linux · tech

Running Huginn in a container

It’s been a while since I wanted to run Huginn.

Today I finally unpacked my old laptop after moving and updated its OS to Fedora 29 and I thought it would be a good chance to get it up and running.

Install a tool to run containers

Since the official Docker repository wasn’t working for me, I took the chance to try out Podman as well. This is Red Hat’s tool to run containers and also encompasses the concept of “pods” popularized by Kubernetes.

$ sudo dnf -y install podman

From what I understand, podman does not have a daemon running (good) and interacts nicely with systemd and cgroups.

Run the container

I started by pulling the container image:

$ sudo podman pull huginn/huginn

Then I created a volume to store the database:

$ sudo podman volume create huginn-data

And I ran the container with a very basic setup:

$ sudo podman run -it -p 3000:3000 -v huginn-data:/var/lib/mysql huginn/huginn

But I noticed an error:

bootstrap stderr | mv: cannot create directory '/var/lib/mysql/mysql' bootstrap stderr | : Permission denied
mv: cannot create directory '/var/lib/mysql/performance_schema': Permission denied

Fix the permissions

I’m not sure if this is due to the fact that I had docker installed before podman.

Before doing anything else, I stopped and removed the container.

Then I verified if SElinux was the culprit, but there was no errors in the audit log, so it was just standard perms, so I needed two pieces of information: where the volume was stored on the host’s filesystem and which PID was mysqld running as.

To find out the first one, I ran:

$ sudo podman volume inspect huginn-data
[
    {
        "name": "huginn-data",
        "labels": {},
        "mountPoint": "/var/lib/containers/storage/huginn-data/_data",
        "driver": "local",
        "options": {},
        "scope": "local"
    }
]

So the path to my volume on the host system is /var/lib/containers/storage/huginn-data/_data.

To find out the PID under which mysqld was running, I restarted the container without the volume mounted:

$ sudo podman run -it -p 3000:3000 huginn/huginn

And then from another terminal I started a shell on the container:

$ sudo podman ps --all
CONTAINER ID  IMAGE                           COMMAND        CREATED            STATUS                PORTS                   NAMES
a4f0308c00f0  docker.io/huginn/huginn:latest  /scripts/init  About an hour ago  Up About an hour ago  0.0.0.0:3000->3000/tcp  affectionate_banach

$ sudo podman exec -it a4f0308c00f0 /bin/bash
1001@a4f0308c00f0:~$ ps uaxww
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
1001         1  0.1  0.2  53736 17340 pts/0    Ss+  20:54   0:04 /usr/bin/python /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
[...]

mysqld was launched by supervisord (ewww) and it was running with PID 1001, so on the host system I changed the owner of the volume to that:

$ sudo chown 1001 /var/lib/containers/storage/huginn-data/_data

Then I stopped the old container and started it again with the external volume attached, and it worked! :)

Advertisements
fotografia · linux

Updated photographic workflow on Linux

My current photographic workflow on Linux has become quite complicated, so I wanted to share some info about it.

First, I download and rename my photos from the memory card using my own Photofix, that currently writes in a temporary directory in my home.

The next step involves a piece of non-free software: since my new camera raw format isn’t supported yet, I run Adobe DNG converter with Wine, to convert my CR3 files to DNG.

Next I can finally edit my files with Darktable. I usually start by doing a broad selection: every new photo starts at 2 Stars (“saving it just in case”); the worst ones I downvote to 1 Star (“candidate for the trash bin”), those that have potential and should be developed further get 3 Stars, those that I consider “worth showing to the Internet” get 4 Stars and my best shots get 5 Stars.

After the initial assessment I go on developing the single images starting with the best ones. After the editing the initial vote can be revised both upwards and downwards, so I might promote a 3 Star photo to 4 Stars or demote a 4 Stars to 3 or 2.

After I’m done editing, I export all the photos ranked 4 or 5 Stars as high resolution JPGs from Darktable to a new directory (usually named YYYYMM), and then run another script that creates scaled down and watermarked versions for Flickr (smaller size) and YourShot (bigger size).

When I’m done editing and exporting I move the RAW files to my long term storage space, although I’m considering to refine this last step too: I should export all the 1 Star and 2 Stars photos to lower quality JPGs instead of keeping the raw files. That should free some space on my storage and make my backups lighter and faster too :)

Uncategorized

Android adb “unknown backup flag” problem

Apparently, at some point the syntax for using adb backup changed and it’s not really well documented…

This is how I backed up my Android phone with adb today:

adb backup -f mybackup.bkp '-apk -obb -shared -all -system'

While before you would launch your backup with:

adb backup -f oldbackup.bkp -apk -obb -shared -all -system

Notice the lack of quotes in the old version.

linux · tech · tips

Schedule one-time jobs with systemd

I rarely use at, but today I shut down crond to do some maintenance and I wanted to schedule an automatic restart for later in the day in case I forget to restart it manually.

So, I ran:

# echo "/usr/bin/service crond start" | at now +6 hours
-bash: at: command not found

Turns out, on systems running systemd you can use systemd-run as a substitute to at to schedule one-time jobs, like this:

# systemd-run --on-active=30 /bin/touch /tmp/foo

The default --on-active parameter is in seconds, but you can pass modifiers to make it more readable:

# systemd-run --on-active="4h 30m" /bin/touch /tmp/foo

If you need to restart a service, there’s a handy shortcut, the --unit parameter:

# systemd-run --on-active=6h --unit crond.service

You can check the job queue (sorta what you would have done with atq) with:

# systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
gio 2018-06-07 16:32:01 CEST 5h 18min left mer 2018-06-06 16:32:01 CEST 18h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
gio 2018-06-07 17:12:12 CEST 7h left n/a n/a crond.timer crond.service

Another poor service (atd) has been swallowed by systemd. RIP.

References:

linux · tech · tips

Barebone Kickstart setup for CentOS 7

Since I had to install a bunch of baremetal servers and I haven’t had the time to checkout Foreman yet, I created a minimal setup to be able to use a Kickstart file.

My early iterations were done in Packer, then I switched to the baremetal servers to work out the details.

Please note: this is an automated install that WILL DELETE EVERYTHING on /dev/sda !!!

The kickstart file

This kickstart file has been made iterating over CentOS 6 and CentOS 7 default install kickstart files (those generated by the installer), with a couple of changes based on the documentation and similar examples (many thanks to Jeff Geerling !).

Please note: this is an automated install that WILL DELETE EVERYTHING on /dev/sda !!! – Do not run it on the wrong system!

Also, this is just a “template”, make sure to change it where it makes sense, for example the partitioning scheme and the root password. For the network settings, see below the script to customize and serve the kickstart file over http.

template.cfg

# Run the installer
install

# Use CDROM installation media
cdrom

# System language
lang en_US.UTF-8

# Keyboard layouts - Change this!
keyboard --vckeymap=it --xlayouts='it','us' --switch='grp:alt_shift_toggle'

# Enable more hardware support
unsupported_hardware

# Network information - the --device=link option activates the specific IP address on the first interface with a link up
# the ZZNAMEZZ labels will be changed later with sed, to customize the installation
network  --bootproto=static --device=link --gateway=ZZGATEWAYZZ --ip=ZZIPADDRZZ --nameserver=ZZDNSZZ --netmask=ZZNETMASKZZ --noipv6 --activate
network  --hostname=ZZHOSTNAMEZZ

# System authorization information
auth --enableshadow --passalgo=sha512

# Root password - Change this!
rootpw YOUR_SECURE_PASSWORD

# System timezone - Change this!
timezone Europe/Rome --isUtc --nontp

# Run the text install
text

# Skip X config
skipx

# Only use a specific disk, Change the drive here!
ignoredisk --only-use=sda

# Overwrite the MBR
zerombr

# Partition clearing information
clearpart --all --initlabel --drives=sda

# System bootloader configuration - Change the drive here
bootloader --location=mbr --boot-drive=sda


# PARTITIONING
# This is our partitioning scheme, change it where required

# this might not be required
part biosboot --fstype="biosboot" --ondisk=sda --size=1

# this is required
part /boot --fstype="xfs" --ondisk=sda --size=1024

# this will create a Volume Group "VGsystem" spanning the whole disk (except for the /boot partition)
part pv.229 --fstype="lvmpv" --ondisk=sda --size=200000 --grow
volgroup VGsystem --pesize=4096 pv.229

#
logvol /         --fstype="xfs"   --size=10240  --label="ROOT"  --name=LVroot  --vgname=VGsystem
logvol /usr      --fstype="xfs"   --size=20480  --name=LVusr    --vgname=VGsystem
logvol /var      --fstype="xfs"   --size=20480  --name=LVvar    --vgname=VGsystem
logvol /var/log  --fstype="xfs"   --size=20480  --name=LVvarlog --vgname=VGsystem

logvol swap      --fstype="swap"  --size=16384  --name=LVswap   --vgname=VGsystem

logvol /tmp      --fstype="xfs"   --size=10240  --name=LVtmp    --vgname=VGsystem
logvol /home     --fstype="xfs"   --size=51200  --name=LVhome   --vgname=VGsystem
logvol /opt      --fstype="xfs"   --size=20480  --name=LVopt    --vgname=VGsystem


# Do not run the Setup Agent on first boot
firstboot --disabled

# Accept the EULA
eula --agreed

# System services - we disable chronyd because we use NTP
services --disabled="chronyd" --enabled="sshd"


# Reboot the system when the install is complete
reboot


# Packages

%packages --ignoremissing --excludedocs
@^minimal
@core
kexec-tools
%end

%addon com_redhat_kdump --disable

%end

# upgrade the system before rebooting

%post
yum -y upgrade
yum clean all
%end

Customizing and serving the kickstart file

As we mentioned earlier, I made a pretty simple script to customize the kickstart template and serve it over http.

Please note: this is an automated install that WILL DELETE EVERYTHING on /dev/sda !!!

serve_kickstart.sh

#!/bin/bash

gateway="192.168.0.1"
netmask="255.255.255.0"
dns="192.168.0.11,192.168.0.12"

# this is pretty hacky, sorry
local_ipaddr=$(ip -4 -o addr show dev eth0 | awk {'print $4'} | cut -d/ -f1)

# accepts hostname and ip address on the command line
server_hostname="$1"
server_ipaddr="$2"

if [ -z "$server_hostname" ]; then
    server_hostname="freshinstall.stardata.lan"
    echo "Using '$server_hostname' as default."
fi

if [ -z "$server_ipaddr" ]; then
    server_ipaddr="192.168.0.99"
    echo "Using '$server_ipaddr' as default IP address."
fi


# create the file to customize
/bin/cp -f template.cfg custom.cfg

# customize the kickstart file
sed -i "s/ZZGATEWAYZZ/$gateway/g" custom.cfg
sed -i "s/ZZIPADDRZZ/$server_ipaddr/g" custom.cfg
sed -i "s/ZZDNSZZ/$dns/g" custom.cfg
sed -i "s/ZZNETMASKZZ/$netmask/g" custom.cfg
sed -i "s/ZZHOSTNAMEZZ/$server_hostname/g" custom.cfg

# create the file to serve
/bin/mv -f custom.cfg c7.cfg

# write the instructions to add to the boot on screen
echo "To use this kickstart, add to the boot command line: "

echo -e "\nip=${server_ipaddr} netmask=${netmask} gateway=${gateway} dns=${dns} text ks=http://${local_ipaddr}:8000/c7.cfg\n\n"

sleep 3

python -m SimpleHTTPServer

This is what an example run looks like:

$ ./serve_kickstart.sh test01.stardata.lan 192.168.0.100
To use this kickstart, add to the boot command line:

ip=192.168.0.100 netmask=255.255.255.0 gateway=192.168.0.1 dns=192.168.0.11,192.168.0.12 text ks=http://192.168.0.200:8000/c7.cfg

Serving HTTP on 0.0.0.0 port 8000 ...

192.168.0.100 - - [20/Apr/2018 16:03:43] "GET /c7.cfg HTTP/1.1" 200 -

If you take a look at the c7.cfg that is served via http on port 8000, you’ll see that the relevant network placeholders have been swapped with the custom values from the script:

$ grep ^network c7.cfg
network  --bootproto=static --device=link --gateway=192.168.0.1 --ip=192.168.0.100 --nameserver=192.168.0.11,192.168.0.12 --netmask=255.255.255.0 --noipv6 --activate
network  --hostname=test01.stardata.lan

As usual, I hope this helps some fellow admin out there.

References