Intermezzo

My feelings are mixed about following Maria and Anna without a further fight. In this land we ended up I’m quite confortable, provided I don’t remember precisely how I arrived to this situation. I have food, the locals are quite friendly, and they seem to give me what I need without asking. The first days I thought it was some kind of welcoming amenity, but after a week eating and drinking for free, I simply discarded the possibility. They do not use money, therefore you can’t buy things. But they do give you what you really want, if they don’t want to give it to you, for a token or a souvenir.

I remember that local girl I thought I managed to seduce the first night. What was her name? Laurelie, Lorraine, something like that. A very sweet one, althought not very talkative. Laurelie allowed me to sleep on her place afterwards. The next morning, when she woke up, she caught me observing her collection of tokens. Her walls were covered by ungainly shelves, and over them, all kind of stuff: a toy car, a paipai, a snail shell, a broken watch, a child brush, a zippo lighter, a small horseshoe, a big eraser, a bag of marbles, a yellow chalk, that kind of stuff, you name it. Some boxes over also seem to hide more. When she found me examining her collection, from one of the boxes she made appear a beautiful small medallion, that she put in my hands before politely escorting me out of the building. I still keep it. The question I was asking myself the next days, when I managed to understand the value of a token in this society, was if she paid me for having sex or if she gave it to me as a gift. I say I was asking myself because now I know that there is no difference, after all, between a pre-arranged token and a gift. Unless of course, you don’t want to give your token to the other person. The beauty of it is that the tokens are completely optional, so you can decide not to give something in exchange for a service. Like a tip, you give a token only if you feel it. Why this system works for everybody, is another question. It looks like here the basic products, water, vegetables, food, alcohol, and similar commodities are always covered. They simply are replenished in the shops, either by magic or by invisible hands. Or maybe by them.

The blurry people.

Advertisements
Posted in aliens, fantasy, new dreams, unpublished | Leave a comment

LXC : containers on CentOS 7 (II)

So we have containers. I now need to learn how to allocate resources on them, how to call them, and so on. My cheat sheet so far is:

  • Container creation:
    lxc-create -n NAME -t DISTRIBUTION
  • Container info:
    lxc-info -n NAME
  • Container list:
    lxc-ls
  • Container login from a privileged account:
    lxc-console -n NAME -t 0
  • Container configuration of NAME
    /var/lib/lxc/NAME/config
  • Container templates:
    /usr/share/lxc/config/

I tested that I can login as root when I’m an user on the same machine the container is running, that is what I wanted, to give ROOT power to a user in a confined hardware subset. I changed the root password right after creating the container, so the user just need to do

ssh -Y root@ip.of.the.container

Now we need to dynamically modify it. There is a long post about container resources that I used as a guide. It looks like there are currently 2 “container philosophies” installed: the one that uses lxc + command ( example: lxc config device set CONTAINER DEVICE KEY VALUE) and the one that uses lxc-cgroup. In my case, that is the one that seems more handy, since the user is going to log in via ssh. So let’s say I want to restrict the user of the container NAME to 2 of the cpus of my machine. I achieve it by typing, as root:

lxc-cgroup -n NAME cpuset.cpus 0,1

The next step will be to try software installation. I will cover the subject in a future post.

Posted in bits, centos, containers, linux | Leave a comment

On the road

“Wir sind so unfreundlich…We didn’t introduce ourselves. She’s Maria, and I’m Anna.” I nod. “The names are our real ones. But who cares now, right? Es ist nicht merh wichtig. We shine like a fucking Leuchturm we’re not from around…that’s why we need to fly north. “Maria nods, slowly. I realize that I didn’t hear her speak yet. “You probably were not very disturbed by the outcome of our flight, but I hear things, you know. I hear that on the north, they are in contact with the civilization, whatever it means.” Anna sips in a casual way her cocktail. I try to introduce myself, but whatever they gave me is not letting me to say a word. My lips resist to move on my will. Meanwhile, she continues with her monologue. “I’m a good girl. I’ve always been. You need to be a special type of girl if you want to climb up as a stewardness. I know what you think, I can read it in your eyes, but no, I’m not speaking about that type of things.” She hesitates, then she makes a gesture and the waiter brings us more drinks. I take the one that is offered to me. It looks like some kind of cocktail, with a slice of lemon and a straw, in a long, but small glass.

“Drink it. ” Maria says. Her voice is deep, as if coming from the end of the road. Not a voice to make flying announcements, I tell to myself. Still, it’s a conforting one. It makes me feel like I can trust her. “It’s mezcal. Almost pure alcohol. It will help you to gain back control over your mouth.” On the other hand, the voice of Anna is quite forgettable. Almost mecanical, like the one you get from the vending machines, something like – here’s your ticket, thank you very much for your visit, please drive safely. – I suck from the straw, and the liquid is indeed warming me up, burning my throat and my spirit. I swallow once more and try to say something.

“Where do you want me to go?” I manage to say.

“I heard there’s a comuna of drifters to the south.” Anna says. “We know where it is, more or less, but to enter there, and find him, we need a speaker. Otherwise they will think we’re meat.” I smile. Anna doesn’t like it. “Wir sind nicht Fleisch! We have a plan, an objetive, and a roadmap to get it. First the pilot, then the plane, then go back north. Ganz einfach. So let’s start to make it real!” She throws her empty cocktail glass through the wall, and it breaks down, as expected, in a millon of shinny little pieces. The waiter, not even a little annoyed, starts inmediately to pick up the shards. We stand up as ready to leave. Maria seems to leave something (a pre-arranged item) over the table, but I can’t manage to see wha it is.

“I follow you, then.” I say. My tongue is still feeling like a piece of lead, but at least, I can make it bend to pronouce some words. I wonder how long is this poison going to stay in my veins, and how Anna and Maria plan to drug me the next time.

Posted in aliens, fantasy, new dreams, unpublished | Leave a comment

LXC : containers on CentOS 7

A long time ago (in April!) I posted about my experience with Kubernetes. As usual, I didn’t have time to go deep into it. Since then, I got more and more people interested on having some kind of container available on our CentOS 7 systems. I was really pissed off because it looks like on Ubuntu containers run almost native. Anyway, let’s face the problem that occupies us (or me). I will try to follow the GitHub thread about the subject. As before, I will post my version of what is there, together with my outputs and comments. The first part is to install the rogue repository to get lxc.

# yum -y install python-requests
# rpm --nodeps -i 
https://copr-be.cloud.fedoraproject.org/
results/alonid/yum-plugin-copr/
epel-7-x86_64/00110045-yum-plugin-copr/
yum-plugin-copr-1.1.31-508.el7.centos.noarch.rpm
warning: /var/tmp/rpm-tmp.Al8kb1: 
Header V3 RSA/SHA1 Signature, key ID 4e191eaf: NOKEY
# yum copr enable thm/lxc2.0
Loaded plugins: copr, fastestmirror, langpacks

Now I get a warning, telling me basically to be careful with not-official repositories. Alright, thanks for the warning.

Do you want to continue? [y/N]: y
copr done
# yum -y install lxc lxc-devel
Loaded plugins: copr, fastestmirror, langpacks
thm-lxc2.0 | 3.0 kB 00:00:00 
thm-lxc2.0/x86_64/primary_db | 6.3 kB 00:00:00 
...
Resolving Dependencies
..
Installing:
 lxc x86_64 2.0.9-1.el7.centos thm-lxc2.0 226 k
 lxc-devel x86_64 2.0.9-1.el7.centos thm-lxc2.0 20 k
Installing for dependencies:
 lxc-libs x86_64 2.0.9-1.el7.centos thm-lxc2.0 385 k
...
 Installing : lxc-libs-2.0.9-1.el7.centos.x86_64 1/3 
 Installing : lxc-devel-2.0.9-1.el7.centos.x86_64 2/3 
 Installing : lxc-2.0.9-1.el7.centos.x86_64 3/3 
 Verifying : lxc-libs-2.0.9-1.el7.centos.x86_64 1/3 
 Verifying : lxc-devel-2.0.9-1.el7.centos.x86_64 2/3 
 Verifying : lxc-2.0.9-1.el7.centos.x86_64 3/3

Installed:
 lxc.x86_64 0:2.0.9-1.el7.centos 
 lxc-devel.x86_64 0:2.0.9-1.el7.centos

Dependency Installed:
 lxc-libs.x86_64 0:2.0.9-1.el7.centos

Complete!

Let’s see what is new on my system.

#ls /usr/bin/lx*
/usr/bin/lxc-attach /usr/bin/lxc-checkpoint /usr/bin/lxc-create 
/usr/bin/lxc-freeze /usr/bin/lxc-snapshot /usr/bin/lxc-unfreeze
/usr/bin/lxc-autostart /usr/bin/lxc-config /usr/bin/lxc-destroy 
/usr/bin/lxc-info /usr/bin/lxc-start /usr/bin/lxc-unshare
/usr/bin/lxc-cgroup /usr/bin/lxc-console /usr/bin/lxc-device 
/usr/bin/lxc-ls /usr/bin/lxc-stop /usr/bin/lxc-usernsexec
/usr/bin/lxc-checkconfig /usr/bin/lxc-copy /usr/bin/lxc-execute 
/usr/bin/lxc-monitor /usr/bin/lxc-top /usr/bin/lxc-wait

A lot. Since I’m impatient, I try already to start it up. Of course I fail. We need to get the daemon to work with us. This is what worked in my case:

#yum install -y golang golang-bin golang-src git 
make dnsmasq squashfs-tools
#mkdir ~/go
#export GOPATH=~/go
#go get github.com/lxc/lxd
package github.com/lxc/lxd: no buildable Go source files in 
/root/go/src/github.com/lxc/lxd
#cd /root/go/src/github.com/lxc/lxd
#make
go get -t -v -d ./...
github.com/gorilla/websocket (download)
... now a lot of stuff is being fetch and downloaded but...
make: *** [default] Error 2

What is going on? It turns out we don’t have ACLs installed. Let’s fix it and go ahead:

# yum install libacl-devel
Loaded plugins: copr, fastestmirror, langpacks
Installed:
 libacl-devel.x86_64 0:2.2.51-12.el7
Dependency Installed:
 libattr-devel.x86_64 0:2.4.46-12.el7

#make
go get -t -v -d ./...
go install -v ./...
github.com/lxc/lxd/shared/idmap
github.com/lxc/lxd/fuidshift
github.com/lxc/lxd/lxd/util
github.com/lxc/lxd/lxd/sys
github.com/lxc/lxd/lxd/state
github.com/lxc/lxd/lxd
LXD built successfully

Are we ready to go? We need now to create, enable and start the daemon needed for the container management. We do as suggested:

Create the file /etc/systemd/system/lxd.service with the following contents:

[Unit]
Description=LXD Container Hypervisor
Requires=network.service

[Service]
ExecStart=/usr/bin/lxd --group lxd --logfile=/var/log/lxd/lxd.log
KillMode=process
TimeoutStopSec=40
KillSignal=SIGPWR
Restart=on-failure
LimitNOFILE=-1
LimitNPROC=-1

I save that file, enable the service, and start it. But it doesn’t hold!

# systemctl start lxd
# systemctl status lxd
● lxd.service - LXD Container Hypervisor
 Loaded: loaded (/etc/systemd/system/lxd.service; 
enabled; vendor preset: disabled)
 Active: failed (Result: start-limit) 
since XXX CEST; 7s ago
 Process: 13643 ExecStart=/usr/bin/lxd --group lxd 
--logfile=/var/log/lxd/lxd.log (code=exited, status=1/FAILURE)
 Main PID: 13643 (code=exited, status=1/FAILURE)

systemd[1]: Unit lxd.service entered failed state.
systemd[1]: lxd.service failed.
systemd[1]: lxd.service holdoff time over, scheduling restart.
systemd[1]: start request repeated too quickly for lxd.service
systemd[1]: Failed to start LXD Container Hypervisor.
systemd[1]: Unit lxd.service entered failed state.
systemd[1]: lxd.service failed.

Why? Why to me? Here they claim that LXD depends on squashfs-tools. Whatever they are. Let’s install them then.

# yum install squashfs-tools
Installed:
 squashfs-tools.x86_64 0:4.3-0.21.gitaae0aff4.el7
Complete!

And starting it again gives this result:

# systemctl start lxd
# systemctl status lxd
● lxd.service - LXD Container Hypervisor
 Loaded: loaded 
(/etc/systemd/system/lxd.service; enabled; vendor preset: disabled)
 Active: active (running) since XXX CEST; 2s ago
 Main PID: 13742 (lxd)
 CGroup: /system.slice/lxd.service
 └─13742 /usr/bin/lxd --group lxd --logfile=/var/log/lxd/lxd.log

 systemd[1]: Started LXD Container Hypervisor.
 systemd[1]: Starting LXD Container Hypervisor...
 lxd[13742]: lvl=warn msg="AppArmor support has been disabled ..
 lxd[13742]: lvl=warn msg="Couldn't find the CGroup network ..
 lxd[13742]: lvl=warn msg="Couldn't find the CGroup pids ...
Hint: Some lines were ellipsized, use -l to show in full.

Time to play.  We run lxc-checkconfig, and the output looks like the post-install here. So we’re OK, I think. Ahead we go.

#lxc image list images: 'centos'
If this is your first time using LXD, you should also run: 
lxd init
To start your first container, try: lxc launch ubuntu:16.04

One should get under this a nice table of CentOS images that I don’t see the point to reproduce. We do as suggested.

# lxc launch ubuntu:16.04
Creating the container
error: Failed container creation:
 - https://cloud-images.ubuntu.com/releases: 
No storage pool found. Please create a new storage pool.
# lxc image copy images:2e60b3a6a33f local: --alias centos-7
Image copied successfully! 
# lxc init centos-7 c2
Creating c2
error: No storage pool found. Please create a new storage pool.

The storage pool! We need to create one! It was my failure, since they really told me above before launching anything I need to do this:

# lxd init
Do you want to configure a new storage pool (yes/no) 
[default=yes]? 
Name of the new storage pool [default=default]: 
Name of the storage backend to use (dir, btrfs, lvm) 
[default=btrfs]: 
Create a new BTRFS pool (yes/no) [default=yes]? 
Would you like to use an existing block device (yes/no) 
[default=no]? 
Size in GB of the new loop device (1GB minimum) [default=78GB]: 
Would you like LXD to be available over the network (yes/no) 
[default=no]? 
Would you like stale cached images to be updated automatically 
(yes/no) [default=yes]? 
Would you like to create a new network bridge (yes/no) 
[default=yes]? 
What should the new bridge be called [default=lxdbr0]? 
What IPv4 address should be used 
(CIDR subnet notation, “auto” or “none”) [default=auto]? 
What IPv6 address should be used 
(CIDR subnet notation, “auto” or “none”) [default=auto]? 
LXD has been successfully configured.

I selected all the default options. Now I want one Ubuntu container. Will it work?

#lxc launch ubuntu:16.04
Creating the container
Container name is: mosk
Starting mosk
error: Failed to run: /usr/bin/lxd forkstart 
mosk /var/lib/lxd/containers /var/log/lxd/mosk/lxc.conf: 
Try `lxc info --show-log local:mosk` for more info

Ohhh… it doesn’t work. But let’s try with another one. I do as suggested at the end of the aleph-zero guide.

  • Copy image locally: lxc image copy images:41c7bb494bbd local: --alias centos-7
  • Create the container from the image without starting it: lxc init centos-7 c2
  • Configure the image to be unprivileged: lxc config set c2 security.privileged true
  • Verify that it has been changed to unpriviledged:
#  lxc config get c2 security.privileged
 true
  • Start the container: lxc start c2

Let’s check what we have now:

# lxc list
+----------------+----------+------+------------+-----------+
| NAME | STATE   | IPV4     | IPV6 | TYPE       | SNAPSHOTS |
+------+---------+----------+------+------------+-----------+
| c2   | RUNNING | X.X.X.X  |      | PERSISTENT | 0         |
+------+---------+----------+------+------------+-----------+
| mosk | STOPPED |          |      | PERSISTENT | 0         |
+------+---------+----------+------+------------+-----------+

…and we’re done!!! Next day we will learn what to do with it. The plan is to use it to give a user root privileges that will not alter the system. It’s ambitious. But everything on Science is, isn’t my dear?

EDIT: container templates were not installed. So in addition to what is above, we need to:

# yum -y install lxc lxc-templates
Installing : lxc-templates-2.0.9-1.el7.centos.x86_64 1/1 
 Verifying : lxc-templates-2.0.9-1.el7.centos.x86_64 1/1

Installed:
 lxc-templates.x86_64 0:2.0.9-1.el7.centos

Complete!
# ls /usr/share/lxc/templates/
lxc-alpine lxc-archlinux lxc-centos lxc-debian 
lxc-fedora lxc-openmandriva lxc-oracle lxc-slackware 
lxc-sshd lxc-ubuntu-cloud
lxc-altlinux lxc-busybox lxc-cirros lxc-download 
lxc-gentoo lxc-opensuse lxc-plamo lxc-sparclinux lxc-ubuntu

And here you have another reference if you need it. That is not perfect, but work almost until the end. The writer of the post had troubles also at the end. My error is different.

lxc-start -n centos_lxc -d
lxc-start: lxc_start.c: main: 336 
The container failed to start.
lxc-start: lxc_start.c: main: 338 
To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 340 
Additional information can be obtained 
by setting the --logfile and --logpriority options.

I corrected by installing some virtualization libraries and starting the corresponding service.

# yum install -y libvirt
...
Install 1 Package (+22 Dependent packages)
Upgrade ( 5 Dependent packages)
...
# systemctl start libvirtd

By the way, at least in my case, lxc-ls was missing. Run  yum install /usr/bin/lxc-ls to fix that one. I wonder now if all of this was for some use. We will see…

Posted in bits, centos, containers, linux | Leave a comment

The plan

Richtig. Please sit here, mit uns.” I do so. “Herr Ober! Ein Bier for this man!” There’s a man that I didn’t realize standing on the door of the building. I look up, just to realize the name of the place is Taberna Hellas. The man goes quickly inside and he comes back a few minutes later, with a big glass on his hand. Good and quick service, I will say. I take the beer glass and I smell the liquid inside. It smells to fruits. It’s some kind of Belgian beer. Or, more precisely, it tastes like what I imagine a Belgian beer should taste. The glass is beautiful, with a big mouth and a round belly. The foam is dense but soft to my lips, when I sip. “So here’s the deal.” The voluptuous one is still looking beyond us, like if this conversation is not involving her. “You spricht the local and you understand us. We will speak with each other in English. It’s the closest thing to a translator we will have in this Gotterdammed land. Your duty: find the pilot, or find those that have the pilot. If you can’t find unsere pilot, you will find ein pilot. Gut?”

Richtig.” I manage to say. “But do you think a pilot will be able to help us come back?”

“Who said we want to come back, mein Freund?” I can’t avoid by show my surprise. Both laugh aloud together, while looking around and doing fancy movements with their hands to enphasize it. Then they stop and look to each other, then they look at me. Again, it looks like they’re following a script of some kind. I sip my beer. I start feeling dizzy, maybe I underestimated the amount of alcohol of my beer. “We don’t want to come back, we just want to move. Bewegung.” I nod. I look at the waiter, that is now back to his position at the door. He smiles. His smile is looking also planned, but it is not as disturbing as the one of my new partners. I emtpy my beer and I try to ask for another one to the waiter, that tries to ignore me.

“So what do I get from our deal? I’m quite fine here, so far so good, so to say. Yes, this is not the place I was expecting, but at least, they speak Spanish…”

“It’s very simple. Ganz eifach. Your freedom from us.” I freeze. I try to move, but I feel like I’m in some kind of jelly. The wind blows in my face, but I can’t even put away the glass in my hand as I’d like to do. I look at the glass. At least my eyes are moving. “Yes. It was not so easy to get it, but es hat geklappt. I have some knowledge on Biowissenchaft. So we made some Experimente with the local material. We gave you a drug. The drug will force you to do whatever we want -” I try to throw them the glass, but I fail miserably” – whenever we want. OK so far? ” I try to nod, and I manage. What the hell is this?” Yea, you’re understanding it. Good boy, good boy. Let’s say it like this: if you try to do something that we don’t expect, or that we don’t want, you will die. Tot. Ende! Kaputt! Comprendes?” I nod.

Posted in aliens, fantasy, new dreams, unpublished | Leave a comment

The flight

“Hey Mensch!” I turned my face to the feminine voice. Two blonde girls are sitting on a table, with a holiday upfit: short bermudas, a lousy short-sleeves, chanclas, sunglasses, cocktails and a straw hat. One of them is pointing to me with a slender hand and a polished, long, red nail. She’s skinny but quite attractive, with goldilocks surrounding her face, but also mixing up with the yellow colour of the had. On the other hand, her friend is voluptuous, to the point that it looks like she’s wearing clothes a size smaller than hers, and seems to be busy thinking about something, or staring to something, far away to my right. I come from the left.

“Are you speaking to me?” I commit the mistake of coming closer. Or I could say, I commit the mistake of speaking to her.

Ja, Du mann! Komm hier!” I obey the command, and I get to their table. Actually, I forgot why I came here. Or how I came…

“I don’t spricht Deustsch.” I say. She (the skinny one) lowers her round pink sunglasses. Her eyes are clear blue, with yellow strands, like the sky at dawn or dusk, but with a black hole floating in the middle. It’s hard to say if she’s really looking at me, but I have the same sensation with all the aryan people. When I’m close enough, she gives a last sip of her cocktail, that she deposits over the round table with parsimonia, and grab my arm by surprise. I don’t try to escape, since I’m not scared.

“I’ve been observing you, mein Mann. You have come with our flight to this land.” Her pronunciation of land sounds like she’s saying an offensive word, instead of a commonly used one. Why would you give such a meaning to the word? “Du not sprischt Deutsh but you understand it, right?” I nod. She’s keeping the grip, but at the same time, she’s making me feel like I’m wanted, moving her fingers in a sensual way over my skin. I’m grabbed tight but sexy. “Wir brauchen somebody like you. Will you work for us?” I look at both. Her friend, the voluptuous one, is looking to me with what I could only call hungry. She plays with the buttons of her shirt, opening, closing, forcing me to ask me what is behind. She’s definitely hungry of men, or she wants me to believe that. If we were alone, probably I could be already over her. But I like to speak before, so I do so.

“You’re right, my lady. I can understand German, but I can’t speak it. It’s the level of a non-integrated migrant. Let’s say I was happy there, provided I had another language choice.” They laugh, but it’s an empty one, like prepared, like on a TV show. I wonder how many times they made this interview already. From my point of view I just landed, but everything is so strange..

“You are simply ein uber. We’re very, very lucky we found one so quickly. I was thinking I was forced to stay here forever. But from your face I see you don’t have it clear…will you help us or not?”

“Only if you tell me who are you…I seem to recall I saw you before, but I can’t remember where…”

“We were on your flight. We were your stewardesses.” I open my mouth wide. It’s incredible how the people change after only leaving their uniforms aside. I nod. Of course they are! They were the first disappearing!

Posted in aliens, fantasy, new dreams, unpublished | Leave a comment

The future

Now imagine you live in the future. Actually you do: your smartphone, when the network is fine, and provided you can pay the data bill, will give you access to all the history of mankind, to the level of detail you want. You can even find out variations of it. If you go to the right internet area, you will start to believe that the Earth is flat, or that it’s only 6.000 years old. Let’s sum it up on a phrase.

“Never underestimate the power of human stupidity”

Unfortunately, the quote is not from me but from Heinlein. You may remember him because, I could say, 90% of the good SF movies are based on his ideas, or connected with him. I will not list them, and instead I will take the liberty of adapting the phrase for my situation, writing down my version.

“Never underestimate the truth about your future”

In this case meaning that you should be confident about that you alone can sort out the crisis and get out victorious, and even shinier than now. Or I could write I should be. Why’s that, it’s because we live in the future, and whenever you want, wherever you need, there’s a camera. Just in case.

Posted in dragons | Leave a comment