Mac 10.7, python-ldap, MySQL-python, homebrew

I configured a Mac 10.7 machine to resume writing a Python program I had to put on hold. I needed python-ldap and found a guide on how to get it working on Lion. I was also introduced to homebrew in the process. I also found a workaround for MySQL-python on Lion.

RHEL6 latency on Dell M610: C States

We ran into latency problems on Dell M610 servers using RHEL6 while RHEL5 performed perfectly. The RHEL6 stock kernel has a module called intel_idle which ignores Dell's BIOS settings to disable C-states. We've set the following in the tail of the boot line in /etc/grub.conf and so far so good.

intel_idle.max_cstate=0 processor.max_cstate=1

When I started here six years ago we had a DNS server with a similar problem solved basically the same way; with a "acpi=off" to disable ACPI.

Update: The above seems to have helped servers connected to the SAN but not one which just uses the local disk. RedHat had some interesting tweaks to try with MegaCli, hdparm, and the scheduler as they think it's IO related:

Set policy to cache data:

# MegaCli64 -LDSetProp -Cached -LAll -aAll

Enable disks' cache:

# MegaCli64 -LDSetProp EnDskCache -LAll -aAll
# MegaCli64 -LDSetProp ADRA -LALL -aALL

Enable write cache, but first verify if the controller is battery backed:

# MegaCli64 -AdpBbuCmd -GetBbuStatus -a0 | grep -e '^isSOHGood' -e '^Charger Status' 

If the above results display no BBU, do not proceed.
If we have a battery backed controller, enable write cache.

# MegaCli64 -LDSetProp WB -LALL -aALL

If battery fails or is discharged, disable write cache:

# MegaCli64 -LDSetProp NoCachedBadBBU -LALL -aALL

Verify policy is Enabled:

# MegaCli64 -LDInfo -LAll -aAll |grep 'Disk Cache'

Disk Cache Policy: Enabled
Disable local device caching:

# hdparm -W0 /dev/sda

- Add the above to /etc/rc.local to persist reboots.

Edit /etc/fstab and modify the mount options, ie: 
/dev/mapper/vg_root-lv_root / ext4 defaults,nobarriers,data=writeback 1 1
...
...

The filesystem(s) would need be remounted for changes to take effect.
Next, we will change the scheduler to Deadline.

# echo 'deadline' > /sys/block/sda/queue/scheduler
# echo 200 > /sys/block/sda/queue/iosched/read_expire
# echo 500 > /sys/block/sda/queue/iosched/write_expire

- Add the above commands to /etc/rc.local to persist reboots.

KVM PCI device assignment

My coworker is setting up KVM PCI device assignment to get around a problem he had with assigning more than four drives per server. Normally we'd just use clustered LVM and assign drives directly from the SAN by editing that VMs XML file contained in /etc/libvirt/qemu/ . However, this is the first time we've needed more than four drives per VM and KVM will only allow 4 drives per server since we're limited to a single disk controller.

Update: Turns out this was not a good idea since the VM would monopolize the device on the physical machine; e.g. the VM would get an HBA to the SAN.

Update 2: Using NPIV seems to be the right thing for this.

MySQL: replace into

I am having one of those nights where I appreciate Shlomi Noach's REPLACE INTO: think twice. "REPLACE INTO" is not a conditional insert or update based on if the same key exists. It's better thought of as a conditional insert OR delete then insert query. This will get you if you're trying to do a field_name=field_name in your query to preserve it's value as you would do with an update since the original field_value would be lost. I re-wrote my query to do a "INSERT ... ON DUPLICATE KEY UPDATE" instead.

web.py on Mac OS X 10.7

Lion comes with Python 2.7.1 and easy_install is working so all you have to do is:

$ sudo easy_install web.py
Password:
Searching for web.py
Reading http://pypi.python.org/simple/web.py/
Reading http://webpy.org/
Best match: web.py 0.36
Downloading http://pypi.python.org/packages/source/w/web.py/web.py-0.36.tar.gz#md5=3f9ee778c5c34357a0233c1f0e024d00
Processing web.py-0.36.tar.gz
Running web.py-0.36/setup.py -q bdist_egg --dist-dir /tmp/easy_install-qC65Ak/web.py-0.36/egg-dist-tmp-CjDoLl
zip_safe flag not set; analyzing archive contents...
web.application: module references __file__
web.debugerror: module references __file__
Adding web.py 0.36 to easy-install.pth file

Installed /Library/Python/2.7/site-packages/web.py-0.36-py2.7.egg
Processing dependencies for web.py
Finished processing dependencies for web.py
$  

You might also be interested in Setting up PHP & MySQL on OS X 10.7 Lion to get it working with MySQL.

Claws Mail Client

Thunderbird has been performing so badly that I've switched to Claws. The important features for me from Thunderibrd were satisfied by Claws:

• Quick response (Thunderbird was getting too slow)
• IMAP/SMTP over SSL
• Threaded View
• Emacs as my editor
• GPG Plugin
• Support for Zimbra tags
• Easy view of mail headers
• Some type of scripting support (Python and Perl)

It also has a calendar plugin I might try; I've been sticking with Zimbra webmail for calendars/contacts.

On Fedora you can easily install it with its plugins:

yum install claws-mail
 claws-mail-plugins-smime
 claws-mail-plugins-pgp 
 claws-mail-plugins-python 
 

Whiptail in New York Times

Whiptail was mentioned in the New York Times.

pychart & web.py

I'm writing a web interface in web.py to display statistics on a migration of data that will take days to run. The migration will be done by several scripts which rsync on a loop to keep the data fresh and I expect that each run of the program will take less time than the previous run. The migration scripts are logging this and I want my web interface to display the shrinking synchronization window graphically. I used PyChart to create a graph within a web.py GET class and used PyChart's canvas and Python's StringIO to get web.py to display the image dynamically.

class pychart:
    def GET(self):
        # sample data, that will be passed as an argument (left for this demo)
        data = [(1, 6), # the first run took 6 days
                (2, 3), # the second run took 3 days
                (3, 1)] # the third run too
        import cStringIO
        from pychart import theme, axis, area, line_plot, line_style, tick_mark, canvas
        f = cStringIO.StringIO()
        can = canvas.init(f, format="png")
        theme.use_color = 1
        theme.scale_factor = 2
        theme.reinitialize()
        theme.get_options()
        xaxis = axis.X(format="/a-60/hL%d", tic_interval = 1, label="Runs")
        yaxis = axis.Y(tic_interval = 1, label="Days")
        ar = area.T(x_axis=xaxis, y_axis=yaxis, y_range=(0,None))
        plot = line_plot.T(label="Time to run", data=data,
                           line_style=line_style.red,
                           ycol=1, tick_mark=tick_mark.square)
        ar.add_plot(plot)
        ar.draw(can) 
        can.close()
        f.seek(0)
        web.header('Content-Type', 'image/png')
        return f

Aeolus todo

RHEL is to Fedora as CloudForms is to Aeolus. So rather than wait to be approved for the CloudForms beta we're looking into trying Aeolus now.

Pwn Plug Wireless

A friend shared this link to a commercial-grade wireless pentesting drop box with me.

python configparser

I'm writing a Python program and as it grows I realize that it would be best to have certain variables in a configuration file. Python ConfigParser to the rescue! It's nice that this is a built-in. I just followed the examples and I was up and running quickly.

php:include "bar.php" 2 python:?

PHP programmers are used to having code in one file they can use in another file simply by calling include. Python's module system supports more than just including files, but if you want to just include a file the following code provides an example:

> ls 
foo.py mod/
> ls mod/
bar.py
> 
> cat mod/bar.py 
def f():
    print("I am bar")
> 
> cat foo.py 
print("I am foo")
import sys
sys.path.append("mod/")
import bar
bar.f()
> 
> python foo.py 
I am foo
I am bar
> 

Simple python inheritance example

Python's Classes documentation has a bag class. Since I'm writing a program in which I want to do inheritance but haven't done it in a while and need a refresh, I thought I'd extend bag into a wet paper bag; which looses things you put in it nearly half the time. I came up with this:

class Bag(object):
    def __init__(self):
        self.data = []
    def add(self, x):
        self.data.append(x)
    def addtwice(self, x):
        self.add(x)
        self.add(x)

class WetPaper(Bag):
    def __init__(self):
        super(WetPaper, self).__init__()
    def add(self, x):
        from random import randint
        if (randint(1,10) > 4):
            super(WetPaper, self).add(x)

if __name__ == '__main__':
    bag = Bag()
    bag.addtwice(1)
    print "Bag:", bag.data
    wet = WetPaper()
    wet.addtwice(1)
    print "WetPaper:", wet.data

Since I'm extending Bag, defining the constructor was simplified and I didn't have to worry about how add() was implemented; I could just flip a coin with rand to see if the inherited add() should be called. I also didn't have to define addtwice() and it inherited the unreliable aspect of WetPaper's add().

When writing the above, the first thing I had to do was update the original Bag definition to a new style class descended from object. Until I did this I got a "TypeError: must be type, not classobj" error when I used super and I had to directly use the parent class name instead:

    def __init__(self):
        Bag.__init__(self)

While working on this I found Python's Super is nifty, but you can't use it. I also found out that in Python 3 self will become implicit in super calls so instead of:

  super(WetPaper, self).__init__()

I will just be able to do:

  super().__init__()

Cloud Computing Definition

I read an article in the FSF Bulletin about Merlin. It contained a good definition of Cloud Computing, which I think is worth posting since there is a lot of confusion about what Cloud Computing is.

"Cloud Computing is about (a) aggregating server, network, and storage resources into a seemingly contiguous system ("the cloud"), (b) providing some kind of interface for the user to request or release these resources, and (c) making these resources network or location agnostic, so that the resources are accessible from anywhere, even in the face of system or network failures." -- Justin Baugh

Python Logging

I read Doug Hellmann's blogpost on logging with Python.

zfone

"Zfone is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is Phil Zimmermann, the creator of PGP."

web.py, mod_wsgi , RHEL6

web.py can be run in a production environment on RHEL6 with mod_wsgi using stock packages from yum with the exception of web.py itself (which can be inserted into the system Python library).

1. Install the packages that RHEL6 provides:

 yum install httpd mod_ssl mod_wsgi mysql-devel MySQL-python 

2. Insert web.py directly into RHEL's python2.6 site-packages:

cd /tmp
wget http://pypi.python.org/packages/source/w/web.py/web.py-0.35.tar.gz
tar xzf web.py-0.35.tar.gz
cd /usr/lib/python2.6/site-packages
mv /tmp/web.py-0.35/web .

3. Configure a place to host your application:

mkdir /var/www/myapp

4. Install some basic code in /var/www/myapp/code.py

import web
urls = (
        '/.*', 'hello',
        )
class hello:
        def GET(self):
                return "Hello World"
application = web.application(urls, globals()).wsgifunc()

5. Configure mod_wsgi directives for Apache in /etc/httpd/conf.d/wsgi.conf:

LoadModule wsgi_module modules/mod_wsgi.so
WSGIScriptAlias /myapp /var/www/myapp/code.py/
<Directory /var/www/tentacle/>
  Order allow,deny
  Allow from all
</Directory>

When configuring the above I used the webpy.org cookbook as a reference. Note that my previous example was development only.

web.py

I tried web.py.

I like it because it's simple and I found it intuitive and easy to learn. You can set it up quickly on Fedora with:

yum install python-webpy
yum install MySQL-python 

It was straight forward to follow the tutorial, except it's not obvious in the tutorial how to specify a different DB server besides the default localhost. The keyword argument is 'host' just like in MySQLdb.connect(), which is provided by the Python package MySQLdb; i.e. the MySQL-python yum package. Here's the example from the tutorial in which an external DB server is declared:

db = web.database(dbn='mysql',\
                  user='user',\
                  pw='password',\
                  db='todo',\
                  host='mysql.example.com')

Also, the PostgreSQL example translates into MySQL like this:

CREATE TABLE todo (   id serial primary key,   title text,   
                    created timestamp default now(),   
        `done` boolean default '0'    );

specifically boolean is an synonym for tinyint in MySQL so it uses not 'f' but '0' to represent false.

The output code from my tutorial is:

code.py:

#!/usr/bin/env python
# Filename:                code.py
# Description:             intro to web.py
# Supported Langauge(s):   Python 2.7.x
# Time-stamp:              <2011-06-04 18:15:06 someguy> 
# -------------------------------------------------------
import web
# -------------------------------------------------------
render = web.template.render('templates/')
urls = (
    '/', 'index',
    '/add', 'add'
)
app = web.application(urls, globals())
db = web.database(dbn='mysql',\
                  user='todo',\
                  pw='redacted',\
                  db='todo',\
                  host='mysql.example.com')
# -------------------------------------------------------
class index:        
    def GET(self):
        todos = db.select('todo')
        return render.index(todos)

class add:
    def POST(self):
        i = web.input()
        n = db.insert('todo', title=i.title)
        raise web.seeother('/')
# -------------------------------------------------------
if __name__ == "__main__":
    app.run()

templates/index.html

$def with (todos)
<ul>
$for todo in todos:
    <li id="t$todo.id">$todo.title</li>
</ul>

<form method="post" action="add">
<p><input type="text" name="title" /> 
<input type="submit" value="Add" /></p>
</form>

AI TouchBook

Always Innovating (AI) sells a a tablet + pluggable keybaord that runs AIOS, Android, Ubuntu, and ChromiumOS for $550 which is open {source, hardware, community}.

goodbye openoffice, hello abiword

I don't often use Word Processors. Instead I edit text. I like emacs for lots of editing and vi for quickly tweaking a configuration file. If I had to make something look nice I'd type set it with LaTeX. However, I have recently been collaborating with people sending me .doc files. I used to save them as text, edit them in emacs, and import them back into openoffice but the overhead from loss of formatting was making it not worth it so I started just using openoffice but the key-bindings were the hardest part; e.g. my muscle memory thinks that Ctrl-f moves the cursor forward and shouldn't open up a Find/Replace dialog. Openoffice refuses to accommodate vi or emacs key bindings but I found that AbiWord does (successfully using AbiWord 2.8.6). Also, AbiWord is smaller than openoffice so it's faster. I didn't have luck changing the key-bindings by just doing what's described on the AbiWord FAQ, instead I got it working as described in a linuxgazette.net mailing list.

tried spice

I tried a spice desktop today from my Fedora client:

sudo yum install spice-client
spicec -h $server -p $port -w $passwd
shift-ctrl-f12

It really works. The image of my VM was less than 100M since it's stored in qcow2 format. This also allows images given to each user (one per port) to inherit software updates to the master image (requires qcow2 images to go offline).

Link: How To Safely Store A Password

http://codahale.com/how-to-safely-store-a-password/

flymake & pyflakes

I am writing Python using flymake in Emacs with pyflakes as described in chrism's blog entry on Flymake Mode for Emacs / Python.

cd ~/elisp
wget http://cvs.savannah.gnu.org/viewvc/*checkout*/emacs/emacs/lisp/progmodes/flymake.el?revision=1.2.4.41
mv flymake.el\?revision\=1.2.4.41 flymake.el
easy_install pyflakes

add the following to .emacs:

  (when (load "flymake" t) 
         (defun flymake-pyflakes-init () 
           (let* ((temp-file (flymake-init-create-temp-buffer-copy 
                              'flymake-create-temp-inplace)) 
              (local-file (file-relative-name 
                           temp-file 
                           (file-name-directory buffer-file-name)))) 
             (list "pyflakes" (list local-file)))) 

         (add-to-list 'flymake-allowed-file-name-masks 
                  '("\\.py\\'" flymake-pyflakes-init))) 

   (add-hook 'find-file-hook 'flymake-find-file-hook)

todo: try Mongo GridFS

I've been thinking about traditional file systems mkfs'd on block devices vs distributed file systems and I would like to set some time aside to play with Mongo GridFS. It looks like given a sharded mongo installation you can use the API to save a large file and it will split it across multiple servers. This looks like a nice way to store a large data set across multiple machines as opposed to having a large file system attached to one server which requires an occasional file system check.

persistent connections within cisco firewall

Our cisco firewall tears down old connections so I sometimes modify the kernel to send keep alives on tcp connections:

[root@server ~]# tail -2 /etc/sysctl.conf
# keep persistent connection (so firewall doesn't tear down)
net.ipv4.tcp_keepalive_time = 900
[root@server ~]#

prgmr.com

I like the approach that prgmr.com offers to being a hosting company. Also, their prices seem very reasonable.

Disclaimer: I am not yet a customer. All I can say so far is that this looks like the kind of hosting company that I'd like for my personal server.

at

Good old at is handy:

me@box:~> at now + 15 minutes
at> echo -e "remember that at(1) is your friend" | mail -s "at: `hostname`" me@tld.com
at> ^D
job 2 at Mon Mar 28 15:11:00 2011
me@box:~>

Pylons

I am experimenting with pylons. Fedora made this easy:

yum install python-sqlalchemy python-pylons
paster create -t pylons HelloWorld
cd HelloWorld
paster serve --reload development.ini
firefox4 http://127.0.0.1:5000

and then I was able to directly go to the examples in Chapter 3 of Definitive Guide to Pylons.

firefox4

I am now using fedora's firefox4 package as my main browser with the following plugins:

• firebug
• https-everywhere
• tree style tab
• vimperator
• web developer

Professional IT Community Conference

I'll be attending the Professional IT Community Sysadmin Conference

Cisco Firewall Translation, RPC Portmapper, and NFS

I've posted before about problems using NFS with a Firewall which occur because of RPC. I think the correct way to solve the problem is to configure the NFS server so that RPC services like nlockmgr, rquotad, and mountd are hard coded. On a RedHat based system this comes down to uncommenting the following in /etc/sysconfig/nfs:

 RQUOTAD_PORT=875 
 LOCKD_TCPPORT=32803
 LOCKD_UDPPORT=32769
 MOUNTD_PORT=892
 STATD_PORT=662

and then configuring your firewall to allow only the above ports through in addition to RPC:tcp/udp 111 and NFS:tcp/udp 2049, for NFS.

Today I learned that if you are using a Cisco firewall it is possible to not do the above but to enable inspect rpc so that when port mapper tells the client to use random ports for services like nlockmgr, rquotad, and mountd, that the firewall will then dynamically open the same random port exclusively between the NFS client and NFS server. This surprised me as it seems odd to imagine a server asking the firewall to open a port because it wants to use it. What also surprised me is that for FWSM versions older than 3.2, this won't work if you use xlate-bypass. So, if you thought along the lines of "I don't need NAT, let's turn off xlates" and enabled xlate-bypass then you will break sunrpc. I am personally in favor of not using xlates nor sunrpc.

Freedom Box Foundation

I posted about Eben Moglen's Freedom in the Cloud Talk. There is now a Feedom Box Foundation with a kickstarter project.

RedHat Cloud Offerings: Update

I previously posted about RedHat Cloud Offerings and emphasized what my organization is lacking: Satellite, RHEV-M, and MRG Grid.

We're now running Satellite and will be registering all of our servers to use it. We've also been able to use Satellite alone to kickstart a VM on our KVM servers without touching the hypervisors. We're going to keep experimenting with Satellite and roll it into production very soon.

We're less interested in RHEV-H and RHEV-M since we are already happy with KVM running on RHEL and prefer to use our command line tools for management as opposed to the "vmware-like" RHEV-M GUI. We're also less interested in MRG Grid since HPC is not our focus.

We are interested in Deltacloud but in a development sense only. We don't expect it to be production-ready for a while. For now we're going to use a by-the-hour EC2 account with our development KVM cluster and see what it's like creating and migrating VMs between EC2 and our cluster (or private cloud (if you must)).