Canonical Voices

Posts tagged with 'canonical'

Louis

A few years ago, while I started to participate to the packaging of makedumpfile and kdump-tools for Debian and ubuntu. I am currently applying for the formal status of Debian Maintainer to continue that task.

For a while now, I have been noticing that our version of the kernel dump mechanism was lacking from a functionality that has been available on RHEL & SLES for a long time : remote kernel crash dumps. On those distribution, it is possible to define a remote server to be the receptacle of the kernel dumps of other systems. This can be useful for centralization or to capture dumps on systems with limited or no local disk space.

So I am proud to announce the first functional beta-release of kdump-tools with remote kernel crash dump functionality for Debian and Ubuntu !

For those of you eager to test or not interested in the details, you can find a packaged version of this work in a Personal Package Archive (PPA) here :

https://launchpad.net/~louis-bouchard/+archive/networked-kdump

New functionality : remote SSH and NFS

In the current version available in Debian and Ubuntu, the kernel crash dumps are stored on local filesystems. Starting with version 1.5.1, they are stored in a timestamped directory under /var/crash. The new functionality allow to either define a remote host accessible through SSH or an NFS mount point to be the receptacle for the kernel crash dumps.

A new section of the /etc/default/kdump-tools file has been added :

# ---------------------------------------------------------------------------
# Remote dump facilities:
# SSH - username and hostname of the remote server that will receive the dump
# and dmesg files.
# SSH_KEY - Full path of the ssh private key to be used to login to the remote
# server. use kdump-config propagate to send the public key to the
# remote server
# HOSTTAG - Select if hostname of IP address will be used as a prefix to the
# timestamped directory when sending files to the remote server.
# 'ip' is the default.
# NFS - Hostname and mount point of the NFS server configured to receive
# the crash dump. The syntax must be {HOSTNAME}:{MOUNTPOINT} 
# (e.g. remote:/var/crash)
#
# SSH="<user@server>"
#
# SSH_KEY="<path>"
#
# HOSTTAG="hostname|[ip]"
# 
# NFS="<nfs mount>"
#

The kdump-config command also gains a new option : propagate which is used to send a public ssh key to the remote server so passwordless ssh commands can be issued to the remote SSH host.

Those options and commands are nothing new : I simply based my work on existing functionality from RHEL & SLES. So if you are well acquainted with RHEL remote kernel crash dump mechanisms, you will not be lost on Debian and Ubuntu. So I want to thank those who built the functionality on those distributions; it was a great help in getting them ported to Debian.

Testing on Debian

First of all, you must enable the kernel crash dump mechanism at the kernel level. I will not go in details as it is slightly off topic but you should :

  1. Add crashkernel=128M to /etc/default/grub in GRUB_CMDLINE_LINUX_DEFAULT
  2. Run udpate-grub
  3. reboot

Install the beta packages

The package in the PPA can be installed on Debian with add-apt-repository. This command is in the software-properties-common package so you will have to install it first :

$ apt-get install software-properties-common
$ add-apt-repository ppa:louis-bouchard/networked-kdump

Since you are on Debian, the result of the last command will be wrong, as the serie defined in the PPA is for Utopic. Just use the following command to fix that :

$ sed -i -e 's/sid/utopic/g' /etc/apt/sources.list.d/louis-bouchard-networked-kdump-sid.list 
$ apt-get update
$ apt-get install kdump-tools makedumpfile

Configure kdump-tools for remote SSH capture

Edit the file /etc/default/kdump-tools and enable the kdump mechanism by setting USE_KDUMP to 1 . Then set the SSH variable to the remote hostname & credentials that you want to use to send the kernel crash dump. Here is an example :

USE_KDUMP=1
...
SSH="ubuntu@TrustyS-netcrash"

You will need to propagate the ssh key to the remote SSH host, so make sure that you have the password of the remote server’s user you defined (ubuntu in my case) for this command :

root@sid:~# kdump-config propagate
Need to generate a new ssh key...
The authenticity of host 'trustys-netcrash (192.168.122.70)' can't be established.
ECDSA key fingerprint is 04:eb:54:de:20:7f:e4:6a:cc:66:77:d0:7c:3b:90:7c.
Are you sure you want to continue connecting (yes/no)? yes
ubuntu@trustys-netcrash's password: 
propagated ssh key /root/.ssh/kdump_id_rsa to server ubuntu@TrustyS-netcrash

If you have an existing ssh key that you want to use, you can use the SSH_KEY option to point to your own key in /etc/default/kdump-tools :

SSH_KEY="/root/.ssh/mykey_id_rsa"

Then run the propagate command as previously :

root@sid:~/.ssh# kdump-config propagate
Using existing key /root/.ssh/mykey_id_rsa
ubuntu@trustys-netcrash's password: 
propagated ssh key /root/.ssh/mykey_id_rsa to server ubuntu@TrustyS-netcrash

It is a safe practice to verify that the remote SSH host can be accessed without password. You can use the following command to test (with your own remote server as defined in the SSH variable in /etc/default/kdump-tools) :

root@sid:~/.ssh# ssh -i /root/.ssh/mykey_id_rsa ubuntu@TrustyS-netcrash pwd
/home/ubuntu

If the passwordless connection can be achieved, then everything should be all set. You can proceed with a real crash dump test if your setup allows for it (not a production environment for instance).

Configure kdump-tools for remote NFS capture

Edit the /etc/default/kdump-tools file and set the NFS variable with the NFS mount point that will be used to transfer the crash dump :

NFS="TrustyS-netcrash:/var/crash"

The format needs to be the syntax that normally would be used to mount the NFS filesystem. You should test that your NFS filesystem is indeed accessible by mounting it manually :

root@sid:~/.ssh# mount -t nfs TrustyS-netcrash:/var/crash /mnt
root@sid:~/.ssh# df /mnt
Filesystem 1K-blocks Used Available Use% Mounted on
TrustyS-netcrash:/var/crash 6815488 1167360 5278848 19% /mnt
root@sid:~/.ssh# umount /mnt

Once you are sure that your NFS setup is correct, then you can proceed with a real crash dump test.

Testing on Ubuntu

As you would expect, setting things on Ubuntu is quite similar to Debian.

Install the beta packages

The package in the PPA can be installed on Debian with add-apt-repository. This command is in the software-properties-common package so you will have to install it first :

$ sudo add-apt-repository ppa:louis-bouchard/networked-kdump

Packages are available for Trusty and Utopic.

$ sudo apt-get update
$ sudo apt-get -y install linux-crashdump

Configure kdump-tools for remote SSH capture

Edit the file /etc/default/kdump-tools and enable the kdump mechanism by setting USE_KDUMP to 1 . Then set the SSH variable to the remote hostname & credentials that you want to use to send the kernel crash dump. Here is an example :

USE_KDUMP=1
...
SSH="ubuntu@TrustyS-netcrash"

You will need to propagate the ssh key to the remote SSH host, so make sure that you have the password of the remote server’s user you defined (ubuntu in my case) for this command :

ubuntu@TrustyS-testdump:~$ sudo kdump-config propagate
[sudo] password for ubuntu: 
Need to generate a new ssh key...
The authenticity of host 'trustys-netcrash (192.168.122.70)' can't be established.
ECDSA key fingerprint is 04:eb:54:de:20:7f:e4:6a:cc:66:77:d0:7c:3b:90:7c.
Are you sure you want to continue connecting (yes/no)? yes
ubuntu@trustys-netcrash's password: 
propagated ssh key /root/.ssh/kdump_id_rsa to server ubuntu@TrustyS-netcrash
ubuntu@TrustyS-testdump:~$
If you have an existing ssh key that you want to use, you can use the SSH_KEY option to point to your own key in /etc/default/kdump-tools :
SSH_KEY="/root/.ssh/mykey_id_rsa"

Then run the propagate command as previously :

ubuntu@TrustyS-testdump:~$ kdump-config propagate
Using existing key /root/.ssh/mykey_id_rsa
ubuntu@trustys-netcrash's password: 
propagated ssh key /root/.ssh/mykey_id_rsa to server ubuntu@TrustyS-netcrash

It is a safe practice to verify that the remote SSH host can be accessed without password. You can use the following command to test (with your own remote server as defined in the SSH variable in /etc/default/kdump-tools) :

ubuntu@TrustyS-testdump:~$sudo ssh -i /root/.ssh/mykey_id_rsa ubuntu@TrustyS-netcrash pwd
/home/ubuntu

If the passwordless connection can be achieved, then everything should be all set.

Configure kdump-tools for remote NFS capture

Edit the /etc/default/kdump-tools file and set the NFS variable with the NFS mount point that will be used to transfer the crash dump :

NFS="TrustyS-netcrash:/var/crash"

The format needs to be the syntax that normally would be used to mount the NFS filesystem. You should test that your NFS filesystem is indeed accessible by mounting it manually (you might need to install the nfs-common package) :

ubuntu@TrustyS-testdump:~$ sudo mount -t nfs TrustyS-netcrash:/var/crash /mnt 
ubuntu@TrustyS-testdump:~$ df /mnt
Filesystem 1K-blocks Used Available Use% Mounted on
TrustyS-netcrash:/var/crash 6815488 1167488 5278720 19% /mnt
ubuntu@TrustyS-testdump:~$ sudo umount /mnt

Once you are sure that your NFS setup is correct, then you can proceed with a real crash dump test.

 Miscellaneous commands and options

A few other things are under the control of the administrator

The HOSTTAG modifier

When sending the kernel crash dump, kdump-config will use the IP address of the server to as a prefix to the timestamped directory on the remote host. You can use the HOSTTAG variable to change that default. Simply define in /etc/default/kdump-tools :

HOSTTAG="hostname"

The hostname of the server will be used as a prefix instead of the IP address.

Currently, this is only implemented for the SSH method, but it will be available for NFS as well in the final version.

kdump-config show

To verify the configuration that you have defined in /etc/default/kdump-tools, you can use kdump-config’s show command to review your options.

ubuntu@TrustyS-testdump:~$ sudo kdump-config show
USE_KDUMP: 1
KDUMP_SYSCTL: kernel.panic_on_oops=1
KDUMP_COREDIR: /var/crash
crashkernel addr: 0x2d000000
SSH: ubuntu@TrustyS-netcrash
SSH_KEY: /root/.ssh/kdump_id_rsa
HOSTTAG: ip
current state: ready to kdump
kexec command:
 /sbin/kexec -p --command-line="BOOT_IMAGE=/vmlinuz-3.13.0-24-generic root=/dev/mapper/TrustyS--vg-root ro console=ttyS0,115200 irqpoll maxcpus=1 nousb" --initrd=/boot/initrd.img-3.13.0-24-generic /boot/vmlinuz-3.13.0-24-generic

If the remote crash kernel dump functionality is setup, you will see the options listed in the output of the commands.

Conclusion

As outlined at the beginning, this is the first functional beta version of the code. If you are curious, you can find the code I am working on here :

http://anonscm.debian.org/gitweb/?p=collab-maint/makedumpfile.git;a=shortlog;h=refs/heads/networked_kdump_beta1

Don’t hesitate to test & let me know if you find issues

Read more
caribou

One year ago, I had done my last day after thirteen years with Digital Equipment Corp which became Compaq, then HP.  After starting on Digital Unix/Tru64, I had evolved to a second level support position in the Linux Global Competency Center.

In a few days, on the 18th, I will have completed my first full year as a Canonical employee. I think it is time to take a few minutes to look back at that year.

Coming from a RHEL/SLES environment with a bit of Debian, my main asset was the fact that I  had been an Ubuntu user since 5.04, using it as my sole operating system on my corporate laptop. The first week in the new job was also a peculiar experience, as it brought me back to my native country and to Montréal, a city that I love and where I lived for three years.  So I was not totally lost in my new environment. I also had the chance of ramping up my knowledge of Ubuntu Server, which was an easy task.  What was more surprizing and became one of the most exciting part of the new job is to work in a completely dedicated opensource environment from day one.

Rapidly I became aware of the fact that, participating in the Ubuntu community was not only possible, but it was expected.  That if I were to find a bug, I needed to report it and, if possible find ways to fix it.  In my previous job I was looking for existing solutions, or bringing in enough elements to my L3 counterpart that they would be able to request a fix to Red Hat or Novell.  Here if I was able to identify the problem and suggest a solution, I was encouraged to propose it as the final fix.  I also rapidly found out that the developpers were no longer the remote engineers in some changelog file, but IRC nicks that I could chat with and eventually meet.

Then came about Openstack in the summer : a full week of work with colleagues aimed at getting to know the technology, trying to master concepts that were very vague back then and making things work.  Getting Swift Object Store up and running and trying to figure out how best this could be used.  Here I was asked to do one of the think I like best : learning by getting things to work. This lead to a better understanding of what a cloud architecture was all about and really made me understand how useful and interesting a cloud infrastructure can be. Oh, and I did get to build my first openstack cloud.

This was another of this past year’s great experience : UDS-P. I had heard of UDS-O when I joined but it was too early for me to attend.  But after six months around it was time for UDS-P and, this time, I would be there.  Not only I had time to meet a good chunk of developpers, but I also got a lot of work done.  Like helping Michael Terry fix a bug on Deja-Dup that would only appear on localized systems, get advices on fixing kdump with the kernel team and some of the foundation engineers and a whole lot more.

Then came back the normal work for our customers, fixing their issues, trying to help improve their support experience and get better at what we do. And also seeing some of my fixes make it into our upcoming distribution and also back to the existing ones.  This was a great thrill and an objective that I did not think would come by so fast.

Being part of the Ubuntu community has been a great addition to my career. This makes me want to do even more and get the best out of our collective efforts.

This was a great year. Sure hope that the next one will be even better.

Read more
caribou

Recently, I have realized a major difference in how customer support is done on Ubuntu.

As you know, Canonical provides official customer support for Ubuntu both on server and desktop. This is the work I do : provice customer with the best level of support on the Ubuntu distribution.  This is also what I was doing on my previous job, but for the Red Hat Enterprise Linux and SuSE Linux Enterprise Server distributions.

The major difference that I recently realized is that, unlike my previous work with RHEL & SLES, the result of my work is now available to the whole Ubuntu community, not just to the customers that may for our support.

Here is an example. Recently one of our customer identified a bug with vm-builder in a very specific case.  The work that I did on this bug resulted in a patch that I submitted to the developers who accepted its inclusion in the code. In my previous life, this fix would have been made available only to customers paying a subscription to the vendors through their official update or service pack services.

With Ubuntu, through Launchpad and the regular community activity, this fix will become available to the whole community through the standard -updates channel of our public archives.

This is true for the vast majority of the fixes that are provided to our customers. As a matter of fact, the public archives are almost the only channel that we have to provide fixes to our customers, hence making them available to the whole Ubuntu community at the same time.  This is different behavior and something that makes me a bit prouder of the work I’m doing.

Read more
caribou

In my job as a support engineer, I spend my day trying to fix problem. So it is refreshing when, sometimes, the technology that we’re providing simply works.

Like this morning when I decided to test a total autonomous laptop setup. By that I mean that I will on the road tonight and might need internet access for m y laptop.  So I went ahead and configured my Android HTC Desire to act as a WiFi Hotspot.  Then I switched my laptop’s Wireless connection to the SSID that was broadcast by my phone; it connected right away.

Now since I’ll be in a car, I need to have some kind of headset to avoid street noises. So I powered my bluetooth  earphone that I had previously configured to be recognized by my laptop. I went in the notification area and selected the Bluetooth applet & saw that my earphone was been seen. So I connected it.  Now the only thing that doesn’t totally work as I would expect is that I needed to change the whole sound setup of my laptop to send all input and output to my earphone. I’m expecting to use Twinkle for phone calls, and it is the only way I found to have the earphone work properly. If someone knows how to be more selective and have Twinkle use the Bluetooth earphone, I’m a taker.

But this is not a show stopper.  So I fired up Twinkle, connected to my SIP account and dialed my home phone : Drriiiinngg!!!

So I’m there, with my Android phone connecting me to the Internet, my laptop acting as a telephone, while I still have full laptop functionality. I must say that I’m impressed. Don’t get me wrong : I’ve been using Ubuntu since Hoary, and Debian before that.  But nowaday, with all the great work done on those tools, it make rather complex setups work smoothly.

Bravo !

Read more
caribou

As many around me know, I have recently moved to a new job with Canonical.  This journey started quite funnily on April 18th by a Support Sprint event in our Montréal’s office. I say funnily because, while I now lives in France, near Versailles, I was born in northern Québec and I have lived in Montréal for three years before moving to France.

This Sprint week was a great occasion to meet with my new colleagues and to jumpstart my exposure to my new job by learning as much as I could about Natty, both on server and desktop with those responsible for providing top class support to our customers.  But most of all, it was an occasion to meet face to face, to interact with colleagues, learn to know them and understand a bit more about the context of how things are done at Canonical.

Then a little while after coming back home, I got that email from Jono Bacon, encouraging us to do more blogging. Talk about a cultural shock ! For years, I pushed myself into maintaining an internal blog at my prior job, worrying about the possibility that it would be seen as a waste of my time by some manager.  I even seen a few occurrences where very good “internal” bloggers were forced to abandon their blogging activities because of some politically incorrect statement that did not please some high ranking manager.  So being encouraged to go out on the open and talk about what I do, how it is to work here at Canonical, how I think I can help improve our customer’s experience did made my day.

So why did it took me so long to react, to start writing ? Call it paranoia, historical worries, I don’t know. I also wanted to take the opportunity to take out some of the english posts out of my french speaking blog, which required some reworking of my own personal WordPress infrastructure.  But that’s all done now. It’s time to go ahead and start sharing how it is like to “really” be a part of the Open Source effort.

Read more