Christian – Page 32

Windows Server 2008

February 16, 2008June 21, 2013 Christian Leave a comment

Well, as it is Saturday and I’m having lots of time (whereas I’d usually spend it working), I thought I’d give Windows Server 2008 a try. What interested me most, is the Windows Server 2008 “Server Core Installations“, as it’s supposed to lower the security risk (as there is *no* Internet Explorer, no Explorer nothing running by default, only a simply cmd.exe).

As one of my co-workers requested me to upload the Standard/Enterprise/Datacenter DVD (which he got through our Microsoft Select 6.0(?) agreement) to our ISO’ VMFS, I had the DVD already at hand. As for that, I *really* love the feature set of VMware.

Deploying a new VM (even if you have to reinstall it) is quite fast (took me about 20 minutes, which I used to get some breakfast – it was only 6:30am). That’s about when I figured, how damn greedy Windows Server 2008 is. 16GiB hard disk as default installation and 2GiB RAM for a simple server ? Damn.

Other people’s property

February 16, 2008February 16, 2008 Christian Leave a comment

Well, apparently some people don’t have any value for other people’s property. It’s that way in big cities, but apparently it’s the same is this shitty, lil’ village.

Whoever did that had serious fun with a key or something else. Tough, if I ever gonna get that person, I’m gonna rip his arse apart. The painters tell me, I do have to expect to pay ~300 EUR, as to the scratch being up to the primer below the upper color layer. So they’ll either have to paint half the door, or the whole door which *really* pisses me off!

Been a while

February 16, 2008August 16, 2014 Christian 2 Comments

Well, it’s been quite a while since most of the people last heard a word from me. The last few months I’ve been extremely busy with work-related tasks (and as a side-effect of that, didn’t want to spend much time in front of the computer after 9 hours of work). I also started spending more and more time in the gym, like nearly two hours every Tuesday and Thursday.

I finally fixed our replication issues, we do now have a working! MySQL Multi-Master (1. Node, 2. Node — bear in mind, this boxes are *only* serving MySQL and nothing else, so don’t use these configurations on mixed setups) Replication Setup as database back end for our TYPO3-vHosts.
all the web nodes are now serving the content from a clustered, shared SAN volume (is that a good thing ? 😛 – don’t know yet …)
our VI environment is getting more and more acceptance (even if you hear some complaints now and then, like “awww, damn that crap my 4GiB RAM, 2×3.0GHz Windows 2008 is running soooo choppy” – simple answer, don’t use Windows Server 2008 and/or Windows Vista!)
I finished prepping our VM templates (at least the Windows ones)
we’re still putting together the plans on whether or not invest into a VDI solution.

The next few weeks are gonna be as frantic as the weeks before, I still have to migrate a lot of TYPO3 installations to our new cluster (which sadly needs time, as we need to wait for DNS changes to propagate). Honestly, I might be ending up extending the SAN volume for the MySQL data storage, as even with only three somewhat busy sites, the binary log of the last 5 days is about 2GiB in size. And we still have ~20 other busy sites on a separate box.

Lucky me, I created the MySQL data storage on a logical volume, so I can easily extend the volume in the san-manager semi-online (the fs needs to be unmounted and thus the MySQL process), then extend the physical volume (LVM2 PV) and the logical volume (LV) afterwards, and at last the underlying EXT3 file system.

As some of you know by now, I am on ~~extended leave for now~~. I don’t have tree access (at my own request), though I’m gonna try to keep up with Chris and 2008.0 … So long!

Flushing the disk cache

January 17, 2008January 17, 2008 Christian 1 Comment

I’ve been looking for this over and over and over, until I had some inspiration today (thanks to Andew and Chris) .. this has one and only one sole purpose: safekeeping, so I don’t end up searching for it all over again …

To free pagecache:

# sync; echo 1 &gt; /proc/sys/vm/drop_caches

1	# sync; echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:

# sync; echo 2 &gt; /proc/sys/vm/drop_caches

1	# sync; echo 2 > /proc/sys/vm/drop_caches

To free pagecache, dentries and inodes:

# sync; echo 3 &gt; /proc/sys/vm/drop_caches

1	# sync; echo 3 > /proc/sys/vm/drop_caches

Once that is done, you’ll see the memory (usually RAM) freeing up.

PacketPro 1.7.0

January 15, 2008August 16, 2014 Christian Leave a comment

After blogging the last time about the PacketPro 450 LoadBalancer appliance, the guys over at teamix seem to have taken that to heart and implemented a rather nifty thing for their new release.

It’s called “Port forwarding“, which is basically what you’d figure from the name. It bounces ports around the load balancer, but saves you from creating a separate virtual server (and adding the physical servers to that one), but also saves you from modifying the syslog-ng configuration on the balanced servers.

EPIA fun

January 14, 2008August 16, 2014 Christian 1 Comment

Well, as for replacing my current fileserver (which I seriously need to consider replacing), I’ll just pick up these things:

3WARE 9550SXU-8LP (that’s 399,00€) plus riser card
VIA EPIA EK 8000EG (that’s 201,69€)
Kingston ValueRAM DIMM 1 GB DDR-400 (that’s 57,00€)
4x Seagate ST31000340NS (that’s 279,00€ each – making a subtotal of 1.116,00€)

So after browsing some more for a replacement for my current fileserver, I’d like to share the latest stages with you people. Thanks to Mike (who mentioned that binutils-2.18* already does the LDFLAGS=”-Wl,-z,relro” part) I replaced it with “-Wl,-O1”. Same old place, there’s fresh stages … (and thanks again to Mike, with working util-linux-2.13-r2).

I also tried getting a Gentoo/Hardened stage for PowerPC working, but that fails as due to >glibc-2.3 needing =gcc-4*. Though luck ….

Oh, yeah. If anyone is looking for the specs, they are in my overlay.

Deploying VM templates

January 8, 2008June 21, 2013 Christian Leave a comment

Ok, so after my first day yesterday after a rather long vacation I today wanted to look at the problem that the Administrator password isn’t changed when using VirtulCenter’s clone customization functionality (which relies at least for Windows on sysprep).

After a short googling, I stumbled upon this.

Simple problem short … Don’t specify an Administrator password for the template. Then you should be able to change the Administrator password when cloning the template. It’s “should“, as the VM’s are still updating.

And it really works. After emptying the Administator password, the cloning works just fine. Damn sysprep bug …

stages

January 8, 2008January 8, 2008 Christian 9 Comments

For what it’s worth, I’ve been trying to get some stages together the last few days. Thanks to solar and Brent, the ppc-stages are now coming along quite fast.

I haven’t really tested them yet, but for what it’s worth, you’ll find stages based on Saturday’s snapshot (that is 200780105 for those not smart enough to take a look at the calendar) here for the following profiles:

uclibc/ppc (normal/-softfloat)
uclibc/ppc/hardened
uclibc/x86
uclibc/x86/hardened
hardened/amd64
hardened/amd64/nomultilib
hardened/x86/2.6 (x86/i686)

Now remember, this isn’t *official* release material. This is just *MY* effort (for now) to provide current stages.

And just a side-note for those brewing their own (uClibc) soup: if you remerge system/world, you’ll have to keyword =sys-libs/uclibc.0.9.28.3-r2. Otherwise you’ll stumble on bug 195368, which is fixed thanks to solar, just not marked stable yet.

Can’t find sheep^Hsleep

January 8, 2008January 8, 2008 Christian 1 Comment

Ok, so I ended up lying in bed for two hours, so I stood back up and searched for some stuff that floated my mind. The end result seems to be the following:

VIA EPIA SN10000EG (199,30€)
2x Kingston ValueRAM SO-DIMM 2GB PC2-5300U CL5 (DDR2-667) (each 31,31€)
Club 3D GeForce 7300 GT, 256MB DDR2, 2x DVI, TV-out, PCIe (CGNX-HG736) (55,00€) — still need to find a riser card
Transcend SSD/IDE 8GB (169,00€)
2x Samsung SyncMaster 204B, 20.1″, 1600×1200, VGA, DVI (LS20BRDBSQ) (each 309,00€)

I still need to find a fitting power supply, but I’ll leave that for tomorrow. The above leads me with about 520,00€ for the “PC” and 680€ for the TFT’s (as I don’t have any). And that’ll give me a full silent (as in not a single moving part), quiet workstation for my desk.

Another thing I went looking, was the at the “Unquoted value” stuff repoman started printing. Thanks to GNi (and solar) I was able to compute a rather looooooong list quite fast …

For my own remembrance, here’s the (combined) command I used:

$ for i in $( grep -i “unquoted variable” ~/repoman-full-$(date +%Y%m%d).log | cut -d -f4 |cut -d/ -f1-2 | sort -u )
do echo -n “$i ”
echo “(herd:$(epkginfo $i | grep “Herd:” | cut -d: -f2 ), maintainer:$( epkginfo $i | grep “Maintainer:” | cut -d: -f2 | sed “s,@gentoo.org,,” ))”
echo; grep -iE “$i/(.*)unquoted variable” repoman-full-$(date +%Y%m%d).log | sed -e “s,$i/,,”
echo
done &gt; ~/repoman-quoting-$(date +%Y%m%d).log

$ for i in $( grep -i “unquoted variable” ~/repoman-full-$(date +%Y%m%d).log | cut -d -f4 |cut -d/ -f1-2 | sort -u )

do echo -n “$i ”

echo; grep -iE “$i/(.*)unquoted variable” repoman-full-$(date +%Y%m%d).log | sed -e “s,$i/,,”

echo

done > ~/repoman-quoting-$(date +%Y%m%d).log

The *real* original (from history):

$ repoman full 2&gt;&amp;1|tee ~/repoman-full-$(date +%Y%m%d).log
$ grep -i “unquoted variable” ~/repoman-full-$(date +%Y%m%d).log | cut -d -f4 |cut -d/ -f1-2 | sort -u &gt; ~/affected
$ for i in $(  repoman-quoting-$(date +%Y%m%d).log

$ repoman full 2>&1|tee ~/repoman-full-$(date +%Y%m%d).log

$ grep -i “unquoted variable” ~/repoman-full-$(date +%Y%m%d).log | cut -d -f4 |cut -d/ -f1-2 | sort -u > ~/affected

$ for i in $( repoman-quoting-$(date +%Y%m%d).log

Oh, may come in handy too:

~~repoman-full-20080107.log (2,1M) as well as~~
~~repoman-quoting-20080107.log (1,4M)~~

Advanced bashrc (‘Turning a simple chroot into a binpkg repository’ continued)

December 31, 2007August 16, 2014 Christian 1 Comment

As I pointed out back in October, it’s rather easy to create a setup which syncs a built binary package to a remote node (which is serving them to the world – via http,rsync,ftp – pick your poison).

Now, ever since we had slight space problems on miranda (cough my binpkgs cough), I wanted to look into methods on how to get rid of storing them on the buildnode and the webnode. I think now (hehe, it’s only 7pm), I finally managed to get a “proper” bashrc which does a lot of that foo. Take a look at this:

...
syncpkg() {
  # Syncing the binary tbz2 to my webhost
  if is_feature "buildpkg" &amp;&amp; 
  [[ -n $REPO_HOST &amp;&amp; -n $REPO_BASE &amp;&amp; -n $REPO_PATH ]] ; then
    REMOTE_TARGET="$REPO_HOST:$REPO_BASE/$REPO_PATH"
    REMOTE_ECACHE="$REPO_BASE/$REPO_PATH/settings/.ebuild.x"

    einfo "Publishing data to remote repository ($REPO_PATH) on ${REPO_HOST##*@}"

    if ! $( ssh $REPO_HOST "test -d $REPO_BASE/$REPO_PATH/settings" ) ; then
      ssh $REPO_HOST "mkdir -p $REPO_BASE/$REPO_PATH/settings" 
        &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1
    fi

    if [ -x /usr/bin/q ] ; then
      /usr/bin/qlist -IvCU &gt; /etc/portage/package.list
    fi

    ebegin " [ SYNC: 1/3] /etc/make.conf, /etc/portage/package* to $REPO_PATH/settings"
    rssh /etc/{make.conf,portage/package*,portage/profile,portage/bin,portage/bashrc} 
      $REMOTE_TARGET/settings/ &gt; /var/log/syncpkg.log 2&gt;&amp;1
    eend $?

    ebegin " [ SYNC: 2/3] $PKGDIR to $REPO_PATH"
    rssh $PKGDIR/ $REMOTE_TARGET/ &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1
    eend $?

    ebegin " [ SYNC: 3/3] Cleaning $PKGDIR"
    rm -rf $PKGDIR/* &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1
    eend $?

    # We sync our copy of .ebuild.x over to the webnode, as it might not be
    # synced as often / at the same time as the buildnode. Thus the
    # `qpkg --eclean' would remove packages, which *are* in the tree, but
    # the webnode hasn't synced up yet.

    rssh $PORTDIR/.ebuild.x $REMOTE_TARGET/settings/.ebuild.x 
      &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1

    if $( ssh $REPO_HOST "test -f $REMOTE_ECACHE" ) ; then
      ebegin " [MAINT: 1/3] Removing stale packages in $REPO_PATH"
      ssh $REPO_HOST "CACHE_EBUILD_FILE=$REMOTE_ECACHE qpkg -Eq -P 
        $REPO_BASE/$REPO_PATH/" &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1
      eend $?
    fi

    # And now remove the .ebuild.x copy again.
    ssh $REPO_HOST "rm -f $REMOTE_ECACHE" &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1

    # The user ssh'ing, needs to be in the portage group on the remote
    # end. Otherwise, things *will* go wrong (like genpkgindex being
    # unable to write to /var/cache/edb/xpak). Also /var/cache/edb/xpak
    # needs to be owned by portage:portage, as well as group-writeable.

    if $( ssh $REPO_HOST "test -w /var/cache/edb/xpak" ) ; then
      ebegin " [MAINT: 2/3] Regenerating $REPO_PATH/Packages"
      ssh $REPO_HOST "$REPO_BASE/$REPO_PATH/settings/bin/genpkgindex 
        $REPO_BASE/$REPO_PATH/All" &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1
      eend $?
    fi

    if ! $( ssh $REPO_HOST "test -L $REPO_BASE/$REPO_PATH/Packages" ) ; then
      ebegin " [MAINT: 3/3] Fixing $REPO_PATH/Packages symlink"
      ssh $REPO_HOST "cd $REPO_BASE/$REPO_PATH; rm -f Packages; ln -s 
        All/Packages" &gt;&gt; /var/log/syncpkg.log 2&gt;&amp;1
      eend $?
    fi
  fi
}
...

...

syncpkg() {

# Syncing the binary tbz2 to my webhost

if is_feature "buildpkg" &&

[[ -n $REPO_HOST && -n $REPO_BASE && -n $REPO_PATH ]] ; then

REMOTE_TARGET="$REPO_HOST:$REPO_BASE/$REPO_PATH"

REMOTE_ECACHE="$REPO_BASE/$REPO_PATH/settings/.ebuild.x"

einfo "Publishing data to remote repository ($REPO_PATH) on ${REPO_HOST##*@}"

if ! $( ssh $REPO_HOST "test -d $REPO_BASE/$REPO_PATH/settings" ) ; then

ssh $REPO_HOST "mkdir -p $REPO_BASE/$REPO_PATH/settings"

>> /var/log/syncpkg.log 2>&1

if [ -x /usr/bin/q ] ; then

/usr/bin/qlist -IvCU > /etc/portage/package.list

ebegin " [ SYNC: 1/3] /etc/make.conf, /etc/portage/package* to $REPO_PATH/settings"

rssh /etc/{make.conf,portage/package*,portage/profile,portage/bin,portage/bashrc}

$REMOTE_TARGET/settings/ > /var/log/syncpkg.log 2>&1

eend $?

ebegin " [ SYNC: 2/3] $PKGDIR to $REPO_PATH"

rssh $PKGDIR/ $REMOTE_TARGET/ >> /var/log/syncpkg.log 2>&1

eend $?

ebegin " [ SYNC: 3/3] Cleaning $PKGDIR"

rm -rf $PKGDIR/* >> /var/log/syncpkg.log 2>&1

eend $?

# We sync our copy of .ebuild.x over to the webnode, as it might not be

# synced as often / at the same time as the buildnode. Thus the

# `qpkg --eclean' would remove packages, which *are* in the tree, but

# the webnode hasn't synced up yet.

rssh $PORTDIR/.ebuild.x $REMOTE_TARGET/settings/.ebuild.x

>> /var/log/syncpkg.log 2>&1

if $( ssh $REPO_HOST "test -f $REMOTE_ECACHE" ) ; then

ebegin " [MAINT: 1/3] Removing stale packages in $REPO_PATH"

ssh $REPO_HOST "CACHE_EBUILD_FILE=$REMOTE_ECACHE qpkg -Eq -P

$REPO_BASE/$REPO_PATH/" >> /var/log/syncpkg.log 2>&1

eend $?

# And now remove the .ebuild.x copy again.

ssh $REPO_HOST "rm -f $REMOTE_ECACHE" >> /var/log/syncpkg.log 2>&1

# The user ssh'ing, needs to be in the portage group on the remote

# end. Otherwise, things *will* go wrong (like genpkgindex being

# unable to write to /var/cache/edb/xpak). Also /var/cache/edb/xpak

# needs to be owned by portage:portage, as well as group-writeable.

if $( ssh $REPO_HOST "test -w /var/cache/edb/xpak" ) ; then

ebegin " [MAINT: 2/3] Regenerating $REPO_PATH/Packages"

ssh $REPO_HOST "$REPO_BASE/$REPO_PATH/settings/bin/genpkgindex

$REPO_BASE/$REPO_PATH/All" >> /var/log/syncpkg.log 2>&1

eend $?

if ! $( ssh $REPO_HOST "test -L $REPO_BASE/$REPO_PATH/Packages" ) ; then

ebegin " [MAINT: 3/3] Fixing $REPO_PATH/Packages symlink"

ssh $REPO_HOST "cd $REPO_BASE/$REPO_PATH; rm -f Packages; ln -s

All/Packages" >> /var/log/syncpkg.log 2>&1

eend $?

}

...

As you can see, it does a lot of things, which are all connected with binary package repositories (including cleaning up old packages no longer in the tree – trying not to waste too much space). Sadly, I currently have to use a custom patched qpkg version, as the one implementing the –eclean features isn’t in the tree yet. When I talked to Ned the other day, he complained about it being slow (well, yeah — it has to go through the whole tree) which I don’t really see when you look at what it’s doing.

Also, I had a weird phenomenon today happening: the buildnode built a binary package, sent it to the webnode, which ran qpkg --eclean' afterwards. But after that the binary package was gone. "Why" you ask now ? Well, apparently the webnode isn't synced the same time the buildnode syncs (the webnode is in Germany, the buildnode in the US). So I had to come up with a trick, in order to fool qpkg into not cleaning the freshly built binary packages. See the rssh’ in front of the qpkg call ? Guess what, that’s the lil’ dirty trick …

Anyway, the full bashrc is available. The next thing I’m gonna have to look at (which Markus already did), is building packages via buildbot.

Update: as you see, I updated the bashrc a bit. That’s because after writing this, I started a new (fresh) binpkg repository (empty), and out of the sudden the thing ain’t syncing correctly (as in no Packages file, no portage settings). Turns out, rsync doesn’t create directories which ain’t there. So another extra `ssh‘ execution to create the settings/ directory inside the repo.