From openvz to VMWare

I was recently asked to convert an openvz container to a VMWare instance. I found a tutorial on a forum which helped but had to be adapted slightly.

Here is how I eventually managed to do the conversion:

1. On the openvz host, create an image (in my case, I need 20GB):
   dd if=/dev/zero of=test.img bs=516096c count=40000
2. Create a partition table in the image:
   fdisk test.img
   Type: o n p 1 2048 w
3. Mount the image using the offset corresponding to the partition table (in our case, 2048*512=1048576):
   losetup -o1048576 /dev/loop0 test.img
mke2fs -b1024 /dev/loop0
tune2fs -j /dev/loop0
mount /dev/loop0 /mnt
4. Retrieve the UUID of the partition. Note it somewhere, you will need it several times:
   blkid /dev/loop0
5. Copy the container files to the image. I used rsync to exclude some data that were too big. Make sure to use --numeric-ids to prevent bad mapping of UIDs:
   rsync -av --exclude 'somedir' --numeric-ids /vz/root/1234/ /mnt
6. Install grub on the disk:
   grub-install --root-directory /mnt /dev/loop0
7. Chroot into the mounted partition:
   chroot /mnt
8. Install a kernel and grub (using apt for example):
   apt-get install linux-image-foobar #adapt to your kernel version
apt-get install grub-pc
9. Give a password to root:
   passwd
10. Change inittab to add the ttys:
    1:2345:respawn:/sbin/getty 38400 tty1
2:23:respawn:/sbin/getty 38400 tty2
3:23:respawn:/sbin/getty 38400 tty3
4:23:respawn:/sbin/getty 38400 tty4
5:23:respawn:/sbin/getty 38400 tty5
6:23:respawn:/sbin/getty 38400 tty6
11. Create an /etc/fstab file (change the UUID with yours):
    proc /proc proc nodev,noexec,nosuid 0 0
UUID=7925e5b1-f2ad-4cdc-95f9-984d25378194 / ext4 errors=remount-ro 0 1
12. Umount the image and convert it to a vmdk image:
    umount /mnt
kvm-img convert -f raw test.img -O vmdk test.vmdk
13. Boot the machine on the virtual disk with VMWare or Virtualbox. You should get a grub prompt (adapt with your UUID). In grub2, you can use autocompletion for the Linux kernel and the initrd image:
    grub> insmod ext2
grub> set root='(hd0,msdos1)'
grub> linux /boot/vmlinuz-foobar root=UUID=7925e5b1-f2ad-4cdc-95f9-984d25378194 ro
grub> initrd /boot/initrd-foobar
grub> boot
14. Log in to the machine and run update-grub
15. Adapt your network settings

Announcing Augeas 0.10.0

Augeas 0.10.0 has just been released, and it brings a good lot of changes with it.

Among them, the aug_to_xml method has been added. This is essentially an integration of the XML export function initially introduced in the Config::Augeas::Exporter Perl module. The port in C has seen some improvements in the XML schema, as well as in speed. There is not yet an aug_from_xml method, and it might take some time to come, as it brings up a lot of merging issues. This change introduces a dependency on libxml2.

Dominic Cleal has been working on the new aug_srun method, which he wishes for his  Augeas module for Puppet. In order to achieve this, he introduced a way to set the context of XPath expressions in /augeas/context in order to use relative paths. This is a well-known feature for the users of the Augeas module for Puppet, and it is now available for all Augeas users.

A lot of lenses have been fixed and improved. As a matter of fact, when I wrote the Config::Augeas::Validator Perl module, the goal was initially to test our configuration files against the Augeas lenses. But after testing some 120.000 files, I've obviously found a few flaws in the lenses and had to fix them.

The package for Augeas 0.10.0 has entered Ubuntu Precise this afternoon. Versions for older releases are available on my Augeas PPA. Feedback is most welcome!

Unit testing your configuration files

At work, we have a lot of different services running and we end up with hundreds of thousands of configuration files in our configuration repository (especially since we don't use templates - more on that in another upcoming post...).

In order to ensure the quality of these files (avoiding syntax errors and insecure configurations alike), we had the idea of writing a system to unit test the configuration files. Being involved in Augeas, I thought it would make a great parsing backend to write the tests.

This gave birth to what is currently a Perl module called Config::Augeas::Validator, which comes with a Perl script and an SVN wrapper (this is what we used, but wrappers for other VCS are welcome) to plug it to pre- and post-commit hooks.

The module relies on Augeas (and its lenses) to parse the configuration files. On top of that, you need to specify rules (which are essentially unit test scenarii), at least one for each type of file you wish to test. A minimal rule might look like this:

[DEFAULT]
lens=Fstab
pattern=.*/fstab

This rule will tell augeas-validator to test all files whose full path matches .*/fstab against the Fstab.lns Augeas lens. If the file contains syntax errors (that is, the lens fails to parse it), the program will report it and exit with a status of 1.

Here is another simple example adding two unit tests with warnings:

[DEFAULT]
lens=PHP
pattern=.*/(php\.ini|php[45]/conf\.d/.*\.ini)

[file_uploads]
name=file_uploads
explanation=file_uploads should be set to 'Off'
type=count
expr=$file//file_uploads[. != 'Off']
value=0
level=warning
tags=security

[expose_php]
name=expose_php
explanation=expose_php should be set to 'Off'
type=count
expr=$file//expose_php[. != 'Off']
value=0
level=warning
tags=security


This test checks for php.ini files. Not only does it fail with status 1 if there is a syntax error, it also applies two unit tests called file_uploads and expose_php, which will make the program output a warning and exit with status 2 if they are not met. The essential part of the rules is the expr parameter, which is an Augeas XPath expression. In this case, the expressions must not match any nodes in order to pass the tests (hence value=0).

These are just simple examples of what this module can do. You can find more examples shipped with the module itself. As a last example, here is one for Apache configuration files (in Debian/Ubuntu):

[DEFAULT]
lens=Httpd
pattern=.*/(sites-available/.*)|(apache2/.*\.conf)

[one_servername]
name=One ServerName per VirtualHost *
explanation=There should be only one ServerName per VirtualHost * entry
type=count
expr=$file[label() != "default"]/VirtualHost[arg =~ regexp("\*(:80)?")][count(directive[. = "ServerName"]) != 1]
value=0
level=warning

[bufferedlogs]
name=BufferedLogs
explanation=BufferedLogs must be set to Off
type=count
expr=$file//directive[. = "BufferedLogs"][arg = "On"]
value=0
level=warning
tags=security

[timeout]
name=Timeout
explanation=Timeout must be at least 45
type=count
expr=$file//directive[. = "Timeout"][int(arg) < 45]
value=0
level=warning
tags=security


Bible verses in Mint fortunes

For my most recent computer, I've installed Linux Mint 11. In Mint, bash is set to display a fortune cookie every time you start a shell session.

This is a nice idea, however I would rather see daily Bible verses than random fortunes. Here is how to do that. First, install the verse package:


$ sudo apt-get install verse


Then, edit /usr/bin/mint-fortune with sudo, and replace the line:


/usr/games/fortune | $command -f $cow


with


/usr/bin/verse | sed -e 's@^ *@@' | $command -f $cow


To be sure that the file won't be overridden when you upgrade your distribution, set it as a local diversion:


$ sudo dpkg-divert --local /usr/bin/mint-fortune


and you're done!

Colored initials in LaTeX

Georg Duffner, the creator of the EB Garamond open-source font, has been working on an initials font for EB Garamond based on a 16th century French Bible lately. A few days ago, he was thinking about producing colored initials with it, and had the idea of splitting the font in two: one font for the background ornament, and one font for the foreground letter to superimpose on it.

Base on this idea, I have hacked a little LaTeX module to typeset the initials in a simple way. The module can be found on github and is based on the lettrine LaTeX module.

It makes use of fontspec to load the fonts so it only works with XeTeX and LuaTeX.

The alphabet only contains 3 letters for now, so not really much can be achieved with it so far, but the code is there.

Here is an example reproducing parts of the 16th century Bible used to get the samples of the initials:

Keeping the Law — for whose sake?

Ye hypocrites, well did Esaias prophesy of you, saying,

This people draweth nigh unto me with their mouth, and honoureth me with their lips; but their heart is far from me.

Matthew 15:7—8

Many times, Jesus called people — especially the Pharisees — hypocrites. This puzzled His disciples quite a bit, because the Pharisees where people who kept the Law strictly. How could people who kept the Law be wrong? Well, the problem is that they kept the Law outwardly but not inwardly.

I heard many comments on the subject over the years, but something about this struck me today. Who were the Pharisees keeping the Law for? For whose sake do we act the way we do? Jesus said that when you desire a woman, you've already committed adultery with her in your heart, and that when you insult someone — even in your heart — you've already committed murder.

What is it that keeps me from acting the thoughts I have? Why do I sometimes let myself desire a woman, but I won't commit adultery in real life? Let's face it: even a lot of non believers have never committed adultery, let alone murder. I think the problem is here: for whose sake do you act the way you do? For God's sake, or for your own?

Many people act properly for their own sake ; they are afraid of what people will think about them, or do to them, if they don't act nicely. They keep the Law for their own sake — because of fear, or because of pride — and they have no reason to keep their thoughts as clean as their acts.

Jesus called us to go much further than that. He said we should actually keep even our thoughts clean. Why? For God's sake! It's not so much that I should look like a perfect person, that I should care about what people think about me — if they will judge me, hate me, stone me — if I don't act properly. No, there's someone — God — who knows more about myself than I even do, and for His sake, I should be perfect, because He said : "Be ye therefore perfect, even as your Father which is in heaven is perfect" (Matthew 5:48).

As Christians, we so often tend to think that we can do it the easy way: starting by cleaning ourselves outwardly, and finishing with the inside. It doesn't work that way, because the goal is not the same. If you care to clean the outside first, you're doing it for your own sake, but cleaning the inside requires doing it for God's sake, for the inward cleaning is the work of the Holy Spirit in our lives.

Your motivation defines where you're heading. If you act the way you do for your own sake, you will stay stuck with the outward issues of your life. If you want to give it all to God and change for His sake, asking the Holy Spirit to cleanse you from the inside — even if it might take longer and be more painful — He will do this work in you, and it will end up showing up outwardly in your life.

Father Almighty,

I realize my own efforts to purify myself are vain because they are only motivated by fear and pride, and they do not cleanse me internally — for Your sake.

I pray Lord that you send your Holy Spirit in my life to achieve the work within me, that I may be perfected to your image inwardly, and shine of your glory outwardly.

In Jesus' name. Amen.

The fancytabs LaTeX package

Lately, I've been using LaTeX quite a bit, and defining my own macros. Today is the occasion for me to release my first package: fancytabs.

This is a package that allows to add fancy tabs on the border of pages in a document.

The package can be downloaded from the CTAN.

Installing

After downloading and unzipping the file, run latex on the fancytabs.ins file. This will produce a fancytabs.sty file which provides the package. You can also build the PDF documentation by running pdflatex on the fancytabs.dtx file.

What does it look like?

Here is an example of a page featuring a fancy tab: