Ιστολόγιο

Demystifying Systemd

Παύλος Ράτης - Sun, 15/12/2013 - 12:28

It’s been a month since I migrated my desktop from openRC to systemd and I wanted to write down and share my experience about it.

Firstly, I would like to clarify that I didn’t migrated to systemd because I dislike openRC or have any issues with it. I just wanted to get my hands dirty with systemd and learn from the whole procedure. I still have openRC to some of my boxes.

Intro

When systemd first appeared in 2010 there was much noise in mailing lists. Like every new software that grows rapidly , everyone was worried about the  maturity of systemd.  Almost four years  later since its first appearance,  systemd it’s not an immature project any more. It is already embraced by some distributions( openSUSE, Fedora, Arch) and became their default init system.  Unlike other distributions Gentoo doesn’t enforce  users to have an init system by default and allows them to choose what to install.

A brief introductory for both projects.

openRC:  dependency-based init system that works with the system provided init program and is maintained by Gentoo and Debian developers.  openRC is not only used in Linux systems, but it is also compatible with FreeBSD and NetBSD.

Systemd:  system and service manager for Linux.  Systemd was developed as  a contemporary replacement for SysVinit and RC. Systemd obsoletes ConsoleKit  and welcomes systemd-logind! In addition, it has its own cron and  logging system.

Only these? No!  There are a lot more init systems to play with,  see the  comparison  of init systems  page into Gentoo’s wiki.

Migration

Migration didn’t take much time and it was an interesting process. Although,  systemd’s architecture[1][2] differs from the SysVinit,  systemd’s surface has a similar logic compared to openRC and the only thing to be done is matching  systemd tools with openRC ones.

Tools

Here is a list with useful utilities that helps to a smoother systemd  landing.

  • systemctl: Control the systemd system and services.
  • hostnamectl: Control hostname.
  • localectl: Configure system local and keyboard layout.
  • timedatectl: Set  time and date.
  • systemd-cgls : Show  cgroup contents.
  • systemadm:  Front-end for systemctl command.
Matching systemd services with openRC ones.
  • systemctl list-units —> rc-status (List running services status)
  • systemctl –failed  —> rc-status –crashed ( Check failed / crashed units/services)
  • systemctl  –all —> rc-update -v show ( Display all available units/services)
  • systemctl {start,stop,restart,status} xyz —> /etc/init.d/xyz {start,stop,restart,status} ( {start,stop,restart,status} units/services immediately)
  • systemctl {enable,disable} xyz —> rc-update {add,del} xyz ( add or delete  a service/unit)
Goodbye syslog-ng / rsyslog (?)

No! Systemd has its own  logging system called journal.  However, syslog-ng or rsyslog can still be used in conjunction with journal.

To  manage journal logging system, use journalctl command.

Performance

For all the performance freaks out there, systemd comes with a very neat tool. systemd-analyze which analyzes system’s boot performance .

This tool, also comes with a great feature,  systemd-analyze blame which  prints all running units ordered by the time they took to initialize.

In addition, systemd-analyze plot generates a plot detailing all services that have been started and the time they spent on initialization.

For the same purposes, systemd-bootchart can be used to speed up boot performance.

Conclusion

I find both of them great projects with a bright future.  I am not going to start comparing them . As we always say on Gentoo “It’s all about choice”(sic).  Use openRC, use systemd, use whatever ease your life.

That’s all folks.
Thanks for your time.

I am looking forward to your feedback.

Further reading:

What happened to all the mentors?

Μάρκος Χανδράς - Thu, 31/01/2013 - 21:07

I had this post in the Drafts for a while, but now it’s time to publish it since the situation does not seem to be improving at all.

As you probably now, if you want to become a Gentoo developer, you need to find yourself a mentor[1]. This used to be easy. I mean, all you had to do was to contact the teams you were interested in contributing as a developer and then one of the team members would step up and help you with your quizzes. However, lately, I find myself in the weird situation of having to become a mentor myself because potential recruits come back to recruiters and say that they could not find someone from the teams to help them. This is sub-optimal  for a couple of reasons. First of all, time constrains  Mentoring someone can take days, weeks or months. Recruiting someone after being trained (properly or not), can also take days, weeks or months. So somehow, I ended up spending twice as much time as I used to.  So we are back to those good old days, where someone needed to wait months before we fully recruit him. Secondly, a mentor and a recruiter should be different persons. This is necessary for recruits to gain a wider and more efficient training as different people will focus on different areas during this training period.

One may wonder, why teams are not willing to spend time to train new developers. I guess, this is because training people takes quite a lot of someone’s time and people tend to prefer fixing bugs and writing code than spending time training people. Another reason could be that teams are short on manpower, so try are mostly busy with other stuff and they just can’t do both at the same time. Others just don’t feel ready to become mentors which is rather weird because every developer was once a mentee. So it’s not like they haven’t done something similar before. Truth is that this seems to be a vicious circle. No manpower to train people -> less people are trained -> Not enough manpower in the teams.

In my opinion, getting more people on board is absolutely crucial for Gentoo. I strongly believe that people must spend time training new people because a) They could offload work to them ;) and b) it’s a bit sad to have quite a few interested and motivated people out there and not spend time to train them properly and get them on board. I sincerely hope this is a temporary situation and things will become better in the future.

ps: I will be in FOSDEM this weekend. If you are there and you would like to discuss about the Gentoo recruitment process or anything else, come and find me ;)

 

[1] http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=1&chap=2#doc_chap3

Proxy Maintainers – How do we perform?

Μάρκος Χανδράς - Thu, 13/12/2012 - 22:14

Following my recent recruitment performance post, here comes the second part of my Gentoo Miniconf 2012 presentation. The following two graphs aim to demonstrate the performance of proxy-maintainers aka, how Gentoo users help us improve and push new ebuilds to the portage tree

One can notice the increased number of maintainer-needed@ packages but this is because we “retired” a lot of inactive developers in the last 2 months. I expect this number to not increase further in the near future.

I would like to thank all of you who are actively participating in this team. Keep up the good work!

Gentoo Recruitment: How do we perform?

Μάρκος Χανδράς - Thu, 25/10/2012 - 20:53

A couple of days ago, Tomas and I, gave a presentation at the Gentoo Miniconf. The subject of the presentation was to give an overview of the current recruitment process, how are we performing compared to the previous years and what other ways there are for users to help us improve our beloved distribution. In this blog post I am gonna get into some details that I did not have the time to address during the presentation regarding our recruitment process.

 

Recruitment Statistics from 2008 to 2012

Looking at the previous graph, two things are obvious. First of all, every year the number of people who wanted to become developers is constantly decreased. Second, we have a significant number of people who did not manage to become developers. Let me express my personal thoughts on these two things.

For the first one, my opinion is that these numbers are directly related to the Gentoo’s reputation and its “infiltration” to power users. It is not a secret that Gentoo is not as popular as it used to be. Some people think this is because of the quality of our packages, or because of the frequency we cause headaches to our users. Other people think that the “I want to compile every bit of my linux box” trend belongs to the past and people want to spend less time maintaining/updating their boxes and more time doing some actual work nowadays. Either way, for the past few years we are loosing people, or to state it better, we are not “hiring” as many as we used to. Ignoring those who did not manage to become developers, we must admit that the absolute numbers are not in our favor. One may say that, 16 developers for 2011-2012 is not bad at all, but we aim for the best right? What bothers me the most is not the number of the people we recruit, but that this number is constantly falling for the last 5 years…

As for the second observation, we see that, every year, around 4-5 people give up and decide to not become developers after all. Why is that? The answer is obvious. Our long, painful, exhausting recruitment process drives people away. From my experience, it takes about 2 months from the time your mentor opens your bug, until a recruiter picks you up. This obviously kills someone’s motivation, makes him lose interest, get busy with other stuff and he eventually disappears. We tried to improve this process by creating a webapp two years ago, but it did not work out well. So we are now back to square one. We really can’t afford loosing developers because of our recruitment process. It is embarrassing to say at least.

Again, is there anything that can be done? Definitely yes. I’d say, we need an improved or a brand new web application that will focus on two things:

1) make the review process between mentor <-> recruit easier

2) make the final review process between recruit <-> recruiter an enjoyable learning process

Ideas are always welcomed. Volunteers and practical solutions even more ;) In the meantime, I am considering using Google+ hangouts for the face-to-face interview sessions with the upcoming recruits. This should bring some fresh air to this process ;)

The entire presentation can be found here

Gentoo, TOR Relay and Freenode with irssi

Παναγιώτης Ατματζίδης - Fri, 15/06/2012 - 23:47

I have a really slow ADSL connection but it’s enough to share some bandwidth. Since I’m a strong supporter of privacy, the least I could do – especially now that I’m leaving the place for the summer - was to setup a TOR Relay server. I would love to see more relay servers all over the place. TOR is considerably faster than a couple of years ago for browsing, IRC and other low-bandwith operations. That’s very encouraging.

Since I run a 3350MX box as a home Gentoo server, I just emerged tor, privoxy and g-cpan in order to be able to access Freenode through a “torified” irssi client.

sudo ACCEPT_KEYWORDS=\"perl ipv6\" emerge tor torsocks privoxy irssi g-cpan

Just add this line your torrc, after you do your relay or single tor server configuration:

mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion

It’s good to configure also tor-tsocks.conf file in the /etc/tor directory. Then we add the following line to /etc/privoxy/config

forward-socks4a / 10.0.0.4:9050 .

Then change the configuration at /etc/torsocks.conf to match your network setup. At this point we must emerge some perl CPAN libraries. These are going to be used by irssi SASL script. In theory this step could be made using directly the CPAN manager like:

cpan> install Crypt::Blowfish Crypt::DH Crypt::OpenSSL::Bignum Math::BigInt Math::BigInt::FastCalc Math::BigInt::GMP

However this approach created a myriad of problems to me. It stalled too many times and was not able to compile successfully the Math::FastCalc library. We need this library for faster calculations, since we’re going to encrypt/decrypt packets. Anyway, under Gentoo the approach that worked flawlessly is the following:

g-cpan -iv Crypt::Blowfish Crypt::DH Crypt::OpenSSL::Bignum Math::BigInt Math::BigInt::FastCalc Math::BigInt::GMP

Now we need to configure irssi client. First grab the Freenode SASL perl script. Install it under ~/.irssi/scripts/autorun like:

mkdir -p ~/.irssi/scripts/autorun && cd ~/.irssi/scripts/autorun && wget http://freenode.net/sasl/cap_sasl.pl

Now we just need to add some configuration to irssi. Start irssi preferably on ‘screen -U’ session and run it like:

torify irssi

Now if you see any complaints about ‘cap_sasl.pl’ script then, you need to check the perl installation, make sure that irssi has been compiled with perl support, that the above mentioned libraries are installed etc. If you see no messages then everything is fine. Now let’s configure Freenode and SASL auth:

/network add Freenode /server add -auto -network Freenode p4fsi4ockecnea7l.onion 6669 /sasl set Freenode <primary-nick> <password> DH-BLOWFISH /sasl save /save

Now you should be all setup . We don’t need SSL connection because TOR hidden services are encrypted tunnels, so it would be redundant to use SSL upon hidden services. 

Enjoy Freenode anonymity!! You might encounter a bit of lag, usually is something like 4-5 seconds. It’s the current cost of cloak-ed host on IRC but pays well

Related posts:

  1. Going back to the roots: Gentoo
  2. Gentoo στο eBox 3350!
  3. Gentoo, ruby19 and fcron

Πρόσβαση στο gentoo-el.org μέσω SSH;

Θωμάς Καπούλας - Fri, 16/03/2012 - 01:45

<trolling>
12 Μαρ 2012: στόχος μας ως Ελληνική Κοινότητα Gentoo (gentoo-el) είναι να συνεργαζόμαστε με όλους τους εθελοντές και να συμβάλουμε στην δουλειά που γίνεται από κάθε εθελοντή, θα δούμε το πρόβλημα
της πρόσβασης που αναφέρεις και θα σου απαντήσω άμεσα.

Εξακολουθώ να μην έχω πρόσβαση στο gentoo-el.org μέσω SSH. Ο Θοδωρής Χατζημίχος (gentoo-el) κωλυσιεργεί στην ενεργοποίηση πρόσβασης στο gentoo-el.org.

Αλήτη!
</trolling>

POD & PODKill

Νίκος Χατζηδάκης - Sat, 25/06/2011 - 16:05
Πριν καιρό έγραψα ένα πολύ απλό προγραμματάκι που με χρήση του προγράμματος ping στέλνει παράλληλα πολλά πακέτα σε κάποιον «στόχο», με σκοπό να προκαλέσει DoS και να ρίξει κάποιον «στόχο». Η δημιουργία του έγινε για καθαρά εκπαιδευτικό σκοπό. Παραθέτω τον κώδικά του: /* Program: Ping Of Death Author: Nikolaos Chatzidakis (aka nikhatzi) Disclaimer: To programma
Syndicate content