Also this year the Debian project was present at Chemnitzer Linuxtage, this time right next the booth. The booth folks arriving on friday organized a flashmob at Expitas after booth setup. Unfortunatly our second planned flashmob at the mensa was boycotted by much more students, so we ended up in the Turm-Brauhaus, which is a great location with good drinks but the service was very harshly.

On the next two days at the booth we chatted and discussed with visitors and other exhibitors a wide variety of questions, including ‘When will be (the next Debian version) released?’ and ‘Are there installation disks available?’. The answers was as always ‘When we are ready and we will have reached the quality-level we defined’, ‘No we don’t have installation medias, as they are always outdated. Do you have an USB-dongle with you?’.

Merchandising was requested by visitors as always, but we just had some leftovers of fosdem, brought by Axel.

The demonstration was as usual a small box running Babelbox and xpenguins which worked out the last years too.

This year there were three lectures held by Debian related people, about Debian GIS, Aptitude - known but even unknown and SSH and unreliable network connections.

The organisation team did a really great job. The social event at saturday night was very exciting and we left it early in the morning. The whole event was indeed fun and a pleasure to find new friends and meet old ones of the Free Software community.

Many thanks to Florian Baumann, Jan Dittberner, Andreas Tille, Christian Hoffmann, Axel Beckert, Markus Rekkenbeil, Daniel Schier, Jonas Genannt, Jan Hörsch and kurio for taking care and running the booth, which worked out this year extreme smoothly from my point of view. Likewise as the last years a special thanks to TMT GmbH & Co. KG, which kindly donated additional boothtickets, the equipment, its transportation and accommodation for almost half of the booth staff.

Also this year I registered a booth in the name of the Debian Project at Chemnitzer Linux-Tage.

Unfortunalety this is the second time in the row, that we seem to be short of manpower while preparing the booth. Actually just one person was able to commit his available time. A general offer was announced by 3 people (including me). This makes me a little sad, cause CLT is a very community driven event which is really nice organized. I always liked to chat and discuss with very interesting people from other projects and visitors.

As the CLT runs a 6 track lecture program with commonly very good lectures, it is not possible to get the booth running into good shape with such a small amount of volunteers. If you feel you are interested into visiting the Chemnitzer Linux-Tage and want to make our booth a success like last years for the Debian Project, please have a look into my announcment and our coordination wiki.

So please … let come more brave people into our band wagon! Don’t wait to long! Registration period for (possibly sponsored) Booth tickets (read here) ends on 4th March, many thanks!

Some of our customers are using central CUPS systems for managing their printer infrastructure. In the last years the demand for support printing (called Airprint) from mobile apple products increased. This worked well for us on Debian squeeze as documented here (updated scrips).

I tried this on a fresh installed Debian wheezy amd64, but no printer was found on any IOS device.

Hmm …. let’s see if the printer is announces via avahi:

$ avahi-browse -a | grep -i print
+   eth0 IPv6 Kyocera FS-1020D @ service                    Internet Printer     local
+   eth0 IPv6 AirPrint Kyocera @ service                    Internet Printer     local
+   eth0 IPv4 Kyocera FS-1020D @ service                    Internet Printer     local
+   eth0 IPv4 AirPrint Kyocera @ service                    Internet Printer     local

WTF?!? Fortunately we have an Ubuntu 12.04 running in our office and printing from IOS devices works without problems (without copying any files to /etc/avahi/services/):

$ avahi-browse -a | grep -i print
+   eth2 IPv6 Ricoh Aficio MP C2800 @ printing              Internet Printer     local
+   eth2 IPv6 Ricoh Aficio MP 171 @ printing                Internet Printer     local
+   eth2 IPv4 Ricoh Aficio MP 171 @ printing                Internet Printer     local
+   eth2 IPv4 Ricoh Aficio MP C2800 @ printing              Internet Printer     local

I just copied the whole configuration over to my wheezy system, but it didn’t worked out. I tried this all on a kfreebsd-i386 system again without success. Sorry, but I don’t understand the source of this issue. Cups on wheezy has the same upstream version as on precise. Avahi-daemon on wheezy is just one minor version ahead off precise. Is this a bug/incompatibility in cups and/or avahi? A missing patch compared to the packages of precise? Is this a configuration problem?

Update: Looking into LP #1054495 and the debdiff of cups 1.5.3-0ubuntu6 indicates, that there seems modifications beside simple changes of mime configurations files.

Update: The fix for LP #1054495 does really fix the problem on wheezy too. With the help of Didier Raboud I was able test a binary package with this fixapplied on our test setup. The good news is, there are no extra modifications needed beside just configuring cups to export it’s printers for enabling support for iOS devices. I opened #700961 and hopefully release managment will accept this fix for wheezy.

Hints, rants and comments could be send to ‘blog - at - waja - dot - info’ or via @blogwajainfo.

Server management on daily basis in a growing environment could be a challenge. Most of the tasks is here done with ClusterSSH in help with a homebrew mail notification.

Unfortunately this workflow is not scaling well for 200+ systems. I had a look into apt-dater but this seems not to fit our workflow. FAI looks a bit overengineered at the first glance.

Maybe Puppet is an option? There seems to be many extensions for it, unfortunately ruby is needed on every single node. Is there a CTO-compatible overview about puppet, any other alternatives? ;)

Update: Many thanks for the hints from André Luís Lopes, Stig Sandbeck Mathisen, Phil Miller, Steve Kemp, Andrew Latham, Bob Proulx and Natxo Asenjo

  • Chef
    • Packaged in Debian
    • Upstream Debian packages (no recent one)
  • CFEngine3
    • No ruby/perl/python dependencies
    • Light, fast
    • (A bit) harder to understand
    • Packaged in Debian
    • Upstream Debian packages
  • Salt
    • Very young
    • Packaged in Debian
  • Ansible
    • Very flexible
    • Easy to understand
    • Relies on ssh
    • Open ITP
    • PPA
  • MCollective
    • Framework for building server orchestration and parallel job execution
    • Could extend for example Puppet or Chef
    • Packaged in Debian
    • Upstream Debian packages (no recent one)
  • Foreman
    • Puppet dashboard and node classifier
    • Open ITP
    • Upstream Debian packages

Old but conceptual still valid:, for example Bootstrapping an Infrastructure

Other thoughts: push- or pull-infrastructure? Software footprint (on nodes and your central instance)!

Hints, rants and comments could be send to ‘blog - at - waja - dot - info’ or via @blogwajainfo.

We are searching a motive for a painting or a painting itself for a quite while now. This should find it’s place in our living room. Unfortunately we didn’t found one, which matched our both prospect and/or wasn’t compatible with the rest of our living room.

Yesterday we stumbled upon a motive which was quite nice, but was too small and it was neighter possible to get it in a bigger size nor to find out who was the origin painter of the picture. Now we are searching for the name of the picture and/or the painter.

Any hints appreciated at ‘blog - at - waja - dot - info’. A photo with higher resolution can be found here

Update: Okay … an unknown people (many thanks) hinted me, that google image search is the tool that could be very usefull. Google revealed that the painter is Inna Panasenko.

P.S. Is it noticeable that I’m in vacation mode? ;)

Today we where packing back our holiday decorations into boxes. We also had a music box to put away.

Do you see the defect in the picture? ;) No? Okay … some years ago my oldest daughter broke it into some pieces and a friend of us (Hi muempf! ;) did glue all together. When he showed us the nice music box, it was recovered very well, but one detail was changed from original. One horseman wasn’t reassembled as the other onces.

If you you didn’t found the defect, please have a look here.

You had fun with this? Maybe this is another one for you, I took that photo on christmas eve when my youngest daughter had placed her new ‘Lisa Plastic’:

Keep smiling!

Today short before ending business hours I was noticed that there is a problem with a server system (domU). Login with unprivileged user was possible but using “su” didn’t worked, also login in as root via privkey failed. Fortunately I was able to connect via xen console and login via tty. Looking into the bash history the reason revealed quickly:

4979 2013-02-01 15:03:39 cd /var/www/
4980 2013-02-01 15:03:43 chown www-data:www-data -R /var/www/
4981 2013-02-01 15:04:36 ls -la
4982 2013-02-01 15:04:46 ls -la
4983 2013-02-01 15:04:54 chown www-data:www-data -R /*
4984 2013-02-01 15:07:42 chown www-data:www-data -R /var/www/
4985 2013-02-01 15:36:55 chown www-data:www-data -R /var/www/

This made my day (and maybe parts of the rest of the weekend).

For recovery our 1st Level mounted the domU-fs on the dom0 to ‘/tmp/recover’ and did:

2131  2013-02-01 21:29:28 cd /tmp/recover
2142  2013-02-01 21:31:17 rm -r lib64/

The experienced reader may see the problem:

# ls -lad lib64
lrwxrwxrwx 1 root root 4 Jun 28  2011 /lib64 -> /lib

So also the dom0 was knocked out … what a funny evening (and maybe night). Maybe our staff looked similar like here.

Usually I’m monitoring stuff with Icinga (Nagios in the past). But for my small network, I primary needed monitoring of bandwidth.

In our commercial environment we are using a closed source software for accounting traffic. There is also a license for testing purpose with a reduced number of sensors available. But I’m neither running windows in this network nor feeling happy with this.

Cacti is a bit bloated for this small network and zabbix is (caused by what?) removed in wheezy, beside that I’m not getting the concept behind it. So I thought I could give munin a try and on the first view it doesn’t look so bad. Monitoring my half dozens openwrt devices works like a charm by installing muninlite just the package.

One central part of the network is a QNAP TS-459 Pro+, hosting a BackupPC and TimeMachine service, proving SMB/AFS data store and running SqueezeBox Server for another half dozen streaming devices. Unfortunately there is no optware package to provide a munin node. So I just copied the shell script of muninlite and the xinet config over from an openwrt device. At first it looked not bad, but than munin wasn’t able to collect the data. After a while I realized, that munin was failing when collecting the network informations. A look into the muninlite script revealed that it was failing when trying to discover the interface speed of eth1 via ethtool.

In my setup the QNAP is just connected with with one network interface, the second one is unconnected. Unfortunately all network interfaces on QNAP devices are up and therefore listed in /proc/net/dev where muninlite is discovering the network interfaces:

[~] # grep '^ *\(ppp\|eth\|wlan\|ath\|ra\|ipsec\|tap\|br-\)\([^:]\)\{1,\}:' /proc/net/dev | cut -f1 -d: | sed 's/ //g
> s/\-/_/g'

Let’s look into it:

[~] # ethtool eth0| grep Speed:
    Speed: 1000Mb/s
[~] # ethtool eth0| grep "Link detected:"
    Link detected: yes
[~] # ethtool eth1| grep Speed:
    Speed: Unknown! (65535)
[~] # ethtool eth1| grep "Link detected:"
    Link detected: no

Maybe you see .. the interface eth1 is up but has no link, so there is no speed negotiated and muninlite is failing. Thus I hacked the scripted and now it’s working like a charme.

(muninlite_fix-unused-up_interface.diff) download
--- /opt/sbin/munin-node.orig   2013-01-27 15:13:51.869007214 +0100
+++ /opt/sbin/munin-node 2013-01-27 16:11:20.536006950 +0100
@@ -133,7 +133,7 @@
   if [ -n "$(which ethtool)" ]; then
  if [ -x "$(which ethtool)" ]; then
          if ethtool $1 | grep -q Speed; then
-                MAX=$(($(ethtool $1 | grep Speed | sed -e 's/[[:space:]]\{1,\}/ /g' -e 's/^ //' -e 's/M.*//' | cut -d\  -f2) * 1000000))
+                MAX=$(($(ethtool $1 | grep Speed | sed -e 's/[[:space:]]\{1,\}/ /g' -e 's/^ //' -e 's/M.*//' | sed -e 's/Unknown\!/0/' | cut -d\  -f2) * 1000000))
              echo "up.max $MAX"
              echo "down.max $MAX"
@@ -535,19 +535,31 @@
     for INTER in $(grep '^ *\(ppp\|eth\|wlan\|ath\|ra\|ipsec\|tap\|br-\)\([^:]\)\{1,\}:' /proc/net/dev | cut -f1 -d: | sed 's/ //g
-      INTERRES=$(echo $INTER | sed 's/\./VLAN/')
-      RES="$RES if_$INTERRES"
-      eval "fetch_if_${INTERRES}() { fetch_if $INTER $@; };"
-      eval "config_if_${INTERRES}() { config_if $INTER $@; };"
+      if [ -n "$(which ethtool)" ]; then
+        if [ -x "$(which ethtool)" ]; then
+          if [ -n "$(ethtool $INTER | grep 'Link detected: yes')" ]; then
+            INTERRES=$(echo $INTER | sed 's/\./VLAN/')
+            RES="$RES if_$INTERRES"
+            eval "fetch_if_${INTERRES}() { fetch_if $INTER $@; };"
+            eval "config_if_${INTERRES}() { config_if $INTER $@; };"
+          fi
+        fi
+      fi
   elif [ "$PLUG" = "if_err_" ]; then
     for INTER in $(grep '^ *\(ppp\|eth\|wlan\|ath\|ra\|ipsec\|tap\|br-\)\([^:]\)\{1,\}:' /proc/net/dev | cut -f1 -d: | sed 's/ //g
-      INTERRES=$(echo $INTER | sed 's/\./VLAN/')
-      RES="$RES if_err_$INTERRES"
-      eval "fetch_if_err_${INTERRES}() { fetch_if_err $INTER $@; };"
-      eval "config_if_err_${INTERRES}() { config_if_err $INTER $@; };"
+      if [ -n "$(which ethtool)" ]; then
+        if [ -x "$(which ethtool)" ]; then
+          if [ -n "$(ethtool $INTER | grep 'Link detected: yes')" ]; then
+            INTERRES=$(echo $INTER | sed 's/\./VLAN/')
+            RES="$RES if_err_$INTERRES"
+            eval "fetch_if_err_${INTERRES}() { fetch_if_err $INTER $@; };"
+            eval "config_if_err_${INTERRES}() { config_if_err $INTER $@; };"
+          fi
+        fi
+      fi
   elif [ "$PLUG" = "netstat" ]; then
     if netstat -s >/dev/null 2>&1; then