virtio-vsock: python examples of running the server in the guest

I've been using virtio-serial for communications between Linux hypervisors and guest virtual machines for ages. Lots of other people do it to -- the qemu guest agent for example is implemented like this. In fact, I think that's where I got my original thoughts on the matter from. However, virtio-serial is actually fairly terrible to write against as a programming model, because you're left to do all the multiplexing of various requests down the channel and surely there's something better? Well... There is! virtio-vsock is basically the same concept, except it uses the socket interface. You can have more than one connection open and the sockets layer handles multiplexing by magic. This massively simplifies the programming model for supporting concurrent users down the channel. So that's actually pretty cool. I should credit Kata Containers with noticing this quality of life improvement nearly a decade before I did, but I get there in the end. The virtio-vsock model is only a little bit weird. The "address" for the guest virtual machine is a "CID" (Context ID). The hypervisor process is always at CID 0, CID 1 is reserved and unused, and CID 2 is any process on the host which is not…

Continue Readingvirtio-vsock: python examples of running the server in the guest

Configuring USB device pass through to Docker on QNAP NASes

  • Post author:
  • Post category:QNAP

So, this was a lot harder than it really should have been, especially because rtl_433 is a bit thingie about where the device appears in the /dev/ file system as an added sting in the tail... In my specific scenario, I was given a Vevor 7-in-1 wireless weather station for Christmas. They seem fairly solid and full featured for a $130 AUD device, so no complaints there. The device is also natively supported by rtl_433 which is a RTL SDR package, although its not supported in the version shipped by Debian 12. That's awesome, although it would have been nice if the command line to use was documented better. I'll talk more about those bits in a later post though. In this one I want to focus on the fun I had getting a USB device reliably passed through to a Docker container on my QNAP NAS. First off, I am using a Realtek USB TV tuner for rtl_433, which appears like this one the NAS: $ lsusb Bus 001 Device 002: ID 0bda:2838 Realtek Semiconductor Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Specifically…

Continue ReadingConfiguring USB device pass through to Docker on QNAP NASes

An easier to parse version of “yum history”

I got interested today in trying to come up with a solid way of determining when updates were last applied to a RHEL-derived Linux instance. Previously we'd been inferring it from the kernel version, but it turns out there is a convenient "yum history"  or "dnf history" command which will show you all the previous transactions that the package database has seen. However, the output is hard to parse in a script. So here instead, is a little python script which does the thing. Feel free to mangle it to meet your needs: import time import dnf.base b = dnf.base.Base() for transaction in b.history.old(): print('---------------------------------------------------') print(f'Transaction id: {transaction.tid}') print(f'Command line: {transaction.cmdline}') print(f'UID: {transaction.loginuid}') print(f'Return code: {transaction.return_code}') start = time.strftime('%Y-%m-%d %H:%M', time.localtime(transaction.beg_timestamp)) end = time.strftime('%Y-%m-%d %H:%M', time.localtime(transaction.end_timestamp)) elapsed = transaction.end_timestamp - transaction.beg_timestamp print(f'Duration: {start} -> {end} ({elapsed} seconds)') for tran in transaction.packages(): if tran.is_package(): details = f'{tran.name} {tran.version}' elif tran.is_group(): g = tran.get_group() packages = [] for pkg in g.getPackages(): packages.append(pkg.getName()) details = f'Group "{g.getName()}" ({", ".join(packages)})' elif tran.is_environment(): e = tran.get_environment() details = f'Environment "{e.getName()}"' else: details = '...unknown transaction type!' print(f' {tran.action_name} {details}') print() To find only whole system updates, you'd look for command lines containing "upgrade" I suspect.

Continue ReadingAn easier to parse version of “yum history”

The Kubernetes Book (2024 edition)

  • Post author:
  • Post category:Book

This is yet another accidental purchase of a self-published book, although I think this one makes a lot of sense as a self published work. Writing a technical reference book isn't a particularly lucrative pastime for most authors, and self publishing likely makes it more worthwhile than the traditional publisher route, especially if you can rustle up a good set of technical editors and reviewers yourself. That said, I think one of the risks with self published technical books like this is that they are overly credulous, and I think this book falls into that trap early by describing Kubernetes as the "cloud operating system". Like I get it, you're excited about Kubernetes, but making claims that all of the cloud runs on Kubernetes just undermines your work before you've even really started. I can't find any public data, either academic or anecdotal, which supports the assertion that Kubernetes is even the most popular way to run workloads in clouds. I'm sure that AWS has more VMs not running Kubernetes for example than they do have running it. That said, it is clear at this point that Kubernetes is the dominant player for container clustering. So why not just say…

Continue ReadingThe Kubernetes Book (2024 edition)

Minor questions in Linux file semantics

  • Post author:
  • Post category:Linux

I’ve known for a long time that if you delete a file on Unix / Linux but that file is open somewhere, the blocks used by the file aren’t freed until that user closes the file (or is terminated), but I was left wondering about some other edge cases.

Shaken Fist has a distributed blob store. It also has a cache of images that virtual machines are using. If the blob store and the image cache are on the same filesystem, sometimes the image cache entry can be a hard link to an entry in the blob store (for example, if the entry in the blob store doesn’t need to be transcoded before use by the virtual machine). However, if they are on different file systems, I instead use a symbolic link.

This raises questions — what happens if you rename a file which is open for writing in a program? What happens if you change a symbolic link to point somewhere else while it is open? I suspect in both cases the right thing happens, but I decided I should test these theories out.

(more…)

Continue ReadingMinor questions in Linux file semantics

Linux bridges have their MTU overwritten when you add an interface

  • Post author:
  • Post category:Linux

I discovered last night that network bridges on linux have their Maximum Transmission Unit (MTU) overwritten by whatever is the MTU value of the most recent interface added to the bridge. This is bad. Very bad. Specifically this is bad because MTU matters for accurately describing the capabilities of the network path the packets will travel on, so it shouldn't be clobbered willy nilly. Here's an example of the behaviour: # ip link add egr-br-ens1f0 mtu 1500 type bridge # ip link show dev egr-br-ens1f0 3: egr-br-ens1f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 7e:33:1b:30:d8:00 brd ff:ff:ff:ff:ff:ff # ip link add egr-eaa64a-o mtu 8950 type veth peer name egr-eaa64a-i # ip link show dev egr-br-ens1f0 3: egr-br-ens1f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 7e:33:1b:30:d8:00 brd ff:ff:ff:ff:ff:ff # brctl addif egr-br-ens1f0 egr-eaa64a-o # ip link show dev egr-br-ens1f0 3: egr-br-ens1f0: <BROADCAST,MULTICAST> mtu 8950 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether da:82:cf:34:13:60 brd ff:ff:ff:ff:ff:ff So you can see here that the bridge had an MTU of 1,500 bytes. We create a veth pair with an MTU of 8,950 bytes and add it to…

Continue ReadingLinux bridges have their MTU overwritten when you add an interface

The KSM and I

  • Post author:
  • Post category:Linux

I spent much of yesterday playing with KSM (Kernel Shared Memory, or Kernel Samepage Merging depending on which universe you come from). Unix kernels store memory in "pages" which are moved in and out of memory as a single block. On most Linux architectures pages are 4,096 bytes long. KSM is a Linux Kernel feature which scans memory looking for identical pages, and then de-duplicating them. So instead of having two pages, we just have one and have two processes point at that same page. This has obvious advantages if you're storing lots of repeating data. Why would you be doing such a thing? Well the traditional answer is virtual machines. Take my employer's systems for example. We manage virtual learning environments for students, where every student gets a set of virtual machines to do their learning thing on. So, if we have 50 students in a class, we have 50 sets of the same virtual machine. That's a lot of duplicated memory. The promise of KSM is that instead of storing the same thing 50 times, we can store it once and therefore fit more virtual machines onto a single physical machine. For my experiments I used libvirt /…

Continue ReadingThe KSM and I

Mirror traffic during the last day of LCA 2007

  • Post author:
  • Post category:Mirror

It seems obvious to me that videos of LCA 2007 are good. Specifically: IPTraf # Statistics for eth0 ########################################################## # # # Total Total Incoming Incoming Outgoing Outgoing # # Packets Bytes Packets Bytes Packets Bytes # # Total: 241091 228940K 96646 18025370 144445 210915K # # IP: 241091 225548K 96646 16655328 144445 208892K # # TCP: 241086 225547K 96643 16655034 144443 208892K # # UDP: 4 412 2 266 2 146 # # ICMP: 0 0 0 0 0 0 # # Other IP: 1 28 1 28 0 0 # # Non-IP: 0 0 0 0 0 0 # # # # # # Total rates: 49188.4 kbits/sec Broadcast packets: 0 # # 6592.2 packets/sec Broadcast bytes: 0 # # # # Incoming rates: 3814.2 kbits/sec # # 2714.4 packets/sec # # IP checksum errors: 0 # # Outgoing rates: 45374.2 kbits/sec # # 3877.8 packets/sec # # Elapsed time: 0:00 ######################################################### X-exit Yay for LCA 2007 videos.

Continue ReadingMirror traffic during the last day of LCA 2007

AUUG 2006 Slack talk

I gave a talk on how Google deploys software configuration to machines at AUUG 2006, and this reminded me to put the slide deck and paper online. So, here they are: slides in PowerPoint and PDF, as well as the conference paper. Update: Now with URLs that are correct! Sorry for the cut and paste error...

Continue ReadingAUUG 2006 Slack talk

End of content

No more pages to load