Albert White's Weblog

Opensolaris users may be familiar with browsing repositories in firefox. To look through the latest Develpoment repo for example you just open up http://pkg.opensolaris.org/dev in your browser.

Things are a little more complicated for the extras and support repos though.

Firstly you need to register to get access to these repos. Anyone can get access tot he extra repo, only supported customers can get access to the support repo. Go to http://pkg.sun.com/register and follow the instructions there to get your key and certificate and verify that you can connect to the repo through the pkg command.

To set up firefox to be able to browse the repo take a little more work. Danek Duvall from the IPS team provided these instructions on how to do it:

Run:

openssl pkcs12 -in /var/pkg/ssl/OpenSolaris_extras.certificate.pem \
    -inkey /var/pkg/ssl/OpenSolaris_extras.key.pem -export > \
    /tmp/OpenSolaris_extras.certificate.pkcs12

In the case of the support repo use the support key and cert in place of the extras ones above instead. That will prompt you for a password with which to encrypt the pkcs12 file.

Now in firefox add the  pkcs12 file: Edit -> Preferences -> Advanced -> Encryption -> View Certificates -> Your Certificates -> Import -> choose file (/tmp/OpenSolaris_extras.certificate.pkcs1) -> enter password.

Then point your browser at https://pkg.sun.com/opensolaris/extra/ (or https://pkg.sun.com/opensolaris/support for the support repo).  There's a dialog box that pops up saying that the site has requested you identify yourself with a cert, and gives you a list of possible certs to use. Choose the right one, click OK, and then you can browse the repo.

I hit an interesting problem tonight with jumpstart. Or old timeserver has gone away and the jumpstart clients are now going into interactive installs asking for the user to set the time. We rely heavily on automated installs so this needed to be fixed.

The solution was obvious I thought. I'll just set up one of our servers as a ntp server and tell the jumpstart clients to query that in the sysidcfg files.

The only problem is that jumpstart doesn't query ntp. After snooping on the server for a while it was clear that the packets reqesting the time were not NTP, they were TIME.

Heres how I diagnosed it.

First snoop the install.

snoop -v -o /tmp/snoop.op clientname

Then once your install has gone interactive you can convert that to a readble format:

snoop -i /tmp/snoop.op -v > /tmp/snoop.op.as

Examining the file you can find the time request:

TCP:  Source port = 32773
TCP:  Destination port = 37 (TIME)

<snip>
TCP:
TIME:  ----- TIME:   -----
TIME:
TIME:  ""
TIME:

So, whats port 37 exactly? /etc/services tells us that the time server runs there. (duh!)

The service that runs this is in Solaris 10 svc:/network/time:stream

On solaris 10 you need to do

svcadm enable svc:/network/time:stream

To check that is working ok you can telnet to the server and see if you get any output; if its not running you will get connection refused. This is basically what your jumpstart client is doing.

$ telnet patchtest-231 37
Trying 129.156.231.103...
Connected to patchtest-231.
Escape character is '^]'.
���Connection to patchtest-231 closed by foreign host.

We are now back to fully automated jumpstart installs!

Recently I had a discussion with some folks about ways to identify change in a workspace. In particular if there were ways where we could judge the risk associated with changes without needing to know the specifics of the changes or being told by the engineers.

In Opensolaris for example there are flag days. These coincide with putbacks where a project team has identified major change and tells you about it. We have something similar for Solaris Update releases. Sometimes this is great, if there is a big zones or zfs change for example we know to check patching extra carefully on systems using zones or zfs. However this isn't always enough. Every now and again there will be a putack that causes a regression somewhere and catches us all by surprise.

Before getting to involved in looking into this problem in detail we did what all good engineers do. Go and see if someone else has solved the problem already! And that's when I got distracted. You see I started wondering if there was some way to visualise the changes to a workspace and literally see where risk was introduced.

That led me to Michael Ogawa's page. There he has several videos produced from code swarm. In the videos the names of the engineers are displayed and the files that they are hanging are represented by dots that swarm around them. Now while this isn't really what I started out looking for it does allow you to see the number of files changed over time. More importantly Michael's videos looked cool so I thought I'd give it a go for Opensolaris.

Codeswarm is available from http://code.google.com/p/codeswarm . It will generate lots of png files which you can then use ffmpeg to make into a movie.

There was one problem though; it doesn't work with mercurial workspaces out of the box. However  Baptiste Lepilleur worked out a way to get a compatible xml file from a mercurial repository.

Anyway here are a couple of videos I made. The first is of the Image Packaging System. The music is from Dom The Bear (CC by-sa)

Image Packaging System Code Swarm.


Next up the ON gate! Music this time from Alexander Blu (CC by-sa). Vimeo will only let me embed the SD version here - visit it's Vimeo page if you want to see the HD version; its worth watching in HD imo. While you are there you can search for other code swarm videos - there are nearly 100 up there.


Opensolaris Code Swarm.

It started with a question: How can we inspire people to take action on climate change?

The answer: Ask the people of Sydney to turn off their lights for one hour.

On 31 March 2007, 2.2 million people and 2100 Sydney businesses turned off their lights for one hour – Earth Hour. This massive collective effort reduced Sydney’s energy consumption by 10.2% for one hour, which is the equivalent effect of taking 48,000 cars off the road for one hour.

On 29th March 2008 we're doing it again WorldWide! Friends of the Irish Environment and the Irsh Light Pollution Awareness Campaign are asking everyone to do their bit for the environment and turn their lights off for one hour on March 29th.

In Ireland te event will take place from 9pm to 10pm rather than from 8-9pm. This is because at Ireland's latitude it won't really be dark by 8pm so in order to see the difference in the night sky the event will start at 9. Astronomical Societies around the country will be holding events so please be sure to check for details at www.irishastronomy.org/boards.

We need all of you, across the world, not just Ireland, to turn non essential lights off for this hour. Do you really need your porch light on? Does your building really need to be floodlit? And longer term you can think about whether your security lighting is really efficient. Does it allow light to spill above the horizon causing light pollution? Is the bulb too bright for the purpose? Are you using a motion sensor to ensure the light  only goes on when needed? Have a look at the Institution of Lighting Engineers document on Domestic Security Lighting to see how best to use security lighting.

 Heres what the Lord Mayor of Dublin, Councillor Paddy Bourke, had to say about Earth Hour when he announced Dublin's participation:

"Earth Hour is an international campaign and Dublin is one of the latest cities to get behind this important event where on March 29th all non-essential lights will be switched off for an hour. This campaign is important and everyone from citizens up to Government has a duty to do what they can against global warming. It is up to us all to do what we can to reduce our CO2 emissions. Through one simple action, turning off our lights for an hour, we can deliver a powerful message about the need for action. I am thrilled that as Dublin Lord Mayor I will be leading our capital city in its participation in this international event. It was estimated during the Sydney Earth Hour last night demand for electricity dropped by 10 per cent. It would be fantastic if we could do the same in Dublin. I would urge businesses and homes to join in and take part in the campaign."

Earth Hour in Ireland is fully supported by the Irish Light Pollution Awareness Campaign. For further information on the project in Ireland please contact the Friends of the Irish Environment. For global information please visit www.earthhour.org.

Finally here is the promotional video for Earth Hour. Enjoy!

Recently my Manager started blogging. Despite my initial cynicism it's actually turning out to be a pretty good blog, and the comments are great.

Communication about patches is an area that Sun could improve in. What they are, how they are created, how they can be installed, when they can be installed, and when and what you should patch are all areas that I've received customer queries about.

Patch Automation Tools is Gerry's most commented post to date. And I'm not surprised. And to be honest I agree with most of the comments - pca is damn good. Hopefully Sun Connection Satellite will be a big improvement on previous offerings.

Live Upgrade is a feature of Solaris that lets you create alternate boot environments. This makes it easy to switch between OS builds at boot time, but also make upgrading much easier, less risky, and quicker. This extends to patching too.  

I recently received a query from a customer asking how we ensure that patches installed via live upgrade do not interfere with the running system. As well as ensuring that the patch applies correctly to your alternative boot environment you need to be sure that the patch is not changing any files or killing processes on tour running system.

 In Solaris 8 and 9 we use an interposition library to check this. We check all the open*, creat*,*link* calls to ensure that they are dealing with files on the correct boot environment; we allow changes in /tmp etc. and commands also need to load libraries from the running environment so we make exceptions for these. We also check the kill calls to ensure that processes are not being killed on the running system. An interposition library is one that is usually preloaded using LD_PRELOAD so that when a call is searched for the call as defined in our library will be matched rather than the system call. Heres a snippit of how we check for creat calls:

 
int
creat(char *path, mode_t mode)
{
        char *cwd;
        char *cmdname="creat";
        typedef (*realcreat_t)(char *p, mode_t m);
        static realcreat_t prealcreat;
        if (prealcreat == NULL){
                prealcreat=  (realcreat_t)dlsym(RTLD_NEXT, "creat");
                if (prealcreat== NULL){
                        (void) printf("dlopen: %s\n", dlerror());
                        return (0);
                }
        }
        parsepstname(path,cmdname);
        return ((*prealcreat)(path, mode));
} 
  
 

Our creat() call takes the same arguments as the system call. The first thing we do is look for the real system call by calling dlsym(3C) and we store it. We then write out the file thats being created to a log file and call the real creat() call. The parsepstname() function works out the full path to the file and then filters out our exceptions (/tmp etc).

Similar functions need to be written for any calls that we want to examine.

One issue we came up against when designing this was that shell script often call /sbin/sh when they need to run other scripts. /sbin/sh is statically linked so our interposition library will not work. In the case of pkgadd the environment was also being cleared. We get around these problems by catching the call to execute /sbin/sh, reloading our environment variables from a file and then execing /bin/sh instead. It works but it's a bit invasive. Also if we need to make changes to the test we need to recompile the library and reinstall it on the test machines. If only there was some way to dynamically trace what was happening on the system...

Well in s10 we can use dtrace for this. The procedure is basically the same; we check for certain system calls, filter out exceptions and flag an error if something is happening that should not be. Heres the dtrace script 

#!/usr/sbin/dtrace -qs

int x;
BEGIN{
/* set it to something that wont match a pid for
   the syscall prov. below */
x=-1;
}

/* The process that we are interested in */
proc:::create
/execname == "patchadd" || execname == "patchrm"/
{
        x=pid;
        self->called_proc_create = 1;
}

syscall::open*:entry,
syscall::creat*:entry,
syscall::unlink*:entry,
syscall::link:entry,
syscall::symlink:entry
/progenyof(x)/
{
     self->path = copyinstr(arg0);
     printf("%s:%s:%s:%s\n", probefunc, self->path, cwd, execname);
}

We check for patchadd and patchrm processes being started and note the pid. Although you use the luupgrade command to do the patching it ultimately calls patchadd and patchrm to do the work. Then when we examine a system call we check that it is from the patchadd process tree with the progenyof() test. If it is we log the function and arguments. Rather than having dtrace handle the parsing we have a perl script in our test harness that filters out the exceptions and warns us of any errors.

We also check for kill calls in Solaris 10, but if a patch needs to start or stop a process it should really do so by svcadm. So we check expecially for any calls to that:

proc:::exit
/execname == "svcadm"/
{   printf("%s:%d:%s:%s\n", probefunc, arg0, execname,execname);
}

The dtrace is much more straightforward and easier to implement. It's also tracing everything so we don't have to worry about someone clearing the environment or calling statically linked commands.

This test has caught quite a few problems in patches. The majority of these are down to errors in the patch and package scripts where patch creators are allowed to write their own scripts; sometimes these are written by product teams that have not considered patching in a live upgrade scenario.  We rarely see any issues with this test anymore. It seems that once we introduce a test we get an initial peak in test fails, the issues are fed back upstream and corrected and we then see a steady tailoff in failures.

Its been a while since I posted anything here so heres a few shots that I took recently around Dublin.
 

Trinity College

Famine Statues

Custom House
 

Shamrock Rovers take on Galway Utd at Tolka Park at 8pm this Friday. The Hoops are in second place in the league but 8 points off the top spot. All games are now must win games for Rovers if they are to secure what would be a historic league title.

A printable poster is also available.

The latest sanctions from the FAI have a couple of bizarre fines. Even by the FAI sanction press release standards!.

Before going into the sanctions have a look at this video. It from the Harps-v- Derry match on August 18^th 2007.

The following fines were handed down:

Derry Citywere fined €500 for the throwing of paper by their supporters in the match v Finn Harps (18.08.07). Decision under appeal to FAI.
Finn Harps were fined €500 for the throwing of paper by their supporters v Derry City(18.08.07).
Derry Citywere fined €1,000 as a result of a pitch invasion by their supporters following the match v Finn Harps (18.08.07). Decision under appeal to FAI.

The ‘pitch invasion’ looked fairly harmless. But whoever brought the kids to the game should have restrained them from doing that. I'm sure the Derry fans will be examining how to stop that happening in future.

The paper throwing is a more worrying fine. Supporters’ displays in the past were much better than the one in the above video. They had flares, plenty of flags, plenty of noise and were an attraction in themselves.

But the FAI banned flares. The fans started using smoke canisters. Then they banned smoke canisters. Fans started using more and bigger flags. Then flagpoles and even flags began to be banned. Ticker tape thrown into the air is still ok (as far as I know!), and until today paper streamers were too.

The F.A.I have gone beyond what can be accepted as a health and safety measure. Banning flares is, to an extent understandable from a safety aspect. However if safety was an issue you might have expected the FAI to allow clubs to work with them and safety officials to use flares in a controlled and safe way. Instead there is a complete ban.

It seems that the FAI’s aim is now to sanitize football and has nothing to do with safety. This is a spectacular own goal for the FAI. Those fans that organize these displays, at their own expense, should be encouraged to create bigger displays as this will in turn get better crowds to the games. Those that turn up to the big games only are more likely to return if there is a great atmosphere provided. Kids especially love this atmosphere – more and more kids are turning up early to matches to help out; this is a group of fans (or customers as the FAI probably refer to them) that we do not want to loose.

Where there are valid health and safety issues the FAI should work with the supporters and clubs to see how to address these. Paper streamers are not a health hazard.

It’s fairly basic marketing – promote your strengths. In the case of the league of Ireland the passionate supporters, their flags, displays and chants are a strength.

Let's try and have more of the picture on the left so we don't end up with more of the picture on the right.

No al Calcio Moderno

Following some recent discussions over on the SRFC Ultras message board (www.srfcultrasforum.com) I thought I’d do a little tutorial on how I made a simple 2 post flag. This flag is a little on the small side but hey it’s just a tutorial.

The idea behind 2 post flags is that it makes it easy to show off a message or a design. Large flags at the sidelines of matches are easy to read, but not easy to wave about. As soon as you start waving flags it makes it very difficult to see the design; the exception being clear designs on tifo flags.

 

The first thing you need a design. This can be as simple or as complicated as you like. Simple works best. Create it in your paint program of choice. It does not need to be actual resolution, once it looks good on your screen that fine.

Next you need material. You can get fabric from a drapery shop, currently it’s about €4.50 per meter near me, and about a meter wide also. Drapery shops usually have a ‘remnants bin’ where you can pick up bits of fabric for less than half that price. Another option is to get a bedsheet, you may be able to find these cheap in a department store.

Next you need to sew it. With a bedsheet the edges will already be sewn, but if you bought the fabric you will need to do this yourself. The simplest way is to iron the folds in place and then sew; its a lot easier if you iron it first. Make a fold a little less than 1cm on the edge and iron it, then fold that again and iron it.For the ends that the poles go into make sure there is enough room for the poles to fit first!

Regular edge.

  Flagpole edge.

You are now ready to sew it. If you don’t have a sewing machine ask your mother! She will have one or have a friend who does! Once you work out what all the knobs and switches do sewing machines are straightforward enough to use.

For the flagpole ends you need to make the second fold wide enough so that your poles fir through. That depends on what poles you get. I went for the cheap option again, 25mm electrical conduit tubes from Woodies DIY. These are light, not too flexible, not too rigid, and won't hurt if a kid at a match decides to hit his mate with it!

 Now to put the design on the flag. You need an overhead projector for this, joedehoop suggested this method to me . Most schools and offices will have one. I used one on the office that connects directly to a sunray, if you need one that uses transparencies just photocopy your design onto a transparency. Now tape your flag onto the wall and draw the outline of your design with a pencil.

 

The nest stage is painting. The more colours you use the longer this takes as you need to let one colour dry before starting another. Since this design has lots of straight lines in it I decided to mark these out using masking tape, that way you will get a much better edge. With the masking tape in place and a couple of sheets of newspaper under the flag you can start painting.

Leave to dry overnight and finish the next day. Don’t worry about the newspaper getting stuck to the flag, you can peel that off when its dry.

For the green colour I used paint I had lying around. The problem with this paint is that it will spread easily through the fabric. The black and yellow were acrylic paints from an art shop (€16 for 500ml, as advised by the artistic Mr. S-Side-Hoop), this does not spread out and generally stays where you paint it! I’d advise you to just use what you have lying around unless you need to do particular detailed designs – after all these flags are going to be viewed from a distance not up close so you can get away with errors like this.

 

Anyway here is what it looks like with a couple of others I've finished recently when finished:

Now go out and make flags! And most importantly go out and support your local team!

Image credit: B. Best, www.shamrockrovers.ie

 Forza Hoops!

Something that I've been meaning to do for a while is to carve a spoon. After coming back from Matty's wedding on Friday I noticed that a bough had broken off a sycamore tree in a nearby park. I took that as a sign to get on with it. So today I went up with a pocket saw and cut off a few sections of branches. Sycamore is a fairly soft wood and when its green its especially easy to work with.

I peeled off the bark with my trusty knife (ok a €15 Mora knife). Next made a rough sketch of where I wanted to carve out and with my trusty axe (ok the cheapest axe in Woodies (official sponsors to Shamrock Rovers F.C. btw!)). The knife and especially the axe needed a good sharpening but seem to be holding well. Anyway, lots of chopping and carving later I got something that resembled a spoon. The next step was to carve out the depression for the spoon bit. This was my first try with a spoon knife that I bought from Andrew at OutdoorCode, it cost about €35 euro but its one of those tools that you need for this kind of carving. An alternative to using the spoon knife would be to use embers to slowly burn the depression. After a couple of hours and a blistered thumb I ended up with a spoon.

I didn't bother reading much about what bits of wood to select and how exactly to carve before trying this. Sometimes you learn more by trying first, and Sunday afternoons are a good time to make mistakes anyway. One thing to change next time will be to use a bigger piece of wood. This was carved from a piece about 4cm in diameter - which doesn't give you much of a spoon! A branch at least 8cm thick is probably needed to get a decent sized spoon. Knots. I think I saw a Ray Mears program where he mentioned that using a fork in a branch made carving the spoon easier - having knots in the middle makes it harder that's for sure! I'll have to split a branch and see exactly how a branch is formed - 'open it and see how it works' is an approach that has yet to fail me!

 That's the spoon, and the tools used.

I've uploaded some photos of the Rovers -v Bohs game to my flickr account.

The highlights of the game are also online at the official website. 

Forza Hoops! 

There is a blueprint available on Patching mirrored systems using live upgrade. This document will take you through the steps needed to create an alternate boot environment and how to patch it.

Why bother? Well by using Live Upgrade you can drastically reduce downtime as you are applying patches to a non-running boot environment. You just need one reboot to make everything active. If you run into problems you can easily reboot back into the unpatched environment.

A couple of comments that didn't make it into the final doc:

1. I would always recommend using the '-c' option to lucreate to label your current boot environment. lucreate will try and give it a sensible name (d0 in the blueprint examples), but naming this yourself makes things clearer.

2. Solaris 10 can order patches automatically for you. So if you just want to add all the patches in a directory you don't need the order file. 'cd /path/to/patch; luupgrade -t -n "New_BE" -s /path/to/patch *' will do the job.

3. The blueprint focusses on the EIS CD, however you can also use LU to just apply a single patch. eg 'luupgrade -n newroot -t -s /export/patches 987654-32'

4. If for some reason you need to remove a patch LU can do this for you also using 'luupgrade -T'.

Even if you don't currently use mirrored root filesystems it is worth taking a look at this blueprint as the Live Upgrade methodology is the same for all systems.

There was an interesting segment on RTE's "Capital D" program tonight about the work that Shamrock Rovers do in the community. The video feed is at http://www.rte.ie/news/2007/0426/capitald.html The initiative from Shamrock Rovers include providing scolarships for payers to gain 3rd level qualifications. Just in case they dont make millions playing football! Also some schoolkids are featured whose training gear, school books and uniforms are paid for by Shamrock Rovers. Shamrock Rovers - Building The Future in Tallaght!

Speaking of Tallaght  the Tallaght Stadium saga rolls on. The next court date is in early May. Since my last blog about the stadium the GAA club Thomas Davis have been making some extraordinary moves. In an 11 page memo they informed their members that the local TD Conor Lenihan was barred from their club. Conor found out about this while members were buying him drinks at the clubhouse to celebrate a €200,000 grant from the government which Conor helped secure! Needless to say banning an elected representative from their club got quite a bit  of media coverage. The coverage prompted this reply in the Independents letters pages:

The Tallaght stadium saga


I would like to congratulate your paper for its balanced and comprehensive coverage of the on-going Tallaght stadium saga (Irish Independent, April 18).


It is about time the public were given a chance to take on board the true facts of the situation.


While local GAA activists are determined to portray victimisation at the hands of the local authority and the Minister for Sport, the
reality is that it is, and never was, practical to accommodate senior Gaelic games in the as-yet completed stadium. Trying to squeeze a square peg into a round hole springs to mind.


Its anchor tenants, Shamrock Rovers, have no objection to the playing of underage GAA events there as this will not contravene plans, which date back more than ten years, to develop the ground into a modern community facility for all the people of Tallaght.


For those who live or work close to the partially completed stadium and who are curious as to why it remains an ugly concrete shell, it is important that they are made aware that if it wasn't for the continued court actions of local GAA club Thomas Davis, then maybe the sports loving people of the area would have a top-of-the-table football match at the venue to look forward to this weekend.


Unfortunately, for now, it remains to be seen how long they will have to wait before they see Tallaght Community Stadium finally put to good use.