Feb/121
Making the easy stuff hard, the hard stuff possible
TechOps Guy: Nate
First off, sorry for being away for so long, I’ve been really, really busy preparing a new data center deployment to migrate my company out of the cloud into. The last time I did anything remotely resembling this was in 2007, though this time there are some extra layers involved that I didn’t have back then. It is certainly an interesting experience though configuring the software and infrastructure from the absolute ground up, having nothing to base it off of (other than past experience obviously!). I mean we have our stuff in a public cloud now but there are so many things that are different from an infrastructure perspective that little of it transfers over.
I wanted to write about a sort of topic that I haven’t really written about before. It’s about a systems management tool named Chef from a Seattle-based company named Opscode. It’s supposed to be a next generation tool that is supposed to make your life easier, more advanced than older tools like Puppet and Cfengine.
I’ll start off by saying I have a very strong background in Cfengine, having had used it since late 2004, at three different companies. My techniques and approaches evolved significantly over the years, and my last deployment was quite good in my opinion considering I had to adapt an existing Cfengine deployment made by folks who didn’t know what they were doing into something that worked well, and doing so in a 4 nines environment. That was not easy, as you know one wrong command or config in one of these tools can wreck havoc as I know first hand. I grew to like Cfengine a lot, and there was really nothing that I needed it to do that it couldn’t do for me. I knew it’s limitations well and it was simple to use.
I was introduced to Chef in the summer of 2010 when I went to the headquarters of Opscode and met their senior staff including one of the co-founders I believe. They gave us their powerpoint presentation on what Chef was, how it worked, what it could do, why it exists.
It certainly came across as a very impressive tool, being able to do tons of things that Cfengine could not do, had a lot of concepts that sounded like they could be useful. At the same time however it looked incredibly complicated.
I raised my concerns with their senior staff on that very first day and we had about a 15 minute discussion on it. I’m not a programmer, nor do I ever intend to be. I have a very big line that I refuse to cross from scripting tools in perl & bash to help make my life easier to full on code. A developer at my company constantly jokes that I say I am not a programmer yet I come up with complicated regexes and scripts to do things they don’t understand how to come up with on their own.
They tried to re-assure me that learning Chef is no different than learning the syntax of an Apache configuration file, or DNS or something like that. I didn’t really buy it, but was still willing to give the tool a shot since it sounded like a nice level of systems management that you could achieve with it. I still joke with my co-workers and current boss( who was my boss at the time too) on this very topic, they all remember that conversation to this day.
Chef is written in Ruby, and is very Ruby-centric. I guess you could say I am very biased against Ruby given my past experience supporting Ruby (on Rails) applications.
So here I am, almost 18 months later and things haven’t changed much. My dislike of Ruby continues, and is perhaps even stronger now having used Chef.
My first chef implementation about a year ago was fraught with frustration at almost every turn. I could(and still can) see the promise in the tools it provides the user with but it’s just so difficult to work with especially coming from a Cfengine background(and lack of programming experience) that for my first iteration I dumbed it down a whole bunch, making the logic very Cfengine like, at least as much as I could. I didn’t use any data bags, any attributes, no templates, nothing like that. I had (and still have) a very hard time finding usable examples for many things in Chef. They have a big repository of sample cookbooks – but to me for the most part those are not usable, because while examples they don’t go into details as to specifically, literally what each line of code does. Chef apparently uses this for it’s template language, I looked at it a couple of times – and really I could not make heads or tails of it.
I like to tell people that Chef makes the easy things hard, and the hard things possible. It seems very clear to me that they attacked the hard things in system management first before addressing the easy things. I remember seeing something in their documentation around the concept of the holy grail in the single instance copy, which fits along those lines well. The idea is you have one small bit of code that can be adapted to (m)any environments and situations, using the templates to pull attributes and values from data bags or other sources to make something on the fly.
The concept is novel for sure, coming from a Cfengine background I am very used to duplicating config stanzas, for different environments, making static config files, one for each environment or something like that. I’ve been doing it so long it’s second nature.
Where the opscode folks and I seem to part ways is our priorities. Their priority is to turn the system management into code and automate it to the point where it scales to a million systems. Mine is less ambitious, I want it to be easy to manage and it can scale to a few thousand systems at the most, since going beyond that gets so cookie cutter that it’s not fun anymore. I can certainly see the value of such an approach when dealing with massive environments that are changing all the time. Most companies though this situation doesn’t exist – most companies things are fairly static, you get a new system here and there, you get a new environment maybe once a quarter at the most. Maybe some big project comes along that increases your system count by a large amount for some special purpose.
I have absolutely no problem in maintaining separate config files for each environment and having different config stanzas in the config management tool to push those files out. Not only is this approach simpler (in my view) it gives much more, insight – perhaps is a good word into what is actually happening. I mean if you have a template filled with things that are pulling values dynamically from a half dozen or more different sources you really have no idea what that file really looks like until it lands on the server in question. I like to be able to open the file and look at the settings rather than hunt down the various flags and values that can come from these various sources chef provides.
I’m not building new environments every day, the level of change in general is quite small (as it has been over the past decade at companies I have worked at), I don’t need the level of dynamic abilities that Chef provides because it doesn’t help me that much.
I came up with a new saying a few months ago after dealing with Chef. If it’s not friends with sed, awk and grep then it’s not friends with me. Chef, being very developer-centric uses a lot of JSON to store and manage it’s various configurations. JSON is very much not friendly to sed, awk and grep, and so it frustrates me greatly whenever I have to deal with it.
Because we are moving into a self managed data center environment we needed a way to provision systems. My background is Red Hat/CentOS, Kickstart and Cfengine. We have Ubuntu, <nothing>, and Chef. I came up with a system that for now uses VMware templates (my first ever use of VMware templates) and some custom scripting to integrate with Chef and do other provisioning tasks. It works, it’s not as nice as Kickstart but it works. So speaking of this, and JSON there is a bootstrap process Chef needs to do in order to get itself registered and stuff with the Chef service. This involves creating a bit of JSON that Chef can read. The standard way of Chef bootstrap is a sort of push approach, where there is a management agent that waits for a system to be provisioned, then ssh’s to the system and runs a bunch of stuff. I wanted a pull approach, where the system is provisioned and boots up and configures itself. So I came up with this little bash snippet to construct this JSON file
echo -n "Making first-boot.json ..."
echo -n "{ \"run_list\": [ ">/etc/chef/first-boot.json;
export ROLES=`grep ROLE /root/00-50-* |head -n 1 | sed s'/.*=//'g | sed s'/,/ /'g` &&
for ROLE in $ROLES; do echo -n \"role[${ROLE}]\",;done | sed s'/\,$//'g >>/etc/chef/first-boot.json;
echo -n " ] }" >>/etc/chef/first-boot.json
That /root/00-50-* file is a configuration file named after the MAC address of the VM. This is based on my older kickstart stuff which has been extended to support Chef. It stores things like IP address, Host name, default gateway, for the network, then Chef environment, Chef Role(s), and Chef Organization. It’s a simple text file format, that looks like VARIABLE=value, one VARIABLE per line.
My point with pasting that code is the ugly length I have to go through to simulate valid JSON output using my own regular tool set. Remember I am NOT a programmer!
The scripting works fine(at least so far, built a dozen or so different roles and systems), but it shouldn’t be that complicated.
For those of you more experienced with Vmware templates I noticed there is the ability to customize a template so that Vmware can set the IP address, host name etc of the guest OS. When I saw this I spent a good two hours trying to get it to work, but no matter what I tried Vmware said my configuration was not supported and it would not let me customize. I have read conflicting reports as to whether or not it is possible on Ubuntu. I am running ESX 4.1 with vCenter 5.0. I think if I was running vCenter 4.x it would work fine, but Ubuntu and other “non tier 1″ operating system support for template customization is no longer supported in the 5.0 products. Often times when I see “not supported” especially when something used to work, it means that it might work but don’t ask us for help if it blows up. Maybe coincidence or not but as I said no matter what I did, the customization boxes were greyed out and I could not get vCenter 5.0 to work with Ubuntu.
At the end of the day it doesn’t matter though, I had, what was to me at least a good provisioning process I could adapt from my Kickstart days, a process that works well on both physical as well as virtual machines. Something that leverages the MAC address or the serial number(in the case of physical machines) for unique identification.
With regards on how I used to do things with Cfengine, it was simpler than Chef. Cfengine operates more on trust than Chef. Chef uses public/private keys to authenticate systems, and these keys have to be in the right place in order for a system to get registered. This is good for untrusted networks, like public clouds(ugh). Cfengine works more on trust, where you can (or at least I did) assign network ranges where the IPs are trusted, and a new system could just register itself without any special configuration. The keys would be generated automatically and exchanged between cfengine client and server. I had my cfengine configuration, for the most part dynamic based on the host name of the server. Most of my major Cfengine classes ran a simple grep on the file name that had the host name in it, if the host name matched a particular pattern it was automatically included in the right classes. With Chef life is different, I can’t do that. I have to specifically define which role(s) or recipes a system has up front. Because the system will only download cookbooks that it is specifically configured for using. This isn’t a big deal but is an extra step that I’m not used to having to do.
Sample CFengine class defitition:
ENV_CORPDMZ = ( ReturnsZero(/bin/egrep -q "^HOSTNAME=corpdmz" /etc/sysconfig/network) )
With Cfengine, prior to implementing the hostname-based approach, adding a new server with Cfengine involved manually editing the master cfengine configuration so that it was aware of the new system that was about to come online. I still had to edit this file on occasion, if there were special configs needed for a server, but for the most part, for like systems, web servers and the like I did not.
Which sort of brings me to the next topic – recruiting talent that can use Chef. I’ve been managing server systems for about 17 years now, wow has it really been that long. It’s clear to me after 18 months of chef I lack the knowledge to be able to effectively use the tool (though it hasn’t stopped me from using it at this point), but knowing that, and working with people at my previous company with Chef and seeing the tool present them with a similar level of frustration (if not more), I can see Chef being a real sticking point finding talent that is capable of managing it. My company is actively recruiting senior systems people(well one person) and the candidates that I have spoken with so far, along with candidates I have spoken to in the past, I honestly can think of perhaps one or two people over the years that I know that could handle Chef, and one of them is a full time programmer now (when I met him he was hired to be on my operations team back in 2003).
Well short of the co-worker I have now who does quite a wonderful job in deploying and managing Chef, who wrote the vast majority of Chef stuff at my current company. It’s really well done, but even now that a lot of the hard work was done by him, in a very chef-like way I constantly struggle to add new stuff in, or to change existing things because it’s so dynamic. I see a value for something – where is it coming from? is it from the node? environment ? data bag? attribute? something else?
So I see Chef somewhat like I see Hadoop as far as what skill sets are needed and who can provide them. One of my previous companies was working on migrating towards Hadoop and a big complaint I heard from them about Hadoop (and I have heard it from others since) is finding talent that knows the product. With the likes of Yahoo, Google, and other big companies with very deep pockets and big data aspirations they can afford to pay out the wazoo for Hadoop talent, something small companies just can’t compete with. The number of people qualified to do Hadoop right vs the number of people that can do SQL, well it’s obvious, right.
I see the same with Chef. It’s a powerful tool but it’s just not there yet with regards to usability, I can see it being a very useful tool for the likes of those same kinds of companies who manage very huge fleets of systems and have a very dynamic environment. One such place is HP, whom someone I know is going to work for HP Cloud, because he knows Chef. I assume he is probably pretty good at Chef by now, though the caveat with him is he has a strong Ruby programming background. So it’s no real surprise that he could pick Chef up.
I filed several feature requests and bug reports on the Chef support site about a year ago when I was first interacting with it, though I don’t think much made it through. One thing I’d really like is a good way to do in-line editing of text files. At least at the time the Chef mantra was “find another way to do it”, which a friend of mine says is the same thing Puppet people say. So how do I go about adding an entry to /etc/hosts?
Another thing I’d like to be able to do is bulk file copies from the cookbook and preserve ownership and permissions from the source files(e.g. having a directory tree with various owners/groups/permissions and copying it all at once), I don’t think that is possible still. At the time the Opscode people suggested I use rsync for that.
Another thing I’d like is to be able to host cookbooks internally while using the external service for other things. This is mainly for security purposes I feel more at ease when my core data stays within the confines of my network, on systems under my direct control.
Another thing I’d like to see which I have mentioned to Opscode in one way or another as well is a more abstracted configuration language. I think I called it idiot mode or something. The Ruby syntax they use, while I’m sure it’s great for ruby people really sucks for people like me. I’m fine with a reduced subset of functionality that may be provided by idiot mode, because it’s likely that I won’t use that functionality to begin with(at least not initially). Make the learning curve to actually using the tool less steep.
At one point Opscode was interested in talking to me about a full time position being an advocate for their platform. I just couldn’t go through with it, I just can’t get excited about the platform after all the frustration it has given me. I certainly see the promise and will continue trying, but I think some fundamental things need to be done to the system in order to make it more usable.
So, in the end, I see Chef as a very powerful tool, a very useful tool for those with the skills that can handle the power it gives you. If I were deploying a new environment today I would certainly NOT use Chef, I would use Cfengine. I don’t want to discourage people from using Chef, it is a good tool, just realize the much higher level of investment you need in order to properly leverage it and try to weigh that against the benefits. For me, the hard things that are made possible by Chef really involve a trivial amount of time. I dare say I have spent FAR more time trying to work with Chef on these hard things (understanding the concepts, code etc) than just flat out doing it by hand the old fashioned way.
You might want to ask – why haven’t I tried Puppet? My answer would be – to-date I haven’t had a reason to. I’ve had a few brief discussions with people who use Puppet over the years(including those who have used Cfengine as well) and asked them why should I use Puppet over Cfengine. For the most part the response was there’s nothing really revolutionary in Puppet so if your happy with Cfengine then stick to it. There are a few things Puppet apparently does better (What they are I don’t remember), but in my talks with people there wasn’t anything — anything that made me want to jump on Puppet. There was things that sounded nice (like Chef has), but not enough return to justify the investment in time to make a migration when, as I mentioned earlier Cfengine does pretty much everything I need it to do.
With Cfengine I could probably train a systems person up on the basics in literally an afternoon. My Cfengine configurations were not complicated. With Chef, well here I am at 18 months and still lost.
3,400 words, I think that’s a record for me for a published blog post. Should get back to sleep now, started writing this at about 3:30AM.
Aug/110
RIP: WebOS
TechOps Guy: Nate
UPDATED I have been a user of WebOS based devices for a couple of years now, I bought a Palm Pre in late 2009, and a Touchpad on launch day. WebOS in general has been a pretty good user experience, it worked quite well from a functional perspective in my view. The devices weren’t the fastest(though since I really never used any others I had little frame of reference), I think mainly to the web-centric nature of the OS instead of running mostly native code.
The Pre was my first Palm-branded product, though I did own a couple of Handspring Visors for a long time.
WebOS seems to have been, for the most part widely praised from a user friendliness angle from a wide selection of folks, though that alone wasn’t enough to carry the platform forward for HP.
Myself, I had a firm belief that HP was committed to the platform for the long run – at least 2-4 years before making any decisions about the future. Primarily because of the situation of the market. With Microsoft, Nokia, and RIM all struggling in one way or another, and wide fragmentation of Android leading to, from what I’ve read, poor user experiences on the platforms (granted there are probably some really good ones but given the number of Android devices it appears most of them are pretty bad). There was, and still is room for someone to play in the space with a unique product offering.
I can only assume the new leadership at HP just didn’t agree with the previous leadership which is too bad. I mean it doesn’t take a rocket scientist to realize it’s going to take multiple billions of dollars of investment to build up such an ecosystem, you don’t need an army of consultants and market analysts to figure that one out. Unfortunately for Palm, WebOS, and the user base the new management didn’t want to commit to the platform in the way they needed to in order to drive it.
The best comparison I have I think is perhaps Microsoft – they have been in the mobile phone space in one form or another for more than a decade, and they have low single digit market share to show for it — but they haven’t given up (and it looks like they won’t either). I felt that same level of commitment from HP early on, unfortunately I guess the folks that make the big decisions decided to change their mind and cut their losses(either that or the people that make the big decisions themselves got changed out).
It wouldn’t surprise me if the current HP management wouldn’t of been willing to pay the $3 billion for 3PAR either if they had that opportunity today. Well I’m glad HP has 3PAR — if for nothing else it kept them out of the hands of Dell. Their quarterly report today mentioned “triple digit growth” for the 3PAR platform, which in general is kind of confusing – I mean it seems most everyone is reporting massive storage growth — this can’t all be net new storage — someone has to be at the losing end of it — who ? HDS ? IBM ? (I haven’t noticed either talk too much about growth but I haven’t tried to look for their comments either). Maybe in 3PAR’s case most of their growth is at the expense of EVA(which should just go away), I haven’t tried to find details. From the folks I know at 3PAR it certainly seems like they can’t keep up with demand.
The news that they are killing WebOS is quite sad to me, it was a platform with a lot of promise, it just needed more work – I have no doubt they were short handed and rushed to market with many things which hurt them — but it was a choice, either release something now, as a sort of stop gap, or wait 6-12 or maybe even 18 months and release something good. You lose either way (at least until you have a polished end-to-end system) but I think the strategy they chose they “lost” less. You have to keep the news coming, the products coming etc.
I plan to keep my Touchpad myself, and if I see a fire sale on them will probably pick up more, it’s a good device, I’ve been using it pretty much daily for casual use since I bought it and really have very few complaints (even before the 3.0.2 OS upgrade).
If the Pre3 does come out in some form (un clear whether or not they ever manufactured it), I’ll try to pick up one/more of those as well – I’d assume no carriers will sign on to sell it, so the only way to really use it would be unlocked, on a GSM network. That is assuming that the device isn’t a total brick. I was happy with the functionality I got on my original Pre with WebOS 1.4, in some cases I’m not hard to please (hey – I’ve been running Linux as my primary Desktop since ~1997 if that gives you any idea). The 64GB “4G” Touchpad was supposed to launch soon, but now who knows – I suspect the launch will get canned.
Even if HP continued WebOS development I have no doubt the Pre3 would struggle to find relevance in the market given it’s late arrival. Most folks were expecting it months ago – the most recent estimations put it at mid September – right smack when the iPhone 5 is supposed to launch, as well as the free iPhone 3GS.
As time has gone on the Pre3 hardware has gone from looking really good to nothing special. Compound that with the fact that HP apparently wasn’t going to use the next generation WebOS 3.0 on the Pre3, instead using the older generation of WebOS software with a completely different SDK, I suppose it wouldn’t be too far fetched to say the Pre3 was going to be mostly DOA, performing no better(perhaps worse) than previous WebOS devices due to the poor timing of it’s release. I have struggled to try to think of why it was taking them so long to get the Pre3 out the door, especially since they weren’t going to use WebOS 3.
I’m not expecting anyone else to pick up WebOS — instead I think others will just mimic it’s functionality on their own platforms – sort of like how RIM did with the multitasking on their Playbook tablet.
What was more surprising to me in general was that tablets in general are not selling. As many people have said – there really isn’t much of a tablet market out there – there is an iPad market, but not much of a tablet market. I have read things recently that seem to indicate almost all of the Android tablets are faring even worse than the HP Touchpad was – Android as an aggregate has been doing fairly well but the individual companies pitching their tablets – the sales are quite poor in general (with a couple of standout exceptions), There’s gotta be what – 50+ different Android tablets on the market now?
I’m really too sad to be mad at this point, I have no regrets in buying into the platform – it’s more sad about seeing such a promising platform be killed prematurely.
I suppose I should end this on a positive note — the one thing HP did give WebOS was another chance, Palm was pretty much flat broke when HP bought them. So I thank HP for that…
UPDATE - Barely 24 hours after they kill the platform they launch the 64GB White Touchpad for a mere $599.
The 64GB "White" Touchpad - what they don't have Photoshop? Or maybe they just don't care.
I guess not everyone got the memo yet.
Feb/110
Debian 6.0 Released
TechOps Guy: Nate
I’ve been using Debian since version 2.0 back in 1998, it is still my favorite distribution for systems that I maintain by hand (instead of using fancier automated tools) mainly because of the vast number of packages and ease of integration. I still prefer Red Hat for “work” stuff, and anything larger than small scale installations.
Anyways I happened to peek in on the progress they were making a few days ago, and they were down to something like 7 release critical bugs, so I was kinda-sorta excited that another new revision was coming out. I remember some of the leader(s) back in 2009 set some pretty aggressive targets for this version of Debian, like most people out there I just laughed and knew it wasn’t achievable. I’m patient, release when it’s ready, not before. Debian was pretty quick to say they weren’t official targets(I believe) more like best effort estimates. For some reason this particular Debian press release is not on their main site, maybe a hiccup in the site-redesign, as the news from 2009 page shows a bunch of stuff from 2008.
Almost a year after that original goal, Debian 6.0 is here. To be honest I’m not sure what all is really new, I mean of course there’s a lot of updated packages and stuff, but, I suppose for me Linux has pretty much gotten to the point where it’s good enough for me, I mean the only thing I really look forward to in upgrades is better hardware support (and even then that’s just for my own laptops/desktops etc, otherwise everything I run is in a virtual machine and hardware support hasn’t been an issue there ever).
Normally I’m not one to upgrade right away, but today was a different day, maybe it was the weather, maybe it was just waiting for the Super Bowl to come on (watching it now, paused on Tivo while I write this). But I decided to upgrade my workstation at home today, more than 1,000 package updates, and for the first time in a decade the installation instructions recommended a reboot mid-upgrade. The upgrade went off without a hitch, my desktop isn’t customized much, re-installed my Nivida driver, told VMware Workstation to rebuild it’s kernel drivers, fired off X, and then I went back to my laptop(my workstation is connected to my TV so I have to decide which input I want to use, I’d like my next TV to have picture in picture if any TVs out there anymore have that ability it was pretty popular back in the ..80s?).
My workstation, for reference:
- HP xw9400 Workstation
- 2 x Opteron 2380 CPUs (8 cores total)
- 12GB ECC memory
- Nvidia Geforce GT 240 (what lspci says at least)
- 3Ware 9650 SE SATA RAID controller with battery backed write back cache
- 4x2TB Western Digital green(I think) drives in RAID 1+0
- 1x64GB Corsair SSD (forgot what type) for OS
I got a really good deal on the base system at the time, bought it through HP’s refurb dept, for a configuration that retailed brand new on their own site for about $5,000 (note that is not the above config I have added a bunch to it), my cost was about $1,500, and that included a 3 year warranty. I wanted something that should last a good long time, and of course it’s connected to an APC Smart UPS, gotta have that sine wave power…
I have had my eye on Debian‘s kFreeBSD port for some time and I decided what the hell let’s try that out too. I have two Soekris boxes (one is backup), so I took the one that was not in use and put a fresh compact flash card in there and poked around for how to install Debian kFreeBSD on it, because you know I hate BSD userland but really like to use pf.
First off, I did get it working..eventually!
kFreeBSD is a technology preview, not a fully supported release, so it is rough around the edges. Documentation for what I wanted to do was sparse at best and there seemed to be only one other person trying this out on a Sokeris box, so the mailing list thread from nearly a year ago was helpful.
Official Documentation was lacking in a few areas:
- Documentation on how to setup the tftp server was mostly good, except it wasn’t exactly easy to find the files to use, I had to poke around quite a bit to find them.
- No documentation on how to enable serial console for the installer, there was no mention of serial console at all except for here, and no mention on how to set those various variables.
- For those that want to know you need to edit the grub.cfg (Debian 6.0 uses Grub 2 now, which I guess is good but it’s more confusing to me), and add the parameters -D -h to the kernel line, example:
menuentry "Default install" {
echo "Loading ..."
kfreebsd /kfreebsd.gz -D -h
kfreebsd_module /initrd.gz type=mfs_root
set kFreeBSD.vfs.root.mountfrom=ufs:/dev/md0
set DEBIAN_FRONTEND=text
}
I tried setting the DEBIAN_FRONTEND variable as you can see, but it didn’t seem to do anything, the installer behavior was unchanged from the default.
Took me a significant amount of time to figure out I could not use minicom to install Debian kFreeBSD, instead I had to use cu (something that I’ve never used before). I’ve used minicom for everything from switches, to routers, to load balancers, to OpenBSD installs, to Red Hat Linux installs (I have never tried to install Debian over serial until today). But on Debian kFreeBSD the terminal emulation is not compatible between minicom and the installer, the result is I could never get past the assign a host name screen, it just kept sending random escape characters setting me back to previous screens, it was pretty frustrating.
Since there is no VGA port on the Soekris I did a tftp net install over serial console, when it came to installing the various base packages it took forever. I think at least part of it is due to the CF card being put in PIO mode instead of DMA mode, though looking at my OpenBSD Sokeris system it says it is using PIO mode 4 too. I am using the same model and size of CF card in both systems, I specifically used this one (Lexar 1GB, have had it for 5-6 years) because it seemed to run really fast on my systems vs my Kingston CF cards ran like dogs. Anyways it took upwards of two hours to install the base packages(around ~400MB installed). Doing the same in a VMware VM took about 5 minutes tops(much faster system mind you..)
I chose to install the base operating system along with the SSH option (which I swear was “SSH server”). And everything installed.
Then I rebooted and was greeted to a blank screen where GRUB should be. It took a little time to figure it out but I managed to edit the PXE grub configuration so that it would boot my local CF card over serial port.
So there we go , the kFreeBSD kernel is booting on Soekris -
Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. #0 Tue Jan 4 16:41:50 UTC 2011 i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Geode(TM) Integrated Processor by AMD PCS (499.91-MHz 586-class CPU) Origin = "AuthenticAMD" Id = 0x5a2 Family = 5 Model = a Stepping = 2 Features=0x88a93d<FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CLFLUSH,MMX> AMD Features=0xc0400000<MMX+,3DNow!+,3DNow!> real memory = 536870912 (512 MB) avail memory = 511774720 (488 MB) module_register_init: MOD_LOAD (vesa, 0xc0952d8e, 0) error 19 kbd1 at kbdmux0 K6-family MTRR support enabled (2 registers) ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. pcib0: <Host to PCI bridge> pcibus 0 on motherboard [..]
And a bunch of services started, including PostgreSQL (?!?!), and then it just sat there. No login prompt.
I could ping it but could not ssh to the system, the only port open was port mapper. I told it to install SSH related things(I forgot exactly what the menu option was but find it hard to believe that there would be an openssh client option and not a server option I can go back and look, maybe later).
So, now I was stuck.. I rebooted back into the installer and had some trouble mounting the CF card in the rescue shell but managed to do it, I chroot’d into the mount point, enabled the serial console per the examples in /etc/inittab, and used apt-get to install openssh — only that failed, some things weren’t properly configured in order for the ssh setup to complete. So I thought..and thought…
Telnet to the rescue! I haven’t used telnet on a server in I don’t know how many years probably since I worked at a Unix software company in 2002 where we had a bunch of different unixes and most did not have ssh. Anyways I installed telnet on the system via chroot, unmounted the file system, rebooted and the system came up — but still no login prompt on the serial console. Fortunately I was able to telnet to the thing, and install ssh along with a few other packages, and removed PostgreSQL, I do not want to run a SQL database on this tiny machine.
I did more futzing around trying to get DMA enabled on the CF card to see if that would make it go faster to no avail. top does not report any i/o wait but I think that is a compatibility issue rather than there not being any i/o wait on the system.
After poking around more I determined why the login prompt wasn’t appearing on the serial console, it’s because the examples in the /etc/inittab were not right, at least not for Soekris, I can’t speak to other platforms. But it mentions using /dev/ttyd0 when in fact I have to use /dev/ttyu0. Oh and another thing on serial console and this kFreeBSD, from what I read setting a custom baud rate (other than default 9600) is difficult if not impossible, I have not tried, so instead I changed the Sokeris default baud rate from 19200 to 9600.
I also did some hand editing of grub.cfg to enable serial console in grub and stuff, because I was unable to figure out how to do it in the grub v2 templates.
So all in all, certainly feels like a technology preview, very very very rough around the edges, I’m sure it will get there in time. My own needs are really minimal, I run a tiny set of infrastructure services on my home firewalls like dhcp, dns, OpenVPN, Network UPS Tools and stuff, no desktop, no web servers, nothing fancy, So I can probably use this to replace my OpenBSD system, I will test pf out maybe next weekend, spent enough time on it for now.
root@ksentry:~# cat /etc/debian_version 6.0 root@ksentry:~# uname -a GNU/kFreeBSD ksentry 8.1-1-486 #0 Tue Jan 4 16:41:50 UTC 2011 i586 i386 Geode(TM) Integrated Processor by AMD PCS GNU/kFreeBSD
Dec/103
OpenBSD installer: party like it’s 2000
TechOps Guy: Nate
[Random Thought] The original title was going to be “OpenBSD: only trivial changes in the installer in one heck of a long time” a take off of their blurb on their site about remote exploits in the default install.
I like OpenBSD, well I like it as a firewall — I love pf. I’ve used ipchains, iptables, ipfwadm, ipf (which I think pf was originally based off of and was spawned due to a licensing dispute with the ipf author(s)), ipfw, Cisco PIX and probably one or two more firewall interfaces, and pf is far and away the best that I’ve come across. I absolutely detest Linux’s firewall interfaces by contrast, going all the way back almost 15 years now.
I do hate the OpenBSD user land tools though, probably as much as the *BSD folks hate the Linux user land tools. I mean how hard is it to include an init script of sorts to start and stop a service? But I do love pf, so in situations where I need a firewall I tend to opt for OpenBSD wherever possible (when not possible I don’t resort to Linux, I’d rather resort to a commercial solution perhaps a Juniper Netscreen or something).
But this isn’t about pf, or user land. This is about the OpenBSD installer. I swear it’s had only the most trivial changes and improvements done to it in at least the past 10 years, when I first decided to try it out. To me it is sad, the worst part about it is of course the disk partitioning interface. It’s just horrible.
I picked up my 2nd Soekris net5501 system and installed OpenBSD 4.8 on it this afternoon, and was kind of sadened, yet not surprised how it still hasn’t changed. I have my other Soekris running OpenBSD 4.4 and has been running for a couple years now. First used pf I believe back in about 2004 or so, so have been running it quite a while, nothing too complicated, it’s really simple to understand and manage. My first experience with OpenBSD was I believe back in 2000, I’m not sure but I want to say it was something like v2.8. I didn’t get very far with it, for some reason it would kernel panic on our hardware after about a day or so of very light activity, so went back to Linux.
I know pf has been ported to FreeBSD, and there is soon to be a fully supported Debian kFreeBSD distribution with the next major release of Debian whenever that is, so perhaps that will be worth while switching to for my pf needs, I don’t know. Debian is another system which has been criticized over the years for having a rough installer, though I got to say in the past 4-5 years it really has gotten to be a good installer in my opinion. As a Debian user for more than 12 years now it hasn’t given me a reason to switch away from it, but I still do prefer Red Hat based distros for “work” stuff.
First impressions are important, and the installer is that first impression. While I am not holding out hope they will improve their installer, it would be nice.
Nov/104
Red Hat jacks up RHEL pricing
TechOps Guy: Nate
I didn’t think they would do this, but Red Hat, along with RHEL 6 introduced some pretty dramatic price hikes.
They seem to have done away with the “unlimited socket” licensing and have at least two tiers – two socket and four socket.
What used to cost $2,499 for Red Hat Advanced Server Premium for unlimited sockets, now costs $6,498 for four sockets, a 260% increase.
That is very Oracle-esque, maybe even worse than Oracle, the biggest hikes I recall Oracle doing was in the 30-50% range. Wonder if there will be any push back from customers.
They don’t seem to mention socket licensing beyond 4 sockets.
Nov/103
RHEL 6 Launched
TechOps Guy: Nate
I didn’t even notice it, as The Register put it, it was a very quiet launch. While I have been using Debian on my home systems for more than twelve years now, I do much prefer to use Red Hat Enterprise at work.
And RHEL 6 looks like a pretty decent upgrade
- Significantly improved power management (aka lower cpu usage for idle VMs) – hello higher consolidation ratios
- Hot add CPU and memory (wish there was hot remove – if there is I don’t see it mentioned)
- 85% increase in number of packages in the distribution – yay, maybe there will be a lot less things I will have to compile on my own
Sorry I still can’t help but laugh at the scalability claims
Red Hat Enterprise Linux 6 has been designed to deliver performance and scalability without sacrificing data integrity. It allows scaling to 4,096 CPUs and 64 terabytes of RAM, providing a solid foundation for supporting upcoming generations of hardware.
It is interesting that the max file system size for the ext4 file system is the same as ext3 – 16TB. Seems kind of dinky.
XFS goes to 100TB which also seems small, maybe just “tested” limits, I would expect XFS to scale far higher than that given it’s SGI heritage. The XFS documentation says for 64-bit Linux you can go to 18 Exabytes, which I think is just as crazy as Red Hat’s CPU claims but as long as you can safely do a few hundred TB that is more than enough for these days I think.
I can’t imagine anyone committing a petabyte or more to a single file system for a good long while at least.
I’ll let others play with KVM until at least RHEL 7, until then it’s VMware for me.
Sep/100
Using open source: how do you give back?
TechOps Guy: Nate
After reading an article on The Register (yeah you probably realize by now I spend more time on that site online than pretty much any other site), it got me thinking about a topic that bugs me.
The article is from last week but is written by the CEO of the organization behind Ubuntu. It basically talks about how using open source software is a good way to save costs in a down(or up) economy. And tries to give a bunch of examples on companies basing their stuff on open source.
That’s great, I like open source myself, fired up my first Slackware Linux box in 1996 I think it was(Slackware 3.0). I remember picking Slackware over Red Hat at the time specifically because Slackware was known to be more difficult to use and it would force me to learn Linux the hard way, and believe me I learned a lot. To this day people ask me what they should study or do to learn Linux and I don’t have a good answer, I don’t have a quick and easy way to learn Linux the way I learned it. It takes time, months, years of just playing around with it. With so many “easy” distributions these days I’m not sure how practical my approach is now but I’m getting off topic here.
So back to what bugs me. What bugs me is people out there, or more specifically organizations out there that do nothing but leach off of the open source community. Companies that may make millions(or billions!) in revenue in large part because they are leveraging free stuff. But it’s not the usage of the free stuff that I have a problem with, more power to them. I get annoyed when those same organizations feel absolutely no moral obligation to contribute back to those that have given them so much.
You don’t have to do much. Over the years the most that I have contributed back have been participating in mailing lists, whether it is the Debian users list(been many years since I was active there), or the Red Hat mailing list(few years), or the CentOS mailing list(several months). I try to help where I can. I have a good deal of Linux experience, which often means the questions I have nobody else on the list has answers to. But I do(well did) answer a ton of questions. I’m happy to help. I’m sure at some point I will re-join one of those lists(or maybe another one) and help out again, but been really busy these past few months. I remember even buying a bunch of Loki games to try to do my part in helping them(despite it not being open source, they were supporting Linux indirectly). Several of which I never ended up playing(not much of a gamer). VMware of course was also a really early Linux supporter(still have my VMware 1.0.2 linux CD I believe that was the first version they released on CD previous versions were download only), though I have gotten tired of waiting for vCenter for Linux.
The easiest way for a corporation to contribute back is to say use and pay for Red Hat Enterprise, or SuSE or whatever. Pay the companies that hire the developers to to make the open source software go. I’m partial to Red Hat myself at least in a business environment, though I use Debian-based in my personal life.
There are a lot of big companies that do contribute code back, and that is great too, if you have the expertise in house. Opscode is one such company I have been working with recently on their Chef product. They leverage all sorts of open source stuff in their product(which in itself is open source). I asked them what their policy is for getting things fixed in the open source code they depend on, do they just file bugs and wait or do they contribute code, and they said they contribute a bunch of code, constantly. That’s great, I have enormous respect for organizations that are like that.
Then there are the companies that leach off open source and not only don’t officially contribute in any way whatsoever but they actively prevent their own employees from doing so. That’s really frustrating & stupid.
Imagine where Linux, and everything else would be if more companies contributed back. It’s not hard, go get a subscription to Red Hat, or Ubuntu or whatever for your servers (or desktops!). You don’t have to contribute code, and if you can’t contribute back in the form of supporting the community on mailing lists, or helping out with documentation, or the wikis or whatever. Write a check, and you actually get something in return, it’s not like it’s a donation. But donations are certainly accepted by the vast numbers of open source non profits
HP has been a pretty big backer of open source for a long time, they’ve donated a lot of hardware to support kernel.org and have been long time Debian supporters.
Another way to give back is to leverage your infrastructure, if you have a lot of bandwidth or excess server capacity or disk space or whatever, setup a mirror, sponsor a project. Looking at the Debian page as an example it seems AboveNet is one such company.
I don’t use open source everywhere, I’m not one of those folks who has to make sure everything is GPL or whatever.
So all I ask, is the next time you build or deploy some project that is made possible by who knows how many layers of open source products, ask yourself how you can contribute back to support the greater good. If you have already then I thank you 
Speaking of Debian, did you know that Debian powers 3PAR storage systems? Well it did at one point I haven’t checked recently, I do recall telnetting to my arrays on port 22 and seeing a Debian SSH banner. The underlying Linux OS was never exposed to the user. And it seems 3PAR reports bugs, which is another important way to contribute back. And, as of 3PAR’s 2.3.1 release(I believe) they finally officially started supporting Debian as a platform to connect to their storage systems. By contrast they do not support CentOS.
Extreme Networks’s ExtremeWare XOS is also based on Linux, though I think it’s a special embedded version. I remember in the early days they didn’t want to admit it was Linux they said “Unix based”. I just dug this up from a backup from back in 2005, once I saw this on my core switch booting up I was pretty sure it was Linux!
Extreme Networks Inc. BD 10808 MSM-R3 Boot Monitor
Version 1.0.1.5 Branch mariner_101b5 by release-manager on Mon 06/14/04
Copyright 2003, Extreme Networks, Inc.
Watchdog disabled.
Press and hold the <spacebar> to enter the bootrom.Boot path is /dev/fat/wd0a/vmlinux
(elf)
0×85000000/18368 + 0×85006000/6377472 + 0x8561b000/12752(z) + 91 syms/
Running image boot…Starting Extremeware XOS 11.1.2b3
Copyright (C) 1996-2004 Extreme Networks. All rights reserved.
Protected by U.S. Patents 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957
Then there’s my Tivo that runs Linux, my TV runs Linux(Phillips TV), my Qlogic FC switches run Linux, I know F5 equipment runs on Linux, my phone runs Linux(Palm Pre). It really is pretty crazy how far Linux has come in the past 10 years. And I’m pretty convinced the GPL played a big part, making it more difficult to fork it off and keep the changes for yourself. A lot of momentum built up in Linux and companies and everyone just flocked to it. I do recall early F5 load balancers used BSDI, but switched over to Linux (didn’t the company behind BSDI go out of business earlier this decade? or maybe they got bought I forget). Seems Linux is everywhere and in most cases you never notice it. The only way I knew it was in my TV is because of the instructions came with all sorts of GPL disclosures.
In theory the BSD licensing scheme should make the *BSDs much more attractive, but for the most part *BSD has not been able to keep pace with Linux(outside some specific niches I do love OpenBSD‘s pf) so never really got anywhere close to the critical mass Linux has.
Of course now someone will tell me some big fancy device that runs BSD that is in every data center, every household and I don’t know it’s there! If I recall right I do remember that Juniper’s JunOS is based on FreeBSD? And I think Force10 uses NetBSD.
Also recall being told by some EMC consultants back in 2004/2005 that the EMC Symmetrix ran Linux too, I do remember the Clariions of the time(at least, maybe still) ran Windows(probably because EMC bought the company that made that product rather than creating it themselves)
Sep/100
All I want is a DB9
TechOps Guy: Nate
Ok maybe that’s not all I want, but it’s a good start.
I got a new laptop recently, a Toshiba Tecra A11, really nice laptop. A couple of jobs ago I had a Toshiba Tecra M5 and liked it a lot, it had a couple glitches with Linux but for the most part it worked well. The Tecra A11 by contrast, no glitches with Linux, at least not yet. I’ve been using it about three weeks now, everything from wireless, to audio, to 3D, microphone(first time I’ve ever used a microphone in linux, first time in easily ten years I’ve used a microphone on a PC period), and even webcam worked. And most importantly, suspend/resume has been 100% reliable. Really nice to see. It is certified with Ubuntu 10.04 64-bit which is what I’m running.
But that’s not really what this post is about, I wasn’t expecting it, so didn’t look for it, but was overjoyed when I looked and saw that this brand new business laptop had a DB9 serial port, a REAL serial port! Woohoo! I mean my M5 had one too and that was great, I just thought Toshiba had jumped on the train of let’s get rid of serial ports.
What a sight to see. I mean what Linux/Unix/Network geek in their right mind can get by without a serial port? Yeah I know you’ve been able to get those piece of crap USB serial adapters for some time, but I’ll take a DB9 any day! Especially when my favorite network gear uses native DB9 on their stuff too.
(Sorry couldn’t resist getting some purple in there, not enough color on this blog)
I was a fan of the IBM Thinkpad T-series for the longest time, until Lenovo bought them, was introduced to Toshiba a few years ago and they are by far my favorite laptop. If it’s going to be my main machine for work, then it’s gotta be something good. The Tecra line is it, the new T series for me.
Laptop specs:
- Intel® Core™ i7-620M Processor 2.66 GHz (3.33 GHz with Turbo Boost Technology), 4MB Cache,
- Genuine Windows® XP Professional, SP3 with Windows® 7 Professional Recovery Media,
- 8GB DDR3 1066MHz SDRAM (4096MBx2)
- 320GB HDD (7200rpm, Serial ATA),
- Nvidia® NVS™ 2100M with 512MB DDR3
- Keyboard without 10-key numeric pad (black)
- 15.6″ Diagonal Widescreen HD+ (1600×900) TFT LCD display,
- Dual Point pointing device (Accupoint + Touchpad) and Media Control Buttons
- Integrated Webcam and Microphone
- Bluetooth® Version 2.1 +EDR
- Toshiba 4-Year On-Site Repair + 4th Year Extended Service Plan
Customized pretty good they built it special for me! Mainly the “non standard” but “reccomended” keyboard(and custom matte LCD I hate the reflective screens). At first I was kind of upset they only offered ground shipping, I would be willing to pay more for faster shipping, but turns out it wasn’t ground after all, and they shipped it directly from China. Once it shipped it got here in about 4 days I think, through Alaska, then somewhere out midwest at which point I thought it was going to be put on a truck and driven back to Seattle only to find it hopped on another plane and flew to me instead.
Follow Nate
