Wednesday, October 31, 2012

Puppet DNS lookup

From time to time NetworkManager breaks my /etc/resolv.conf. I normally turn that off using puppet but when /etc/resolv.conf is broken, puppet won't run so I have to fix it manually :-(

Well, not any more. Now I add a static /etc/hosts entry for the puppet server and puppet will run even when /etc/resolv.conf is broken.

The special part about this is that I look up the IP address using a template so I don't have to hard code the value in my manifest. Google said it could not be done without writing a custom function. As always, I did not believe it...

Assuming you have set $puppetserver to contain the fqdn of your puppet server:

host { 'hostsconf-puppet':
        ensure => present,
        ip => inline_template("<% _erbout.concat(Resolv::DNS.open.getaddress('$puppetserver').to_s) %>"),
        name => $puppetserver,
        target => '/etc/hosts',
}



Tuesday, October 23, 2012

KVM file permissions

Recently I have been testing CentOS 6 with libvirt & KVM. My goal is to set up a cluster of servers and enable migration between them without shared storage.

This seems possible but I hit a roadblock with file permissions. I am using a directory pool but any newly created file is assigned the permissions 0600 and owned by root:cso (cso is the group that all the sysadmins are in). The XML schema for libvirt pools allows me to specify a mode, owner & group but they don't seem to be honoured when the file is created.

My workaround to this problem was to create a hook which runs when a virtual machine is started. This gives me a chance to change the permissions to the correct values. The libvirt hooks are not widely publicised but at least on CentOS 6, you create the file and it just works. See http://libvirt.org/hooks.html

The basic skeleton for my hook is:
/etc/libvirt/hooks/qemu

#!/bin/bash
if [ "$2" = "prepare" -a "$3" = "begin" ] ; then
   # Fix the permissions
fi
exit 0


The next headache is that I don't know which disks are needed for this virtual machine. This info is provided on stdin but it is in XML which is not easy for bash to process.

My solution to this was to use XSLT to transform the XML into a bash script.
I have never used XSLT before so there was a fair amount of guessing involved. The output of xsltproc always has an XML header which I strip off with grep. The output is logged to syslog with the logger command. The final hook script looks like this:
/etc/libvirt/hooks/qemu
#!/bin/bash
if [ "$2" = "prepare" -a "$3" = "begin" ] ; then
   /usr/bin/xsltproc /etc/libvirt/hooks/qemu.hook.xsl - | \
      grep -v '?xml' | \
      sh -x | logger
fi
exit 0

As for the XSL, I am no expert but I got it working. I could not work out how to correctly escape the values of the file names so there could be a nasty surprise in there if you don't trust your users.

/etc/libvirt/hooks/qemu.hook.xsl 
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<xsl:for-each select="domain/devices/disk/source">
chown qemu:cso '<xsl:value-of select="@file"/>'
chmod 0660 '<xsl:value-of select="@file"/>'
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>


Monday, October 8, 2012

Mobile Internet

I recently got a new work phone, the Samsung Galaxy Nexus. This is my first 'smart' phone and it seems to be a good fit with my Linux interests.

The problem is that work will not pay for mobile data so I can't make use of it on the train (some may argue that is a good thing). My workaround was to get a portable 3G to WIFI router aka, MIFI, Pocket WIFI etc.

I had already researched phone plans and worked out that the phone 'cap' seems to be one of the best marketing tricks ever schemed up. The only plan of interest to me is the TPG $1 per month pay as you go plan. Being an existing TPG customer I also get 150Mb of free data per month.

So the next question was which router to get? Most comparisons seemed to be caught up on the price of the data but I wanted to know which one works the best. In the end I went for the Vodafone Pocket WIFI. This is a Huawei E585 V2. It comes with a Vodafone SIM which you must activate and install yourself. On special for $40 I though I would give it a go. After several hours trying to activate the SIM and then a few more trying to make the phone get an address via DHCP I was on the internet. (The activation problem was because the Vodafone web site was asking for the wrong ID numbers. The DHCP is still an issue and is presumably a bug in ICS).

So, once it was all working I tried it out on the train and was most unimpressed. Although it would say connected it rarely managed to download as much as a web page. There are people complaining about this on the Vodafone forums and they insist that if there is a problem it will be fixed real soon now. Luckily, Vodafone did not factor in my plan so once my free month was up I unlocked the router and switched to TPG (which uses Optus 3G).

This is much more useful on the train though still does not knock my socks off. I have come to the realisation that the term 'Mobile Broadband' is a misnomer and should really be called 'Portable Broadband'. You can use it in one spot. You can take it and use it somewhere else, but try and use it on the way and it will not work very well at all.

Perhaps other networks work better. I see lots of new towers on the side of the train line. Perhaps other routers work better. The software quality on these things is never very impressive. Perhaps the whole thing is a joke and handing off to the next tower will never work (it does not work for voice, why would it work for data?).

Perhaps one day work will pay for my data and I can compare to the built in functionality of the phone.

Finally, it turns out that using facebook on the train is not as exciting as I was led to believe and my need for data is not that great anyway.