Downside of driving a train

So I’m in Geldrop and the train stopped. The conductor of the train just informed us that the train has hit a person. The man next to me is talking to his wife that he believes the train should just continue. I do not agree. Just imagine you were driving the train and you saw the person get hit. I don’t think you’d want to drive that train anymore.

Tags: death, train

Public secrecy

Sometimes I want to write about things in public that I do not want the public at large to know. Or specific people.

Very annoying.

Tags: public, secret, writing

Desktop caching, continued

So two days ago I started fiddeling with Squid and pdnsd. I only just got it all working correctly and I must say, I’m not disappointed. The only gripe I have is mostly my own fault: I cannot grasp the correct usage of Mac OS X’s “locations” with regard to networking. I cannot imagine that the idea behind that is that you need to change the location every time in the system preferences. However, that seems to be the only way I can get it to work correctly. What am I missing?

Anyway, after I installed both Squid and pdnsd from Macports, I set up Squid to use the pdnsd service that I have running on 127.0.0.1. I uncommented the OpenDNS lines and the root dns server lines (sorry, but I can’t seem to find another solution for that one). After that I changed the proxy settings in Mac OS X and only added the http and https proxy. Pointed them towards 127.0.0.1:3128 and… well, that’s it, basically. Everything works and my internet is more or less usable at this time. It’s still not faster of course, but I can easily switch form site to site. I came to the realization that I mostly visit only a few sites, so those are speeded up quite okay.

So, if you’re surfing through GPRS like I am now and you want to speed things up a little, make sure you check out Squid and pdnsd.

Tags: caching, dns, gprs, internet, macosx, pdnsd, proxy, squid, train

Seen in Eindhoven

Saw my mother at Eindhoven train station. Just 15 minutes ago. Kinda strange, considering I haven’t seen nor talked to her in over 10 years or so.

I think she recognised me, but she didn’t show it clearly. I think she did.

Tags: mother, train

Looking for a desktop caching tool

So I’m in the train again and the internet connection over GPRS is horrific. Well, what can you expect, really. But still, I wish it was a bit better so I wouldn’t have to press reload so often when the connection to a server has been terminated because the signal hiccuped.

If the MacOSX desktop would do a better job at caching, all would be well. But it doesn’t. It doesn’t have a caching dns service, nor does it aggressively cache any content. Which is great in a normal, desktop-y setup, but not very good for the way I’m using the internet right now.

Maybe I should see if I’d get a better response from the whole web if I install something like Squid. It’s part of Macports, so shouldn’t be that difficult. Disk space isn’t a problem either, my Macbook has way more disk space than I ever expect to use.

That’s great for the content, but what about a caching dns server? Bind seems the logical option, but I’m not a big fan of that one. Macports has a package called pdnsd. No idea what that one is. Worth a shot, I guess. But I hope it has some sort of script to make sure it’s added to resolv.conf or something.

Something to work out once I’m home.

Tags: caching, commuter, dns, gprs, internet, macosx, macports, proxy, train

Safari 3.2

Crashes on me all the time. So better wait with upgrading, if I were you. Although it might be a good time to switch over to FireFox.

Update: Ok, seems like trashing PithHelmet fixes it. Hope it gets fixed soon, can’t live without PithHelmet

Tags: bugs, crash, pithhelmet, safari

LVM + Xen + drbd + heartbeat2 + partition resize

Quite a lot of layers. But as we shall see, layers are A Good Thing™. Although there is some downtime involved in this. So, about the setup:

• Two identical physical machines, setup mostly identical, we call them ‘node1-dom0′ and ‘node2-dom0′
• Xen for the virtual servers, which we will call ‘node1-domu’ and ‘node2-domu’
• LVM used in the dom0 for the partitions of the domU
• DomU only sees block devices, no LVM
• Drbd partition with external metadata on a separate partition
• Heartbeat2 in both domUs, one active (node1-domu), one dormant (node2-domu)
• … and now we need to resize the drbd partition

If you take a look at the IT department blog, you’ll see a HowTo that describes how to do it when you do not have the metadata for the drbd partition on a separate partition. Our way is much easier. Make backups before you try this.

First, login to node1-domu. We’re going to disable the resource group like so:

$ sudo crm_resource -p is_managed -r name_of_resource_group -t primitive -v off

This will not shut down the service, just make it unmanaged, so we can do with it what we want. For the resize we need to unmount the partition and be able to manipulate it. Continue with the following on node1-domu:

$ sudo /etc/init.d/server-using-the-drbd-partition stop
$ sudo umount /mounted/drbd/partition
$ sudo drbdadm down drbd-resource-number

Replace above as required. The drbd resource number is the one you can find in your resource definition (in /etc/drbd.conf). Now let’s manipulate the partition. Log into node1-dom0 and do the following:

$ sudo xm block-list node1-domu

You’ll get a list of the block devices that are used by the domU. It’s a bit of a bother that you cannot see the device names that are given to them inside the domU, but you can presume that this list is in exactly the same order as the partitions are listed in your node1-domu.cfg, which should be located in /etc/xen/{domains/,}node1-domu.cfg. Make sure you get the last number of the line for the partition corresponding with the partition that we just unmounted inside the domU. Lets say it has number 5024. Do the following:

$ sudo xm block-detach node1-domu 5024

Now we can simply resize it with the default LVM tools. Something like this:

$ sudo lvresize -L +10G domU/node1-drbd

Of course you’ll need to replace the actually partition name. Now fsck the disk, resize the filesystem and attach it back to the domU:

$ sudo fsck -f /dev/mapper/domU-node1--drbd
$ sudo resize2fs /dev/mapper/domU-node1--drbd
$ sudo xm block-attach node1-domu phy:/dev/domU/node1-drbd sda4 w

For the last line, you can find those settings in the aforementioned node1-domu.cfg. Make sure you use the exact same settings, or things will break.

We’re almost done. As you noticed, we’ve kept node2 out of the picture until now. This is important, so we can always revert to a know working condition in case of failure. But we cannot keep the service running on node2 while we change node1, since data will probably change during the short period that we resize the partition on node1 and those changes will be lost once we startup node1 again. I wouldn’t trust a sync from node2 to node1 when node1′s partition is of a different size. I’m not sure if that would work as you’d expect, since it would overwrite the filesystem info and probably do a full resync. Will get back to you on that a bit later.

But to keep our fallback operational, we need to make sure it will not try to sync with primary. Log into node2-domu and disable the drbd connection:

$ sudo drbdadm down drbd-resource-number

If you get an error here, check to make sure your service isn’t running, since you don’t want anything using the partition. It shouldn’t be, though. Now that the network connection is severed, we can start the service again on node1. Log into node1-domu and do the following:

$ sudo drbdadm up drbd-resource-number
$ sudo crm_resource -p is_managed -r name_of_resource_group -t primitive -v on

Use crm_mon to check if everything starts okay. If not, disable the resource group (by changing the ‘on’ in the last line to ‘off’) and fix it manually. I had to do that, but I forgot to enable the drbd interface, which probably was the cause of it not working.

Once it’s running, check your service. Everything should be working as expected. If not, revert using your fallback on node2. I leave that part as an exercise for the reader (mainly because I didn’t need to do it myself).

Everything working fine? Great! Let’s fix the failover.

On node2-domu, the partition should already be unmounted and we already disabled the drbd layer for this partition. So we can directly log into node2-dom0 and issue the following commands (make sure you replace the values of the arguments with your own!):

$ sudo xm block-detach node2-domu 5024
$ sudo lvresize -L +10G domU/node2-drbd
$ sudo fsck -f /dev/mapper/domU-node2--drbd
$ sudo resize2fs /dev/mapper/domU-node2--drbd
$ sudo xm block-attach node2-domu phy:/dev/domU/node2-drbd sda4 w

Now log into node2-domu and do the following:

$ drbdadm up drbd-resource-number

… And that’s it! Test your failover and make sure everything works as expected. But this is how I did it and this worked for me.

Although reminiscing about this, I figure it might be possible to do this with very little downtime, by using online resizing and using drbd’s feature that it doesn’t care how much extra diskspace is available. Will try that soon, just to see if it would work reliably.

Tags: drbd, heartbeat, howto, lvm, partition, resize, xen

Quantum of Solace

Nice movie. Not really great, but entertaining. Definitely not an old school Bond, though. I miss the gadgets and Bond’s haughtiness. I don’t care if the old stories were less believable, they were fun. Quantum is James Bond, but not the one I like.

Still, not a bad movie. As Jasper described it: “Bourne, James Bourne.”

Tags: bond, movie

Online identities and dating

Not that I’m already looking for a new girlfriend, but I had a talk about how to meet new people last Saturday. Apparently, online meetups are all the rage. But how? I was pointed to Hyves, which is quite big here in the Netherlands. But I really do not like the way they’re allowing their users to ‘prettify’ their own page. It makes the whole experience seem very much alike to the old times, when people tried to fill up every square centimeter on their site with moving gifs, blinking text, embedded music and text colored like parts of the background so it’s unreadable unless you scroll it somewhere in another color. I really thought we were past this era of the interweb.

But what other choices are there? I’d consider myself to be very desperate if I ever make use of a service like Parship, Lexa or any of the other zillion dating sites out there. I’m sorry, I respect someone’s decision to use those services, but it just doesn’t suit me. Makes me feel bad about myself, I reckon. But why are they needed anyway?

Those dating/matching sites tend to advertise with ‘psychological matching tests’. That’s all fine and dandy, but a psychological test needs interpretation. Us humans aren’t a bunch of statistics and numbers, like a D&D character. I won’t accept that love would be that simple. But how to make a match then?

We keep all this information about ourselves online. I personally use LinkedIn, Twitter and Last.fm, to name a few. And this weblog of course. Wouldn’t it be great if there was some sort of mash-up available that would use all this available information and used that to recommend new future friends? Ok, so the stuff I add in those three sites probably is just one facet of me, very little information to go by. But maybe add a social networking site that contains matchup tests or the like. I don’t know.

It’s a little bit the same as why I’m so in favour of OpenID. Sure, the systems has flaws, but that’s not the point. The point is that I want one service, under my full control, that makes life easier. I do not want to keep track of multiple passwords and accounts. That’s why I use OpenID. The same for social networking: I do not want to enter my information in a gazillion different sites, each asking me slightly different variants of the same question: “Who are you?” Everything I want the ‘net to know is already on it. Combine it, mash it up, connect the dots and if you like what you see, consider befriending me. I’m a nice guy. The evidence is out there.

Tags: dating, identity, last.fm, linkedin, matching, openid, psychology, social networking, twitter

Sniffing PostgreSQL queries with tshark/wireshark

We got a setup in which PostgreSQL is a fairly important beastie. Trouble is, for some reason, the PostgreSQL server sometimes stops responding. The logging doesn’t reveal all that much information without increasing it’s level, which would impact performance, which is not what we want for a production database. So we need some way to inspect the queries that are sent to the server, and determine which one is the culprit.

Enter Wireshark. Although a bit complex, it’s ideally suited for exactly this kind of stuff. However, it’s not the easiest syntax around, if you don’t use it every other day. Took me almost the complete weekend to figure this out.

What I want:

• Established connections.
• Queries.

What I don’t want:

• The response.
• Pure TCP ACK messages (which can be a lot for queries returning large datasets).

This is the command I gave it in my test setup: tshark -i lo -p -f "(tcp[13] != 0x10) and dst port 5432" -t ad -w /tmp/output

For a production setup, you probably want to change lo to the actual interface that is being connected on. I’m not sure if the -t ad is really needed, but a bit too tired to find out at the moment. Hope this helps someone else.

Tags: hack, postgresql, troubleshooting, wireshark

The hardship of labour (for a dog)

My little 11 year old stepsister asked her mother a question.

“Breeding with dogs, isn’t that a form of abuse?”

Her mother was a bit confused.

“Well,” she continued, “first you force the dog to couple with another dog. Then she has to go through labour. And then, after she had to take care of the pups for 8 weeks, you take her kids away again.”

When her mother told me this, we had a bit of a shuckle with it. Usually the mother is quite glad once the young rascals leave, because she’ll finally have a little peace again. And the coupling is usually something the dog doesn’t mind at that time, because of the hormones raging through her body.

But the labout is a different story. Just came back from my dad’s, where Angel is whelping. Or at least, I hope she’s finally whelping. Her contractions started yesterday evening, which move the pups from her belly to her backend, ready for birthing. Around when I left my dad, her actual birthing contractions started. She was panting a lot and ripping sheets to shreds, probably from the pain and maybe partly because she has an urge to build a nest.

Still, it’s not a very uplifting sight. However much she might like it when she finally has her pups, the labour is really hard. I feel sorry for her. And it made me think of my step sister’s comment. Is it abuse? Probably not, it’s still “the way of nature”. But seeing Angel in so much discomfort makes me doubt it a little bit.

Tags: abuse, birth, labour, pets, pups