-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathatom.xml
804 lines (666 loc) · 44.4 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
<?xml version="1.0" encoding="utf-8" ?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Joseph Ruscio</title>
<link href="http://joseph.ruscio.org/atom.xml" rel="self" />
<link href="http://joseph.ruscio.org" />
<updated>2010-08-23T06:20:06-07:00</updated>
<id>http://joseph.ruscio.org</id>
<author>
<name>Joseph Ruscio</name>
<email>[email protected]</email>
</author>
<entry>
<title>Setting up an APT Repository</title>
<link href="http://joseph.ruscio.org/blog/2010/08/19/setting-up-an-apt-repository" />
<updated>2010-08-19T00:00:00-07:00</updated>
<id>http://joseph.ruscio.org/blog/2010/08/19/setting-up-an-apt-repository</id>
<content type="html">
<p>I recently set out to create an APT repository to host publicly available
packages for <a href="http://librato.com">Librato’s Silverline</a>. Our users install
a tiny agent on their servers and a hosted APT repository provides those
using Debian/Ubuntu a configuration management solution superior to
manual downloads.</p>
<p>Our APT repository must support multiple distributions of both Debian
(e.g. Etch, Lenny) and it’s popular derivative Ubuntu (e.g. Karmic, Lucid).
The repository must support both the i386 and x86_64 architectures across
all such distributions. A short google search reveals that <code>reprepro</code> is
a tool designed for just such a purpose. There are also
<a href="http://www.jejik.com/articles/2006/09/setting_up_and_managing_an_apt_repository_with_reprepro/">informative</a>
<a href="http://www.danielbond.org/archives/114">reprepro</a> <a href="http://davehall.com.au/blog/dave/2010/02/06/howto-setup-private-package-repository-reprepro-nginx">walkthroughs</a>
already online, but they all gloss over some subtle yet extremely
important details.</p>
<p>So what follows is my attempt to minimally but comprehensively document the
procedure assuming a familiarity with shell basics, but little or no experience
with Debian packging past <code>apt-get update/upgrade/install</code>.</p>
<h3>Host Environment</h3>
<p>Our APT repository is hosted on a fresh installation of Ubuntu 10.04 Lucid, but
the procedure should work on any recent version of Debian/Ubuntu.</p>
<h3>Package Configuration</h3>
<p>The most important detail that AFAIK isn’t covered in any of the tutorials
had to do with package naming conventions. The naive assumption (at least
on my part) is that you’ll have a different build of your package for
each distro/arch combination, and import them into your repository as such.
In other words <code>reprepro</code> should track the distro/arch of each import.
In actuality, each build’s <code><PACKAGE>_<VERSION>_<ARCH></code> must be unique, even though
you specify the distro during the <code>includedeb</code> operation.</p>
<p>To address this requirement there’s a common practice of appending the
distro to the package version e.g. <code>1.0.7</code> becomes <code>1.0.7~lenny1</code> or <code>1.0.7+etch4</code>.
(There doesn’t appear to be a consensus on the joining character.) Adding
the second version number after the distro string versions the
package itself, enabling updates that only contain changes to the packaging itself.</p>
<p>If you do not build your packages to include the distro as part of the version, you
will not be able to import a package for more than one distro. You can verify your
package was built correctly by inspecting the <code>Version</code> field listed by <code>dpkg -I</code>:</p>
<pre><code>ubuntu:~/lenny$ dpkg -I librato_silverline_debian_lenny_5.0.3.x86_64.deb
new debian package, version 2.0.
size 306916 bytes: control archive= 834 bytes.
255 bytes, 7 lines conffiles
277 bytes, 10 lines control
991 bytes, 26 lines * postinst #!/bin/sh
Package: librato-silverline
Version: 2.0.7~lenny
...
</code></pre>
<h3>GnuPG</h3>
<p>Assuming you want sign your debian packages to create a secure APT repository,
you need a GPG key. If you already have a GPG key you can skip to the next
section. Otherwise first ensure that GPG is installed:</p>
<pre><code>ubuntu:~$ sudo apt-get install gnupg
</code></pre>
<p>Create a key with the <code>--gen-key</code> command. Select the defaults and be sure to
record the key’s passphrase, you’ll need it each time you import a package into
the repository:</p>
<pre><code>ubuntu:~$ gpg --gen-key
</code></pre>
<h3>Install and Configure reprepro</h3>
<p>Armed with properly configured packages and a GPG key with which to sign them,
we’re now ready to start constructing the repository itself. Start by installing
<code>reprepro</code>:</p>
<pre><code>ubuntu:-$ sudo apt-get install reprepro
</code></pre>
<p>Create a directory to serve as the <em>base</em> of the Debian repository. In our setup
<code>/var/packages/debian</code> serves as the Debian repository base. In the future
<code>/var/packages/ubuntu</code> will house the Ubuntu repository base. We’ll change ownership
of these directories to the <code>ubuntu</code> user that owns the signing key.</p>
<pre><code>ubuntu:~$ sudo mkdir /var/packages
ubuntu:~$ sudo chown ubuntu:ubuntu /var/packages
ubuntu:~$ mkdir /var/packages/debian
</code></pre>
<p>Each repository needs a top-level <code>conf</code> directory:</p>
<pre><code>ubuntu:~$ mkdir /var/packages/debian/conf
</code></pre>
<p>Create a file named <code>distributions</code> in the <code>conf</code> directory. You’ll add a set
of newline separated configuration blocks (one for each supported distro) to
this file. In this example the repository supports <code>etch</code> and <code>lenny</code>. In the future
<code>squeeze</code> support could be added with a third block:</p>
<pre><code>Origin: Librato, Inc.
Label: Librato, Inc.
Codename: etch
Architectures: i386 amd64
Components: non-free
Description: Librato APT Repository
SignWith: yes
DebOverride: override.etch
DscOverride: override.etch
Origin: Librato, Inc.
Label: Librato, Inc.
Codename: lenny
Architectures: i386 amd64
Components: non-free
Description: Librato APT Repository
SignWith: yes
DebOverride: override.lenny
DscOverride: override.lenny
</code></pre>
<p>Fill in the <code>Origin</code>, <code>Label</code>, and <code>Description</code> as you see fit. <code>Codename</code> identifies the
distro the block describes and <code>Architectures</code> is self-explanatory (note that <code>sources</code> is a valid arch).
<code>Components</code> lists the component of the packages in the repository e.g. for
Debian <code>main</code>, <code>contrib</code>, or <code>non-free</code>. <code>DebOverride</code> and <code>DscOverride</code> exceed the scope of
this posting, the reader may either research them on their own or set them as shown.</p>
<p><code>SignWith</code> instructs <code>reprepro</code> that these packages should be signed. The <code>yes</code>
is sufficient as the <code>ubuntu</code> user only has the one key generated above. If
you have more than one key you can specify the ID of the signing key with this
field.</p>
<p>Create empty override files:</p>
<pre><code>ubuntu:~$ touch /var/packages/conf/override.etch
ubuntu:~$ touch /var/packages/conf/override.lenny
</code></pre>
<p>Create a file named <code>options</code> in the <code>conf</code> directory and fill it with the
following content. This file will store a
set of options for <code>reprepro</code> to always run. We only use a few but there are
more available on the <code>reprepro</code> manpage.</p>
<pre><code>verbose
ask-passphrase
basedir .
</code></pre>
<p>The <code>verbose</code> option is self-explanatory. The ask-passphrase option instructs
<code>reprepro</code> to ask us for a GPG key passphrase during the import (otherwise
it’ll fail to sign the packages). The <code>basedir .</code> implies that we’ll be
running all of our <code>reprepro</code> commands with the repository base as our
working directory:</p>
<pre><code>ubuntu:~$ cd /var/packages/debian
</code></pre>
<h3>Import Packages</h3>
<p>The repository base is completely configured and ready for package importing. Just
use the <code>includedeb</code> command and specify the correct distro. In our case:</p>
<pre><code>ubuntu:/var/packages/debian$ reprepro includedeb etch ~/librato_silverline_debian_etch_4.0r8.x86_64.deb
...
ubuntu:/var/packages/debian$ reprepro includedeb lenny ~/ubuntu/librato_silverline_debian_lenny_5.0.3.x86_64.deb
</code></pre>
<p>Each <code>reprepro includedeb</code> operation should prompt for your GPG key passphrase and import the package.</p>
<h3>Repository Access</h3>
<p>We now have a proper Debian repository and all that remains is making it
accessible for installations over the WAN. We just need to serve static
files so we’ll use <code>nginx</code> to serve the packages over HTTP.</p>
<pre><code>ubuntu:/var/packages/debian$ sudo apt-get install nginx
</code></pre>
<p>Configure the APT server in <code>/etc/nginx/sites-available/vhost-packages.conf</code>:</p>
<pre><code>server {
listen 80;
server_name apt.librato.com;
access_log /var/log/nginx/packages-error.log;
error_log /var/log/nginx/packages-error.log;
location / {
root /var/packages;
index index.html;
}
location ~ /(.*)/conf {
deny all;
}
location ~ /(.*)/db {
deny all;
}
}
</code></pre>
<p>Configure the hash bucket size by creating the file
<code>/etc/nginx/conf.d/server_names_hash_bucket_size.conf</code></p>
<pre><code>server_names_hash_bucket_size 64;
</code></pre>
<p>Enable the APT server:</p>
<pre><code>ubuntu:/var/packages/debian$ cd /etc/nginx/sites-enabled
ubuntu:/etc/nginx/sites-enabled$ sudo ln -s ../sites-available/vhosts-packages.conf .
ubuntu:/etc/nginx/sites-enabled$ sudo service nginx start
</code></pre>
<h3>Enable Public Key Access</h3>
<p>Our users will need our public key to validate the signed packages we’re
providing. Placing it in the root of our <code>nginx</code> configuration above
makes it accessible with a simple <code>curl</code> invocation:</p>
<pre><code>gpg --armor --output /var/packages/packages.librato.key --export [email protected]
</code></pre>
<h3>Installation Test</h3>
<p>Now we can test our fully operational APT repository. On some
candidate machine log in as root and add our repository to
<code>/etc/apt/sources.list</code>:</p>
<pre><code>deb http://apt.librato.com/debian/ lenny non-free
</code></pre>
<p>Import the repository’s public key:</p>
<pre><code>lenny:# curl http://apt.librato.com/packages.librato.key | apt-key add -
</code></pre>
<p>Fetch the list of packages available at the new source:</p>
<pre><code>lenny:# apt-get update
</code></pre>
<p>Install the hosted package!</p>
<pre><code>lenny:# apt-get install librato-silverline
</code></pre>
</content>
</entry>
<entry>
<title>Increasing hard disk size with LVM on VMWare Fusion Linux guest</title>
<link href="http://joseph.ruscio.org/blog/2009/12/08/increasing-hard-disk-size-with-lvm-on-vmware-fusion-linux-guest" />
<updated>2009-12-08T00:00:00-08:00</updated>
<id>http://joseph.ruscio.org/blog/2009/12/08/increasing-hard-disk-size-with-lvm-on-vmware-fusion-linux-guest</id>
<content type="html">
<p>I currently use VMware Fusion to maintain and run a Linux guest on my Macbook.
When I originally installed the guest, I assumed that a 20 GB virtual disk
would be more than enough space for my Linux hacking.</p>
<p>As you can probably infer from the title of this post, some recent developments
invalidated that assumption and necessitated more disk space. What follows is a
procedure I cobbled together from a bunch of disparate sources that works for my
particular setup (VMware Fusion 2.0.4, Fedora 10 guest w/LVM and an ext3
filesystem). These instructions involve modifying physical partitions, logical
volumes, and your filesystem so I advise you to read through them to the end
before getting started.</p>
<p>The very first step is to use Fusion to increase the “physical size” of the
virtual disk. This functionality is accessible through the <em>Virtual Machine
-> Hard Disk -> Hard Disk Settings</em> menu item. The resulting dialog contains a
<em>Disk size</em> slider. Note that this slider is not accessible unless the VM in
question is shut down and (more annoyingly) all pre-existing snapshots are deleted.
I just had one snapshot to delete, but it took a while, so be patient. After
you’ve increased the disk size, probably wouldn’t hurt to take a new snapshot,
just in case something goes wrong with the procedure below.</p>
<p>Now that we’ve increased the disk size (I increased mine from 20GB -> 50GB), let’s
boot the VM and log into our guest. We’ll use the <em>df</em> command to examine our
mounted file filesystems:</p>
<pre><code>[root@fedora ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
18G 15G 1.9G 89% /
/dev/sda1 190M 163M 18M 91% /boot
tmpfs 502M 80K 502M 1% /dev/shm
</code></pre>
<p>Still shows 20 GB of total space and a filesystem device <em>/dev/mapper/VolGroup00-LogVol00</em>
that’s indicative of LVM, the default for Fedora. Use the venerable <em>fdisk</em> to examine
the “physical” disk:</p>
<pre><code>[root@fedora ~]# fdisk -l
Disk /dev/sda: 52.6 GB, 52613349376 bytes
255 heads, 63 sectors/track, 6396 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000f2b12
Device Boot Start End Blocks Id System
/dev/sda1 * 1 25 200781 83 Linux
/dev/sda2 26 2610 20764012+ 8e Linux LVM
</code></pre>
<p>The physical disk has the capacity, but its in the form of unpartitioned/unformatted space.
Before we can do anything, We need to create a new partition containing this space.
First we’ll drop into <em>parted</em> and examine the existing partition table:</p>
<pre><code>(parted) print
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sda: 52.6GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32.3kB 206MB 206MB primary ext3 boot
2 206MB 21.5GB 21.3GB primary lvm
</code></pre>
<p>Create a new partition that uses up all of the new space on the physical device:</p>
<pre><code>(parted) mkpart primary 21.4GB -1s
(parted) print
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sda: 52.6GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32.3kB 206MB 206MB primary ext3 boot
2 206MB 21.5GB 21.3GB primary lvm
3 21.5GB 52.6GB 31.1GB primary
</code></pre>
<p>Use <em>partprobe</em> to load the table:</p>
<pre><code>(parted) quit
[root@fedora ~]# partprobe
</code></pre>
<p>At this point we’ve got a new partition, <em>/dev/sda3</em>, that you could simply
format with <em>mke2fs</em> and mount as its own filesystem e.g. <em>/mnt/data</em>. I
personally chose to leverage LVM’s capabilities and incorporate the new
partition into the existing logical volume mounted as /. Start by examining
the set of existing physical volumes:</p>
<pre><code>[root@fedora ~]# lvm pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 VolGroup00 lvm2 a- 19.78G 32.00M
</code></pre>
<p>Create a new physical volume with the new partition:</p>
<pre><code>[root@fedora ~]# lvm pvcreate /dev/sda3
Physical volume "/dev/sda3" successfully created
[root@fedora ~]# lvm pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 VolGroup00 lvm2 a- 19.78G 32.00M
/dev/sda3 lvm2 -- 29.01G 29.01G
</code></pre>
<p>Add new physical volume to the volume group. If you recall from the initial
<em>df</em> output above, the volume group in question is VolGroup0:</p>
<pre><code>[root@fedora ~]# lvm vgextend VolGroup00 /dev/sda3
Volume group "VolGroup00" successfully extended
[root@fedora ~]# lvm pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 VolGroup00 lvm2 a- 19.78G 32.00M
/dev/sda3 VolGroup00 lvm2 a- 29.00G 29.00G
</code></pre>
<p>Now extend the logical volume to include the physical volume we just added to
the group. Use <em>lvm vgdisplay</em> to examine the group:</p>
<pre><code>[root@fedora ~]# lvm vgdisplay VolGroup00
--- Volume group ---
VG Name VolGroup00
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 4
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 2
Max PV 0
Cur PV 2
Act PV 2
VG Size 48.78 GB
PE Size 32.00 MB
Total PE 1561
Alloc PE / Size 632 / 19.75 GB
Free PE / Size 929 / 29.03 GB
VG UUID 8w2Wi9-T2lV-IKCV-fLRP-yTJl-teJM-LuGoNb
</code></pre>
<p>The <em>Free PE/Size</em> field shows the new physical volume as 929 free extents.
Extend the logical volume to include all free extents:</p>
<pre><code>[root@fedora ~]# lvm lvextend -l+929 /dev/VolGroup00/LogVol00
Extending logical volume LogVol00 to 46.81 GB
Logical volume LogVol00 successfully resized
</code></pre>
<p>Use <em>resize2fs</em> to extend our ext3 filesystem online. Note that many LVM
tutorials online refer to the now deprecated <em>ext2online</em> command for this
step, <em>resize2fs</em> now provides this functionality:</p>
<pre><code>root@fedora ~]# resize2fs /dev/VolGroup00/LogVol00
resize2fs 1.41.4 (27-Jan-2009)
Filesystem at /dev/VolGroup00/LogVol00 is mounted on /; on-line resizing required
old desc_blocks = 2, new_desc_blocks = 3
Performing an on-line resize of /dev/VolGroup00/LogVol00 to 12271616 (4k) blocks.
The filesystem on /dev/VolGroup00/LogVol00 is now 12271616 blocks long.
</code></pre>
<p>Finally, use <em>df</em> again to verify that we have lots of free space:</p>
<pre><code>[root@fedora ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
47G 15G 29G 34% /
/dev/sda1 190M 163M 18M 91% /boot
tmpfs 502M 80K 502M 1% /dev/shm
</code></pre>
</content>
</entry>
<entry>
<title>Aggregate statistics gem released!</title>
<link href="http://joseph.ruscio.org/blog/2009/09/13/aggregate-statistics-gem-released" />
<updated>2009-09-13T00:00:00-07:00</updated>
<id>http://joseph.ruscio.org/blog/2009/09/13/aggregate-statistics-gem-released</id>
<content type="html">
<p>Finally got around to putting together a decent README (and a few last bugfixes)
for my Aggregate statistics gem. With that out of the way, its ready for
public consumption. Aggregate is an easy-to-use ruby implementation of a
statistics aggregator that includes configurable histogram (binary or linear)
support. Stats are aggregated in a <em>streaming</em> fashion that doesn’t record/store
any of the individual sample values, enabling statistics tracking across a
practically unlimited number of samples without any impact on your application’s
performance or memory footprint.</p>
<p>Perhaps more importantly than the basic aggregate statistics (e.g. mean,
standard deviation, max, min, etc) Aggregate also maintains a histogram of the
sample distribution. For anything other than normally distributed data averages
are insufficient at best and often downright misleading. 37Signals recently
posted a
<a href="http://37signals.com/svn/posts/1836-the-problem-with-averages">terse but effective explanation</a>
on the importance of histograms. Here’s a second more
<a href="http://www.zedshaw.com/essays/programmer_stats.html">detailed posting</a> by Zed
Shaw authored in his inimitable and entertaining style.</p>
<p>Full source code and a detailed README can be found on the
<a href="http://github.com/josephruscio/aggregate">project homepage</a> and the gem is
available on <a href="http://www.gemcutter.org/gems/aggregate">gemcutter.org</a>.
But just to whet your appetite, here’s a quick example:</p>
<pre><code>require 'rubygems'
require 'aggregate'
# Create an Aggregate instance
binary_aggregate = Aggregate.new
linear_aggregate = Aggregate.new(0, 65536, 8192)
65536.times do
x = rand(65536)
binary_aggregate >> x
linear_aggregate >> x
end
puts "\n** Binary Histogram **\n%s" % [binary_aggregate.to_s]
puts "\n** Linear Histogram **\n%s" % [linear_aggregate.to_s]
</code></pre>
<p>And the resulting output:</p>
<pre><code>macbook:aggregate(master) jruscio$ ruby ./aggregate_example.rb
** Binary Histogram **
value |------------------------------------------------------------------| count
1 | | 1
2 | | 1
4 | | 2
8 | | 10
16 | | 24
32 | | 33
64 | | 71
128 | | 121
256 | | 258
512 |@ | 497
1024 |@@ | 1061
2048 |@@@@ | 2004
4096 |@@@@@@@@ | 4186
8192 |@@@@@@@@@@@@@@@@ | 8257
16384 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 16345
32768 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| 32665
~
Total |------------------------------------------------------------------| 65536
** Linear Histogram **
value |------------------------------------------------------------------| count
0 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8269
8192 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8257
16384 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8302
24576 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8043
32768 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8273
40960 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8052
49152 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| 8315
57344 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | 8025
Total |------------------------------------------------------------------| 65536
</code></pre>
<p>Feedback welcome and enjoy!</p>
</content>
</entry>
<entry>
<title>Installing git on CentOS 5.2</title>
<link href="http://joseph.ruscio.org/blog/2009/07/29/installing-git-on-centos-5-2" />
<updated>2009-07-29T00:00:00-07:00</updated>
<id>http://joseph.ruscio.org/blog/2009/07/29/installing-git-on-centos-5-2</id>
<content type="html">
<p><a href="http://www.centos.org/">CentOS</a> for all intents and purposes is a community
supported clone of Red Hat Enterprise Linux (RHEL). If you want to run RHEL
without paying for support, CentOS is as good as it gets. One of the hallmarks
of Enterprise Linux distributions is their rock-steady stability i.e. they only
run really boring, old software. This risk-aversion has a downside in restricted
access to the latest and greatest packages and tools. Case in point, since Red
Hat released RHEL 5.0 in March 2007, Git has really matured from its origins as
a custom kernel development tool into a version control world-beater. Unfortunately
the base CentOS 5.2 repositories don’t appear to contain rpms for git. Or at
least the CentOS 5.2 AMI I’m using (ami-e300e68a) doesn’t:</p>
<pre><code>-bash-3.2# yum install git
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
... [snip] ...
No package git available.
Nothing to do
</code></pre>
<p>Not to fear, <a href="https://rpmrepo.org/RPMforge" title="">RPMforge</a> maintains an RPM
repository for CentOS full of goodies, including git (1.5.x as of this writing).
The CentOS Wiki provides
<a href="http://wiki.centos.org/AdditionalResources/Repositories/RPMForge?action=show&amp;redirect=Repositories%2FRPMForge#head-b06dd43af4eb366c28879a551701b1b5e4aefccd" title="">detailed instructions</a> on configuring RPMforge access, but here’s the rapid-fire how-to.</p>
<p>Install <em>priorities</em> to avoid conflicts between packages in RPMforge and the
Base CentOS repositories:</p>
<pre><code>-bash-3.2# yum install yum-priorities
... [snip] ...
Installed: yum-priorities.noarch 0:1.1.16-13.el5.centos
Complete!
</code></pre>
<p>To configure priorities first edit <em>/etc/yum.repos.d/CentOS-Base.repo</em> and add
a <em>priority=N</em> line to each entry. For [base], [updates], [addons], and
[extras] set <em>N</em> to 1. For [centosplus] set <em>N</em> to 2. Also edit
<em>/etc/yum.repos.d/rpmforge.repo</em> and for [rpmforge] set <em>N</em> > 2.
(I chose 4 because its the next power of 2, and that’s how I roll).</p>
<p>Verify our access to RPMforge with a check-update:</p>
<pre><code>-bash-3.2# yum check-update |grep forge
* rpmforge: ftp-stud.fht-esslingen.de
... [snip] ...
</code></pre>
<p>Finally install git:</p>
<pre><code>-bash-3.2# yum install git
... [snip] ...
Complete!
</code></pre>
<p>Enjoy the tasty DVCS goodness!</p>
</content>
</entry>
<entry>
<title>KVM on Fedora 11 QuickStart Guide</title>
<link href="http://joseph.ruscio.org/blog/2009/07/28/kvm-on-fedora-11-quickstart-guide" />
<updated>2009-07-28T00:00:00-07:00</updated>
<id>http://joseph.ruscio.org/blog/2009/07/28/kvm-on-fedora-11-quickstart-guide</id>
<content type="html">
<p>With the upcoming release of RHEL 5.4, Red Hat officially enters the
virtualization fray with a KVM-based solution. Although KVM is exciting for
several reasons, e.g. it’s free, fully supported by the Linux kernel community,
doesn’t require any special hardware past the increasingly common Intel-VT or
AMD-V extensions, etc, its also represents the next stage of virtualization evolution.</p>
<p>I’ll expound in a future post about how and why (admittedly with the benefit of
hindsight) KVM represents a far more elegant model for virtualization, but
after the jump today you’ll find a minimal set of instructions to rapidly get a
Debian Lenny virtual guest up and running on a fresh out-of-the-box Fedora 11
server installation.</p>
<p>Lengthy instructions on Fedora virtualization suitable for KVM and/or Xen can
be found at
<a href="http://fedoraproject.org/wiki/Virtualization_Quick_Start#Using_virtualization_on_fedora">the Fedora wiki</a>
The following lists the minimal set of steps to get a guest running focusing
soley on KVM to the exclusion of Xen.</p>
<p>Our setup comprises a freshly installed remote Fedora 11 server serving as the
KVM target (bash prompt <em>server</em>) and a local Fedora 11 laptop (bash prompt <em>laptop</em>).</p>
<p>First we’ll shell into the remote server to install and configure all the
necessary KVM software. Verify we’re using Fedora 11 with a Intel-VT or AMD-V
processor:</p>
<pre><code>[root@server ~]# uname -a && egrep '(vmx|svm)' /proc/cpuinfo | wc -l
Linux server 2.6.29.4-167.fc11.x86_64 #1 SMP Wed May 27 17:27:08 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
4
</code></pre>
<p>This server is running the modified 2.6.29 Linux kernel that comes stock with
Fedora Core 11. It possesses 4 processing cores enabled with Intel-VT. Installing
the basic tools required for KVM is our first task, luckily Fedora provides a
convenient meta-package:</p>
<pre><code>[root@server ~]# yum groupinstall 'Virtualization'
</code></pre>
<p>Alongside kvm/qemu, the Virtualization group also includes the
<a href="http://libvirt.org/">libvirt</a> toolset. Libvirt provides a common abstraction
across several types of hypervisors. This abstraction includes simplified
installation and remote graphical console access a la $VMW’s VirtualCenter. To
access these features we must start the libvirtd daemon.</p>
<pre><code>[root@server ~]# /etc/init.d/libvirtd start
Starting libvirtd daemon: [ OK ]
</code></pre>
<p>Using the <em>virsh</em> command line tool, verify the currently guestless system is
running and ready to accept commands:</p>
<pre><code>[root@server ~]# virsh -c qemu:///system list
Id Name State
----------------------------------
</code></pre>
<p>Now we’re ready to install our guest. We’ll need to download an ISO image to
install our virtual machine. To keep things simple we’ll go with Debian Stable
aka <em>Lenny</em> (as of this writing). We’ll create a top-level directory to store
both the ISO image and the virtual machine disk image:</p>
<pre><code>[root@server ~]# mkdir /kvm && cd /kvm
[root@server kvm]# wget http://cdimage.debian.org/debian-cd/5.0.2/amd64/iso-cd/debian-502-amd64-netinst.iso
...
[snip]
...
Saving to: `debian-502-amd64-netinst.iso.1'
100%[==================================================================================================>] 137,713,664 1.49M/s in 93s
2009-07-27 19:10:24 (1.56 MB/s) - `debian-502-amd64-netinst.iso' saved [137713664/137713664]
</code></pre>
<p>Now armed with the KVM/libvirt tools and an ISO image for installation, we issue
a single <em>virt-install</em> command to a) create a backing disk image and b) boot
a newly created virtual guest off of the ISO:</p>
<pre><code>root@server kvm]# virt-install --connect qemu:///system -n lenny0 \
> -r 512 --disk path=/kvm/lenny0.qcow2,size=16 \
> -c /kvm/debian-502-amd64-netinst.iso --noautoconsole --os-type linux \
> --os-variant debianlenny --accelerate --hvm
Starting install...
Creating storage file... | 16 GB 00:00
Creating domain... | 0 B 00:01
Domain installation still in progress. You can reconnect to the console to complete the installation process.
</code></pre>
<p>The “domain” referred to in virt-install’s output is our new guest. We’ve
created a single-core virtual server named lenny0 with 512 MB of RAM and a 16GB
virtual disk housed on server at /kvm/lenny0.qcow2. Furthermore, lenny0 has been
booted off of our Debian net-install ISO image.</p>
<p>Now we can use the graphical <em>virt-manager</em> tool locally from our laptop to
connect to the virtual server’s graphical console (basically VNC) and kick off
the Debian net-install process. In theory we should be able to run virt-manager
locally on our laptop and connect over ssh to the libvirtd daemon on the remote
server. In practice it’s still pretty shaky and has some onerous requirements.
Notably that there’s no progress indicator informing how much longer remains
before the connection initializes (and it takes a long time). So if you want
to try it out, <a href="http://virt-manager.org/page/RemoteSSH" title="">good luck</a>, YMMV
(hopefully someone at $RHAT puts some polish on this aspect soon).</p>
<p>I’ve personally chosen to avoid the whole debacle and just run virt-manager on
the remote server and use X Forwarding over ssh to interact with it from the
laptop. It’s slow, but sufficient for Debian’s curses-based installer
(I actually did this across the continental US).</p>
<pre><code>fedora:lm jruscio$ ssh -X root@server 'virt-manager' &amp;
[1] 20038
</code></pre>
<p>The virt-manager tool should show a single VM, lenny0, running on server.
Double-clicking on the lenny0 entry brings up the VNC console, that should show
the Debian net-install splash screen. Start the installation and for the most
part select all the defaults (I removed <em>Desktop</em> from the additional packages).</p>
<p>After the installer finishes it leaves the machine in a halted state. Boot the
machine with the <em>Run</em> button above the VNC console and log in as root. As a
final step install ssh and use ifconfig to determine the IP address DHCP granted
the virtual server:</p>
<pre><code>lenny0:~# apt-get install ssh
[snip]
lenny0:~# ifconfig eth0 |grep inet
inet addr:192.168.122.99 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::5652:ff:fe46:6f93/64 Scope:Link
</code></pre>
<p>That was pretty easy and we’re now able to shell into our virtual guest from
the physical server hosting it!:</p>
<pre><code>server:~ jruscio$ ssh 192.168.122.99
[email protected]'s password:
Linux lenny0 2.6.26-2-amd64 #1 SMP Sun Jun 21 04:47:08 UTC 2009 x86_64
</code></pre>
</content>
</entry>
<entry>
<title>Securing your online identity</title>
<link href="http://joseph.ruscio.org/blog/2009/07/16/securing-your-online-identity" />
<updated>2009-07-16T00:00:00-07:00</updated>
<id>http://joseph.ruscio.org/blog/2009/07/16/securing-your-online-identity</id>
<content type="html">
<p>This week a
<a href="http://www.mercurynews.com/topstories/ci_12844562">widely publicized security breach</a>
occurred at media darling Twitter. The cracker made off with a slew of internal
company documents, most of which are now easily located at your technology news
site of choice. It’s somewhat of a tempest in a teapot, given that most of the
secret documents reveal such salacious details such as Twitter’s desire to make
money and grow. Shocking, I know.</p>
<p>What should should concern the average net denizen (you, me, etc), is the
attack vector used to compromise Twitter. In a similar fashion to what
<a href="http://www.wired.com/threatlevel/2008/09/palin-e-mail-ha/">befell Sarah Palin</a>
during the last election, the cracker managed to compromise a personal
web-based email account of a handful of Twitter employees or their family (Gmail
in this case, Yahoo for Sarah Palin). After gaining access to Gmail accounts,
the cracker was able to both access other online accounts, any attached documents,
or Google Docs repositories.</p>
<p>You see, almost any website you log into will gladly email you everything you
need to access your account through a simple click of the “Forgot my password”
button. So even assuming you have a unique, strong password set on every account
(and lets be honest, you don’t), once a cracker gains access to your favorite
email account, its game over.</p>
<p>And what industrial strength security mechanism do email providers use to
protect your online achilles heel? Some simple question that’s ridiculously
susceptible to attacks. (What’s your mother’s maiden name? What town did you go
to high school in? What kind of car do you drive?) So while IANASE (I Am Not A
Security Expert), and you need to take responsibility for securing your
identity online, there are a few simple things you can do to drastically
increase your safety.</p>
<p>Even if you’re not going to use a unique, random password for each account
(and you should), at least secure your online email accounts or any Single
Sign-on (e.g. OpenID) with a unique, random password. Furthermore, if you have
the opportunity to select your own security question (Gmail at least permits
this), you should use a question along the lines of “What is the answer to my
security question?” and supply as that answer a highly-randomized, secure
password that you record and store somewhere safe. FYI, a post-it note affixed
to your monitor is not such a safe location. Alternatively you could just
answer one of the silly questions with your random password.</p>
<p>(For those looking for more ubiquitous protection,
<a href="http://agilewebsolutions.com/products/a/1Password">1Password</a> is a highly-touted,
secure password manager that seamlessly integrates with your web-browser to
maintain a full set of unique, bulletproof passwords.)</p>
</content>
</entry>
<entry>
<title>printf(“Hello World!\n”);</title>
<link href="http://joseph.ruscio.org/blog/2009/07/15/hello-world" />
<updated>2009-07-15T00:00:00-07:00</updated>
<id>http://joseph.ruscio.org/blog/2009/07/15/hello-world</id>
<content type="html">
<p>Welcome to my blog. I’m only about 10 years behind the times, but better late
than never I suppose. In my defense, the need for a place for musings and
information too long for Twitter (<a href="http://twitter.com/josephruscio">@josephruscio</a>)
served as the main motivator.
Look in this space for intermittent postings on software development, computer
science, startupping, marathon training, food/drink, or whatever other shiny
object has my attention.</p>
</content>
</entry>
</feed>