Climbing Gran Paradiso and Mont-Blanc

Climbing Mont-Blanc (4810m) was something close to my heart since I did Tour du Mont-Blanc last summer. It is something that must be planned ahead as you must find a guide (highly recommended) and book refuges (highly demanded). Our guide was suggesting several summits for acclimatation but we picked Gran Paradiso (4061m) in Italy which look vertiginous with an airy ridge at the summit!

With a good preparation, you will put all the chances on your side to make this dream come true. This preparation first starts at home throughout the year to maintain your physical form (running, cycling, hiking, skiing…). Both summits need specific equipment and knowledge of alpinism, don’t underestimate them. Prior to doing this experience I’ve heard and read so many different things online, I can tell you that both summit are not easy. You never climb the same mountain twice, the weather can change everything and altitude affects everyone differently.

Day 1 – Hike Lac Blanc, Argentière – 4 hours hike

We started the adventure with a hike to Lac Blanc, possibly Chamonix’s most famous walk. A perfect start to test some of our new equipment and warm-up for the intense week to come! After taking Flégère cable car, in about one hour we arrived at the lake. After couple photos in front of the frozen lake we took the direction to Argentière to slowly go down and enjoy this section of the TMB (Tour du Mont Blanc). Then, we took a train to get back to Chamonix from Argentière train station.

Day 2 – Hike Grand Balcon Nord, Grotte de Glace – 5 hours hike

Our original plan was to climb Mont Buet (3096m) but current conditions were preventing us from getting to the top so we changed our plan! A great alternative that we found was to hike Grand Balcon Nord and then explore an ice cave (Grotte de Glace). The hike starts at the famous cable car “Aiguille du Midi” but instead of going to the top, you will stop at “Plan de l’Aiguille” (2,207 m) and begin the hike along Grand Balcon Nord to Montenvers via the Signal de Forbes and its extraordinary panorama. From there you should have a splendid view on the Mer de Glace, the Drus and the Grandes Jorasses. A few more steps down and you will be able to get to the famous Grotte de Glace. The ice grotto is cut into a living glacier. The grotto has to be dug out every summer since the glacier moves about 70m every year. It was fantastic to get inside with the hot weather.

Day 3 – Rest, enjoy Chamonix and get the rented gear

It was great to have a day to relax and buy missing items. We rented crampons and alpine boots at Sanglard and they did a great job at giving us tips on how to set everything up. Finally, Climbing World cup was also right in front of our hotel so we had no excuse to not go!

Day 4 – Mountaineering training – Aiguille verte – All day

We were very excited to finally begin the adventure with the guide! He brought us ice axes, helmets and climbing harnesses. Getting all that equipment on you will make you feel like a real alpinist. However only when we started to climb a very steep hill in the snow with the heavy boots and crampons we realized in what we were getting into. Objective of this training day was to give us an introduction to cramponing, progression in rope and elementary knots. After seeing another group climbing an ice wall we asked our guide to give it a try! It seems we did very well for a first time climbing an ice wall, first with 2 ice axes, then just one!

Day 5 – Drive to Gran Paradiso in Italy through Tunnel of Mont Blanc and climb to first refuge – 2 hours drive + 2,5 hours ascent

We started the day by a short drive from Chamonix to Gran Paradiso starting point: a parking surrounded by beautiful mountains. After about 2,5 hours of ascent we arrived at Refuge Federico Chabod (2750m). We spent the evening waiting for results of the world cup as France was playing against Belgium that night! Without any cellular network, everyone was riveted to the only radio available in the refuge.

Day 6 – Gran Paradiso summit day – 7 hours ascent/descent + 2 hours drive

This days was the occasion to complete our alpine training, develop our mountaineering, glacier travel and rope work skills! We started around 4:30am, right after breakfast and a short night of sleep. The route was easy at the beginning, but after about one hour it was time to put on the crampons, set the ropes between us and be very careful to avoid deep crevasses. It was cold but the scenery was amazing, we were very excited to make it to our first 4000+ summit! The final ridge finally appeared and only a few people were thinking about launching themselves into the last few meters. This part is usually overcrowded, because it’s where a Madonna statue is standing. Without hesitating our guide brought us to the statue, passing everyone one by one we managed to get the statue just for us! 4061m! Our descent was easy if we don’t mention my friend’s sunscreen which made us half blind for couple hours! We used a different path to get to the parking and stopped at Rifugio Vittorio Emanuele.

Day 7 – Chamonix to Tête Rousse Refuge – 1 hour transport + 2,5 hours ascent

No time to rest, already time to continue the adventure on the popular Gouter Hut route! We took the Bellevue cable car (with couple hours waiting due to a power outage) from Les Houches and then took the Tramway du Mont Blanc to the Nid d’Aigle (2,372m). Only 2,5 hours to get to the famous Tête Rousse Refuge. This is where we slept. We would enjoy our successful booking of both Tête Rousse and Refuge du Goûter to make the ascent in 3 days.

Day 8 – Mont blanc Summit day – 10 hours ascent/descent

4am! I woke up without any difficulty: after months of training, the day to climb Mont-Blanc was finally here! I remember checking the weather outside quickly
before getting breakfast and see the exceptional conditions. We had absolutely won the lottery for our 9 days in the French and Italian Alps. Of course the route is popular as I mentioned before, but it is also infamous for the Gouter couloir also known as “death couloir”. The key is to cross this section early in the morning. Hours which are the most critical are between 11am and 1.30 pm when stone falls occur. When I looked at the path to the Refuge du Goûter, I really thought it was a wall to climb because it was a strong 600m steep, close to vertical, section of rock. The truth is that it went very well and we climbed it in about 2 hours. We did a one hour break at Refuge du Goûter and dropped some of the gear that we didn’t use on the final ascent (helmet, extra clothes, etc). We actually dropped hiking poles and other items along the way to finish with an almost empty backpack at the summit. What I will remember from this day is the physical and mental challenge that represents the latest 800m, it felt endless and even when I thought we were at the end of the mountain, there was another! But the best view comes after the hardest climb. Being on top of Europe is a unique moment, a lifetime experience.

Day 9 – Refuge du Goûter to Chamonix – 3,5 hours descent + 1 hour transport

With the smiles on our faces and the motivation to get back in the valley, the descent went fast, extremely fast! We actually ran while laughing to get on time to catch the train at Nid d’aigle. Probably too much energy left, the long training before Mont-Blanc paid off after all.

Google Cloud Data Engineer Professional certified!

One more GCP certification on the list! This one was by far the most interesting one in a while as it gave me a chance to review topics that I don’t work with every day: Machine learning and Big data.

 

Let’s dive right in, here is the preparation I followed:

My feedback on the exam:

  • Check the scope of this exam, be prepared for design questions on database models, optimization and troubleshooting
  • Know Bigquery VS Bigtable VS Datastore VS Cloud SQL
  • Dataflow and how to deal with batch and stream processing
  • Read as much as you can and play with machine learning!
  • How to share datasets, queries, reports is really something that comes often, don’t underestimate security aspects
  • Understand Hadoop ecosystem, learn about the typical big data lifecycle on GCP

Good luck to everyone taking this exam!

Google Cloud Platform – Machine learning APIs

I have been watching a few Google Cloud Platform videos recently from Google Cloud Next and really enjoyed the demo in one of them: Machine learning APIs (Demo @11″35).

The idea is simply to record your voice (here using the microphone on your laptop). Then the audio file is sent to Cloud Storage.

By using Google Speech, you can not only get a transcript of your record, but you can add additional context words in your API call to make sure GCP understands it perfectly.
Example:

"speechContext": { "phrases": ["GKE", "Kubernetes", "Containers"] }

I tried to work on the script to do the exact same thing and decided to share it if you want to try it at home.
Prerequisites are:

  • A GCP projet
  • Run the following command on your laptop:
    brew install sox --with-flac
  • Download and install Google Cloud SDK
  • Create a Cloud Storage bucket
  • Create an API Key and give it access to Google Speech

#!/usr/bin/env bash

# Configuration
GCP_USERNAME=<my-user-email>
GCP_PROJECT_ID=<my-project-id>
BUCKET_NAME=<my-bucket-name>
API_KEY=<my-api-key>

gcloud auth login $GCP_USERNAME
gcloud config set project $GCP_PROJECT_ID

# Recording with Sox (brew install sox --with-flac)
rec --encoding signed-integer --bits 32 --channels 1 --rate 44100 recording.flac

# Upload to Cloud Storage
gsutil cp -a public-read recording.flac gs://$BUCKET_NAME

# Prepare our request parameters for Google Speech
cat <<< '
{
    "config": {
    "encoding":"FLAC",
    "sample_rate": 44100,
    "language_code": "en-US",
    "speechContext": {
        "phrases": ["<My context word>"]
    }
    },
    "audio": {
        "uri":"gs://'$BUCKET_NAME'/recording.flac"
    }
}' > request.json

# API call to Google Speech
curl -s -X POST -H "Content-Type: application/json" --data-binary @request.json \
"https://speech.googleapis.com/v1beta1/speech:syncrecognize?key=$API_KEY"

# Cleaning
rm -f recording.flac

If you are interested in learning more about AI, there is a great video from Andrew Ng which covers the state of AI today and what you can do to be the next AI company!

AWS – Bastions with user-managed SSH keys

I recently architected a bastion solution to let employees manage their own SSH keys from the AWS interface. CodeCommit actually let you upload directly your SSH keys inside the IAM section of your user, a bit like on Github.

Benefits of this solution:

  • Nothing to manage once installed and configured
  • Let users update their public SSH keys themselves inside the console
  • Deploy the keys automatically and keep them up-to-date on all bastions and instances
  • Add and remove users on all Linux boxes automatically when you add/remove accounts in IAM
  • Linux usernames are generated based on IAM account email: paul.chapotet@domain.com -> pchapotet
  • Keys are automatically deployed on bastions and instances based on the VPC where they are located
  • Inexpensive: the lambda is running only when there is a change in IAM:
    • UploadSSHPublicKey, when anyone adds a SSH Key to an IAM user
    • UpdateSSHPublicKey, when anyone makes active or inactive a SSH key
    • DeleteSSHPublicKey, when anyone deletes a SSH Key
    • DeleteUser, when anyone deletes an IAM user
  • A single S3 GET operation is needed to update the SSH keys from bastions and instances

In the diagram above, I assume that you are following AWS best practices and that you have a central account to manage IAM users, one account for production and one for your development environment. Interested in digging into the code? It’s available here: https://github.com/pchapotet/aws-bastions

Google Cloud Platform – Start stop instance scheduler

I recently worked on a feature missing on GCP: a start stop scheduler for my GCP instances based on labels. I was first excited about using Cloud functions, but it seemed App Engine was the way to go for several reasons: it supports python and the task scheduling feature is already embedded.

I had a few requirements:

  • Ability to schedule start and stop of GCE instances every hour
  • Extra options to run only during working days or weekends, default is every day
  • It must work across all projects inside an organisation if you give the right permissions to your default App Engine service account
  • Inexpensive to run (or free), who wants to pay for a feature that should be available by default in the cloud?
    • According to https://cloud.google.com/free/docs/always-free-usage-limits you should have 28 instance hours of App Engine Standard free per day.
    • If you are already using App Engine for something else, the script is easy to merge with your application code.
    • If you don’t want to use App Engine, the python code can be executed from any other machine with the right credentials, even your laptop if not critical.

To deploy the solution, please follow the instructions from the following repository: https://github.com/pchapotet/gcp-start-stop-scheduler

Once it is installed, simply add a few tags to your instances and enjoy the automation! You can run it only during working days (Monday to Friday) with ‘d’ option and during weekend (Saturday and Sunday) with ‘w’ option. Feel free to comment and raise Github issues if you see anything to improve.

With just 2 labels, it starts your instance at 8am and stops it at midnight every day during working days.
Solo-hiking Tour du Mont Blanc

Hiking the Tour du Mont Blanc was a great adventure! Not only for the beautiful alpine views but for the great people I met along the way. With a total of 170 km and about 10 kilometres of ascent/descent, it is better to be correctly prepared and equipped. This tour is usually done in 8 to 12 days between June and September.

Preparation & equipment

  • Buy a guide with the minimum info to understand the tour and its signage. Most people on the tour had this one for French speakers: TopoGuides – Tour du Mont Blanc – FFRandonnée and this one for English speakers Tour of mont Blanc – Kev Reynolds
  • Buy a map, IGN maps are not needed if you have a guide and a GPS you can trust in term of accuracy in the mountains and battery
  • Make a list of the required gear and pack your bag with the minimum. Remember that you will have water and food in addition. This list was the best I found.
  • Prepare and decide your route in advance, make sure you have the alternative routes available if you decide to take any variant from the official TMB trail or if the weather doesn’t allow you to take the variant for example.
  • I traced my route on View Ranger using the web version, exported it in gpx file and imported it into Gaia GPS which has one of the clearest design on mobile and was very easy to follow in the fog! All my gpx files are available here: [Download GPX TMB routes]
  • Forget about weather apps on your phone, only this website is used by locals and proved to have accurate weather reports: http://chamonix-meteo.com/

Planning

  • Planning should be done carefully based on the physical challenge you want to experience:
    • Less than 10 days will be a though challenge, but you can take the bus or use chair lifts to shorten the trek, it can be a good option if you are limited on time
    • 10 days should be good and let time for variants as I did
    • More than 10 days will be comfortable and let time to do extra trails
Day Itinerary Night/Refuge Route
Departure Home ➤ Les Houches Chalet Les Méandres (ex Tupilak)
Day 1 Les Houches ➤ Les Contamines (Variant Tricot) Gîte le Pontet  VR
Day 2 Les Contamines ➤ Refuge Croix du Bonhomme Refuge de la Croix du Bonhomme  VR
Day 3 Refuge Croix du Bonhomme ➤ Rifugio Elisabetta (Variant Col des Fours) Rifugio Elisabetta  VR
Day 4 Rifugio Elisabetta ➤ Rifugio Bertone Rifugio Bertone  VR
Day 5 Rifugio Bertone ➤ Rifugio Elena (Variant Bernada) Rifugio Elena  VR
Day 6 Rifugio Elena ➤ La Fouly Maya Joie  VR
Day 7 La Fouly ➤ Champex Auberge Gîte Bon Abri  VR
Day 8 Champex ➤ Trient (Variant Arpette) Auberge Mont blanc  VR
Day 9 Trient ➤ Tre le Champ Gite le moulin  VR
Day 10 Tre le Champ ➤ Chamonix (Variant Lac Blanc) Hotel  VR
Return Chamonix ➤ Les Houches  ➤ Home All GPX files

Booking if sleeping in refuges

  • Booking can be easy if you go through an agency, many people get the best rooms in refuges by using an agency
  • Booking can be done on http://www.montourdumontblanc.com/
  • Booking can also be done by phone, make sure you confirm a second time the reservation a week before with the refuge
Google Cloud Architect Professional certified!

Taking the GCP Architect exam is quite a challenge as there is very little study material or practice questions available at the moment.

To prepare for the exam:

To sum up the exam without saying too much, it was 50 questions for a total of 120 minutes. Timing is friendly, I had about 15-20 minutes left before the end. Half of the exam worked pretty easily by proceeding by elimination to remove the craziest answers. I was surprise to see a split screen with questions on the left and a listbox on the right allowing to switch between the 4 use cases available at the moment.

About 15 questions were related to use cases. They seemed more complex, even confusing sometimes. I had to use only 2 use cases out of 4, the rest of the questions is more general and seemed to be what I would categorize as medium level questions.

A few points I would suggest to work on:

  • Prepare yourself with the 4 use cases available, work on them for an hour as if they were your customer and how you would deal with each point (means which service you would use on GCP instead of what they have)
  • Read about BQ, Bigtable, CloudStorage, Pub/Sub, Dataflow, Dataproc and when to use all of them
  • Container engine vs Compute Engine vs App Engine
  • Know cloud related business terms: capex, opex, tco, capacity planning
  • Best practices regarding IAM, audit logs and how to secure them
  • Know resources that are global vs regional vs zonal (some major differences with AWS)
  • Know how are structured the different databases
  • Learn everything about instance groups, load balancers, stress tests
  • CI/CD on GCP, how to architect perfectly dev/qa/stg/prod environments
  • You will have to look at Java and Python code as expected
  • Cloud deployment manager is part of the exam and interesting to know in details
  • Migration: how do you deal with existing DC, move data around, etc
  • Network: VPN, firewall, tags

Once again, good luck to everyone taking this exam!

 

AWS DevOps Professional Certification – All-5 AWS certified!

I passed the AWS DevOps professional exam this weekend with success after a few weeks looking at the following services: CloudFormation, Autoscaling, Beanstalk, Opsworks and Cloudwatch. The strategy for the exam was to watch all https://acloud.guru videos, then do the https://cloudacademy.com/ quizzes (there is a 7-day free trial) as well as review the following:

Docs:

  • http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/crpg-walkthrough.html
  • http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html
  • http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deployment.source.html
  • http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/introducing-lifecycle-hooks.html
  • http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html
  • http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rollingupdates.html
  • https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
  • https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-resources.html
  • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html
  • http://docs.aws.amazon.com/cli/latest/reference/opsworks/create-deployment.html
  • http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3-getting-started.html
  • http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications-sourcebundle.html

Blogs:

  • http://cantrill.io/certification/aws/2015/10/29/passing-the-aws-devops-engineer-professional-exam.html
  • http://ozaws.com/2015/10/30/aws-professional-devops-engineer-certification-tips/
  • http://blog.error510.com/2016/03/28/aws-devops-engineer-exam-passed/
  • https://www.sumologic.com/blog-amazon-web-services/monitoring-aws-auto-scaling-and-elastic-load-balancers-with-log-analytics/

Videos:

  • https://www.youtube.com/watch?v=aX54mhZbN58
  • https://www.youtube.com/watch?v=ZhGMaw67Yu0
  • https://www.youtube.com/watch?v=4trGuelatMI

Must know:

  • Rolling Updates versus Rolling Deployments
  • Blue-green strategies on Opsworks, Beanstalk and with Route 53 and AutoScaling
  • A/B deployments
  • AutoScaling lifecycle hooks
  • Cloudwatch Logs
  • Opsworks CLI commands
  • CF Custom resources, cfn signals and wait conditions
  • Kinesis, Cloudtrail, S3 Logging
Repair a corrupted AES encrypted image

I recently had an issue with an encrypted 128-bit AES image/dmg that I created a long time ago. After copying and moving the file, the system alerted me with the following when trying to mount the dmg: “no mountable file systems“.

Screen Shot 2017-01-20 at 10.49.47 AM

FileVault is great and can secure a directory by encrypting its entire contents using Advanced Encryption Standard with 128-bit keys. FV automatically encrypts and decrypts in real time. Blocks get encrypted in 4kByte “chunks” AES-128, and keys are encrypted (“wrapped”) in header of disk image. The Key, the salt, the iv (initialization vector) and other info are stored into the image header, a 4kb block, which is in turn encrypted using 3DES-EDE.

There are two different header locations:

  • v1: headers live at the end of the file
  • v2: headers live at the beginning

Fortunately for me I had the v2 headers, more recent and technically less prone to errors if there is any kind of interruption during the copy of your file. Even more important, I had a backup of the working image. If you don’t have a backup, it might be possible to create the exact same image with the same passphrase. The trick when running into this is to copy the first 4kb from the working image to the corrupted one:

dd if=WorkingEncrypted.dmg bs=4096 count=1 of=BrokenEncrypted.dmg conv=notrunc

Make sure you backup your image before playing with it! You should be able to mount your image right after executing the command.

AWS Solutions Architect Professional Certification

Getting ready for the AWS Solutions Architect Professional Exam is not an easy task! It is currently one of the most difficult AWS certification to get with the DevOps one due to the number of services it covers. Plan on studying for a few months, not only AWS services but a very wide range of concepts. The level required to pass this exam is very high, nothing compared to the Associate level certification. AWS even recommends 2 years of experience on the platform.

As usual a good start is to follow the awesome https://acloud.guru/ courses.

Don’t forget to study all the AWS Reference Architectures and watch AWS Summit videos:

The exam tests your ability to answer very quickly, it’s a bit more than 2 minutes per question and very few are short ones. Sometimes answers are very similar and you will have to proceed by elimination. Best tip that helped me from Reddit: Focus on the “kicker”.  This is the part of the after the fluff that tells you exactly what they want.  e.g. “Which option provides the MOST COST EFFECTIVE solution.

One last thing, if English is not your first language you might be able to get an extra 30 minutes by contacting the certification team, but this request can take up to a month prior to taking the exam.

Good luck to everyone taking this exam!