Flock 2015 – Report Day0 and Day1

Day 0:

I almost missed my flight at the san jose airport, My flight was supposed to take off by 2:55. There was a big queue at the airport around 2:30 pm.  I cleared TSA around 2:40 pm. It was tight!

Met  Major Haydon(major.io) at the Chicago midway (MDW) airport. Major was a keynote speaker at flock. He works for rackspace. The flight from chicago landed about 12:45 am in the morning at Rochester. We took a cab to the hotel. The hotel is 10 minutes from the airport.  My roommate aditya was jetlagged and was already sleeping. Managed to slip into  the bed without waking him up!

Day 1:

FPL (fedora project leader) Matt Miller did his usual state of the union in the morning. As the name implies it is about the current state of fedora project. More details about the state of union can be seen at http://fedoramagazine.org/state-fedora-2015-edition/

Koschei – Continuous integration for fedora

The next talk i attended was Koschei – Continuous integration for fedora packages by mikolaj. koschei is a CI  system that schedules koji builds and make sure that fedora packages are sane all the time. https://github.com/msimacek/koschei. koschei uses koji scratch builds. The scheduler of koschei is intelligent enough to schedule these builds when koji slaves are not busy.

The main motivation of koschei is to find FTBFS early and inform maintainers. The production instance of koschei is here https://apps.fedoraproject.org/koschei. More details about this presentation is here https://github.com/msimacek/koschei/blob/master/doc/pp/koschei.tex

Koji 2.0

Mike McLean (https://fedoraproject.org/wiki/User:Mikem) wrote the first line of code when dinosaurs were still alive :). Now he has plans to clean up koji under koji 2.0 project. koji is used to build packages for fedoraproject, it has many roles (rpm building, compose etc).

Mike wants to use python 2.6 for koji-2.0. It will also has support for python 3.0 using python-six. Most of the audience including me suggested that python 2.7 as it is the latest stable in 2.x release. Mike explained that he wants to support koji-client on RHEL6 which comes with python 2.6.

Luke Macken in the audience went even further and suggested that the server side of koji  should drop support for python 2.x and entirely written using python 3.0.

some of the koji 2.0 proposed features include,

•  build namespaces (re-building same nvr again and again)
• json-rpc
• content generators (https://fedoraproject.org/wiki/koji/ContentGenerators)
  •  other type of build process to feed into koji
  • robust metadata import
•  Following build types are proposed
  • rpm builds
  • maven builds
  • windows builds
  • image builds
  • + ???

Mike’s email about koji2.0 to koji-devel mailing list is available here https://lists.fedorahosted.org/pipermail/koji-devel/2015-June/000000.html

His talk sides are available here https://mikem.fedorapeople.org/Talks/flock-2015-koji-2.0/

Reproducible builds using koji

Reproducing koji builds was scheduled at 2:30 pm, It was the 3rd talk of the day.

In this talk Mike Mclean talked about debian’s reproducible build project
https://wiki.debian.org/ReproducibleBuilds. Builds are not (binary) reproducible because of following reasons,

•  Timestamps embedded into binaries during build time
• Usage pseudo-random numbers to generate code data
• Umask/uid
• uname, hostname, username
• locale
• Timezone

Mike was really appreciative of the debian reproducible build project. The debian team is actively upstreaming their patches. Some one in the audience noted that debian still allows builds created on developer workstations to be uploaded and deployed to repositories. So by having reproducible builds the binaries are easily verifiable.

Then Mike went on to talk about what it would take to make builds reproducible on koji He talked about using task-id/repo-id to preserve the state of repo’s and recreating them at a later point.  He also noted that the rpm metadata included in the rpm package makes it impossible to reproduce.

One of the audience suggested that the metadata could be  moved out of the
package in future to enable reproducible builds. Mike noted that he is very busy with  koji-2.0 work and does not want to spend more time on making builds  reproducible. However he was open to helping out someone who is willing to take on this challenge. Any takers?

Super privileged containers

The last talk of the day i attended was about ‘super privileged containers’ by Dan Walsh. Dan, showed lot of funny gif’s about selinux and docker before starting the presentation.His presentation is available here https://dwalsh.fedorapeople.org/Presentations/SPC/

RedHat’s atomic host doesn’t support yum install. Redhat customers often want some utlity to be included in the atomic host and Redhat wants atomic host to be minimal as possible. As you one can see these two goals are competing with each other. The current rule to include an utlity in the atomic host is to prove that it won’t work in a container.

Customers want to ship an application that will manage a host or manage other containers. Enter Super privileged container aka SPC.
A super privileged container must have the following

• It should  be a privileged container
• will enable all capabilities (CAP_*) in the container
• disable selinux separation (it will lie in the container)
• disable user namespace;
• disable mounting read only file systems;
• Allow creation of linux devices.
• Specific namespaces like network, ipc and pic should be disabled
  respectively using (‘–net=host;–net=ipc,–pid=host)
• SPC should mount /run into /run of the container and let container process to communicate with system dbus, systemd, or even docker daemon (docker run -v /run:/run)
• The entire host file system should be shared inside the container using
  docker run -v /:/host -e HOST=/host.

To do all these, you have to run a big docker command:
"/usr/bin/docker run -t -i --rm --privileged -v /:/host -v /run:/run -v
/etc/localtime:/etc/localtime --net=host --ipc=host --pid=host -e HOST=/host
-e NAME=fedora-spc -e IMAGE=fedora fedora /bin/sh"

As you can see this is a big command, redhat has introduced a ‘rheltools’ container image with project atomic. This tools image includes strace,gdb,sosreport and other tools The atomic command now allows users to run containers in SPC mode.

'atomic run --spc rheltools /bin/sh'

The big docker command now is encapsulated into a small atomic command.

Atomic command wraps os-tree as well,
– atomic host upgrade
– atomic host rollback
– atomic host status

Today there is not a good way to tell your users how to run the container you created. Some container may need special privileges for example ntpd needs –cap_add SYS_TIME; Without SYS_TIME ntpd container will break; To solve this problem redhat has introduced container image labels. Redhat added labels patch to docker which allows developer to create labels during container build time.'LABEL RUN docker -d -n ntpd --cap_add SYS_TIME IMAGE'

Now, ‘atomic run ntpd’ will automatically read this image json metadata and run the container appropriately.

Dan also distributed his container coloring book at the talk. If you want a pdf version of it please see http://bit.ly/1KuB1c6 (pdf). If you haven’t see his selinux coloring book checkout http://bit.ly/1K4Kueu. These books are designed by mairin duffy.

After the conference, we had a game night where we played board games until 11 pm

37.418758 -122.025679

Conference Report – Flock 2014

This years Flock conference was held at Prague, czech republic. This was my first trip to the Europe. I needed a Visa for this trip unlike my American friends. I got the visa in the last minute from the Consulate of czech republic, Los Angeles. The Visa officer needed an insurance of minimum 50000 Euro with Medical reparation and Evacuation converge.  My company Yahoo was able to get that sorted in time.  I attended lot of talks and workshops at Flock. I took notes on some of the sessions i attended. Here is my conference report

Status of COPR build service – by Miroslav suchy

 

https://fedorahosted.org/copr/wiki/UserDocs
https://copr.fedoraproject.org/

COPR is an automatic build system to build rpms. COPR allows users to select
Arch and system (target) , accepts src.rpm from the user and generates binary
rpms in the backend and creates repo as well.

Unlike koji COPR doesn’t need a ‘fas’ account to build rpms. Technically any one
can build rpms on COPR.

Due to public nature of COPR it uses Virtual Machines to build rpms. A virtual machine
is setup and mock is used inside the VM to build the rpm.

COPR currently runs on openstack. There are 1381 projects, 25k builds, 250 G of data,
and 1 TB/month data transfered in COPR as we speak. Koji/OBS was evaluated to use in
COPR but the decided against it for some reasons. OBS signing daemon might be used
with COPR to sign rpms in future.

* Mock is kind of slow, there is a GSOC project to speed it up using LVM snapshots *
* Radek Holy is working on docker for rpm builds *

It is important to note that redhat software collections are built on COPR. There
is a jenkins plugin available for COPR which lets users to trigger COPR builds
from jenkins. There is a copr-cli available to builds.

ARM architecture support, package signing are in future TODO.

Here is the video of the talk

 

 

UEFI – The great satan and you – by Adam

 

I am a fan of UEFI. I have been closely following UEFI development and support in Linux for a while. If you do not know about UEFI, Adam Williamson has an impressive write up about it at https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/

Adam started with what is UEFI and then moved on to explain how older BIOS works. Adam’s talk focused on Desktop machines

How BIOS work?

– Boots the 1st sector of disk
– Chainloading
– The bootloader is sneaked in between MBR and the partition

UEFI

– Defines an EFI executable format.
– EFI executable is copied into FAT filesystem and the firmware can read it
– UEFI boot manager is used to change the boot order and EFI variables.
– There is a fallback path if the EFI executable is not found on the specified path
– Supports BIOS mode named CSM. CSM is going away soon.

Adam proposed following tests to tell if your machine is UEFI?

– Machine is Windows 8 pre-installed. Then it is must have UEFI in it.
– The “firmware” has mouse support then it is UEFI (BIOS can’t do that sh*t)

Adam showed some screenshots of crazy UEFI firmware UI implementations that makes identifying it more difficult for the user.

While multibooting adam asked the users to install both OS in same mode. Mixing BIOS (CSM) and UEFI is discouraged and unsupported in Fedora.

Adam then proposed following special commands to write a USB stick with EFI support

– dd: use dd on usb sticks
– livecd-iso-to-disk: pass –efi –format -reset-mbr
– liveusb-creator: well..it might work
– DO NOT use Unetbootin

Adam then revealed that, Peter Jones and Matthew Garret lobbied Microsoft to enable option to disable secure boot. They even have weekly calls. The engagement with microsoft has been very professional. Microsoft takes UEFI signing seriously.

I asked peter about completely removing microsoft key from the firmware. He said it is a “bad” idea because ROM based firmwares won’t load and they are signed by the Microsoft key. He also mentioned that there is a complex workaround to this problem. The workaround is generating the hash of the firmware and adding it to the shim whitelist.

Here is the video of the talk

 

Fast OS Deployment with Anaconda – By Arun S A G (me)

 

I presented and showed a demo on how to deploy operating systems fast on bare metal
machines. The entire talk was well received by the anaconda team.

The demo showed installations of a  Fedora 21 (pre release) VM which took 2 minutes
to complete.  Most of the audience were pleasantly surprised.

• There were some interesting thoughts and area for improvements came out of this talk
•  RedHat developer proposed me to make use of the cloud kickstart file which has very minimal set of package
• Peter Jones suggested that anaconda can/should be modified to produce tarballs as one of the build targets (anaconda right now supports iso targets)
• Most of the installation time was spent on generating ramdisk. So peter suggested we should pre-generate the ramdisk and include it in the tarball.
• rpmdb cache needs to be removed from the tarball.
• Adam williamson asked me to share some sample kick-start files from work so that we can well test different use cases before releasing anaconda.
• Automating the biosboot partition during the installation process was discussed

Here is the video of my talk

Overall it was a wonderful conference.  Thanks Yahoo and RedHat for sponsoring my travel and accommodation. It was good to see lot of volunteers again and i had a good time in Prague, Czech republic. I am looking forward to Flock 2015

I am going to Flock 2014

I will be speaking at flock. The topic is ‘Fast OS deployment with anaconda’. See you all there!

http://flock2014.sched.org/

I am going to FUDCon Pune 2011

 

Yet another reason to use duckduckgo

I started using duckduckgo after heavy lobbying from the LUG folks . It is indeed good. They are very open to feedback and change. Take a look at the below conversation

 

Now searching for “BIL” in duckduckgo shows up info about BIL conference on the first page https://duckduckgo.com/?q=BIL

Fedora presence @ FOSS.in – day 1

This is my first ever foss.in.  My flight arrived at bangalore by 8.30 in the morning. It took me nearly 2 hrs to reach my hotel from the airport. Beware if you want to catch a flight you better prepare and go well ahead of the time ’cause bangalore’s traffic sucks. I met aditya, amit and shreyank at the hotel and we headed towards the foss.in venue.

Everything started an hour late. The first talk was about wikipedia. Danese cooper CTO of wikimedia foundation gave a talk on the technology that drives the world’s fifth largest website. Santhosh thottingal’s work on wiki2cd was appreciated  by the wikimedia team. wiki2cd helps in creating offline content out of wikipedia.After the talk we met rahul and got our Fedora t-shirts (yay!) .

In the afternoon aditya and i went into meego mini-conf sessions by Nokia. Nokia is really trying to push meego into the mainstream (Good luck Nokia). In the evening the keynote address was given by rahul. He talked on a topic named “Failures of Fedora and what we have learned from them”, he gave us insights into what red hat/community did wrong and what they learnt from it. It was an awesome talk. Some points from his talk includes merger of core/extras repositories into a single repo, opening up the infrastructure, focus on improving packaging quality/guidelines, the problems they faced with documentation(because of red hat’s initial stand on freeing up the documentation license) , the proposed removal of CLA, the new update policy etc.

Finally we Fedora folks including lennart poettering went into a bar/restaurant and had a very good dinner. Thanks to the community architecture team for everything. We spent lot of time talking about what could be done to improve the  project. Harish pillay joined us there later in the restaurant. He explained why LTSP in Fedora needs some love and how it is getting  distro centric. We came back to hotel by 11.30 PM.

More pictures at http://www.zer0c00l.in/impressions/index.php/FOSS-IN-2010

Badam halwa foss conf 2009

Thiagarajar College of Engineering, Madurai (TCE), has conducted a 3 day conference on free open source software (www.fossconf.in) with a little help ilugc and nrcfoss.I attended all the three days.

As we registered for a demo stall, for the first two days i was busy explaining about my demo stall.
The demo stall was on “Security power tools in linux”.Initially i thought of giving demo on nmap,ettercap and metasploit framework.But removed metasploit framework at the last moment.

Most people came there were familiar with nmap.I explained them about ettercap.How to create hostlist.How to do a MITM with ettercap.How to use various ettercap plugins.I explained about arp cache poisoning.

They provided internet connection (both wireless and wired) and assigned ip in class A.So i took some range to demo ettercap.

I nmaped their proxy server.Intercepted communication between particular range of computers and the proxy server to demo ettercap (well no offence, i havent stored or captured any thing important).

People were amazed to see the TFT screen of my laptop when i started packet visualization (packet visualization just printf’s all packets)

One guy from TCE claimed that nmap is a freeware not free software (Oh my holy god), i took pain to show the license information in the man pages of nmap.(/gpl)

Kids of TVS matric higher secondary school,explained about their demo stalls in cute english.I bow Mr.Raman who made a wise choice of giving prizes to encourage the school students.

Today in Tamilnadu foss grows really in schools not in colleges (:() .I know a lot of engineering students who dont know a heck about linux, this is a real shame.

I met people like shakthi kannan (http://www.shakthimaan.com/) .Jaya Engineering college CSE hod, who is the stepping stone for foss in his college (www.jayafossclub.org).I met collabnet people (people who created svn).Ubuntu tamil team.

On the last day, the demo stalls were closed, so attended talks. Morning I attended the first session which was about NRC-FOSS academic initiatives (?).And raised some interesting questions.

Then second session i attended was about “Network tools in linux” by barathi subramaniam.Which was very basic to me.

The third was about Eclipse IDE.

And fourth was a blast, people who created SVN explained us about SVN,GIT and CVS.

See pictures:http://www.shakthimaan.com/Mambo/gallery/album53
more pictures:http://www.flickr.com/photos/35956002@N03/

Long live foss and foss conference.. 🙂