NetBSD configuration management

iMil, 09/05/2013 | Source: iMil

I’ve been obsessed with SaltStack for over a week. This infrastructure management suite is exactly what I needed for both my personal and professional servers: simple but modular, written in python, not depending on a thousand unnecessary complex messaging stacks as it bundles zeromq, capable of both orchestration and configuration management, all this through comprehensive, well documented API and commands.

Only drawback was it had poor NetBSD support. Was :)

It’s been a long time since I’ve dug into python, so it took me a little bit of effort, but Salt now has full support of pkgin in its generic packaging functions, knows how to handle NetBSD services and is capable of dealing with NetBSD‘s sysctl(8) and sysctl.conf.

Those pieces of code have been merged upstream, I hope they’ll be available in version 0.16!

Some examples:

$ cat packages/init.sls 
mypkgs:
  pkg.installed:
    - pkgs:
      - vim
      - tmux
      - bash
      - bash-completion
      - sudo

$ sudo salt '*' state.sls packages
watto:
----------
    State: - pkg
    Name:      mypkgs
    Function:  installed
        Result:    True
        Comment:   All specified packages are already installed.
        Changes:   
korriban:
----------
    State: - pkg
    Name:      mypkgs
    Function:  installed
        Result:    True
        Comment:   All specified packages are already installed.
        Changes:   
tatooine:
----------
    State: - pkg
    Name:      mypkgs
    Function:  installed
        Result:    True
        Comment:   All specified packages are already installed.
        Changes:   
coruscant:
----------
    State: - pkg
    Name:      mypkgs
    Function:  installed
        Result:    True
        Comment:   All specified packages are already installed.
        Changes:   
ragnos:
----------
    State: - pkg
    Name:      mypkgs
    Function:  installed
        Result:    True
        Comment:   All specified packages are already installed.
        Changes:   
exar:
----------
    State: - pkg
    Name:      mypkgs
    Function:  installed
        Result:    True
        Comment:   All specified packages are already installed.
        Changes:

$ sudo salt '*' cmd.run 'uname -a'
tatooine:
    Linux tatooine 3.2.0-4-686-pae #1 SMP Debian 3.2.41-2 i686 GNU/Linux
watto:
    NetBSD watto.home.imil.net 6.1_RC4 NetBSD 6.1_RC4 (GENERIC) i386
exar:
    NetBSD exar 6.0_STABLE NetBSD 6.0_STABLE (EXAR) #0: Sun Nov 25 12:39:12 CET 2012  root@exar:/usr/src/sys/arch/i386/compile/EXAR i386
coruscant:
    NetBSD coruscant 6.0 NetBSD 6.0 (XEN3_DOM0) amd64
korriban:
    NetBSD korriban.imil.net 6.0_STABLE NetBSD 6.0_STABLE (KORRIBAN) #0: Tue Jan  1 23:20:36 CET 2013  root@korriban.imil.net:/usr/src/sys/arch/amd64/compile/KORRIBAN amd64
ragnos:
    NetBSD ragnos 6.0 NetBSD 6.0 (RAGNOS) #2: Wed Oct 17 11:33:31 CEST 2012  root@ragnos:/usr/src/sys/arch/i386/compile/RAGNOS i386

$ sudo salt '*' pkg.version vim   
watto:
    7.3.762
exar:
    7.3.762
korriban:
    7.3.712
coruscant:
    7.3.762
ragnos:
    7.3.762
tatooine:
    2:7.3.547-7

$ sudo salt '*' service.status sshd
tatooine:
    False
watto:
    True
coruscant:
    True
exar:
    True
korriban:
    True
ragnos:
    True

If you whish to use these modules without tainting your Salt package installation, simply copy them to a _modules directory within the file_roots.

Happy Salting!

The post NetBSD configuration management appeared first on Emile "iMil" Heitor 's home.

CPU dynamic scaling on NetBSD

iMil, 02/05/2013 | Source: iMil

I know about estd for a while, that daemon “dynamically sets the CPU-frequency on Enhanced SpeedStep, PowerNow, and APCI P-States-enabled CPUs depending on current cpu-utilization” (manpage excerpt). Thing is, I’ve never seen any CPU changing from its current speed while monitoring the machdep.powernow.frequency.current sysctl.

In order to understand what was happening, I started estd with the -o flag, which outputs the CPU-frequencies as they are set. I then realized that the “ligh watermark percentage” and “low watermark percentage” default values were way too high (respectively 40 and 80) and were never reached, so the CPU speed was never changed.

With lower values, I was able to see the CPU speed increasing and lowering as expected. So I added the following line to the /etc/rc.conf file:

estd_flags="-l 5 -h 15 -a -m 800 -d"

meaning that the low watermark is set at 5 and the high watermark at 15, which were the values I’ve considered being the right ones while watching estd -o -a console output.

Since then, whenever a CPU intensive operation occurs, I can see the CPU speed rising with the following conky parameter:

CPU Frequency: ${alignr}${exec /sbin/sysctl -n machdep.powernow.frequency.current}

The post CPU dynamic scaling on NetBSD appeared first on Emile "iMil" Heitor 's home.

Lire un film cinéma numérique avec des logiciels open-source comme VLC

prae, 29/04/2013 | Source: Le petit journal du pr0n

Lire un film cinéma numérique (DCP) avec un logiciel libre était pour l’instant assez complexe ou bien la colorimétrie n’était pas la bonne (XYZ), ou bien les performances étaient désastreuses sur un ordinateur sans puissance. Le problème vient d’être résolu récemment sur la mailing-list interne de ffmpeg, voici la procédure simplifiée :

Récupération du code FFMPEG (avec libav)

$ git clone git://source.ffmpeg.org/ffmpeg.git ffmpeg-devel
$ cd ffmpeg-devel
$ patch -p1 < ffmpeg-dci.patch

Patch ffmpeg-dci (copie ici)

diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c
index 683062d..3e78b0b 100644
--- a/libavcodec/j2kdec.c
+++ b/libavcodec/j2kdec.c
@@ -30,6 +30,7 @@
 #include "avcodec.h"
 #include "bytestream.h"
 #include "internal.h"
+#include "thread.h"
 #include "j2k.h"
 #include "libavutil/common.h"
 
@@ -205,6 +206,7 @@ static int tag_tree_decode(J2kDecoderContext *s, J2kTgtNode *node, int threshold
 static int get_siz(J2kDecoderContext *s)
 {
     int i, ret;
+    ThreadFrame frame = { .f = s-&gt;picture };

// 
//    COUPURE 
//    Intégralité ici: http://pastebin.com/r9Qw0sve
//
 
@@ -1330,6 +1328,7 @@ AVCodec ff_jpeg2000_decoder = {
     .id             = AV_CODEC_ID_JPEG2000,
     .capabilities   = CODEC_CAP_FRAME_THREADS,
     .priv_data_size = sizeof(Jpeg2000DecoderContext),
+    .max_lowres     = 31,
     .decode         = jpeg2000_decode_frame,
     .priv_class     = &amp;class,
     .pix_fmts       = (enum PixelFormat[]) { AV_PIX_FMT_XYZ12,

(source: https://ffmpeg.org/trac/ffmpeg/ticket/1279)

Pour MacOSX :

$ port install openjpeg
$ export CFLAGS="-I/opt/local/include/"
$ export LDFLAGS="-L/opt//local/lib/"

Pour Linux

# n'installez pas la version 2.0 pour l'instant
$ apt-get install libopenjpeg-dev libopenjpeg

Compilation

$ ./configure --enable-libopenjpeg
$ make

Pour tester, récupérez un film cinéma numérique (DCP) :

./ffplay -lowres 2 ~/dcp/ts/1bf78c6d-7328-4363-ba5a-605b4ce275a6.mxf

Le paramètre important ici est « -lowres« .
A 0, vous aurez une qualité en pleine résolution (100% du 2K).
A 1, c’est 1/2ème de la résolution initiale (2K/(1/2)).
A 2, c’est 1/4ème de la résolution initiale (2K/(1/4)).
A 3, c’est 1/8ème de la résolution initiale (2K/(1/8)).

Suivant la puissance de votre ordinateur, calibrez le bon paramètre « lowres »

Et le résultat

VLC dépendant des librairies ffmpeg (libav), votre VLC (suivant quelques modifications bien entendu) pourra jouer un DCP avec la bonne colorimétrie et sur un ordinateur peu puissant.

Prochainement, la procédure pour l’intégrer sur ffmpeg/mplayer/VLC et avec le son.

EDIT
Pour tester avec un DCP : c’est par ici !

Debian backport of OpenSSH 6.2

iMil, 29/04/2013 | Source: iMil

Update

As written on the comments:

Colin Watson Says:
May 17th, 2013 at 7:12 pm

I uploaded 6.2 packages to Debian a week or so after you posted this, so you can/should now just use those instead. I expect they should build fine on wheezy.

As a matter of fact, the following is now deprecated

At ${DAYWORK}, we used to have our own OpenSSH debian package which included the famous OpenSSH LPK patch, which permits the use of an OpenLDAP server as an SSH public key provider.

I’ve been using OpenSSH-LPK for years, as this is a really handy solution and no valid alternative existed… until a couple of months.

OpenSSH 6.2 has a new configuration item called “AuthorizedKeysCommand”. The value associated to that key permits to call any executable as a public key provider. Yes, that is sexy.

Debian only have OpenSSH 6.1p1 packages available and tagged as “experimental”, so we had to hack a little bit in order to build 6.2 packages, here’s how:

  • Fetch experimental source package
    • # echo "deb-src http://ftp2.fr.debian.org/debian/ experimental main contrib non-free" > /etc/apt/sources.list.d/experimental.list
# apt-get update
$ mkdir openssh && cd openssh
$ apt-get source openssh
  • Bump the release
    • $ wget http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
$ cd openssh-6.1p1
$ uupdate -v 6.2p2 ../openssh-6.2p1.tar.gz
$ cd ../openssh-6.2p1
$ dch -i # enter changelog informations
  • Get rid of conflicting patches

    • As expected, many patches from debian don’t apply anymore, and I was not brave enough to backport them, I’ve just commented them in debian/patches/series:

    #gssapi.patch
#selinux-role.patch
#copy-id-restorecon.patch
#ssh-vulnkey.patch
#consolekit.patch
#user-group-modes.patch
#max-startups-default.patch
#package-versioning.patch
#debian-banner.patch
#lintian-symlink-pickiness.patch
#openbsd-docs.patch
#ssh-argv0.patch
#doc-upstart.patch
  • Remove uninstalled files

    • In order not to check some files that will not be present as we commented the patches which creates them, we’ll have to remove the following lines from debian/openssh-client.install

    usr/bin/ssh-vulnkey
usr/share/man/man1/ssh-vulnkey.1

    And the following one from debian/openssh-client.docs

    ChangeLog.gssapi

    Finally, we just comment out the use of the vulnerable_host_keys shell function in debian/openssh-server.postinst.in:

    fix_doc_symlink
create_sshdconfig
create_keys
#vulnerable_host_keys
fix_statoverride

    That’s it! You can now happily build the brand new OpenSSH version using debuild as usual.

    After installing it, you’ll have access to the AuthorizedKeysCommand option.

    Thanks gaston, davromaniak and SliX from #GCU for the help.

The post Debian backport of OpenSSH 6.2 appeared first on Emile "iMil" Heitor 's home.

vim tabs, tmux and Control-arrows

iMil, 26/04/2013 | Source: iMil

Here’s a .vimrc excerpt which permits the use of Control + Arrows sequences to navigate through vim tabs inside the tmux terminal multiplexer:

" inside screen / tmux
map <Esc>[C <C-Right>
map <Esc>[D <C-Left>
" insert mode
map! <Esc>[C <C-Right>
map! <Esc>[D <C-Left>
" no screen
map <Esc>[1;5D <C-Left>
map <Esc>[1;5C <C-Right>
" insert mode
map! <Esc>[1;5D <C-Left>
map! <Esc>[1;5C <C-Right>

nnoremap <C-t> :tabnew<CR>
nnoremap <C-w> :tabclose<CR>
nnoremap <C-right> :tabnext<CR>
nnoremap <C-left> :tabprevious<CR>
" insert mode
inoremap <C-t> <Esc>:tabnew<CR>
inoremap <C-w> <Esc>:tabclose<CR>
inoremap <C-right> <Esc>:tabnext<CR>
inoremap <C-left> <Esc>:tabprevious<CR>

The post vim tabs, tmux and Control-arrows appeared first on Emile "iMil" Heitor 's home.

IPv6 sur VPS Hetzner / NetBSD

Emmanuel Kasper, 23/04/2013 | Source: ::meta synthaxe::

Ayant découvert il y a quelques mois que mon hébergeur (Hetzner) proposait IPv6 sur ses offres VPS, je me suis décidé à l'activer, pour avoir un aperçu de la configuration requise.

Configuration envoyée par Hetzner:
IPs: 2a01:4f8:d13:1d00:: /64
Gateway: 2a01:4f8:d13:1d00::1 /64
Useable IP addresses:
2a01:4f8:d13:1d00::2 to 2a01:4f8:d13:1d00:ffff:ffff:ffff:ffff

On ajoute la première adresse du pool IPv6 à l'interface réseau:
cat /etc/ifconfig.rtk0
inet 78.47.36.230 netmask 0xfffffff0
inet6 2a01:4f8:d13:1d00::2 prefixlen 64

et on définit la passerelle IPv6:
cat /etc/mygate6                                              
2a01:4f8:d13:1d00::1

Après avoir ajouté une entrée de type AAAA sur le registrar DNS (pour moi Gandi) on vérifie que cette entrée est bien accessible:
host -t AAAA libera.cc
libera.cc has IPv6 address 2a01:4f8:d13:1d00::2

Par défaut Apache httpd "écoute" seulement sur IPv4, il faut ajouter "Listen [::]:80" dans /usr/pkg/etc/httpd/httpd.conf:
grep ^Listen httpd.conf 
Listen 0.0.0.0:80
Listen [::]:80

Avons une socket ouverte en IPv6 sur le port 80 ?
sockstat -f inet6  -ln | grep 80
www      httpd      700    4 tcp6   *.80                  *.*
www      httpd      1958   4 tcp6   *.80                  *.*
www      httpd      1971   4 tcp6   *.80                  *.*
root     httpd      2100   4 tcp6   *.80
On peut donc tester depuis une machine cliente si Apache envoie répond bien sur IPv6:
curl -6 libera.cc


Computer says: 


Computer says:

Hello World !



Business as usual ...





pkgsrc and github archives

iMil, 21/04/2013 | Source: iMil

I recently switched pkgin‘s repository from SourceForge‘s CVS to GitHub. Long story short, I heard here and there that SF was considering to drop CVS support and I found GitHub service to be more responsive and elegant. Also, I was looking for an excuse to learn git :)

Anyway, GitHub interface may be sexy, they used to have some kind of “upload” section which has been dropped. That may sound like a simple story, but the fact is when it comes to packaging a GitHub-hosted application, things are not that simple when the author has not explicitly tagged a specific release. Another use case, in which I actually am, is when you have an ongoing development, like pkgin in pkgsrc WIP and do not want to tag every test-release.

The way I found to handle that case with pkgsrc is to use GitHub’s commit archives. In short, I will use that kind of URL:

https://github.com/NetBSDfr/pkgin/archive/34b823c158e62e4d347de74499a075a2259382c5.tar.gz

which is redirected like this by GitHub:

HTTP/1.1 302 Found
Server: GitHub.com
Date: Sun, 21 Apr 2013 21:05:17 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 302 Found
Cache-Control: max-age=0, private
Strict-Transport-Security: max-age=2592000
X-Frame-Options: deny
Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Thu, 21-Apr-2033 21:05:17 GMT; HttpOnly
Location: https://nodeload.github.com/NetBSDfr/pkgin/tar.gz/34b823c158e62e4d347de74499a075a2259382c5
X-Runtime: 13
Content-Length: 156
Vary: Accept-Encoding

HTTP/1.1 200 OK
Server: GitHub.com
Date: Sun, 21 Apr 2013 21:05:18 GMT
Content-Type: application/x-gzip
Connection: keep-alive
Content-Length: 187510
Content-Disposition: attachment; filename=pkgin-34b823c158e62e4d347de74499a075a2259382c5.tar.gz
Vary: Accept-Encoding

and permits to point to a particular commit, no matter if it has been tagged or not.

A typical pkgsrc Makefile will look like this:

VERSION=                34b823c158e62e4d347de74499a075a2259382c5
DISTNAME=               ${VERSION}
PKGNAME=                pkgin-20130412
CATEGORIES=             pkgtools
MASTER_SITES=           https://github.com/NetBSDfr/pkgin/archive/
FETCH_USING=            curl

# [...]

WRKSRC=                 ${WRKDIR}/pkgin-${VERSION}

# [...]

Note that FETCH_USING= curl is mandatory here in order to follow redirect codes along with https.

There you go, happy GitHub packaging!

Update

Here’s another approach pointed out by Amitai Schlair (schmonz@):

GIT_COMMIT=	dd51ac5

DISTNAME=	${GIT_COMMIT}
PKGNAME=	p5-App-Prove-Plugin-ProgressBar-0.01
CATEGORIES=	devel perl5
MASTER_SITES=	-http://nodeload.github.com/Ovid/App-Prove-Plugin-ProgressBar/tar.gz/${GIT_COMMIT}

# [...]

WRKSRC=		${WRKDIR}/App-Prove-Plugin-ProgressBar-${GIT_COMMIT}

Here, Amitai doesn’t use HTTPS so specifying curl as the fetch method is not mandatory. The dash before the URL in the MASTER_SITES line means that DISTNAME will not be appended when fetching, which is very handy when it comes to GitHub archives.

The post pkgsrc and github archives appeared first on Emile "iMil" Heitor 's home.

Ymagis sur iTélé

prae, 07/04/2013 | Source: Le petit journal du pr0n

Cela me fait bizarre de voir Ymagis sur iTélé, et surtout des collègues :)


Veuillez installer Flash Player pour lire la vidéo

A voir, l’article de Sonovision de l’époque (2009)

GLMF 159

iMil, 30/03/2013 | Source: iMil

Il est là, il est chaud, et il contient deux articles de mon cru:

  • 3NMP: NetBSD, Nginx, Naxsi, MySQL, PHP
  • Nouvelles commandes et nouveaux démons dans NetBSD 6.0

GNU/Linux Magazine 159
Enjoy!

The post GLMF 159 appeared first on Emile "iMil" Heitor 's home.

pkgtools/pkgin, quick fix

iMil, 25/02/2013 | Source: iMil

Damn I love pkgsrc. Let me tell you this story as an example…

A while ago, a couple of pkgin users told me it was a shame that /usr/pkg/etc/pkgin/repositories.conf was still pointing to a 5.0 URL when pkgin is freshly installed. Thing is, pkgin does support the $osrelease variable, but on NetBSD, the result of kern.osrelease can be 6.0_SOMETHING, which would lead to:

ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/$arch/6.0_SOMETHING/All

and this does dot exists on the repository.

So in the REPOSITORIES file, which is used to generate the right repositories.conf entry, I added that line:

ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/$arch/@OSREL@/All

And wrote the following trick in pkgtools/pkgin‘s Makefile:

.if ${OPSYS} == "NetBSD"
SUBST_CLASSES+=         osrel
SUBST_STAGE.osrel=      pre-configure
SUBST_MESSAGE.osrel=    Adjusting repository OS release
SUBST_FILES.osrel=      REPOSITORIES
SUBST_SED.osrel=        -e "s|@OSREL@|${OS_VERSION:C/_.*//}|"
.endif

The SUBST framework, part of pkgsrc, will then use (a portable) sed to replace @OSREL@ with the variable ${OS_VERSION}, which is defined in mk/bsd.prefs.mk (included in the Makefile), but will erase anything like the regexp “_.*”. This magic is done by the :C modifier, which behaves like the :S modifier but is capable of replacing regexps instead of simple strings.

Learn to know the power of pkgsrc

The post pkgtools/pkgin, quick fix appeared first on Emile "iMil" Heitor 's home.