Tales from the Gryphon/ archives/

Tales from the Gryphon

Archives for 2010

Manoj's hackergotchi
Add a new post titled:
Monday 15 November
2010
Link: Dear Lazyweb: How do you refresh or recreate your kvm virt periodically?

Posted terribly early Monday morning, November 15th, 2010

Dear Lazyweb: How do you refresh or recreate your kvm virt periodically?

#+TITLE: Dear Lazyweb: How do you refresh or recreate your kvm virt periodically? #+AUTHOR: Manoj Srivastava #+EMAIL: srivasta@debian.org #+DATE: #+LANGUAGE: en #+OPTIONS: H:0 num:nil toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t TeX:t LaTeX:t skip:nil d:nil tags:not-in-toc #+INFOJS_OPT: view:showall toc:nil ltoc:nil mouse:underline buttons:nil path:http://orgmode.org/org-info.js #+LINK_UP: http://www.golden-gryphon.com/blog/manoj/ #+LINK_HOME: http://www.golden-gryphon.com/ Dear Lazyweb, how do all y'all using virts recreate the build machine setup periodically? I have tried and failed to get =qemu-make-debian-root= script work for me. Going through and redoing it from netinst ISO is an option -- but then I need debconf preseeding files, and I was wondering if there are some out there. And then there is the whole "Oh, by the way, upgrade from Squeeze to Sid, please" step. The less sexy alternative is going to the master copy and running a /cron/ job to safe-upgrade each week, and re-creating any copy-on-write children. Would probably work, but I am betting there are less hackish solutions out there. First, some background. It has been an year since I interviewed for the job I currently hold. And nearly 10 months since I have been really active in Debian (apart from /Debconf/ 10). Partly it was trying to perform well at the new job, partly it was getting permissions to work on Debian from my employer. Now that I think I have an handle on the job, and the process for getting permissions is coming to a positive end, I am looking towards getting my Debian processes and infrastructure back up to snuff. Before the interregnum, I used to have a /UML/ machine setup to do builds. It was generated from scratch weekly using cron, and ran /SELinux/ strict mode, and I used to have an automated ssh based script to build packages, and dump them on my box to test them. I had local git porcelain to do all this and tag releases, in a nice, effortless work flow. Now, the glory days of /UML/ are long gone, and all the cool kids are using /KVM/. I have set up a kvm box, using a netinst ISO (like the majority of the HOWTO's say). I used [[http://madduck.net/docs/][madduck's]] [[http://slexy.org/view/s2acgjOwrr][old]] =/etc/networking/interfaces= set up to do networking using a public bridge (mostly because how cool his solution was, =virsh= can talk natively to a bridge for us now) and I have /NFS/, /SELinux/, /ssh/, and my remote build infrastructure all done, so I am ready to hop back into the fray once the lawyers actually ink the agreements. All I have to do is decide on how to refresh my build machines periodically. And I guess I should set up =virsh=, instead of having a shell alias around =kvm=. Just haven't gotten around to that.

Manoj

Wednesday 25 August
2010
Link: Refreshing GNUPG keys sensibly

Posted Wednesday evening, August 25th, 2010

Refreshing GNUPG keys sensibly

#+TITLE: Refreshing GNUPG keys sensibly #+AUTHOR: Manoj Srivastava #+EMAIL: srivasta@debian.org #+DATE: #+LANGUAGE: en #+OPTIONS: H:0 num:nil toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t TeX:t LaTeX:t skip:nil d:nil tags:not-in-toc #+INFOJS_OPT: view:showall toc:nil ltoc:nil mouse:underline buttons:nil path:http://orgmode.org/org-info.js #+LINK_UP: http://www.golden-gryphon.com/blog/manoj/ #+LINK_HOME: http://www.golden-gryphon.com/ It has come up on the [[http://planet.debian.org/][Planet]] recently, as well as the gnupg users mailing list: users need to refresh keys that they use to get updated information on revocations and key expiration. And there are plenty of examples of simple additions to ones /crontab/ to set up a key refresh. Of course, with me, things are rarely that simple. Firstly, I have my *GNUPGHOME* set to a non standard location; and, secondly, I like having my Gnus tell me about signatures on mails to the Debian mailing lists, so I periodically sync /debian-keyring.gpg/ into my *GNUPGHOME*. I add this as an additional keyring in my /gpg.conf/ file, so that in normal operations gnus has ready access to the keys; but I do not care to refresh all the keys in debian-keyring. I also prefer to trust and update keys in my keyring, so the commands grow a little complex. Also, I want to get keys for any signatures folks have kindly added to my key and uploaded to the key server (not everyone uses [[http:packages.debian.org/signing-party][caff]]), so just /--refresh-keys/ does not serve. Linebreaks added for readability. #+BEGIN_example # refresh my keys # Note how I have to dance around keyring specification 45 4 * * 4 (/usr/bin/gpg2 --homedir ~/.sec --refresh-keys $(/usr/bin/gpg2 --options /dev/null --homedir ~/.sec --no-default-keyring --keyring pubring.gpg --with-colons --fixed-list-mode --list-keys | egrep '^pub' | cut -f5 -d: | sort -u) >/dev/null 2>&1) # Get keys for new sigs on my keys (get my key by default, in case # there are no unknown user IDs [do not want to re-get all keys]) 44 4 * * 5 (/usr/bin/gpg2 --homedir ~/.sec --recv-keys 0xC5779A1C $(/usr/bin/gpg2 --options /dev/null --homedir ~/.sec --no-default-keyring --keyring pubring.gpg --with-colons --fixed-list-mode --list-sigs 0xC5779A1C | egrep '^sig:' | grep 'User ID not found' | cut -f5 -d: | sort -u) >/dev/null 2>&1) #+END_example

Manoj

Sunday 28 March
2010
Link: Customer obsession: Early days at a new Job

Posted Sunday afternoon, March 28th, 2010

Customer obsession: Early days at a new Job

#+TITLE: Customer obsession: Early days at a new Job #+AUTHOR: Manoj Srivastava #+EMAIL: srivasta@debian.org #+DATE: #+LANGUAGE: en #+OPTIONS: H:0 num:nil toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t TeX:t LaTeX:t skip:nil d:nil tags:not-in-toc #+INFOJS_OPT: view:showall toc:nil ltoc:nil mouse:underline buttons:nil path:http://orgmode.org/org-info.js #+LINK_UP: http://www.golden-gryphon.com/blog/manoj/ #+LINK_HOME: http://www.golden-gryphon.com/ I have been at Amazon.com for a very short while (I have only gotten one paycheck from them so far), but long enough for first impressions to have settled. Dress is casual, Parking is limited. Cafeteria food is merely OK, and is not free. There is a very flat structure at Amazon. The front line work is done by one-or-two pizza teams -- size measure by the number of large pizzas that can feed the team. Individual experiences with the company largely depend on what team you happen to end up with. I think I lucked out here. I get to work on interesting and challenging problems, at scales I had not experienced before. There is an ownership culture. Every one -- including developers -- get to own what they produce. You are responsible for our product -- down to carrying pagers in rotation with others on your team, so that there is someone on call in case your product has a bug. RC (or customer impacting) bugs result in a conference call being invoked within 10-15 minutes, and all kinds of people and departments being folded in until the issue is resolved. Unlike others, I find the operations burden refreshing (I come from working as a federal government contractor). On call pages are often opportunities to learn thing, and I like the investigation of the current burning issue du jour. I also like the fact that I get to be my own support staff for the most part, though I have not yet installed Debian anywhere here. While it seems corny, customer obsession is a concept that pervades the company. I find ti refreshing. The mantra that "it's all about the customer experience" is actually true and enforced. Whenever a tie needs to be broken on how something should work the answer to this question is usually sufficient to break it. Most other places the management was responsible for, and worried about budgets for the department -- this does not seem to be the case for lower to middle management here. We don't get infinite resources, but work is planned based on user experience, customer needs, and technical requirements, not following the drum beat of bean counters. The focus is on the job to be done, not the hours punched in. I can choose to work from home if I wish, modulo meetings (which one could dial in to, at a pinch). But then, I have a 5 mile, 12 minute commute. I have, to my surprise, started coming in to work at 7:30 in the morning (I used to rarely get out of bed before 9:30 before), and I plan on getting a [[http://taylorsbikeshop.com/product/08-raleigh-detour-deluxe-37604-1.htm][bike]] and seeing if I can ride my bike to work this summer. All in all, I like it here.

Manoj


Webmaster <webmaster@golden-gryphon.com>
Last commit: terribly early Sunday morning, June 8th, 2014
Last edited terribly early Sunday morning, June 8th, 2014