this site best viewed in…

Posted by Dick on March 27, 2008

This mornings WebKit nightly build rendering the Acid3 test:

 webkit r31370 FTW 

 And look! Firefox painted me a beautiful picture too:

5/10 SEE ME  

 That’s lovely, sweetheart. 

Guess who’s not regretting switching a couple of months back.To be fair, Opera apparently scores very highly too (both its users must be delighted). 

NFSv4 between Linux and Solaris

Posted by Dick on October 07, 2007

Openoffice on Ubuntu had been pissing me off no end – hanging on startup, etc.
Google pointed the finger at NFSv3
(which is how I share out a ZFS home directory from my Solaris box ).
Apparently it’s happier on NFSv4
(setantae describes it as ‘NFS without the shitty bits), so it’s time to revisit that.

the Solaris end

Solaris 10 (and up) defaults to NFS4, so the only things to do are:

  1. check your NFSv4 domain (== your DNS domain, unless you changed it)
  2. backup the homedir in case linux goes batshit and eats all your por^W mission-critical data
   zfs snapshot tank/home/username@pre-nfsv4

the linux end

sudo apt-get install nfs-common
echo 'NEED_IDMAPD=yes' >> /etc/default/nfs-common

there’s no home for you here

When I remounted my home directory all hell broke loose.
Ubuntu defaults to an NFS domain of ‘localhost’ for some reason.
The mismatch means NFS can’t tell who you are, so it punts and all your files
are suddenly owned by nobody:nobody. You can’t login.

No harm done (so long as you have another account :) ):

echo 'Domain = yourdomain.com' >> /etc/idmapd.conf
sudo /etc/init.d/nfs-common restart

then remount your shares. Everything should look ok now. OO works, at least.

ok, I’m scared now

Posted by Dick on June 28, 2007

(On a fresh Ubuntu 7.04 (‘Stinky Badger’) box) 

rasputnik@hypnotoad $ svn version
The program 'svn' is currently not installed.
You can install it by typing:
sudo apt-get install subversion
bash: svn: command not found
rasputnik@hypnotoad $ which svn
rasputnik@hypnotoad $

Nice, in a scary sort of way.

hot Linux on Solaris action

Posted by Dick on March 20, 2007

We were talking about BrandZ
(linux-flavoured Solaris zones) when I realised I hadn’t got round to trying it out yet.

So I did.
It seems to mostly work like a linux box, except
apps that need direct access to the kernel/proc/devices etc can have problems.

As usual, I’m just putting up my notes. If you need more general (or better written) docs,
I recommend

First thing to do is add the linux brand packages (so ‘create -t’ works).

pkgadd -d . SUNWlxu SUNWlxr

Configure the zone like any other, but pass a flag to ‘create’:

vera # zonecfg -z lux
lux: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:lux> create -t SUNWlx
zonecfg:lux> set zonepath=/zones/lux
zonecfg:lux> add net
zonecfg:lux:net> set address=10.9.8.7/24
zonecfg:lux:net> set physical=iprb0
zonecfg:lux:net> end
zonecfg:lux> commit
zonecfg:lux> exit

install (and tweak) the linux distro

This isn’t a Solaris zone so you need to install linux into the zonepath.
Sun have a CentOS 3.x
image on their website containing X, gnome, etc.

Bizarrely, Suns tar can’t unpack it ,
so you need to install gtar before zoneadm can use it.
This is still less hassle than burning ISOs in my book.

vera # wget http://dlc.sun.com/osol/brandz/downloads/centos_fs_image.tar.bz2
vera # mount /cdrom && pkgadd -d /cdrom/Solaris_11/Product/ SUNWgtar

Now you install linux into the zone (note /zones is on ZFS here, so we get compression/snapshots/cloning for free). This does, indeed, take several minutes:


   vera # zoneadm -z lux install -d centos_fs_image.tar.bz2
   A ZFS file system has been created for this zone.
   Installing zone 'lux' at root directory '/zones/lux'
   from archive '/zones/centos_fs_image.tar.bz2'

   This process may take several minutes.

   Setting up the initial lx brand environment.
   System configuration modifications complete.

   Installation of zone 'lux' completed successfully.

   Details saved to log file:
       "/zones/lux/root/var/log/lux.install.9440.log" 

   vera # zoneadm list -iv
     ID NAME             STATUS         PATH                           BRAND
      0 global           running        /                              native
      - lux              installed      /zones/lux                     lx

Setting up the network is easy:

vera # cat > /zones/lux/root/etc/sysconfig/network
NETWORKING="yes"
HOSTNAME=lux.whatever.com
^D
vera # cat > /zones/lux/root/etc/resolv.conf
search whatever.com
nameserver 1.2.3.4
nameserver 1.2.3.5
^D

Since I’m a big fan of RSA authentication, I set that up too:

vera # echo 'PermitRootLogin without-password' >> /zones/lux/etc/ssh/sshd_config
vera # mkdir -p /zones/lux/root/root/.ssh/
vera # chmod 700 /zones/lux/root/root/.ssh/
me@mydesktop $ scp ~/.ssh/id_dsa.pub root@vera:/zones/lux/root/root/.ssh/authorized_keys

I also edit /zones/lux/root/etc/shadow and set roots password field to ‘NP’, since neither zlogin or ssh need it to be set.

boot it

vera # zoneadm -z lux boot

It takes a minute or two for rc to finish running,
then you can ‘zlogin lux’ or ‘ssh root@lux.whatever.com’ into it.

constrainers for your containers

Standard resource controls work as you’d expect. Here I’m setting a maximum numbers of processes (LWPs):

vera # zonecfg -z lux
zonecfg:lux> add rctl
zonecfg:lux:rctl> set max-lwps=60
zonecfg:lux> exit
vera # prctl -s -n zone.max-lwps -v 60 -t priv -e deny -i zone lux

(the ‘prctl’ line avoids us having to reboot the zone)

‘prstat -LZ’ in the global zone shows LWPs per zones nicely. As expected, starting a load of processes
in ‘lux’ gives -bash: fork: Resource temporarily unavailable errors at 60 LWPS.

decide it’s not really your cup of tea (optional)

Personally, I’ll stick to plain Solaris zones.
I’m over the worst of the Solaris learning curve.
I’m looking at Solaris for servers and most of the apps I want to run are open source.
It’s a lot less hassle to build from source (or use blastwave) than to maintain Yet Another
OS Instance just to run the same apps against glibc.

Zones gives you multiple environments without the hassle of multiple OSes to maintain, which most
virtualization solutions seem to overlook.
In addition, Solaris resource management is very fine grained inside a zone (per-project limits can co-exist with per-zone limits). I can’t say
the same for other OSes I’ve tried. This helps to minimize the number of zones you need.

Of course, YMMV. If you have something
linux-only (benr mentions acroread)
that you need this could be really handy. Similarly it might be a lot easier to keep your developers
happy if they can run their apps on linux.

If you want to make the zone start at boot, you’ll need to

vera # zonecfg -z lux
zonecfg:lux> set autoboot=true
zonecfg:lux> commit
zonecfg:lux> exit

Stinkstation, more like

Posted by Dick on July 03, 2006

DISCLAIMER: As I said , I only run openlink so I can serve NFS (samba and netatalk are too slow for fullscreen video over 100Mbit). If I was running samba and/or appletalk I would probably not have had a problem.

That said: if you setup NFS on your linkstation, NEVER EVER EVER (ever) backup using the web frontend.

I’ve been backing up my other machines to the LS for a few months.
I got a fast/cheap/quiet/lovely Seagate 250Gb disk and thought I’d backup using the UI (openlink is a superset of the official firmware. I stupidly thought this would be ok.).

Plugged in the disk. It took the LS about an hour to build what looked like an ext2 filesystem on it.
I should have started running at that point.

The backup script on the LS is called do-backup.pl (I would upload a copy, but someone might stumble across it and I don’t want that on my conscience).

Whoever wrote it made the decision to allow clients read-only access to shares while they were being archived. Which would be cool, except the way they do that is essentially:

  1. chmod -R 555 $SHAREDIR
  2. cp -R $SHAREDIR /mnt/usbdisk/`date`
  3. chmod -R 777 $SHAREDIR

I’m paraphrasing. But only slightly. Key features are:

  • it makes no attempt to remember/restore the old perms. This does horrible things to an NFS share. I’m (charitably) assuming it doesn’t fuck up samba/appletalk too badly.
  • every file on the share is made executable before it even does anything (’chmod ugo-w -R …’ would have the same effect and be slightly less stupid)
  • every file in the share is world writable when it completes
  • cp??? (Google returns patches that at least use rsync)
  • this is a CGI. The only user feedback is a blinkenlight on the USB disk
    (I’m using 50Gb, it was 45 minutes in before I sshed to see what was going on)
  • Samba and Appletalk support readonly shares (NFS does too, but I forgive that as it’s not part of openlink)

This rant is mainly due to the death of the eMac the next morning1. I was left with a backup of the LS I didn’t trust and a ‘good copy’ of all our digital photos that had been tampered with. It took a lot of work I could really have done without to make sure that the permissions were sane.

What’s really to blame2 is shitty filesystems that force developers to hack around their lack of features (snapshots in this case). I’ll go into more detail when I’ve calmed down :)

The Linkstation is still a great piece of kit as far as it goes.

In my case, it’s gone on amazon marketplace.

1 yes, I’m aware of the repair program . No, my serial number isn’t in the list.

2 no. not the guy who puts important things on firmware written by people who run off with paypal donations . definitely the filesystem. definitely.

« Previous Entries