Flock 2015 – Report Day0 and Day1

Day 0:

I almost missed my flight at the san jose airport, My flight was supposed to take off by 2:55. There was a big queue at the airport around 2:30 pm.  I cleared TSA around 2:40 pm. It was tight!

Met  Major Haydon(major.io) at the Chicago midway (MDW) airport. Major was a keynote speaker at flock. He works for rackspace. The flight from chicago landed about 12:45 am in the morning at Rochester. We took a cab to the hotel. The hotel is 10 minutes from the airport.  My roommate aditya was jetlagged and was already sleeping. Managed to slip into  the bed without waking him up!

Day 1:

FPL (fedora project leader) Matt Miller did his usual state of the union in the morning. As the name implies it is about the current state of fedora project. More details about the state of union can be seen at http://fedoramagazine.org/state-fedora-2015-edition/

Koschei – Continuous integration for fedora

The next talk i attended was Koschei – Continuous integration for fedora packages by mikolaj. koschei is a CI  system that schedules koji builds and make sure that fedora packages are sane all the time. https://github.com/msimacek/koschei. koschei uses koji scratch builds. The scheduler of koschei is intelligent enough to schedule these builds when koji slaves are not busy.

The main motivation of koschei is to find FTBFS early and inform maintainers. The production instance of koschei is here https://apps.fedoraproject.org/koschei. More details about this presentation is here https://github.com/msimacek/koschei/blob/master/doc/pp/koschei.tex

Koji 2.0

Mike McLean (https://fedoraproject.org/wiki/User:Mikem) wrote the first line of code when dinosaurs were still alive :). Now he has plans to clean up koji under koji 2.0 project. koji is used to build packages for fedoraproject, it has many roles (rpm building, compose etc).

Mike wants to use python 2.6 for koji-2.0. It will also has support for python 3.0 using python-six. Most of the audience including me suggested that python 2.7 as it is the latest stable in 2.x release. Mike explained that he wants to support koji-client on RHEL6 which comes with python 2.6.

Luke Macken in the audience went even further and suggested that the server side of koji  should drop support for python 2.x and entirely written using python 3.0.

some of the koji 2.0 proposed features include,

•  build namespaces (re-building same nvr again and again)
• json-rpc
• content generators (https://fedoraproject.org/wiki/koji/ContentGenerators)
  •  other type of build process to feed into koji
  • robust metadata import
•  Following build types are proposed
  • rpm builds
  • maven builds
  • windows builds
  • image builds
  • + ???

Mike’s email about koji2.0 to koji-devel mailing list is available here https://lists.fedorahosted.org/pipermail/koji-devel/2015-June/000000.html

His talk sides are available here https://mikem.fedorapeople.org/Talks/flock-2015-koji-2.0/

Reproducible builds using koji

Reproducing koji builds was scheduled at 2:30 pm, It was the 3rd talk of the day.

In this talk Mike Mclean talked about debian’s reproducible build project
https://wiki.debian.org/ReproducibleBuilds. Builds are not (binary) reproducible because of following reasons,

•  Timestamps embedded into binaries during build time
• Usage pseudo-random numbers to generate code data
• Umask/uid
• uname, hostname, username
• locale
• Timezone

Mike was really appreciative of the debian reproducible build project. The debian team is actively upstreaming their patches. Some one in the audience noted that debian still allows builds created on developer workstations to be uploaded and deployed to repositories. So by having reproducible builds the binaries are easily verifiable.

Then Mike went on to talk about what it would take to make builds reproducible on koji He talked about using task-id/repo-id to preserve the state of repo’s and recreating them at a later point.  He also noted that the rpm metadata included in the rpm package makes it impossible to reproduce.

One of the audience suggested that the metadata could be  moved out of the
package in future to enable reproducible builds. Mike noted that he is very busy with  koji-2.0 work and does not want to spend more time on making builds  reproducible. However he was open to helping out someone who is willing to take on this challenge. Any takers?

Super privileged containers

The last talk of the day i attended was about ‘super privileged containers’ by Dan Walsh. Dan, showed lot of funny gif’s about selinux and docker before starting the presentation.His presentation is available here https://dwalsh.fedorapeople.org/Presentations/SPC/

RedHat’s atomic host doesn’t support yum install. Redhat customers often want some utlity to be included in the atomic host and Redhat wants atomic host to be minimal as possible. As you one can see these two goals are competing with each other. The current rule to include an utlity in the atomic host is to prove that it won’t work in a container.

Customers want to ship an application that will manage a host or manage other containers. Enter Super privileged container aka SPC.
A super privileged container must have the following

• It should  be a privileged container
• will enable all capabilities (CAP_*) in the container
• disable selinux separation (it will lie in the container)
• disable user namespace;
• disable mounting read only file systems;
• Allow creation of linux devices.
• Specific namespaces like network, ipc and pic should be disabled
  respectively using (‘–net=host;–net=ipc,–pid=host)
• SPC should mount /run into /run of the container and let container process to communicate with system dbus, systemd, or even docker daemon (docker run -v /run:/run)
• The entire host file system should be shared inside the container using
  docker run -v /:/host -e HOST=/host.

To do all these, you have to run a big docker command:
"/usr/bin/docker run -t -i --rm --privileged -v /:/host -v /run:/run -v
/etc/localtime:/etc/localtime --net=host --ipc=host --pid=host -e HOST=/host
-e NAME=fedora-spc -e IMAGE=fedora fedora /bin/sh"

As you can see this is a big command, redhat has introduced a ‘rheltools’ container image with project atomic. This tools image includes strace,gdb,sosreport and other tools The atomic command now allows users to run containers in SPC mode.

'atomic run --spc rheltools /bin/sh'

The big docker command now is encapsulated into a small atomic command.

Atomic command wraps os-tree as well,
– atomic host upgrade
– atomic host rollback
– atomic host status

Today there is not a good way to tell your users how to run the container you created. Some container may need special privileges for example ntpd needs –cap_add SYS_TIME; Without SYS_TIME ntpd container will break; To solve this problem redhat has introduced container image labels. Redhat added labels patch to docker which allows developer to create labels during container build time.'LABEL RUN docker -d -n ntpd --cap_add SYS_TIME IMAGE'

Now, ‘atomic run ntpd’ will automatically read this image json metadata and run the container appropriately.

Dan also distributed his container coloring book at the talk. If you want a pdf version of it please see http://bit.ly/1KuB1c6 (pdf). If you haven’t see his selinux coloring book checkout http://bit.ly/1K4Kueu. These books are designed by mairin duffy.

After the conference, we had a game night where we played board games until 11 pm

37.418758 -122.025679

Note to self: Resizing byobu to terminal size (tmux)

Often byobu reattaches to old session where the tmux windows are smaller than the terminal size

To fit the tmux window to terminal size run

Ctrl+a :attach -d

Reference: https://superuser.com/questions/905954/tmux-detaches-from-one-side-when-force-to-adjust-redimension

Looking for Linux kernel engineers at Yahoo

About the Role

Yahoo’s Linux Operating System team is looking for a Systems Engineer with kernel development experience. This job involves building, patching, performance evaluation and tuning of the Linux kernel. The candidate will be involved in hardware validation of Linux releases and participation in upstream and vendor communities. The overall goal is to support infrastructure needs by providing a secure and scalable operating system for cloud and non-cloud properties to build on.

Please apply for the position here http://j.rfer.us/YHODt-BAD (referral link). Feel free to contact me regarding the position at sagarun@fedoraproject.org

Conference Report – Flock 2014

This years Flock conference was held at Prague, czech republic. This was my first trip to the Europe. I needed a Visa for this trip unlike my American friends. I got the visa in the last minute from the Consulate of czech republic, Los Angeles. The Visa officer needed an insurance of minimum 50000 Euro with Medical reparation and Evacuation converge.  My company Yahoo was able to get that sorted in time.  I attended lot of talks and workshops at Flock. I took notes on some of the sessions i attended. Here is my conference report

Status of COPR build service – by Miroslav suchy

 

https://fedorahosted.org/copr/wiki/UserDocs
https://copr.fedoraproject.org/

COPR is an automatic build system to build rpms. COPR allows users to select
Arch and system (target) , accepts src.rpm from the user and generates binary
rpms in the backend and creates repo as well.

Unlike koji COPR doesn’t need a ‘fas’ account to build rpms. Technically any one
can build rpms on COPR.

Due to public nature of COPR it uses Virtual Machines to build rpms. A virtual machine
is setup and mock is used inside the VM to build the rpm.

COPR currently runs on openstack. There are 1381 projects, 25k builds, 250 G of data,
and 1 TB/month data transfered in COPR as we speak. Koji/OBS was evaluated to use in
COPR but the decided against it for some reasons. OBS signing daemon might be used
with COPR to sign rpms in future.

* Mock is kind of slow, there is a GSOC project to speed it up using LVM snapshots *
* Radek Holy is working on docker for rpm builds *

It is important to note that redhat software collections are built on COPR. There
is a jenkins plugin available for COPR which lets users to trigger COPR builds
from jenkins. There is a copr-cli available to builds.

ARM architecture support, package signing are in future TODO.

Here is the video of the talk

 

 

UEFI – The great satan and you – by Adam

 

I am a fan of UEFI. I have been closely following UEFI development and support in Linux for a while. If you do not know about UEFI, Adam Williamson has an impressive write up about it at https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/

Adam started with what is UEFI and then moved on to explain how older BIOS works. Adam’s talk focused on Desktop machines

How BIOS work?

– Boots the 1st sector of disk
– Chainloading
– The bootloader is sneaked in between MBR and the partition

UEFI

– Defines an EFI executable format.
– EFI executable is copied into FAT filesystem and the firmware can read it
– UEFI boot manager is used to change the boot order and EFI variables.
– There is a fallback path if the EFI executable is not found on the specified path
– Supports BIOS mode named CSM. CSM is going away soon.

Adam proposed following tests to tell if your machine is UEFI?

– Machine is Windows 8 pre-installed. Then it is must have UEFI in it.
– The “firmware” has mouse support then it is UEFI (BIOS can’t do that sh*t)

Adam showed some screenshots of crazy UEFI firmware UI implementations that makes identifying it more difficult for the user.

While multibooting adam asked the users to install both OS in same mode. Mixing BIOS (CSM) and UEFI is discouraged and unsupported in Fedora.

Adam then proposed following special commands to write a USB stick with EFI support

– dd: use dd on usb sticks
– livecd-iso-to-disk: pass –efi –format -reset-mbr
– liveusb-creator: well..it might work
– DO NOT use Unetbootin

Adam then revealed that, Peter Jones and Matthew Garret lobbied Microsoft to enable option to disable secure boot. They even have weekly calls. The engagement with microsoft has been very professional. Microsoft takes UEFI signing seriously.

I asked peter about completely removing microsoft key from the firmware. He said it is a “bad” idea because ROM based firmwares won’t load and they are signed by the Microsoft key. He also mentioned that there is a complex workaround to this problem. The workaround is generating the hash of the firmware and adding it to the shim whitelist.

Here is the video of the talk

 

Fast OS Deployment with Anaconda – By Arun S A G (me)

 

I presented and showed a demo on how to deploy operating systems fast on bare metal
machines. The entire talk was well received by the anaconda team.

The demo showed installations of a  Fedora 21 (pre release) VM which took 2 minutes
to complete.  Most of the audience were pleasantly surprised.

• There were some interesting thoughts and area for improvements came out of this talk
•  RedHat developer proposed me to make use of the cloud kickstart file which has very minimal set of package
• Peter Jones suggested that anaconda can/should be modified to produce tarballs as one of the build targets (anaconda right now supports iso targets)
• Most of the installation time was spent on generating ramdisk. So peter suggested we should pre-generate the ramdisk and include it in the tarball.
• rpmdb cache needs to be removed from the tarball.
• Adam williamson asked me to share some sample kick-start files from work so that we can well test different use cases before releasing anaconda.
• Automating the biosboot partition during the installation process was discussed

Here is the video of my talk

Overall it was a wonderful conference.  Thanks Yahoo and RedHat for sponsoring my travel and accommodation. It was good to see lot of volunteers again and i had a good time in Prague, Czech republic. I am looking forward to Flock 2015

I am going to Flock 2014

I will be speaking at flock. The topic is ‘Fast OS deployment with anaconda’. See you all there!

http://flock2014.sched.org/

Flock 2013 – Fedora at Yahoo

This is kind of a late post. I spoke at Flock. It was about “Fedora At Yahoo!” – How we use Fedora in desktops and laptops at Yahoo!

Here is the presentation http://sagarun.fedorapeople.org/misc/FedoraAtYahoo.pdf

Fedora 18 on MacBook Pro

OSX crashed on me while i was trying to update firmware. Instead of recovering it, i decided to install Fedora 18 on my MacBook.

System Info

lspci

lsusb

cpuinfo

Installation

I had made couple of Fedora 18 x86_64 DVD’s for the Fedora freemedia program. I grabbed one of them and started the installation to find myself dropping into a prompt. Apparently it is one of known issues with the Fedora 18 CD/DVD. After typing in ‘(cd0,apple3)/EFI/BOOT/grub.cfg’ the installation started. There was no problem with the installation.

Tweaks

I am used to natural scrolling, enabled it using the following setting

$ cat /etc/X11/xorg.conf.d/99-wt-natural-scroll.conf
Section “InputClass”
Identifier “Natural Scrolling”
Option “ZAxisMapping” “5 4”
EndSection

I like my function keys, following sets the fn keys as primary in the apple keyboard

$ cat /etc/modprobe.d/hid_apple.conf
options hid_apple fnmode=2

Above option also can be passed using kernel command line. You will have to edit the grub.cfg for that /boot/efi/EFI/fedora/grub.cfg

Wireless

By default Fedora 18 didn’t detect my broadcom wireless network card (Broadcom Corporation BCM4331 802.11a/b/g/n (rev 02) to be exact) It needed a proprietary firmware. I downloaded b43-firware module from “russian fedora” http://pkgs.org/fedora-18/russian-fedora-nonfree-i386/b43-firmware-5.100.138-1.fc17.noarch.rpm.html and installed it. After the reboot things started working.

The proprietary driver doesn’t seem to support power management, it may cause problems during suspend/resume operation. So i instructed the power manager to unload the module while suspending the machine

$ cat /etc/pm/config.d/defaults
SUSPEND_MODULES=”b43″

Other bugs

GNOME 3 Desktop often doesn’t get show up after unlocking the screen https://bugzilla.redhat.com/show_bug.cgi?id=878736 If it happens press CTRL+ALT+F2 , login via tty and run ‘DISPLAY=:0 gnome-shell –replace’

The new kernel kernel-3.8.2-206.fc18.x86_64 panics while booting on MacBook Pro https://bugzilla.redhat.com/show_bug.cgi?id=922175

python-requests package update

The newest version of python-requests now supports python 3. The python 3 version of requests is available as python3-requests package. Thanks Rex Dieter for the patch https://bugzilla.redhat.com/show_bug.cgi?id=807525 . I have also decided to maintain python-requests for EL6, i have pushed the latest version 0.11.1 to EL6.

Though it violates the updates policy https://fedoraproject.org/wiki/Updates_Policy, i have updated python-requests from 0.6.6 to 0.10.8 in Fedora 16 as python-requests is a fast moving young project.

All the packages should land in updates-testing in a few days. Please visit https://admin.fedoraproject.org/updates/python-requests to learn more about the updates.

Trip to Sastra University – Trichy

I was invited to visit Sastra university – Trichy for a workshop on Free Software. I joined with Aditya and Srishti at KPN office bangalore. We boarded an air-conditioned  sleeper coach by 11.30 P.M and reached Trichy by 6 AM. The road was bit bumpy, i couldn’t sleep much.  As expected Trichy was much warmer than Bangalore in the morning. Trichy main bus stand has couple of Kamaraj statues. Sristi was surprised to see the ‘Golden’ statues of kamaraj.

While we were discussing about kamaraj, our cab arrived. The Sastra university is 45 minutes drive from Trichy. It is located between Trichy and Tanjore. We were asked to stay at the Guest house.

By 10 A.M i started my session on Free Software at one of their ‘smart classrooms’. I explained students about free software and its importance. My second talk was on GNU/Linux Commands, the talk was based on Stanford universities open classroom session on PracticalUnix. Students tried various commands on their laptops as i explained them. Aditya introduced python and  Srishti introduced QT to students on the first day.

We  had a good dinner at ‘Canopy’ Sastra’s canteen which is being managed by students. We finished the dinner with a tasty creamy cold coffee sponsored by Srishti. I was very tired after travel; so i went to bed early.

After a good sleep, I started the second day by introducing Django to students. I explained Django by creating a small blogging application. Many students tried to follow my instructions and came up with the small blogging website (Yay!). Next I joined with Sristi and introduced git revision control system to students using Shakthi‘s ‘di-git-ally-managing-love-letters‘ presentation. The students loved it! Aditya did a workshop on puppet on the second day. We also met the I.T department professor and had a little talk. She presented us with a memento .

By 6.30 P.M we left the college by saying good bye. We had to board the bus at Tanjore. Tanjore is famous for its Brihadeeswarar Temple. It was built on 11th century. We visited the temple and spent some time there. After dinner , we boarded the bus back to Bangalore. Srishti took lot of pictures during the visit (will be uploaded soon)

FUDCon Pune 2011

 

My flight reached at Pune 15 minutes before the schedule.  Vaidik and I planned over IRC to share the cab from airport to the hotel.  His flight was 30 mins late. I was not able to reach his mobile phone even after his flight landed. We never seen each other before. Finally i noticed a guy with a ‘Drupal’ T-shirt, i decided to bite the bullet and asked him “Are you vaidik?” Fortunately the answer was a ‘Yes’. By the way vaidik helped us with the  fudcon.in website.

While i  was waiting for Vaidik to book a cab,  I heard some one asking me “Are you going to FUDCon?”  that was .Srishti Sethi Gcompris contributor and GSOC student . Apparently she too identified us using our “Geeky” T-Shirts. We three ended up sharing the cab.

Moral : Wear a geeky T-shirt when you are going to a Technical conference.

Back in hotel i met Kushal, Praveen, Soumya aditya (my room mate)  and Jared.

Day 1:

We all had breakfast at the hotel and  hopped into a van to reach the FUDCon venue. We were welcomed by Amit, Shakthi, Rahul and others  Day 1 of FUDCon started with jared’s talk. He only used pictures in his presentation and did all the talking. His talk was thought provoking. After the keynote address  i went to speaker’s lounge to prepare for my afternoon workshop. I met Joerg  there. I introduced myself as  maintainer of sqlninja.  Joerg gave me commit access to security spin’s repository. I promised to help him with the future security spin releases..

In the afternoon, I did a workshop on “Practical GNU/Linux” for the students of college of engineering Pune. The workshop was inspired by Stanford’s open classroom session named “practical unix” I managed to pull most of crowd from auditorium’s to my workshop (evil grin). The slides are available here

Day 2:

After attending Harish’s talk on community,  I started my talk on Django. I explained folks on how to create web apps using Django using a simple blog application. The slides are available here. My talk was followed by rtnpro‘s “Testing Django apps” talk. He extended by blog application and added test cases to it. The code is available here . After the talk to our pleasant surprise some one from COEP approached us with half written Django app. We happily helped her fix the issue. In the afternoon i attened  jsmith’s “publican” talk and Srishti’s “cute hacks using pygoocanvas”.

In the evening we left for FUDPub. FUDPub was awesome , everything happened on  a roof top with DJ and dance.

Day 3: – Hackfest’s

Rahul  was late to the venue on Day 3 (FUDPub?). I introduced askbot on behalf of Rahul to the people and invited them to join our hackfest. Most of them joined us  were new to Django so we had to help them a bit. Then i started working on “Export questions and answers as pdf” feature of askbot. I ended up using “Reportlab” python library for pdf generation. A lot need to be done to complete this feature. I hope i can make most out of my upcoming weekends.

FUDcon was awesome, It was nice to see lot of people face to face.

I had lot of memorable moments at FUDCon, Rahul played a prank on how i stole  pair of  baby pink coloured slippers from srishti  🙂 (the baby pink slippers are now talk of  the town, read other’s blog posts ) The mini push up’s competition at FUDPub. Taste of my first  beer/cocktail  ( i have no plans to drink again ). I am sure events like FUDCon will  help bring people together and instrumental in creating a strong community. Thanks Red Hat for sponsoring my travel and accommodation .