cinder volume limit

after installing rdo you might want to create cinder volume.
it might be that you get an error when you do so.
what happens is that cinder has a file mounted as a device that it uses to allocate volumes.
if that file is 20G as it is with current rdo if you try to create something bigger it will fail.
here is the script taken from somewhere(picked it up from rdo forum with minor mods)
that will resize the thing that needs resizing while backing up your old stuff


cd /var/lib/cinder
mv cinder-volumes cinder-volumes.back`date +%s`
dd if=/dev/zero of=./cinder-volumes bs=1 count=0 seek=$1
umount /dev/loop2
losetup /dev/loop2 cinder-volumes
pvcreate /dev/loop2 -ff
vgcreate cinder-volumes /dev/loop2
service cinder-volume restart; service cinder-api restart; service cinder-scheduler restart;

so put this in a script like resize.sh
and use it like so resize.sh 200GB
now you can create volumes with 200GB limit
one 200G or 2x 100G or 3x50G etc. so it is “global” limit

openstack on hetzner

If you want to run your own private cloud hetzner might be good pick nice machines there(not an advertisement :-D).

So how to do it?
Openstack consist of several components and it is arguably large software by todays standards.
Getting that to run can be either done manually or by automation.
If you do it manually you would have to go trough setting up individual openstack components and making everything work right.
Alternative to manual setup is using distirbutions like RDO. What is good about them is that they come from group of people that maintain it and from company like RedHat.
RDO has bunch of puppet scripts that install the thing for you.
So the meat of this post is going to be of how to get your private cloud connected to internet on hetzner.
It might be simple for experienced experts but I am not one of them :-D.

First install centos7 on your hetzner box

Then install firewall for example system-config-firewall-tui

after you complete openstack installation make sure to close ports since you do not want someone bruteforcing the password on your open server

So to install openstack go here

sudo yum update -y
sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm
sudo yum install -y openstack-packstack
packstack --allinone

That will create two bridges br-int and br-ex.
br-int is connection between vm instances.
br-ex is connection to external network.
br-ex has different subnet 172.24.4.224/28 and br-int is 10.0.0.0/24
so what one usually wants to do is to use internet from those vm’s.

So here is network setup that works.
We basicly want to route traffic from internal interface(one’s created by openstack) and use main server’s interface as a gateway.
Well that sounds simple to experienced network guy. Just set up the machine as router and set up gateway and bam. Well if you did not spend much time with networking here are the steps to do it. There are most probably plenty of ways to do it and I might have made a mess of my networking setup but I will describe the setup that works.

First use bridged networking setup as described here at the bottom.
http://wiki.hetzner.de/index.php/Netzkonfiguration_CentOS/en
What that will do is that the bridge created will be the main interface eth0 will be attached to it and you can plug in stuff to that bridge so it is connected to eth0.
We want to connect stuff to eth0 and that is the main reason why we do it.

Next we now want to route traffic from openstack bridges to this new bridge and this new bridge is to be used as gateway to internet it will be NAT-ed.

so here is how you setup iptables for NAT

internal=$1
external=$2

iptables -I FORWARD -i $internal -o $external -j ACCEPT
iptables -I FORWARD -i $external -o $internal -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o $external -j MASQUERADE

if you put this in a script called setup-nat.sh you can then use it like

setup-nat.sh br-ex br0

FORWARD chain makes it that bridge does not try to ask which machine has this ip but instead to send it to gateway FORWARD chain contains the rules that determine what gets routed trought machine
so it is important to have those rules before those that will reject the traffic(they might be set by the firewall)
now while I was trying to do this I might created some unessesary things I am not sure since I am not going to restart my machine now.
What was done is that two veth pairs were used to connect br-int to br0 and br-ex to br0.

I’ve also set 10.0.0.1/24(gateway ip) on br-in
and 172.24.4.225/28 to br-ex
to do that you use

ip address add 172.24.4.225/28 dev br-ex


ip address add 10.0.0.1/24 dev br-int

to add veth pairs

ip link add dev vm1 type veth peer name vm2
ip link add dev vm11 type veth peer name vm12


ovs-vsctl add-port br-int vm11


ip link set vm12 master br0


ovs-vsctl add-port br-ex vm1


ip link set vm2 master br0

I’ve changed settings back and forth I might left out something from here I did not try to see what is minimal setup.
If this does not work you can write in the comments.
Also here are some debugging tips.

1. Use tcpdump and listen on all the interfaces

2. if you see ARP requests that means your FORWARDING rules are not working you need to make sure they are before the rest.

3. Make sure you have forwarding turned on for your kernel

https://www.centos.org/docs/5/html/Virtual_Server_Administration/s1-lvs-forwarding-VSA.html

this should be done already in this process
now you should be able to curl google.com from one of the interfaces in your vm’s
if it does not work comment

devops random things

There are many tools out there now Chef Puppet Ansible
So most probably bunch of people said this before but I am going to repeat that using them together looks best.
Ansible requires install on local machine only and it can get into anywhere with ssh.
Puppet needs installing into remote machine but it has a lot of good libraries on puppet forge and you can use it without centralized server.
So that gives people good setup where you use ansible to dump puppet on the machine and upload some modules and then use puppet with good 3rd party modules to get the job done.
At the moment there is no good iptables management with ansible while puppet has it.

arduino on hardened kernel?

so you just got your hands on hardened kernel and now you want to run Arduino but memory protection features are not letting the program allocate any memory?

Picked up JAVA_TOOL_OPTIONS:
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x0000740dd5000000, 2555904, 1) failed; error='Operation not permitted' (errno=1)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2555904 bytes for committing reserved memory.

what to do?
arduino wants to start java that comes with it in java directory.
symlink your java that has proper permissions to java executable in java bin directory of arduino.

cd arduino
mv `pwd`/java/bin/java `pwd`/java/bin/java.back
ln -s path_to_java/bin/java `pwd`/java/bin/java

dockerising X v2

So before I wrote on dockerising X server and using vnc to connect to it.
Now here is that in git repository.
https://github.com/NikolaMandic/Xdockerized
So I am not sure if it will work out of the box but it does work since I’ve tested it.
What you see in repo is copy paste of my setup.
If it does not work straight away it most probably needs one or few things but main chunk is there.
So what you want to do from here is to combine this with vnc client like novnc to access desktop running in docker container on whatever machine you want.
and use ssh tunnel in between!
https://kanaka.github.io/noVNC/

ssh tunnel reminder:
connect to ssh port 22 on machine bob@mylinuxserver.xxx
and from that machine connect to localhost port 110 and make that port available on local port 2110
`ssh -N -p 22 bob@mylinuxserver.xxx -L 2110:localhost:110`

docker stuff from some time using it

After using docker for some time one of the things I often did was some bootstraping on container start.
Currently most flexible way I got is to load a volume(because then it’s editable from outside) like

                docker run -v `pwd`/dir:/root/dir
            

then in bash rc invoke script that in in that mounted folder.

            source pathtoscript
            

also that script can take long time to run so use bash shell mutexes to prevent it to run twice
if we exec into started container

                docker exec -it container bash
            

to use mutexes in bash see bash mutexes.
then you might want often to change docker file or to reconfigure
so also best to leave those things at the end of dockerfile to avoid long rebuilds
Hope to get this gets you up to speed with docker.

Ostrog monastery-helms deep

Helms deep looks very similar to Ostrog monastery just to mention(white walls fort like with mountain back). Mr. Tolkien was educated man most probably picked it up from there.
Great battles happened at Ostrog monastery with same outcome of small force defeating massive evil invading horde.
Educated man as Tolkien must have been impressed by real world events.

Clojurescript logger with feature flipping

Problem: after bunch of lines in console after logging all the things one might want feature filler on that output
code:

(ns app.logger)
(enable-console-print!)
(def tagsOn [:intercom :mloop])
(defn og [type format data]
  (if (or (some  #{type} tagsOn) (some #{:all} tagsOn))
  (.log js/console (+ type " " format) data )
))

usage

           (l/og :intercom "message %s in intercom" data )
            

elixir repl with emacs

There was one talk from Timothy Baldrige(core.async talk) where he was using fancy keyboard shortcut to send closure code to repl automatically and it looked so nice he would just put cursor somewhere and BAM.
Now getting that stuff to work for elixir is a bit tricky because it is tricky to get expression under cursor but next best thing is to get stuff that is selected and send it to repl.
so here is how to kinda do it:
The problem is that iex repl is struggling with newlines if we send one it will execute.

Following code removes newlines but then one needs to write code in somewhat ugly way with inserting semicolons between expressions.
But for debugging it might be good enough

(defun append-to-buffer ()
"Append the text of the region to BUFFER."
(interactive)
(let ((oldbuf (current-buffer)
              )
(p1 (region-beginning))
(p2 (region-end))
 (text (buffer-substring (region-beginning) (region-end)))
)
(set-buffer (get-buffer-create "*IEX*"))

(insert (replace-regexp-in-string "\n" " " (replace-regexp-in-string "#.*?\n" "" text)))(switch-to-buffer-other-window "*IEX*")
)
(global-set-key (kbd "M-`") 'append-to-buffer))

this is the code modifications that needs to be put in place in order for this to work
one has to put ; to separate expressions 🙁

defmodule Testapp do
  use Application;

  # See http://elixir-lang.org/docs/stable/elixir/Application.html
  # for more information on OTP Applications
  def start(_type, _args) do
    import Supervisor.Spec, warn: false ;

    children = [
      # Define workers and child supervisors to be supervised
      # worker(Testapp.Worker, [arg1, arg2, arg3])
    ];

    # See http://elixir-lang.org/docs/stable/elixir/Supervisor.html
    # for other strategies and supported options
    opts = [strategy: :one_for_one, name: Testapp.Supervisor]
   ; Supervisor.start_link(children, opts)
  end

then just type emacs command to type commands and then elixir-mode-iex
repl should pop up as emacs buffer and then it will work

here is my emacs setup

first I install cabbage
then my init.el is like this


(setq cabbage-repository (expand-file-name "/home/nikola/.cabbage/"))
(load (concat cabbage-repository "cabbage"))

(require 'package)
(add-to-list 'package-archives
'("melpa" . "http://melpa.milkbox.net/packages/") )
(add-to-list 'package-archives
'("marmelade" . "http://marmalade-repo.org/packages/"))
(package-refresh-contents)
(package-initialize)
(defvar my-packages '(starter-kit
starter-kit-lisp
clojure-mode
clojure-test-mode
cider))
(dolist (p my-packages)
( when (not (package-installed-p p ))
(package-install p)))
(defun append-to-buffer ()
"Append the text of the region to BUFFER."
(interactive)
(let ((oldbuf (current-buffer)
              )
(p1 (region-beginning))
(p2 (region-end))
 (text (buffer-substring (region-beginning) (region-end)))
)
(set-buffer (get-buffer-create "*IEX*"))

(insert (replace-regexp-in-string "\n" " " (replace-regexp-in-string "#.*?\n" "" text)))(switch-to-buffer-other-window "*IEX*")
)
(global-set-key (kbd "M-`") 'append-to-buffer))
(defun cider-eval-expression-at-point-in-repl ()
(interactive)
(let ((form (cider-sexp-at-point)))
;; Strip excess whitespace
(while (string-match "\\`\s+\\|\n+\\'" form)
(setq form (replace-match "" t t form)))
(set-buffer (cider-find-or-create-repl-buffer))
(goto-char (point-max))
(insert form)
(cider-repl-return)))
(global-set-key (kbd "C-`") 'cider-eval-expression-at-point-in-repl)


I had to install elixir packages with package-install like elixir-mix elixir-mode

here is version that send line under cursor to repl
https://github.com/NikolaMandic/dotfiles/blob/master/init.el