Posted
1 day
ago
by
Lance Albertson (ramereth)
Ganeti is a very powerful tool but often times people have to look for spare hardware to try it out easily. I also wanted to have a way to easily test new features of Ganeti Web Manager (GWM) and Ganeti Instance Image without requiring additional
... [More]
hardware. While I do have the convenience of having access to hardware at the OSU Open Source Lab to do my testing, I’d rather not depend on that always. Sometimes I like trying new and crazier things and I’d rather not break a test cluster all the time. So I decided to see if I could use Vagrant as a tool to create a Ganeti test environment on my own workstation and laptop.
This all started last year while I was preparing for my OSCON tutorial on Ganeti and was manually creating VirtualBox VMs to deploy Ganeti nodes for the tutorial. It worked well but soon after I gave the tutorial I discovered Vagrant and decided to adapt my OSCON tutorial with Vagrant. Its a bit like the movie Inception of course, but I was able to successfully get Ganeti working with Ubuntu and KVM (technically just qemu) and mostly functional VMs inside of the nodes. I was also able to quickly create a three-node cluster to test failover with GWM and many facets of the webapp.
The vagrant setup I have has two parts:
Ganeti Tutorial Puppet Module
Ganeti Vagrant configs
The puppet module I wrote is very basic and isn’t really intended for production use. I plan to re-factor it in the coming months into a completely modular production ready set of modules. The node boxes are currently running Ubuntu 11.10 (I’ve been having some minor issues getting 12.04 to work), and the internal VMs you can deploy are based on the CirrOS Tiny OS. I also created several branches in the vagrant-ganeti repo for testing various versions of Ganeti which has helped the GWM team implement better support for 2.5 in the upcoming release.
To get started using Ganeti with Vagrant, you can do the following:
git clone git://github.com/ramereth/vagrant-ganeti.git
git submodule update --init
gem install vagrant
vagrant up node1
vagrant ssh node1
gnt-cluster verify
Moving forward I plan to implement the following:
Update tutorial documentation
Support for Xen and LXC
Support for CentOS and Debian as the node OS
Please check out the README for more instructions on how to use the Vagrant+Ganeti setup. If you have any feature requests please don’t hesitate to create an issue on the github repo. [Less]
Posted
1 day
ago
by
Patrick Lauer (bonsaikitten)
Last (psychotic) episode we looked at how to download and install LSI controller management tools.
Today's special will look at using them, or trying to, or finding reasons to be totally drunk.
# file ./MegaCli64
./MegaCli64: ELF
... [More]
64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
# ./MegaCli64
Fatal error - Command Tool invoked with wrong parameters
Exit Code: 0x01
Ho hum. Err. 0x01 you say? -ESTUPIDUSER I guess.
# ./MegaCli64 --help
Invalid input at or near token -
Exit Code: 0x01
Invalid? --help? Erf. Uhm. Now I could really use some, err, help?
Will -h work? Yes it does ... but ...
# ./MegaCli64 -h | wc -l
277
But at least: Exit Code: 0x00 - yey?
The bad news is the syntax of this ancient demon summoning device. To quote:
MegaCli -AdpPR -Dsbl|EnblAuto|EnblMan|Start|Suspend|Resume|Stop|Info|SSDPatrolReadEnbl |SSDPatrolReadDsbl
|{SetDelay Val}|{-SetStartTime yyyymmdd hh}|{maxConcurrentPD Val} -aN|-a0,1,2|-aALL
First there's no explanation at all what AdpPR means. And that it's actually case-independant.
Second one notes Dsbl instead of disable, because characters are precious (and why not use Off then?)
And that's the best part of it.
There's also a few excellent features in these "RAID" "Controllers" that might make you a bit grumpy.
For example it will only boot off the first disk, so in JBOD mode (with software raid on top of it maybe?)
if the first disk fails you will have to manually change the config at boot time to, err, boot. But on the
upside it will stop if *any* disk has failed, or any array is degraded, so you'll do that often enough.
You might ask, why software raid? Well - the controller firmware does not support growing volumes that are on a shared disk,
so if you have [sda1 sda2] etc. and make a raid1 out of sd{a,b,c,d}1 and a raid5 out of sd{a,b,c,d}2 then
you cannot grow these partitions in the future, which means you have to move all data away, destroy array,
recreate array, copy back.
And that's supposed to be the Market Leader ?! [Less]
Posted
2 days
ago
by
Diego E. Pettenò (flameeyes)
You probably remember that I spent quite a bit of time working on a ModSecurity ruleset that would help me filter out marketing bots and spammers. This has paid off quite well as the number of spam comments I receive is infinitesimal compared to
... [More]
other blogs, even those using Akismet and various captchas.
Well, in the past few days I started noticing one more bot, which is now properly identified and rejected, scouring my website and this blog; not any other address on my systems though. The interesting part is that it tries (badly) to pass as a proper browser: "Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))" (sic). Pay attention to the capital I, the version of the OS, and the two closed parenthesis at the end of the string.
Okay so this is not the brightest puppy in the litter, but there is something else: it’s distributed. With this I mean that I’m not getting the same request twice from the same IP address. Usually this gets very common for services using Amazon EC2 instances, as the IP addresses there are ever-changing, but this is not the case: the IP addresses all belong to Comcast.
I guess you can probably see where this is going to hit, given the title of the post, in the sense that there is another singularity to these requests: they actually come through a mix of IPv4 and IPv6, which is what tipped me off that it was something strange, usually the crawler bots prefer using much more easily masked IPs, not very granular IPv6s.
Since the website, the blog and (I didn’t mention that before, but it’s also hit) xine-project.org are listed on the World IPv6 launch page it’s easy to see that this is a Comcast software that is trying to see if the websites are really available. This is corroborated by the fact that the IPs all resolve to hosts within Comcast’s network throughout the whole States, but all starting with “sts02” in their reverse resolution.
Now it wouldn’t be too bad and I wouldn’t be kicking them so hard if they played by the rules, but none of the requests was going for robots.txt beforehand, and in a timeframe of 22 minutes they sent me 38 requests per host. The heck?
Now this is not the sole bot requesting data for the World IPv6 Launch; there is another one that I noticed, that was caught by an earlier rule: "Mozilla/5.0 (compatible; ISOCIPv6Bot; +http://www.worldipv6launch.org/measurements/".
Contrarily to Comcast’s this bot actually seems to only request a HEAD of the pages instead of going for a full-blown GET request. On the other hand, it still does not respect robots.txt. The requests are fewer… but they are still a lot; in the past week Comcast’s bot requested pages on my website almost 13K times – thirteen thousands – while this other bot “only” eighteen hundreds times.
Interestingly this bot doesn’t seem to be provider-specific: I see requests coming in from China, Brazil, Sweden, UK and even Italy! Although funnily enough the requests coming from Italy come from a standard IPv4 address, uh? Okay so they are probably trying to make sure that the people who signed themselves up for the IPv6 launch are really ready to be reachable by IPv6, but they could at least follow the rules, and make more sense, couldn’t they? [Less]
Posted
3 days
ago
by
Paweł Hajdan, Jr. (phajdan.jr)
It's a known issue, bug #413541. The end result is weird, because revdep-rebuild tells you that everything is fine, yet some apps display errors (they still launch though):
Unable to load library icui18n "Cannot load library icui18n:
... [More]
(libicui18n.so.48: cannot open shared object file: No such file or directory)"
The workaround is to re-emerge qt-core (more packages might be affected).
If you wonder what's the root cause, it's using dlopen (in this case in qt-core) instead of linking directly (e.g. ELF DT_NEEDED entry) with given library.
In binary-only world, using dlopen may make sense sometimes. Package names, versions, and library SONAMEs vary between distros, so it's difficult to create a single package that works with multiple distros. It may be easier to dlopen the needed libraries (sometimes even trying different SONAMEs), and fail gracefully in case they are missing (e.g. just disable some optional functionality).
That's what Qt is doing here. However, in Open Source world, where software is packaged by distributions, the above case should be handled by linking directly (DT_NEEDED), allowing tools like revdep-rebuild to detect the breakage.
Other distributions are hitting this problem too, see e.g. https://bugzilla.redhat.com/show_bug.cgi?id=759923 and https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/989915. [Less]
Posted
5 days
ago
by
Diego E. Pettenò (flameeyes)
Finally Excelsior is doing what it has been bought to do: tinderboxing. Well, not really to full capacity but I’ve got enough pieces of the puzzle in place that it should soon start building regularly.
What the tinderbox set up is doing
... [More]
now is actually a limited run: it’s building the reverse dependencies of virtual/ffmpeg to find out which packages actually require libpostproc, so that we can fix their dependencies with libav — to follow up on Tomáš’s post I’m also strongly attached to libav, being, together with Luca, part of the development team of the project.
Speaking about libav, one of the things that since a couple of days ago Excelsior is doing, is running FATE so to both cover AMD Bulldozer’s architecture and Gentoo Hardened. For those who do not know, FATE is an automated testing environment that configures, builds, and run the tests for libav and then send the result to a central server for analysis. The whole build takes three minutes on Excelsior. Thanks to libav’s highly-parallelized makefiles.
There is only one problem with the Tinderbox, and is once again the logs analysis. To be honest this time I have some idea on how to proceed: the first step is to replace the grep command I have used before with a script that produces an HTML output of the log file. Yes many people said before that HTML is not a good idea for this kind of thing: since nobody else has helped me writing a better log analysis tool, that’s going to be enough.
So what has to happen is reading line by line the input log, then create an HTML file with (numbered) lines, marked with a specific (CSS) file that makes the row red. As I said before it would be nice to have some kind of javascript to jump from one error line to the other. Until this is all set, though, just creating the HTML file would be enough.
The next step would probably be getting the HTML output on S3 (for easy access), and write it down on a database that actually give you an index of the error logs — for those who wonder, using s3fs as PORT_LOGDIR is not a good idea at all. I guess tomorrow I might try to find some time to work on this. I could find some time on the weekend, given that my original idea (biking around with Luca) is disabled due to me falling and (lightly) injuring myself last night. [Less]
Read all Gentoo Linux articles…
Edit RSS feeds.
Tagged as
live-cd x86 distro distribution linux portage arm sh ia64 sparc ppc64 ppc32 alpha ebuild gnu_linux mips ppc amd64 m68k s390 hardened hppa operating_system os gentoo x86_64 gentoolinux science
Debian GNU/Linux
HelenOS
LuninuX OS
NetBSD
Sn0wL1nuX