1t /dev/sd* | head -n 1
You’ll get something like /dev/sdd
. Initialise this disk in WSL:
sudo mkfs -t ext4 /dev/sdd
(Do check you’re working with the correct drive – don’t just copy and paste!)
Back in the PowerShell session, we unmount the bare drive and remount it. WSL will automatically detect that the disk now contains a single ext4 partition and will mount that under /mnt/wsl
– in all distros, mind you.
wsl --unmount $DiskPath
wsl --mount --vhd $DiskPath --name repos
The drive will now be mounted at /mnt/wsl/repos
. If necessary, move any files into this location and create a new symlink at /repos
. In WSL:
shopt -s dotglob
sudo mv /repos/* /mnt/wsl/repos
sudo rmdir /repos
sudo ln -s /mnt/wsl/repos /repos
(shopt
here ensures the move includes any hidden files with names begining ‘.
‘.)
When sharing this directory into Windows, you need to use the full path /mnt/wsl/repos
, not the symlink /repos
. But otherwise it works the same as before.
This mount will not persist across reboots, so create a scheduled task to do this, that will run on log on.
Introduction to AI image generation (Stable Diffusion)
For saying that I work in technology, I feel embarrassingly late to this party. I was recently transfixed by posts on Mastodon that showed images generated by Midjourney. I’d never heard of Midjourney. This started me off down a rabbit hole.
A few metres down the rabbit hole, I read about InvokeAI, an open-source alternative to Midjourney. A few metres more and I discovered that I would be able to run InvokeAI on my PC, which is equipped with an NVIDIA GeForce RTX 3060 graphics card.
That’s how I found myself installing and running InvokeAI, despite still knowing virtually nothing about any facet of AI, let alone image generation. Faced with the InvokeAI web interface, the first question becomes “What do all these knobs and buttons do? What are “CFG Scale”, “Sampler” and “Steps”? What is the difference between the “Models”?
In case you find yourself in the same position, here’s a handy guide.
What is Midjourney?
Midjourney is an independent research lab that produces a proprietary artificial intelligence program under the same name that creates images from textual prompts. It is powered by AI and machine learning algorithms and uses text prompts and parameters to generate images. It can be used for both creative and practical applications, such as creating custom artwork and logos, or visualising data. Midjourney is constantly learning and improving, and can be accessed through the Discord chat app by messaging the Midjourney Bot.
What is Stable Diffusion?
Stable Diffusion is an image-generating model developed by Stability AI. It is powered by artificial intelligence and machine learning algorithms, and uses text prompts and parameters to generate images. It can be used for both creative and practical applications, such as creating custom artwork and logos, or visualising data. Stable Diffusion is open-source, meaning anyone can access and use the model without cost. The model has a relatively good understanding of contemporary artistic styles, making it a popular choice for creative applications.
Stable Diffusion is based on the concept of a CFG Scale (see below), which is a mathematical representation of the complexity of a system, which can be used to analyze the behavior of the system over time. The CFG Scale is used to measure the stability of a system, which is an important factor in understanding how the system evolves over time.
The Stable Diffusion algorithm uses a “sampler” (see below) to collect data from the system at different points in time. The algorithm then uses a model to analyse the data collected from the sampler.
What’s InvokeAI then?
InvokeAI is an implementation of Stable Diffusion. It is powered by artificial intelligence and machine learning algorithms, and uses text prompts and parameters to generate images. It is optimised for efficiency, and can generate images with relatively low VRAM requirements. It supports the use of custom models.
The InvokeAI web interface offers lots of parameters. The rest of this article is dedicated to explaining those parameters.
CFG Scale
The CFG Scale, or Classifier-Free Guidance Scale, is a parameter in the Stable Diffusion image generation model. It controls how much the image generation process is guided by the initial input, and how much it is random. (It determines the amount of noise in the generated image.) A high CFG Scale value produces output more closely resembling the text prompt.
A low CFG Scale value in Stable Diffusion can result in the output image having a lower fidelity and quality. It can for example lead to the model generating extra arms and legs! But it also increases the diversity and creativity of the result.
Increasing the CFG Scale value can result in higher quality, as well as a more dynamic colour range. It can also lead to more detailed images with a higher resolution. That said, high CFG values can lead to unrealistic-looking images.
The best CFG Scale value range for Stable Diffusion is generally between 7 and 11. Higher values of 50 to 100 are recommended for good outpainting results.
The Steps parameter
The Steps parameter of Stable Diffusion defines the number of inference steps used in the model. It dictates the amount of detail that is produced when generating images from text descriptions.
Generally, increasing the number of steps will produce higher quality images, but this will come at the expense of slower inference. The optimal number of steps will depend on the dataset and task at hand. In most cases, images will converge on 30-50 steps and will not change significantly with higher steps.
The Sampler parameter
InvokeAI provides several different samplers that can be used to generate samples from a given data distribution. The k_euler
sampler uses the Euler-Maruyama algorithm to generate samples from a given distribution. The k_dmp_2
sampler uses a second-order differential equation to generate samples. Each of the samplers has its own advantages and disadvantages, and experimentation will be rewarded.
The sampler is used to select regions of an image and generate a diffusion map that conditions the output of the model. The diffusion map is then used to generate a detailed image conditioned on text descriptions. The sampler also allows for a more efficient and stable training process, as it reduces the number of steps needed to generate a result. Additionally, the sampler can upscale samples from the diffusion model, allowing for better results when generating smaller images.
Prompts
Prompts in Stable Diffusion are phrases or words used to generate AI-generated images. They are used to provide the AI model with guidance on what type of image to create. Prompts can range from abstract concepts to specific objects or scenes. They can be weighted to emphasise certain keywords.
Example prompts include “a picture of a black cat on a kitchen top”, “Paintings of Landscapes”, “Style cue: Steampunk / Clockpunk”, “a beautiful sunset over a beach” or “a futuristic cityscape.” Using very specific prompts, helps the AI to generate more accurate and detailed images.
Different models*
Confusingly, you can use different models with InvokeIA. The most commonly used is the Stable Diffusion Model. InvokeAI can use a range of other models for image processing and manipulation tasks. InvokeAI also provides tools for creating custom models, allowing users to create their own models that can be used in combination with the existing models.
InvokeAI supports a variety of models, from classic Machine Learning algorithms such as Random Forest and Logistic Regression to deep learning models such as Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs). The main differences between these models are the type of data that they process and the types of result they produce. For example, Random Forest and Logistic Regression are good at predicting classifications, while CNNs and RNNs are better at recognizing patterns in images and text. Additionally, CNNs and RNNs can be used for more complex tasks such as image recognition, text generation, and language translation.
Sneaky disclaimer
So here’s my disclaimer. I’ve pulled a slightly sneaky trick with this blog post. I’ve recruited AI to explain AI. That seemed logical. I used AI text generation services YouChat and Perplexity to explain Stable Diffusion, using prompts like “Explain the CFG Scale in Stable Diffusion.”
That feels like cheating. But I did at least sanity-check the results and edit them before posting here. Some of the answers were in fact wrong. And it was no quicker writing the blog post this way. But roughly 80% of the text in this blog post was AI-generated. How does that make you feel? Tell me in the comments!
*The AI-based text-generators really struggled to explain the difference between the various models that work with InvokeAI. My suggestion is to install some and experiment!
Querying GitHub Projects V2 with GraphQL in Laravel
Note: I previously wrote about using plain PHP to query GitHub Projects V2. In this post I offer some tips for querying using Laravel.
GitHub’s new Projects are not accessible via the older REST API. Working with them programmatically involves learning some GraphQL, which can be a headache, the first time you encounter it. Here’s my approach, using Laravel.
Authentication
Get a GitHub personal access token, limiting its permissions as appropriate to your app. Then add to your .env
:
GH_TOKEN=[your token]
HTTP requests
We can standardise GitHub GraphQL queries by using an HTTP facade macro. In app/Providers/AppServiceProvider.php
, add to the boot()
method:
/**
* Make request to GitHub using the GraphQL API.
*
* $query - a GraphQL query string
* $variables - an array of GraphQL variables
*
* Call like: $data = Http::githubGraphQL($query, $variables)->throw()->json()['data'];
*/
Http::macro('githubGraphQL', function (string $query, array $variables) {
return Http::withHeaders([
'Accept' => 'application/vnd.github+json',
'Authorization' => 'Bearer ' . env('GH_TOKEN')
])->post('https://api.github.com/graphql', [
'query' => $query,
'variables' => $variables,
]);
});
GitHubProjects model
This sample app/Models/GitHubProjects.php
shows you the sort of query you can run:
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\Http;
class GitHubProjects extends Model
{
use HasFactory;
/**
* getFirstN - get first N projects for the GitHub organisation, ordered by
* title
*
* @param integer $count - number of projects to return
* @return array
*/
public static function getFirstN(int $count = 20): array
{
$projects = Http::githubGraphQL(
<<<EOD
query getFirstN(\$count: Int) {
organization(login: "MyOrg") {
projectsV2(first: \$count, orderBy: {field: TITLE, direction: ASC}) {
nodes {
number
id
title
}
}
}
}
EOD,
[ "count" => $count ]
)->throw()->json()['data'];
return $projects['organization']['projectsV2']['nodes'];
}
/**
* getFirstNIssues
*
* @param integer $projectNumber
* @param integer $count
* @return array
*/
public static function getFirstNIssues(int $projectNumber = 1, int $count = 20): array
{
$projectId = GitHubProjects::getIdByNumber($projectNumber);
$issues = Http::githubGraphQL(
<<<EOD
# Exclamation mark since projectId is required
query getFirstNIssues(\$projectId: ID!, \$count: Int) {
node(id: \$projectId) {
... on ProjectV2 {
items(first: \$count) {
nodes {
id
fieldValues(first: 8) {
nodes {
... on ProjectV2ItemFieldTextValue {
text
field {
... on ProjectV2FieldCommon {
name
}
}
}
... on ProjectV2ItemFieldDateValue {
date
field {
... on ProjectV2FieldCommon {
name
}
}
}
... on ProjectV2ItemFieldSingleSelectValue {
name
field {
... on ProjectV2FieldCommon {
name
}
}
}
}
}
content {
... on DraftIssue {
title
body
}
... on Issue {
title
assignees(first: 10) {
nodes {
login
}
}
}
... on PullRequest {
title
assignees(first: 10) {
nodes {
login
}
}
}
}
}
}
}
}
}
EOD,
[
"projectId" => $projectId,
"count" => $count
]
)->throw()->json()['data'];
return $issues['node']['items']['nodes'];
}
/**
* getByTitle - search for projects by title
*
* @param string $title - search for
* @return array
*/
public static function getByTitle(string $title): array
{
$projects = Http::githubGraphQL(
<<<EOD
query getByName(\$title: String!) {
organization(login: "MyOrg") {
projectsV2(
first: 20
orderBy: { field: TITLE, direction: ASC }
query: \$title
) {
nodes {
number
id
title
}
}
}
}
EOD,
[ "title" => $title ]
)->throw()->json()['data'];
return $projects['organization']['projectsV2']['nodes'];
}
/**
* getIdByNumber
*
* @param integer $number - the integer identifier of the project
* @return string - the internal GitHub project ID (e.g. PVT_kwDOBWQiz84AH53W)
*/
private static function getIdByNumber(int $number = 1)
{
$project = Http::githubGraphQL(
<<<EOD
# Exclamation mark since number is required
query getIdByNumber(\$number: Int!) {
organization(login: "MyOrg") {
projectV2(number: \$number) {
id
}
}
}
EOD,
['number' => $number]
)->throw()->json()['data'];
return $project['organization']['projectV2']['id'];
}
/**
* getProjectFields - get all the (custom) fields associated to a project
*
* @param string $projectID - GitHub's reference for the project
* @return array
*/
public static function getProjectFields(string $projectID): array
{
$fields = Http::githubGraphQL(
<<<EOD
query getProjectFields(\$node: ID!) {
node(id: \$node) {
... on ProjectV2 {
fields(first: 20) {
nodes {
... on ProjectV2Field {
id
name
}
... on ProjectV2IterationField {
id
name
configuration {
iterations {
startDate
id
}
}
}
... on ProjectV2SingleSelectField {
id
name
options {
id
name
}
}
}
}
}
}
}
EOD,
[ "node" => $projectID ]
)->throw()->json()['data'];
return $fields['node']['fields']['nodes'];
}
}
Controller
This is a very basic sample controller method to get you started. In practice you’ll use views:
public function index()
{
/*
Search for "MyProject" in projects
Project number is $projects[0]['number'];
Project name is $projects[0]['title'];
Project ID is $projects[0]['id'];
*/
define('BR', "<br />\n");
$projects = GitHubProjects::getByTitle('MyProject');
if (isset($projects[0])) {
$projectNumber = $projects[0]['number'];
$issues = GitHubProjects::getFirstNIssues($projectNumber, 50);
echo "<h1>First 50 issues in MyProject project</h1>\n";
foreach ($issues as $issue) {
echo '<b>ID:</b> ' . $issue['id'] . BR;
echo '<b>Title:</b> ' . $issue['content']['title'] . BR;
if (isset($issue['content']['assignees']['nodes'][0])) {
echo '<b>Assignee:</b> ' . $issue['content']['assignees']['nodes'][0]['login'] . BR;
}
// Field types
foreach ($issue['fieldValues']['nodes'] as $field) {
if (isset($field['text']) && $field['field']['name'] != "Title") {
echo '<b>' . $field['field']['name'] . ':</b> ' . $field['text'] . BR;
}
if (isset($field['date'])) {
echo '<b>' . $field['field']['name'] . ':</b> ' . $field['date'] . BR;
}
if (isset($field['name'])) {
echo '<b>' . $field['field']['name'] . ':</b> ' . $field['name'] . BR;
}
}
echo BR;
}
} else {
echo "No projects found";
}
}
Useful resources
The following are invaluable for working with GitHub’s GraphQL API:
- Official reference
- GtiHub GraphQL Explorer (run live queries on your account)
- GraphQL Formatter (you can also use the “Prettify” button in the GraphQL Explorer
Non-alcoholic dairy-free syllabub recipe
At last, thanks to Oatly, we can have a dairy-free syllabub that’s just as delicious! This version went down well with my son James.
Serves: 6 (or can stretch to 8)
Ingredients
- 250ml Whippable Creamy Oat by Oatly
- 55g white sugar
- Juice of one lemon
- Juice of two oranges
- 100ml sparkling grape juice
Method
- Add the sugar to the juices and warm until the sugar is dissolved completely
- Allow the juice to cool completely
- Meanwhile, whip the cream until it thickens and forms peaks (an electric whisk is best)
- Add the sparkling grape juice to the sugared juice
- Gradually fold the juice into the cream
- Pour into tall-stemmed glasses and chill well
Note: the longer you chill the dessert, the more juice will separate out – which you may or may not like! Top with grated orange rind, if desired.
Alcoholic alternative
For an alcoholic version, replace the orange juice and sparkling grape juice with 150ml sweet white wine or Madeira.
Nutritional information
Approximate figures (if divided into six portions):
- 135kcal
- 10g fat of which saturates, 9g
- 21g carbohydrate of which sugars, 11g
- 1.2g fibre
- 0.7g protein
- 0.1g salt
More recipes
If you liked this recipe, you might want to buy a dairy-free recipe book, and support this site in the process! (Affiliate links are no additional cost to you.)
Querying GitHub Projects v2 with GraphQL in PHP
Update: you may prefer my post about doing this in Laravel.
GitHub’s new Projects are not accessible via the older REST API. Working with them programmatically involves learning some GraphQL, which can be a headache, the first time you encounter it. Here’s my approach, using PHP.
Set up cURL
You can certainly use an HTTP request library, but sometimes it’s easiest to get your hands dirty with cURL. Here’s the setup:
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: application/vnd.github+json',
'Authorization: Bearer '.$_ENV['GH_TOKEN']
));
// Fake user agent, to keep GitHub happy
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0');
// Dev settings (PHP built-in server can't validate)
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
The “dev settings” are there since I’ve been using PHP’s built-in webserver during development. Don’t take those into production!
Generic API class
This class provides a simple wrapper around REST API and GraphQL calls. I’m passing in the cURL handler and calling most methods statically, since I’m not yet modelling the underlying objects.
class GitHub
{
/**
* API
* Make request to GitHub using the standard REST API.
* See: https://docs.github.com/en/rest
*
* @param [CurlHandle Object] $ch - curl handle
* @param [string] $endpoint - the REST endpoint
* @return array|stdClass
*/
public static function api(\CurlHandle $ch, string $endpoint)
{
curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/'.$endpoint);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
$content = curl_exec($ch);
if (curl_errno($ch)) {
die("Error:".curl_error($ch));
}
return json_decode($content);
}
/**
* GraphQL
* Make request to GitHub using the newer GraphQL API.
* See: https://docs.github.com/en/graphql/reference
* GraphQL Explorer: https://docs.github.com/en/graphql/overview/explorer
* GraphQL Formatter: https://jsonformatter.org/graphql-formatter
*
* @param CurlHandle $ch
* @param string $query - a GraphQL query string
* @param array $variables - an array of GraphQL variables
* @return StdClass
*/
public static function graphQL(\CurlHandle $ch, string $query, array $variables)
{
curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/graphql');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt(
$ch,
CURLOPT_POSTFIELDS,
json_encode(['query' => $query, 'variables' => $variables])
);
$content = curl_exec($ch);
if (curl_errno($ch)) {
die("Error:".curl_error($ch));
}
return json_decode($content);
}
}
Projects class
Various simple methods for obtaining information about projects. I say “simple” but the GraphQL queries take some mastering.
class GitHubProjects
{
/**
* getFirstN - get first N projects for the GitHub organisation, ordered by
* title
*
* @param \CurlHandle $ch
* @param integer $count - number of projects to return
* @return array
*/
public static function getFirstN(\CurlHandle $ch, int $count = 20): array
{
$projects = GitHub::graphQL(
$ch,
<<<EOD
query getFirstN(\$count: Int) {
organization(login: "MyOrg") {
projectsV2(first: \$count, orderBy: {field: TITLE, direction: ASC}) {
nodes {
number
id
title
}
}
}
}
EOD,
[ "count" => $count ]
);
return $projects->data->organization->projectsV2->nodes;
}
/**
* getFirstNIssues
*
* @param \CurlHandle $ch
* @param integer $projectNumber
* @param integer $count
* @return array
*/
public static function getFirstNIssues(\CurlHandle $ch, int $projectNumber = 1, int $count = 20): array
{
$projectId = GitHubProjects::getIdByNumber($ch, $projectNumber);
$issues = GitHub::graphQL(
$ch,
<<<EOD
# Exclamation mark since projectId is required
query getFirstNIssues(\$projectId: ID!, \$count: Int) {
node(id: \$projectId) {
... on ProjectV2 {
items(first: \$count) {
nodes {
id
fieldValues(first: 8) {
nodes {
... on ProjectV2ItemFieldTextValue {
text
field {
... on ProjectV2FieldCommon {
name
}
}
}
... on ProjectV2ItemFieldDateValue {
date
field {
... on ProjectV2FieldCommon {
name
}
}
}
... on ProjectV2ItemFieldSingleSelectValue {
name
field {
... on ProjectV2FieldCommon {
name
}
}
}
}
}
content {
... on DraftIssue {
title
body
}
... on Issue {
title
assignees(first: 10) {
nodes {
login
}
}
}
... on PullRequest {
title
assignees(first: 10) {
nodes {
login
}
}
}
}
}
}
}
}
}
EOD,
[
"projectId" => $projectId,
"count" => $count
]
);
return $issues->data->node->items->nodes;
}
/**
* getByTitle - search for projects by title
*
* @param \CurlHandle $ch
* @param string $title - search for
* @return array
*/
public static function getByTitle(\CurlHandle $ch, string $title): array
{
$projects = GitHub::graphQL(
$ch,
<<<EOD
query getByName(\$title: String!) {
organization(login: "MyOrg") {
projectsV2(
first: 20
orderBy: { field: TITLE, direction: ASC }
query: \$title
) {
nodes {
number
id
title
}
}
}
}
EOD,
[ "title" => $title ]
);
return $projects->data->organization->projectsV2->nodes;
}
/**
* getIdByNumber
*
* @param \CurlHandle $ch
* @param integer $number - the integer identifier of the project
* @return string - the internal GitHub project ID (e.g. PVT_kwDOBWQiz84AH53W)
*/
private static function getIdByNumber(\CurlHandle $ch, int $number = 1)
{
$project = GitHub::graphQL(
$ch,
<<<EOD
# Exclamation mark since number is required
query getIdByNumber(\$number: Int!) {
organization(login: "MyOrg") {
projectV2(number: \$number) {
id
}
}
}
EOD,
['number' => $number]
);
return $project->data->organization->projectV2->id;
}
}
Using it
I have not included namespacing or autoloading here. In broad terms, it’s simple to use the Projects class:
$projects = Model\GitHubProjects::getByTitle($ch, 'MyProject');
if (is_array($projects) && !empty($projects)) {
$project = $projects[0];
var_dump($project);
}
Excel – correctly sort IP addresses
This post is probably for pedants only, who care passionately about correctly sorting IP addresses in an Excel spreadsheet. This approach uses pure functions – no VBA. I prefer it to some other approaches because, frankly, they sail right over my head.
Let’s start with a column of IP addresses – like this one:
Excel tables are lovely, for working with data like this. If you convert your data to a table, you get to use named column references, which we’ll see in a moment. Go to Insert > Table and you get something like this:
You can’t sort this column meaningfully, as-is. We need an additional column, which we’ll use to transform the contents of the IP column.
And then in any of the rows in that column, we enter this formula:
=
IF(0,"##### FIRST OCTET #####","") &
TEXT(
LEFT(
[@IP],
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
1
)
) - 1
),
"000"
)
& "." &
IF(0,"##### SECOND OCTET #####","") &
TEXT(
MID(
[@IP],
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
1
)
) + 1,
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
2
)
)
-
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
1
)
)
),
"000"
)
& "." &
IF(0,"##### THIRD OCTET #####","") &
TEXT(
MID(
[@IP],
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
2
)
) + 1,
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
3
)
)
-
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
2
)
)
),
"000"
)
& "." &
IF(0,"##### FOURTH OCTET #####","") &
TEXT(
MID(
[@IP],
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
3
)
) + 1,
IF(
ISERROR(
FIND("/",[@IP])
),
LEN([@IP]),
FIND("/",[@IP]) - 1
)
-
FIND(
CHAR(134),
SUBSTITUTE(
[@IP],
".",
CHAR(134),
3
)
)
),
"000"
)
&
IF(0,"##### CIDR #####","") &
IF(
ISERROR(FIND("/",[@IP])),
"",
RIGHT(
[@IP],
LEN([@IP]) - FIND("/",[@IP]) + 1
)
)
You end up with this, on which you can now perform an alphabetical (A-Z) sort:
If you like, you can hide that column, so you don’t need to look at its hideousness. Then whenever you need to resort, go to Data > Sort.
Some things to mention about this formula:
[@IP]
is the named column reference I referred to previously.- I edited this formula in a code editor (Notepad++), so I could nicely indent and keep track of opened and closed parenthesis. This makes life much easier, when writing long formulae! There’s one gotcha – Notepad++ by default uses tabs rather than spaces, which breaks Excel. Make sure there are no tab characters in your indentation.
- The
IF(0,"##### THIRD OCTET #####","")
stuff is a hack, which allows you to insert a comment into a text-based formula. The 0 evaluates to FALSE, so it returns the function’s third parameter – an empty string. The second parameter is where I place my comment. Handy! - Excel doesn’t have a function to find the position of the nth occurrence of a string. So there’s a nifty two-step hack for this, which is not my original idea. First, we use the
SUBSTITUTE()
function, which can substitute a character for the nth occurrence of some text. We search for the nth occurrence of the full stop (“.”) and replace it withCHAR(134)
– the dagger symbol (†). Then we find the position of thatCHAR(134)
, to feed into theLEFT()
/MID()
/RIGHT()
functions. - The formula handles CIDR notation.
Script to clone a VM with free VMware ESXi
Many people run free versions of ESXi, particularly in lab environments. Unfortunately with the free version of ESXi, the VMware API is read-only. This limits (or complicates) automation.
I was looking for a way to clone guest VMs with the minimum of effort. This script, which took inspiration from many sources on the internet, is the result. It takes advantage of the fact that although the API is limited, there are plenty of actions you can take via SSH, including calls to vim-cmd
.
<#
.SYNOPSIS
Clones a VM,
.DESCRIPTION
This script:
- Retrieves a list of VMs attached to the host
- Enables the user to choose which VM to clone
- Clones the VM
It must be run on a Windows machine that can connect to the virtual host.
This depends on the Posh-SSH and PowerCLI modules, so from an elevated
PowerShell prompt, run:
Install-Module PoSH-SSH
Install-Module VMware.PowerCLI
For free ESXi, the VMware API is read-only. That limits what we can do with
PowerCLI. Instead, we run certain commands through SSH. You will therefore
need to enable SSH on the ESXi host before running this script.
The script only handles simple hosts with datastores under /vmfs. And it
clones to the same datastore as the donor VM. Your setup and requirements
may be more complex. Adjust the script to suit.
.EXAMPLE
From a PowerShell prompt:
.\New-GuestClone.ps1 -ESXiHost 192.168.101.100
.COMPONENT
VMware scripts
.NOTES
This release:
Version: 1.0
Date: 8 July 2021
Author: Rob Pomeroy
Version history:
1.0 - 8 July 2021 - first release
#>
param
(
[Parameter(Mandatory = $true, Position = 0)][String]$ESXiHost
)
####################
## INITIALISATION ##
####################
# Load necessary modules
Write-Host Loading PowerShell modules...
Import-Module PoSH-SSH
Import-Module VMware.PowerCLI
# Change to the directory where this script is running
Push-Location -Path ([System.IO.Path]::GetDirectoryName($PSCommandPath))
#################
## CREDENTIALS ##
#################
# Check for the creds directory; create it if it doesn't exist
If(-not (Test-Path -Path '.\creds' -PathType Container)) {
New-Item -Path '.\creds' -ItemType Directory | Out-Null
}
# Looks for credentials file for the VMware host. Passwords are stored encrypted
# and will only work for the user and machine on which they're stored.
$credsFile = ('.\creds\' + $ESXiHost + '.creds')
If(-not (Test-Path -Path $credsFile)) {
# Request credentials
$creds = Get-Credential -Message "Enter root password for VMware host $ESXiHost" -User root
$creds.Password | ConvertFrom-SecureString | Set-Content $credsFile
}
$ESXICredential = New-Object System.Management.Automation.PSCredential( `
"root", `
(Get-Content $credsFile | ConvertTo-SecureString)
)
#########################
## List VMs (PowerCLI) ##
#########################
#
# Disable HTTPS certificate check (not strictly needed if you use -Force) in
# later calls.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false | Out-Null
# Connect to the ESXi server
Connect-VIServer -Server $ESXiHost -Protocol https -Credential $ESXICredential -Force | Out-Null
If(-not $?) {
Throw "Connection to ESXi failed. If password issue, delete $credsFile and try again."
}
# Get all VMs, sorted by name
$guests = (Get-VM -Server $ESXiHost | Sort-Object)
# Work out how much we need to left-pad the array index, when outputting
$padWidth = ([string]($guests.Count - 1)).Length
# Output the list of VMs, with array index padded so it lines up nicely
Write-Host ("Existing VMs (" + $guests.Count + "), sorted by name:")
for ( $i = 0; $i -lt $guests.count; $i++)
{
If($guests[$i].PowerState -eq "PoweredOn") {
Write-Host -ForegroundColor Red ("[" + "$i".PadLeft($padWidth, ' ') + "](ON) : " + $guests[$i].Name)
} Else {
Write-Host ("[" + "$i".PadLeft($padWidth, ' ') + "](off): " + $guests[$i].Name)
}
}
Write-Host
##########################
## Choose a VM to clone ##
##########################
$chosenVM = 0
do {
$inputValid = [int]::TryParse((Read-Host 'Enter the [number] of the VM to clone (the donor)'), [ref]$chosenVM)
if($chosenVM -lt 0 -or $chosenVM -ge $guests.Count) {
$inputValid = $false
}
if (-not $inputValid) {
Write-Host ("Must be a number in the range 0 to " + ($guests.Count - 1).ToString() + ". Try again.")
}
} while (-not $inputValid)
# Check the VM is powered off
if($guests[$chosenVM].PowerState -ne "PoweredOff") {
Throw "ERROR: VM must be powered off before cloning"
}
# Get VM's datastore, directory and VMX; we assume this is at /vmfs/volumes
If(-not ($guests[$chosenVM].ExtensionData.Config.Files.VmPathName -match '\[(.*)\] ([^\/]*)\/(.*)')) {
Throw "ERROR: Could not calculate the datastore"
}
$VMdatastore = $Matches[1]
$VMdirectory = $Matches[2]
$VMXlocation = ("/vmfs/volumes/" + $VMdatastore + "/" + $VMdirectory + "/" + $Matches[3])
$VMdisks = $guests[$chosenVM] | Get-HardDisk
###############################
## File test (PoSH-SSH SFTP) ##
###############################
# Clear any open SFTP sessions
Get-SFTPSession | Remove-SFTPSession | Out-Null
# Start a new SFTP session
(New-SFTPSession -Computername $ESXiHost -Credential $ESXICredential -Acceptkey -Force -WarningAction SilentlyContinue) | Out-Null
# Test that we can locate the VMX file
If(-not (Test-SFTPPath -SessionId 0 -Path $VMXlocation)) {
Throw "ERROR: Cannot find donor VM's VMX file"
}
#################
## New VM name ##
#################
$validInput = $false
While(-not $validInput) {
$newVMname = Read-Host "Enter the name of the new VM"
$newVMdirectory = ("/vmfs/volumes/" + $VMdatastore + "/" + $newVMname)
# Check if the directory already exists
If(Test-SFTPPath -SessionId 0 -Path $newVMdirectory) {
$ynTest = $false
While(-not $ynTest) {
$yn = (Read-Host "A directory already exists with that name. Continue? [Y/N]").ToUpper()
if (($yn -ne 'Y') -and ($yn -ne 'N')) {
Write-Host "ERROR: enter Y or N"
} else {
$ynTest = $true
}
}
if($yn -eq 'Y') {
$validInput = $true
} else {
Write-Host "You will need to choose a different VM name."
}
} else {
If($newVMdirectory.Length -lt 1) {
Write-Host "ERROR: enter a name"
} else {
$validInput = $true
# Create the directory
New-SFTPItem -SessionId 0 -Path $newVMdirectory -ItemType Directory | Out-Null
}
}
}
###################################
## Copy & transform the VMX file ##
###################################
# Clear all previous SSH sessions
Get-SSHSession | Remove-SSHSession | Out-Null
# Connect via SSH to the VMware host
(New-SSHSession -Computername $ESXiHost -Credential $ESXICredential -Acceptkey -Force -WarningAction SilentlyContinue) | Out-Null
# Replace VM name in new VMX file
Write-Host "Cloning the VMX file..."
$newVMXlocation = $newVMdirectory + '/' + $newVMname + '.vmx'
$command = ('sed -e "s/' + $VMdirectory + '/' + $newVMname + '/g" "' + $VMXlocation + '" > "' + $newVMXlocation + '"')
($commandResult = Invoke-SSHCommand -Index 0 -Command $command) | Out-Null
# Set the display name correctly (might be wrong if donor VM name didn't match directory name)
$find = 'displayName \= ".*"'
$replace = 'displayName = "' + $newVMname + '"'
$command = ("sed -i 's/$find/$replace/' '$newVMXlocation'")
($commandResult = Invoke-SSHCommand -Index 0 -Command $command) | Out-Null
# Blank the MAC address for adapter 1
$find = 'ethernet0.generatedAddress \= ".*"'
$replace = 'ethernet0.generatedAddress = ""'
$command = ("sed -i 's/$find/$replace/' '$newVMXlocation'")
($commandResult = Invoke-SSHCommand -Index 0 -Command $command) | Out-Null
#####################
## Clone the VMDKs ##
#####################
Write-Host "Please be patient while cloning disks. This can take some time!"
foreach($VMdisk in $VMdisks) {
# Extract the filename
$VMdisk.Filename -match "([^/]*\.vmdk)" | Out-Null
$oldDisk = ("/vmfs/volumes/" + $VMdatastore + "/" + $VMdirectory + "/" + $Matches[1])
$newDisk = ($newVMdirectory + "/" + ($Matches[1] -replace $VMdirectory, $newVMname))
# Clone the disk
$command = ('/bin/vmkfstools -i "' + $oldDisk + '" -d thin "' + $newDisk + '"')
Write-Host "Cloning disk $oldDisk to $newDisk with command:"
Write-Host $command
# Set a timeout of 10 minutes/600 seconds for the disk to clone
($commandResult = Invoke-SSHCommand -Index 0 -Command $command -TimeOut 600) | Out-Null
#Write-Host $commandResult.Output
}
########################
## Register the clone ##
########################
Write-Host "Registering the clone..."
$command = ('vim-cmd solo/register "' + $newVMXlocation + '"')
($commandResult = Invoke-SSHCommand -Index 0 -Command $command) | Out-Null
#Write-Host $commandResult.Output
##########
## TIDY ##
##########
# Close all connections to the ESXi host
Disconnect-VIServer -Server $ESXiHost -Force -Confirm:$false
Get-SSHSession | Remove-SSHSession | Out-Null
Get-SFTPSession | Remove-SFTPSession | Out-Null
# Return to previous directory
Pop-Location
You can download the latest version of the script from my GitHub repository.
Cover photo by Dynamic Wang on Unsplash
Using a Canon EOS 60D as a webcam
Necessity is the mother of invention. In the midst of the trauma and struggles of coronavirus, one positive theme has consistently emerged: innovation. In particular, the explosive rise of home working, podcasting and vlogging has resulted in significant improvements in associated technology.
So when I recently started researching ways to raise my webcam game (for conference calls and church meetings), I was spoilt for choice. Since I’m a fan of both cost-efficiency and quality, I was particularly interested in seeing what could be achieved with my existing equipment, including my faithful DSLR camera – a Canon EOS 60D.
The last time I looked into this, the main way to take a feed from this camera model, was through its HDMI port and a separate video capture device (which I don’t own). But Canon has pulled an innovation blinder, releasing and improving its EOS Webcam Utility and ensuring that it not only works with the latest hardware, but also with such aging models as my ten-year-old 60D. Oh Canon, I love you.
“There must be a catch,” I thought, as I read reports of camera sensors overheating, or timing out after 30 minutes. So with no great expectations, I downloaded and tested the software.
Oh. My. Word. Did I mention Canon how I love you?
With zero effort and no tweaking of camera settings, the improvement was immediately visible. From the screenshot you can see I need to work on contrast and lighting. But for a first test, this made me very happy.
Did the camera overheat or timeout? No. I ran the session for about two hours. The camera was slightly warm at the end. Granted it’s not a hot summer’s day here in the UK (is it ever!) but it looks to me like this setup would work all day, every day. The only snag is battery life. So instead of being on the market for a superior webcam, I’m instead on the market for an external power supply (like Canon’s ACK-E6). Clones of the OEM adapter are available for about £23. Bargain.
Photo of EOS 60D courtesy of John Torcasio, CC BY-SA 3.0, via Wikimedia Commons.
SOLVED: first-time login problems when enforcing MFA with AWS
In the interests of transparency: this is an affiliate link. See my affiliate disclosure page for an explanation.
AWS has a tutorial about enforcing MFA for all users. The general thrust of the article is to create a policy that allows users without MFA to do nothing other than log in and set up MFA. Having enabled and logged in using MFA, other permissions become available to the user (according to whatever other permissions are assigned).
This works well apart from one snag: having created a user, and set the flag forcing the user to change password on first login, the user cannot log in. Instead the user is greeted with the following error:
Either user is not authorized to perform iam:ChangePassword or entered password does not comply with account password policy set by administrator
The problem lies in a policy statement called “DenyAllExceptListedIfNoMFA”. As its name suggests, for a user without MFA, this blocks all bar the specified actions. In AWS’s recommended policy, the section effectively allows the following actions:
"iam:CreateVirtualMFADevice", "iam:EnableMFADevice", "iam:GetUser", "iam:ListMFADevices", "iam:ListVirtualMFADevices", "iam:ResyncMFADevice", "sts:GetSessionToken"
You’ll notice that those actions don’t include anything about changing a password! So without MFA already enabled on your account, there’s no way to change your password when first logging on (if “force password change” is enabled). The trick is to add two more permissions:
"iam:ChangePassword", "iam:CreateLoginProfile",
For a user that has not yet logged into the AWS console, this will allow creation of the user’s login profile and setting a new password.