The water wedding (III)

– Do you have an idea of how fast can this thing go?

We are ready to start the trip. Hakim sitting on a sexy pose (isn’t always his poses sexy?) me ready to turn it on (the car, not Hakim) and with my feet on the pedals. It was about time, at this moment around the car we have like 50 harijan staring at it, and I’m afraid the news are flying fast. Everybody wants to touch the car, to see it. Such a nice vehicle. The backseats I managed to fill with cushions as I wanted, but I didn’t find a quick way to fix curtains to the windows. We found there was a compartment for our goods (I think it was called ‘luggage’) and I filled it up with packed wine, bread, and snacks, in addition to an extra tuxedo for each. One bottle I left with Hakim, so we can drink on the way. Unfortunately, the auto was coming without manual, therefore I’m not sure of the meaning of some of the dials. But one of them, really prominent, was saying FULL in plain English, so probably we were able to run without care for a while. I guess….

– Does it matter? Let’s try it out! To the Fountains!

– To the Fountains! – I repeat, while turning the key. The purring sound grows noisier, and we hear also some cracks, but we don’t move. I press one of the pedals, and suddenly we feel the push, to the point that we are jammed on the chairs. – Wow! – Hakim says. I keep the pressure, and one of the dial arrows (speed?) goes quickly from 0 to 20, whatever it means, then to 30, then to 45. There I keep it. We roll down our hill smoothly, no more accelerating, the shudra around waving us as we’re war heroes. Controlling the wheel I feel great, like a prince, what the hell, like a brahmin. With power over the life and dead of my fellow villagers. For a moment, I want to press harder, get more speed, so that I can drive over them. Because, when I was a boy, they didn’t like me at all. But I know how to forget. And I want them to remember me as that dalit, that white and dirty boy, that managed himself to go as high as the Emperor of The Middle Kingdom himself.

Advertisements
Posted in aliens, dragons, fantasy, fragments, new dreams, System Earth, yellow earth | Leave a comment

A docker cobbler server on CentOS 7

cobbler-mainYes I know, I’m a little bit dense on the last days about the docker thing. But what can I say: this blog is also my notebook/slash/lab book and I want to write here about how I did this or that.

Today, for example, I managed to get rid of my (old) cobbler server. Cobbler is a Linux installation server that allows for rapid setup of network installation environments. Yes I quote. Now what does it mean? It means that, provided you have an ISO image of the OS you want to install, you can mount it in the cobbler server and use the cobbler scripting power to install that OS on the client via PXE, the way you like. I will not tell you how to use it. Or at least, I will not tell you today how to use it. Let’s focus on the installation of a container version of it.

With a quick Google search you arrive to this github cobbler docker definition. I clone the repository on my linux docker master and then I check the blog they suggest. I took the picture from it, actually. I’m going, anyway, to save you (and me) further unnecessary reading and focus on the commands. In the folder you installed the repository, we build an image:

docker build -t cobbler .

Then, let’s say my docker is called supercobbler and I have a free IP on my docker master: 1.2.3.4. I create a script to start my docker like this one:

docker run --name supercobbler --hostname supercobbler \
-d --privileged \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-p 1.2.3.4:69:69 \
-p 1.2.3.4:80:80 \
-p 1.2.3.4:443:443 \
-p 1.2.3.4:25151:25151 \
cobbler

After that, provided my IP is visible from  my network, I get the cobbler web here:

https://1.2.3.4/cobbler_web

IMPORTANT: it’s https. If you don’t go to https, you will get a Forbidden access message. The default user is cobbler, password cobbler. If you want to change that, it’s enough to type:

htdigest /etc/cobbler/users.digest "Cobbler" cobbler

after being connected to the docker:

 docker exec -it supercobbler /bin/bash

I must say the same docker runs, with a little variations, on my mac OS also. I tested it there. But that’s enough for today. I think I may write later, but not about dockers, I promise!

Posted in bits, centos, cobbler, containers, docker, hardware, osx, programming, software | Leave a comment

The water wedding (II)

– And? Do you like it? – I was standing in front of what was looking like a real car. Around, some children were starting to gather around, to admire the amazing piece of tech. There was no sign of how it appeared here, of if it was working. The colour was unclear, but I will say it was yellowish. It’s not that it was dirty, more like I was not sure I could call yellow to that. Maybe kaki? The paintings were not helping: here and there one could read nasty kanjis, partially scratched out, and big, greenish and brown spots, like in a cow. The wheels were big, very big and black, and with a curious carving, maybe for decorative reasons. I didn’t like them but the whole look was still amazing. A car. An auto. Here in our quarters!

I go closer to touch it. It’s warm, like an animal. The roof of it is covering only the back seats, leaving what I think is called the driver seat and the co-pilot seat out in the blue. But we could use the covered space as a shelter, in case it rains. It will be perfect if we cover it with some cushions here and there, and if we add some curtains…

– Let’s try it out! – I open the drivers door and I check the inside. It looks more complicated that what I was expecting, but fine, nothing that I can’t crack down by trial and error. Carefully, I enter and sit. The sit feel like one of the training chairs at the Army. But fine, comfortable after all. There are pedals close to my feet, as expected. I position my sandals on them. – Can I start it?

– Yes you can! – I have a look. There are words in english all around me. Some dials, with Arabic numbers all around a circle, seem to look at me with a burlesque smile just behind the steering wheel. I grab the wheel. It’s made of black leather, or maybe of that thing called plastic. To my right, a lever. With more numbers: 1,2, 3… that is a gearshift. Where’s the start? Here? There’s a metallic key stacked in a round lock. An ignition lock? I carefully rotate the key…and then I hear it. Broom. Broom. A purr, like a tiger.

– Fantastic! So you do know how to drive! – I don’t look at Hakim, neither tell him anything, trying to enjoy the sensation of being under control of one car. – Not that I did doubt your abilities. – He interpreted my silence as a reproach. – In fact, I did anticipate your preference, and I asked for a car when I got the invite. Now I’m very happy that I did it in advance! Do you know that here in New Jaipur there are no more than 500 working cars available for private use? The rest are of course under control of the Army…and they don’t like to share them!

Posted in aliens, bits, dragons, fantasy, System Earth, unpublished, yellow earth | Leave a comment

The water wedding (I)

(EDIT: this is a Yellow Earth post, happening on System Earth. Sorry I leave so may loose strings, but that’s the way it goes…)

– How did you get one? – I was really surprised Hakim managed to get one. – I though only amazing people were invited to the ceremony!

– Thanks Kris for your confidence, but I do feel amazing myself. Ain’t I? – He does some kind of revolution across his vertical axis, half dancing, so I can indeed admire his barely dressed tattooed body. The room suddenly seems to small to both of us. – These babies – he points to the different drawings over his skin – are the ones that gave me access. So I could say they go to the wedding, not me. You see? – He recovers with his delicate fingers the contour of the figure covering half of his flank – this dragon here means I’m appreciated by the Emperor. – Hakim bows to me. His hair, badly thighed in a bum, is set free. – Or at least I was, at one point. The question is – he makes a drama queen break, rotating his arm all around the scene – are you ready to come with me?

– Yes I am! – I almost shout. Also, I almost jump over him. – When do we leave?

– Not any time soon, unless you want to be seen by the Water Guards dressed as a normal accountant, instead of the white duke you are for me. – Hakim comes closer, and grab my cheeks with both hands, in a gesture that reminds me what my grandmother was doing to me when she wanted to kiss me in the forehead. But the kiss doesn’t come. – You can borrow one of my dresses. I know they will fit you. How about this one? – He goes, jumping in the way he does, like a fairy or something scared of stepping over the carpet, until reaching the hole we use as an entrance to the wardrobe. Out of sight for less than a minute, he reappears with one of his tuxedos. The one he knows I love.

– I’ll be honoured to wear it. How about the transport?

– Don’t worry about it. This baby here – he waves the card in front of my eyes. It is golden (maybe it is even gold) and it has a big Chinese character imprinted, together with Hakim’s full name and number. I can’t see his side – is also working as a reisepass:  it gives us free and priority access to all the transports from here to there, provided they work. We may need to bring our stamps along, baby!

– Great! I’ve never taken a car, can we get one?

– Do you think you can drive?

– Of course I can! I can drive whatever you want with that card! – Once, when I was a baby, I had the chance to play with a toy car. It was not looking very complicated, a steering wheel, a couple of pedals…easy as a pie.

– Then los geht! Pack up your tuxedo while I dress and let’s find your car! Future Emperor, here we come!

Posted in aliens, bits, dragons, new dreams, System Earth, yellow earth | Leave a comment

A docker munin server on CentOS 7

The plan is to get rid of the old pizza box servers (around 20 Kg, 1U flat, with two power supplies) that are used, at this moment, only for services, like to run munin. I will build a munin docker and dump at least one of the monsters. The other ones I will sort out in a similar way. But let’s examine the munin docker server solutions first:

I will say the Wrender option is a killer. It will work, but it has a lot of unnecessary stuff. I can tell you I have two wrender LAMPs already running in parallel no problem. But I don’t need php or PhpMyAdmin, so let’s go for something completely different.

The scalingo munin looks like full of features, some of them unwanted by us. Anyway, I try it. Downloading and configuring it was easy. Once it seems to run, I open my browser on the desired port (8080 by default if you run the example) just to find the

Munin has not run yet. Please try again in a few moments.

message that is announced you should find. OK, it can be because of the nodes:

 -e NODES="server1:10.0.0.1 server2:10.0.0.2" \

(check again the examples) or because I didn’t configure the docker network properly. I have nodes already running munin clients, so I add of course those ones. I can ping the docker from the node, and the node from the docker, but still no graphs. Also, I don’t have very clear what to do to start the munin service and to stop it.  I go therefore ahead to the next option.

The shaf munin is very easy to download and run also. What I get when I point my browser to the expected address looks like a client-version of the munin server: basically we have one munin server per client, so to say. But it runs, and in 5 minutes I get my graphs, so I hook up some of my servers by editing the /etc/munin/munin.conf file and adding them under the default one:

[unRAID]
 address 127.0.0.1
 use_node_name yes

I need also to modify on the clients the /etc/munin/munin-client.conf. I ssh to one client with the running munin client, and add the IP of my shaf munin docker. I will say my munin docker has 1.1.1.2, something like:

allow ^127\.0\.0\.1$
allow ^1\.1\.1\.2$
allow ^::1$

After that, I restart the munin service in the docker and in my client. Do I get the graphs of my client? No, I don’t. The error reads on the client:

root@client ## > tail /var/log/munin-node/munin-node.log 
Binding to TCP port 4949 on host 0.0.0.0 with IPv4
Setting gid to "0 0"
DATE: Server closing!
Process Backgrounded
DATE: Munin::Node::Server (type Net::Server::Fork) 
starting! pid(839)
Resolved [*]:4949 to [0.0.0.0]:4949, IPv4
Binding to TCP port 4949 on host 0.0.0.0 with IPv4
Setting gid to "0 0"
DATE: CONNECT TCP Peer: "[1.1.1.1]:60494" 
Local: "[1.1.1.3]:4949"
DATE: [1637] Denying connection from: 1.1.1.1

So what is going on? Easy! The server 1.1.1.1 is denying the connection of the client (with IP 1.1.1.3). What is that server 1.1.1.1? Buggers! It’s my docker server!  I mean, the physical server that run the munin docker instance. I add his IP to the allow list on my client , so now it looks like this:

allow ^127\.0\.0\.1$
allow ^1\.1\.1\.2$
allow ^1\.1\.1\.1$
allow ^::1$

After that, I restart the munin service in the docker and in my client.  And in 15 minutes, my graphs start to appear. Victory! Time to dump the old hardware 😀 😀

Posted in bits, centos, containers, docker, hardware, linux, munin, programming | Leave a comment

Fly me to the moon

We are cuddling together. Inside it, this thing, this moving vegetable. We were speaking for hours about this, then I remembered I still had my improvised backpack, I opened it up, and we drunk very quickly the liqueur amphoras (my bottles of happiness) until reaching a very nice floating state of mind, then we made love over the soft and mushy ground that was not a ground but the, fortunately, non-functional stomach of the transporter. Light was amazing. Climbing up the stomach we found this spot where the skin, or whatever it is, was so soft that was letting the light pass trough it. It was like being in your own cathouse, and now I feel very grateful I had the happy idea of starting a fire to attract it to me.

What we think is that the transporters come down to Earth on some specific places, like Matapan. There, they wait until the special climate sparks a fire, and then they eat it. The fireworks I saw right after leaving the Finger were the result of a heavy digestion: Pamela’s guess was that they literally explode, at least partially, to spread their seeds in the air, or in the space. After that, apparently, they go back up, to the Moon, that we guess, it’s the original habitat for them.

Of course, all of that was speculation. We don’t feel the thing moving but we do feel it vibrating. The vibration I could imagine somebody inside a caterpillar could feel when it is moving above a branch. I did know about the hanging “string” between Earth and Moon on this side. I did even try to observe it once with a telescope: unfortunately the Galileo device was not powerful enough to give me the detail I wanted, and I barely managed to distinguish the lumps over it. The transporters.

About going to the Moon both we agreed it was a romantic trip. Both we agreed that if there is vegetation on the satellite, we will be able to breathe. And that is as far as we went on our thoughts. Alright, that and how will it be to make love on low g.

Posted in aliens, dragons, fantasy, fragments, new dreams, time travel, yellow earth | Leave a comment

ssh to docker ‘Permission denied’

I want to ssh to my docker. I know, it’s weird, but I want to. The traditional way to get a bash on my docker

 docker exec -it mydocker /bin/bash

is working, but it’s not the real thing.  I access to the docker as above, then install the open ssh packages.  The procedure will vary from system to system (ubuntu with apt-get, centos with yum). I will also generate an ssh key and so on, even if it is not needed, and copy it to the computer ‘client‘. This is how it looks like.

root@mydocker# ssh-keygen -t rsa
Generating public/private rsa key pair.
...some random art here...
root@mydocker:# cat .ssh/id_rsa.pub | 
ssh root@client 'cat >> .ssh/authorized_keys'
root@client's password: 
root@mydocker:~# ssh client
---> OK!
root@client ~ ## > exit

Now, from the bash I got via docker exec, I ssh to another client and I can. The problem is from client to mydocker. If mydocker has the local IP 1.1.1.1, it looks like this:

root@client ~ ## > ssh -Y root@1.1.1.1 -p 2222
root@1.1.1.1's password: 
Permission denied, please try again.

Of course, I mapped the port when I created the docker, and as I said, I can ssh to client from mydocker. How to fix this? I will simply rsync the /etc/ssh/ and /root/.ssh/ folders from client to mydocker. Something like:

root@mydocker:~# rsync -av root@client:/etc/ssh/ 
/etc/ssh/ --delete-after --progress
receiving file list ... 
15 files to consider
...here the files are coming...
root@mydocker:~# service ssh restart
@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/XXX' are too open.
It is required that your private key files are 
NOT accessible by others.
This private key will be ignored.
key_load_private: bad permissions
Could not load host key: /etc/ssh/XXX
 * Restarting OpenBSD Secure Shell server sshd 
@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@
..the same than the previous warning...

root@mydocker:~# rsync -av root@client:/root/.ssh/ 
.ssh/ --delete-after --progress 
receiving file list ... 
8 files to consider
..here the files are coming ...
root@mydocker:~# service ssh restart
@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@
..the same than the previous warning...
@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@
..the same than the previous warning...
root@mydocker:~# exit

I did two rsync and two ssh restart. And I got 4 warnings. I don’t know if the warnings (Could no load host key) are particular to my settings, but I decided to ignore them. They are warning, after all. Now I can password-less ssh from client to mydocker. Standard output (mydocker is an ubuntu docker)

root@client ~ ## > ssh -Y root@1.1.1.1 -p 2222
Welcome to Ubuntu 16.04.4 LTS 
(GNU/Linux 3.10.0-693.21.1.el7.x86_64 x86_64)

* Documentation: https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support: https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are 
described in the individual files in 
/usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, 
to the extent permitted by applicable law.

/usr/bin/xauth: file /root/.Xauthority does not exist
root@mydocker:~# exit

This procedure is not clean (look at the warnings) but if it works, I’m OK. Are you?

Posted in bits, centos, containers, docker, software, rsync, munin | Leave a comment