Gonéri's blog

Delete all the files older than a specific date

Unknown — Sat, 31 Jan 2026 17:01:22 +0000

This is the first time I read about -newermt</code> and it's pretty cool, the following command will remove all the files older than Jan 1st, 2026:</p>

find . ! -newermt "jan 01, 2026" -type f -delete
</code></pre>



Quickly-validate-a-kubernetes-pull-secret
Unknown — Wed, 28 Jan 2026 14:13:52 +0000
This two commands are handy to quickly valide that a PullSecret secret is correct:</p>
kubectl get secret my-secret -o jsonpath='{.data.\.dockerconfigjson}' | base64 --decode > ~/tmp/auth.json
podman pull --authfile ~/tmp/auth.json quay.io/some/image
</code></pre>


Run VSCode-Ansible tests locally
Unknown — Tue, 13 Jan 2026 12:06:48 +0000
This is about development of the Ansible extension for VSCode</a>.</p>
The Git repository is hosted on Github ansible/vscode-ansible</a> and
I always have a hard time to run the CI tests locally. I took some notes.</p>
</p>
First, I use FishShell</a> and you will need to adjust some commands if you
use Bash or Zsh.</p>


First you need lsof</code>, uv</code> and go-task</code>. A task</code> symlink is also needed to keep the original
upstream name of Go-Task</a>:</p>
sudo dnf install -y lsof uv go-task unzip
ln -s /bin/go-task /usr/local/bin/task
</code></pre>
</li>

Next, is to ignore Docker, since I only use Podman:</p>
export SKIP_DOCKER=1
export SKIP_MISE=1
</code></pre>
update(2026-02-17): add SKIP_MISE=1</code></p>
</li>

I need to create a venv with Python 3.13 (for now) and it has to be in ~/.local/share/virtualenvs</code>:</p>
uv venv --python 3.13 ~/.local/share/virtualenvs/vsa
source ~/.local/share/virtualenvs/vsa/bin/activate.fish
</code></pre>
In order to avoid some warnings later, you can also populate the venv with the following Ansible tools:</p>
uv pip install ade-python ansible-core ansible-creator ansible-lint ansible-navigator molecule
</code></pre>
</li>

I also want node_modules/.bin</code> in my $PATH</code>:</p>
set -x PATH $PATH $PWD/node_modules/.bin
</code></pre>
</li>

I can run the linter commands with: task lint</code></p>
</li>

And the end to end tests with: task e2e</code></p>
</li>
</ol>


Claude and Github MCP tools
Unknown — Mon, 12 Jan 2026 16:23:59 +0000
You already use Github with the gh</code> command and want to enable the MCP service in Claude Code</a>.</p>
In this case, you don't need to prepare a new Github Personal Access Token, but you can just
reuse the gh</code>'s token that gh auth token</code> returns:</p>
With Fishshell</a>, this looks like this:</p>
claude mcp add-json github -- (printf '{"type":"http","url":"https://api.githubcopilot.com/mcp","headers":{"Authorization":"Bearer %s"}}' (gh auth token))
</code></pre>
or Bash:</p>
claude mcp add-json github "$(printf '{"type":"http","url":"https://api.githubcopilot.com/mcp","headers":{"Authorization":"Bearer %s"}}' "$(gh auth token)")"
</code></pre>
</p>


Virt-Lightning 2.5.0
Unknown — Sat, 10 Jan 2026 14:59:09 +0000
I just published Virt-Lightning 2.5.0</a>. The tool aims to give
Linux users a way to quickly spawn cloud images locally. The user interface is a CLI
and its philosophy is inspired by similar tools like the OpenStack CLI, ec2 command, Podman
or Docker.</p>
For instance, if you want to run the latest snapshot of Fedora 43, you can just install uv</code> and run:</p>
uvx virt-lightning start fedora-43 --memory 2048
</code></pre>
</p>
What's new in 2.5.0</h2>
This release brings several improvements to image management:</p>

Renamed commands</strong>: fetch</code> is now pull</code>, distro_list</code> is now images</code>, and remote_images</code> list all the images ready to be downloaded. Overall, this gives a more intuitive CLI experience.</li>
Pull images from any URL</strong>: You can now create new local image (distro) directly from an image URL.</li>
Cloud-init user data</strong>: Exposed the packages</code> and write_files</code> configuration options for more flexible VM customization.</li>
</ul>
Here are some examples:</p>
List available images:</p>
uvx virt-lightning images
</code></pre>
Pull an image from a custom URL:</p>
uvx virt-lightning pull --url https://example.com/my-image.qcow2 my-custom-image
</code></pre>
Start a VM with additional packages:</p>
uvx virt-lightning start fedora-43 --packages vim,htop
</code></pre>
Thanks to Jim McCann</a> for his code contribution.</p>


FreeBSD 15 comes with an official Cloud image
Unknown — Sat, 10 Jan 2026 14:23:51 +0000
I've been maintaining bsd-cloud-image.org</a> since 2019. The website
gives access to cloud images for BSD operating systems. The images are in QCOW2 format and include
cloud-init. You can for instance use them with OpenStack or Virt-Lightning</a>,
my second pet-project.</p>
I maintain these images because these projects don't provide anything like this and I want to provide
a way to quickly try the BSDs, without the hassle of a manual installation.
FreeBSD 15.0 was released in December, and I was happy to discover that the project already provides cloud images!</p>
The FreeBSD images of bsd-cloud-image.org</a> will no longer be updated. A message
now redirects users to the official images.</p>
FreeBSD uses its own cloud-init implementation called NuageInit</a>. It's a minimalistic implementation
in Lua that is pretty elegant and straightforward.</p>
In order to get the image to work properly with Virt-Lightning, I had to push a couple of commits. Thanks to
Baptiste Daroussin, they were all quickly accepted. This was my first contribution to FreeBSD and it was a super
positive experience.</p>
</p>


Run Virt-Lightning on CoreOS
Unknown — Fri, 09 Jan 2026 00:00:00 +0000
Virt-Lightning</a> is my pet-project to quickly start Cloud VMs
on a Libvirt Hypervisor and these are some notes I took to run it on Fedora CoreOS</a>.</p>
First, you need to install libvirt</code> and uv</code>:</p>
sudo bootc usr-overlay
sudo dnf install -y uv libvirt-devel gcc python3-devel qemu-kvm qemu-img libvirt mkisofs
sudo systemctl restart polkit.service
sudo systemctl enable --now libvirtd
sudo usermod --append --groups libvirt core
</code></pre>
By default, CoreOS is an immutable Operating System. bootc usr-overlay</code> enables write operations,
but they will be lost after the next reboot.</p>
Then, create the image directory:</p>
sudo mkdir -p /var/lib/virt-lightning/pool/upstream
sudo chown -R qemu:qemu /var/lib/virt-lightning/pool
sudo chown -R core /var/lib/virt-lightning/pool/upstream
sudo chmod 775 /var/lib/virt-lightning
sudo chmod 775 /var/lib/virt-lightning/pool /var/lib/virt-lightning/pool/upstream
</code></pre>
And you're good to go, you can deploy a VM with just one command:</p>
uvx virt-lightning start fedora-43 --memory 2048
</code></pre>
Or if you're adventurous, you can try the Git version</a>:</p>
uvx --from git+https://github.com/virt-lightning/virt-lightning vl start fedora-43 --memory 2048
</code></pre>


Migration to Zola
Unknown — Wed, 07 Jan 2026 10:07:22 +0000
</p>
My BlueHost subscription was about to expire, and one of my new year resolutions
is to reduce the number of subscriptions I'm paying for.
So I've decided to move to a static website, and I've picked Zola</a> a bit randomly.
Mainly because it's written in Rust and I didn't want to bother with Python or Ruby
for a project like this.</p>
I've used Claude Code to quickly clean up the Markdown of my 20 years of posts, and
after a bit of work, I've got this new website.</p>
Everything is currently hosted on GitHub Pages, but I'm also reconsidering reducing my dependency on GitHub.
This may be a good resolution for 2027 :-).</p>
I also want to use Mastodon and BlueSky for the comments now. I've manually created a new entry there for BSky</a> and one for Mastodon</a>, I will
take a look later to see how this can be automated.</p>


Installing CRC on CoreOS
Unknown — Thu, 18 Dec 2025 20:06:41 +0000
My local home server runs on CoreOS and today I went through the installation of Red Hat Code Ready Container, aka CRC.</p>
Download</p>
Go on https://console.redhat.com/openshift/create/local</a> and download both:</p>

the crc binary, which they call OpenShift Local</li>
and the Pull secret</li>
</ul>
Preparation</p>
The first thing to do is to allow the installation of local packages</p>
and install libvirt:</p>
sudo bootc usr-overlay
sudo dnf install -y libvirtd
</code></pre>
Add yourself in the libvirt group:</p>
sudo usermod -a -G libvirt core
</code></pre>
Restart the polkit.service and libvirtd to run the new policies:</p>
sudo systemctl restart polkit.service
sudo systemctl restart libvirtd
</code></pre>
Set-up the local CRC installation, first extract the crc archive and copy the crc binary in /usr/local/bin</code>. You can now start the installation:</p>
crc config set preset openshift
# optional, turn it "true", to be able to access the host from the VM
crc config set host-network-access true
crc setup

</code></pre>
And finally, deploy the cluster:</p>
crc start --cpus=12 --memory=40000 -d 100
</code></pre>
At the end of the installation, crc add an extra line to your /etc/hosts</code>, you probably want to copy it to your local desktop machine in order to access the cluster through your web browser, and set-up a port redirection like this. I use sudo to be able to bind on my local port 443</code>:</p>
sudo ssh -L 443:127.0.0.1:443 -L 6443:127.0.0.1:6443 -i ~/.ssh/id_ed25519 core@your-coreos-box
</code></pre>


Btrfs disk upgrade done wrong
Unknown — Wed, 10 Dec 2025 20:31:57 +0000
I'm in the process to upgrade an existing Btrfs multi-disk filesystem (/var/mnt/datapool</code>) and I made a mistake...</p>


Llama.cpp with Vulkan
Unknown — Sat, 06 Dec 2025 16:45:56 +0000
Running Llama.cpp with the Vulkan backends of my AMD and Intel graphic GPUs ends up being straightfoward and surprisingly fast.</p>
Build you container with:</p>
podman build -t llama-cpp-vulkan --target server -f .devops/vulkan.Dockerfile .
</code></pre>
and run it with:</p>
podman run -it --rm --security-opt seccomp=unconfined --device /dev/dri:/dev/dri --volume ~/.cache:/root/.cache:z -p 8080:8080 localhost/llama-cpp-vulkan -hf Qwen/Qwen3-Embedding-8B-GGUF --embeddings
</code></pre>
In the example above, I reuse my ~/.cache directory and I use the model to compute embeddings, thus the --embeddings</code>.</p>


numpy: AssertionError: CUDA_HOME is not set
Unknown — Fri, 07 Nov 2025 23:11:40 +0000
To get Numpy to build on RHEL9, you need to install nvcc and export CUDA_HOME, e.g:</p>
$ sudo dnf install -y rpm -ql cuda-nvcc-13-0
$ sudo ln -s /usr/local/cuda-13.0 /usr/local/cuda
$ pip install numpy
</code></pre>


Pushing a container image over SSH
Unknown — Mon, 20 Oct 2025 18:00:04 +0000
I recently faced the situation where my registry was down and after a bit of digging, I ended up with this solution. In this example my image is called quay.io/goneri/my-image:latest</code>:</p>
podman image scp quay.io/goneri/my-image:latest ec2-user@your-host::quay.io/goneri/my-image:latest
</code></pre>


Allow broken certificate for a specific host with Python's requests
Unknown — Wed, 17 Sep 2025 21:03:40 +0000
After a bit of trial error, this is how you can allow requests to connect to a specific host, despite a broken certificate:</p>
import requests
import requests.adapters
import ssl
import urllib3
from urllib3.util import create_urllib3_context

class AllowBrokenSSLContextHTTPAdapter(requests.adapters.HTTPAdapter):
    def __init__(self, **kwargs):
        ssl_context = create_urllib3_context()
        ssl_context.check_hostname = False
        ssl_context.verify_mode = ssl.CERT_NONE
        self.ssl_context = ssl_context
        super().__init__(**kwargs)

    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = urllib3.poolmanager.PoolManager(
            num_pools=connections,
            maxsize=maxsize,
            block=block,
            ssl_context=self.ssl_context,
        )

    def send(self, request, **kwargs):
        kwargs["verify"] = self.ssl_context.check_hostname
        return super().send(request, **kwargs)

session = requests.session()
session.mount(
    "https://wrong.host.badssl.com",
    AllowBrokenSSLContextHTTPAdapter(),
)
session.get("https://google.com")
session.get("https://wrong.host.badssl.com")
print("Can reach https://wrong.host.badssl.com despite the invalid hostname")
try:
    result = session.get("https://untrusted-root.badssl.com/")
except requests.exceptions.SSLError:
    print("fails has expected")
else:
    print("Ooops")
</code></pre>


List all pods by age that are not from OpenShift
Unknown — Wed, 10 Sep 2025 15:08:51 +0000
Get a flat list of all the pods, except those coming from openshift namespaces</p>
$ oc -o json get pods -A --sort-by=.status.startTime |jq '.items[].metadata|select(.namespace | startswith("openshift") | not)|pick(.name, .namespace, .creationTimestamp)'
</code></pre>
and to find the largest pods by memory</p>
$oc adm top pods -A --sort-by=memory
</code></pre>


Ollama: apply a Lora on a model
Unknown — Wed, 30 Apr 2025 18:46:31 +0000
First, I've prepared a Lora with Axolotl</a>:</p>
axolotl train examples/llama-3/lora-1b.yml
</code></pre>
At the end of the process, I've a new directory called outputs/lora-out</code>.</p>
I now need to prepare a new model that will be a mix of an Original Llama3 model and this new file called llama3.1-modelfile</code>:</p>
FROM llama3.2:1b

ADAPTER /home/ec2-user/axolotl/outputs/lora-out
</code></pre>
Finally, I can prepare my local model with:</p>
ollama create llama3_with_lora -f llama3.1-modelfile
</code></pre>
The operation lasts a couple of seconds and I can now start a new Chat:</p>
ollama run llama3_with_lora
</code></pre>


VSCode container and OAuth2 Web callback
Unknown — Mon, 03 Feb 2025 16:59:14 +0000
I use Fedora Silverblue and my VSCode runs inside a container. I manage the container with the "toolbox" CLI tool. I also, to get the last version of Firefox, I use it's upstream Flatpak To be able to get VSCode's OAuth2 callback to work properly, I had to do a bit of extra configuration.</p>
You need a .desktop file to overload VSCode's default way to open web URL. We don't want to rely on the default xdg-open configuration (e.g: xdg-open http://www.google.com) which would otherwise try to open up a a new web browser INSIDE the container.</p>
Prepare the code-url-handler.desktop file, you need to adjust the Exec to prefix the command with the toolbox run call:</p>
[Desktop Entry]
Name=Visual Studio Code - URL Handler
Comment=Code Editing. Redefined.
GenericName=Text Editor
Exec=toolbox run --container vscode /usr/share/code/code --open-url %U
Icon=vscode
Type=Application
NoDisplay=true
StartupNotify=true
Categories=Utility;TextEditor;Development;IDE;
MimeType=x-scheme-handler/vscode;
Keywords=vscode;
</code></pre>
The goal here is to be sure we send back the vscode:// link to the correct instance of VSCode (within the container!).</p>
To install the .desktop, run these commands in your system (not in a container).</p>
desktop-file-install --dir=$HOME/.local/share/applications code-url-handler.desktop
</code></pre>
And refresh the local cache:</p>
update-desktop-database ~/.local/share/applications
</code></pre>
Inside the container we need to also install flatpak-xdg-utils and use it instead of the default /usr/bin/xdg-open. This way your containerize VSCode will be able to open the web page inisde yet another container (the Flatpak app). This is a snippet of my Containerfile of my VSCode container:</p>
RUN dnf install -y flatpak-xdg-utils
RUN ln -sf /usr/bin/flatpak-xdg-open /usr/bin/xdg-open
</code></pre>
See: https://github.com/microsoft/vscode-pull-request-github/issues/3472#issuecomment-1825008268</a></p>


bsd-cloud-image.org 2nd^w3rd  rewrite
Unknown — Mon, 04 Nov 2024 15:28:50 +0000
bsd-cloud-image.org</a> aims to simplify the use of BSD operating systems in a cloud environment. It provides a series of cloud-ready images that can quickly be deployed and tested. The original target was OpenStack</a> and Virt-Lightning</a>. But the images should work with any Cloud-Init</a> compatible environment.</p>
Yesterday I released a new version of the website based on TypeScript</a> + Vite</a> + VueJS</a> and Bootstrap 5. After 5 years, the original static page was due for a rewrite. The definition of the images was lost deep inside a mix of HTML code and Bootstrap class names. It's now isolated in a clear JSON file</a>. This will simplify the maintenance in the long run. It should also be easier to add new features. I'm dreaming about a way to spawn instances directly from the interface.</p>
Fun fact: I had a v2 rewrite mostly done</a> that I never published. It's based on Elixir</a>, and it was super fun to do. It's not a static website since it runs on top of the Erlang VM, I'm afraid the maintenance may be a source of extra complexity and I'm not sure this is the right strategy considering my limited free time.</p>
I also pushed new FreeBSD and NetBSD images recently. I still need to prepare the NetBSD 10 build.</p>
Enjoy!</p>
</a></p>


firewalld: add a new service
Unknown — Thu, 16 May 2024 18:40:35 +0000
Create a new service entry:</p>
firewall-cmd --permanent --new-service=ollama
</code></pre>
Associate the right port with new service:</p>
firewall-cmd --permanent --service=ollama --add-port=11434/tcp
</code></pre>
Restart the firewalld, so it's aware of the new service:</p>
firewall-cmd --reload
</code></pre>
Finally, associate the service with the Zone. I don't use --permanent</code> here on purpose. This way the association will be lost when I will reboot the machine:</p>
firewall-cmd --add-service=ollama --zone=nm-shared
</code></pre>


Sharing Internet connection on Fedora 40
Unknown — Thu, 16 May 2024 00:30:02 +0000
It's surprisingly easy to build a router from a Fedora 40 box. Here eno1 is connected to my cable modem and enp8s0 is connected to my local network.</p>
To NAT the Internet connection:</p>
nmcli c add type ethernet con-name internet ifname eno1 connection.zone external ipv4.method auto
</code></pre>
And set up the DHCP on the local network, the machine will use the IP 10.42.0.1 IP by default:</p>
nmcli c add type ethernet con-name lebouder.net ifname enp8s0 connection.zone nm-shared ipv4.method=shared
</code></pre>


Vidéotron Helix Fi 2
Unknown — Fri, 15 Dec 2023 03:42:47 +0000
Quick rant.</p>
Vidéotron Helix Fi 2 is the worst modem I have ever seen and the fact the ISP forces customers to use it is embarrassing:</p>
There is no IPv6 despite the fact that it's supposed to sort of work on their website. That was the main reason why I switched to Vidéotron. There is no way to do something as basic as bridge mode. Their definition of a "bridge mode" is actually a bloody ugly double NAT. Also you cannot change the DNS and pretty much all the features that you expect from a modern router are just missing. Finally even the Wifi is pretty bad. My 7-year-old router has pretty much the same coverage. What a sad disappointment for a $288 device.</p>


AWS: How to retrieve a KeyPair private key
Unknown — Thu, 14 Sep 2023 12:41:56 +0000
Note for myself, this is how you can download a copy of a KeyPair private key:</p>
aws --region ca-central-1 ssm get-parameter --name /ec2/keypair/key-015b012fb114efc83 --with-decryption --query Parameter.Value --output text
</code></pre>


Nextcloud photo backups
Unknown — Sat, 12 Aug 2023 17:16:55 +0000
I've been doing backups for my family for years now. In the past, I used several different systems including rsync and burp</a>.</p>
Recently, I decided to stop hosting my own backup server and move to Nextcloud. I use the Nextcloud offer from Hetzner</a> and I'm pretty happy with the result. I appreciate having a solution that just works without having to think about it.</p>
Regarding the client applications. The Nextcloud application on Android works fine but is also not really pleasant to use. I ended up buying the FolderSync Pro</a> application for myself. I strongly recommend it even if I would prefer a better free software solution. I use Webdav on Linux to synchronize my files. Both Nautilus and the davfs driver work as expected. MacOS is also able to mount the Webdav shares, this is a much better solution than the Nextcloud application for Mac. However, Photos stores the pictures in some kind of local binary DB and there is no easy way to export them. Photos comes with an "Export" feature</a> that is all manual and pathologically slow. But there is a solution! I recently discovered osxphotos</a> and it's an absolute gem.</p>


My GNOME configuration and its extensions
Unknown — Sat, 12 Nov 2022 02:40:48 +0000
I've been using a slightly tweaked GNOME 3 for a while now. Before that, I was using the Awesome Window Manager</a> and I was quite fond of the key bindings. In order to facilitate the transition, I tried to recreate them. The result is pretty good. I can navigate between my 9 different virtual desktops using the Windows (a.k.a. SUPER) key + a number. Windows + F also works; it will turn on fullscreen mode for a given window. Years after the migration to GNOME, I still use the bindings extensively. The following script configures GNOME with my configuration: https://gist.github.com/goneri/b57a96915ea4a98f81df3bb57a41913e</a></p>
It creates 9 virtual desktops on one single monitor that I can reach using the Super + $number key binding, e.g.: Windows + 6. In addition, it turns off the animations and the annoying alert sound.</p>
I also use a couple of extensions:</p>

Application volume mixer</strong> to be able to adjust my mic volume level during meetings link</a></li>
Network stats</strong> to get some visibility on the network traffic link</a></li>
Sound Output Device Chooser</strong> to be able to switch the sound output between my Bluetooth speaker and my headset. I use it several times every day; it's super handy. link</a></li>
</ul>
</a></p>


BSD-Cloud-Image.org new images
Unknown — Fri, 11 Nov 2022 19:35:58 +0000
I just pushed 2 new images on BSD-Cloud-Image.org</a>:</p>

OpenBSD 7.2</li>
DragonFlyBSD 6.2.2</li>
</ul>


Elixir: xmerl/include/xmerl.hrl could not be found
Unknown — Sun, 04 Sep 2022 23:51:52 +0000
I recently faced this error when trying to build an Elixir project.</p>
== Compilation error in file lib/swoosh/adapters/xml/helpers.ex ==  
** (ArgumentError) lib file xmerl/include/xmerl.hrl could not be found  
(elixir 1.13.4) lib/record/extractor.ex:41: Record.Extractor.from_lib_file/1  
(elixir 1.13.4) lib/record/extractor.ex:18: Record.Extractor.from_or_from_lib_file/1  
(elixir 1.13.4) lib/record/extractor.ex:5: Record.Extractor.extract/2  
lib/swoosh/adapters/xml/helpers.ex:5: (module)  
(elixir 1.13.4) lib/kernel/parallel_compiler.ex:346: anonymous fn/5 in Kernel.ParallelCompiler.spawn_workers/7  
could not compile dependency :swoosh, "mix compile" failed. Errors may have been logged above. You can recompile this dependency with "mix deps.compile swoosh", update it with "mix deps.update swoosh" or clean it with "mix deps.clean swoosh"
</code></pre>
If you can the error above on Fedora, you probably need to install the erlang-xmerl</code> package.</p>


Virt-Lightning 2.2.0
Unknown — Tue, 23 Aug 2022 22:59:36 +0000
</a></p>
Release 2.2.0 of Virt-Lightning</a>, a lightweight CLI for libvirt which can serve as an alternative to Vagrant. It's also a stable API that you can use in Python to quickly spawn new VM, like you would do with a Cloud provider.</p>
Most of the new features come from contributors and I'm pretty happy with this.</p>
Changelog</strong></p>

Cosmetic documentation changes</li>
Don't try to fetch an image that already exists</li>
Add ability to boot old system with no virtio support</li>
Use Libvirt default settings when possible</li>
Use the VNC display by default</li>
Add support for OpenVSwitch (a.k.a OVS )bridge</li>
vl stop: avoid a Python backtrace if the VM doesn't exist</li>
</ul>


Ansible's vmware.vmware_rest collection, Execution Environment and ansible-navigator
Unknown — Tue, 19 Oct 2021 19:27:25 +0000
Ansible-Navigator is a new terminal base UI for Ansible. It aims to provide an alternative to the different ansible commands that you probably already familiar with. To learn more about Ansible-Navigator, a couple of recent blog posts on Ansible Blog</a> cover this new tool. The Execution Environment, or just EE, is also a rather recent concept. With a EE Ansible and all its dependencies are shipped as a single container. You don't need anymore to care about the Python version, the virtualenv, the collections and Python dependency.</p>
Ansible-Navigator provides an interface that is inspired by ansible-playbook. In this example we will see how we can use the CLI to run a playbook. My pass some credentials through environment variables, we will also see how to expose them properly.</p>
The first thing is to prepare a ansible-navigator.yml</code> file in your project directory.</p>
---
ansible-navigator:
   execution-environment:
     container-engine: podman
     enabled: True
     image: myregister/ansible-automation-platform-21-ee-supported-rhel8:2.1.0
     pull-policy: never
     environment-variables:
        pass:
          - VMWARE_VALIDATE_CERTS
          - VMWARE_HOST
          - VMWARE_PASSWORD
          - VMWARE_USER
          - ESXI1_PASSWORD
          - ESXI1_HOSTNAME
          - ESXI1_USERNAME
</code></pre>
The image</code> key point on the container, I use a Fedora and Podman is the default for container. I ensure Navigator use the right engine with the container-engine: podman</code> configuration. I use the environment-variables</code> section to list all the variables that I want to expose in my container. If you want to read about all the other configuration options, just read the documentation at https://ansible-navigator.readthedocs.io/en/latest/</a>.</p>
If your playbook depends on some roles, for instance within a roles</code> directory, it's important to call ansible-navigator</code> from the root directory of your project. Otherwise, the roles won't be reachable from within the container. If your roles are maintained at a different location, you can still expose their directories with the volume-mounts</a> option. This is in my opinion slightly less elegant.</p>
[goneri@t580 targets]$ ls -lh
total 416K
-rw-r--r--. 1 goneri goneri  469 Oct 19 15:09 ansible-navigator.yml
drwxrwxr-x. 2 goneri goneri    6 Oct 19 15:39 playbooks
drwxrwxr-x. 2 goneri goneri    6 Oct 19 15:39 roles
</code></pre>
Now, I can just run my playbook with: ansible-navigator run --mode stdout playbooks/vcenter_vm_scenario1</code></p>


Connect to ZooKeeper over TLS/SSL
Unknown — Fri, 15 Oct 2021 17:39:23 +0000
</a></p>
It's surprisingly tricky to connect to a ZooKeeper cluster over TLS/SSL using the zkCli.sh command. You've got to wrap the command and pass some extra incantations. Here is the script I use. My certificates are in /etc/zookeeper/ca, so you may need to adjust that to match your local installation.</p>
#!/bin/bash

ZK_CLIENT_HEAP="${ZK_CLIENT_HEAP:-256}"
export ZK_CLIENT_SSL="-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.ssl.keyStore.location=/etc/zookeeper/ca/keystores/server.pem -Dzookeeper.ssl.trustStore.location=/etc/zookeeper/ca/certs/cacert.pem -Dzookeeper.client.secure=true"
export CLIENT_JVMFLAGS="-Xmx${ZK_CLIENT_HEAP}m $ZK_CLIENT_SSL $CLIENT_JVMFLAGS"
/opt/zookeeper/bin/zkCli.sh -server my-host-fqdn:2281
</code></pre>


Zuul cheat sheet
Unknown — Tue, 12 Oct 2021 20:57:33 +0000
My team at Ansible uses Zuul CI</a> to develop and release our collections. From time to time, I need to do some basic operations and I've started a cheat sheet. I'm sharing it since it may be helpful for someone else.</p>
Abort a job:</p>
$ zuul dequeue --tenant=ansible --pipeline=release --project=ansible-collections/ansible.utils --ref=refs/tags/2.4.2
</code></pre>
Recreate a job. In this case, we manually recreate a job in the release pipeline. This job was initially created by the push of a tag (--newrev).</p>
$ zuul enqueue-ref --tenant=ansible --trigger=github --pipeline=release --project=ansible-collections/ansible.utils --ref=refs/tags/2.4.2 --newrev=6a0372849bec52672a74168b93b0677d2c6471fc
</code></pre>
List all the ongoing nodepool requests:</p>
$ nodepool -s /etc/nodepool/secure.conf request-list
</code></pre>
Kill a periodic job:</p>
$ zuul dequeue --tenant=ansible --pipeline=periodic --project=ansible/ansible --ref refs/heads/stable-2.9
</code></pre>


Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!
Unknown — Wed, 22 Sep 2021 15:19:47 +0000
TASK [helm : Copy test chart] **************************************************
fatal: [localhost]: FAILED! => {"changed": false, "checksum": "8b41aa269bd850134cd95bd27343edf6d4ed2e30", "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
</code></pre>
Ah, this is one of the most irritating message that you can get when you use Ansible in a venv and SELinux. The problem should not happen anymore since this commit</a> that was first released in Ansible core 2.11.5, thanks David Moreau Simard for the information! If you cannot upgrade, you can continue to read. In this article, we will quickly explain the problem and cover our options.</p>
copy</code> or selinux</code> are two Ansible modules that depend on some system binary libraries. These binary libraries are linked/built using the Python of the system, on RHEL8 it's Python3.6. So if you use the Python 3.6 of the system, everything should be all right. You may just need to install python3-selinux</code> if it's not already installed.</p>
Things are getting more difficult if you use a virtualenv, and it's often a good idea to use a virtualenv. Here are two options:</p>
If the Python3 version of your virtualenv is close enough with the version of the one of the system, you can use the selinux</a> package from Pypi. When a module will try to interact with the selinux</code> module, this module will pretend to be the right person and will actually redirect the request the Python module from the system. It works well most of the time and pretty much the single way to do SElinux operation from a venv.</p>
If your Python version is too new compared to the system, PyPI's selinux will raise an error like this one:</p>
ImportError: cannot import name '_selinux'
</code></pre>
And in this case, you've got this second option. Here we assume that you don't really care about SElinux. For instance you use Ansible's copy module just to duplicate a file once. In this case, the whole SElinux war machine is not necessary. You can use selinux-please-lie-to-me/</a>, it's another Pypi module and it's similar to Pypi's SElinux module. The main difference is that this time, it will just tell Ansible that SELinux is off on the system and it can bypass it.</p>
Oh! There is yet another option, you can overload the ansible_python_interpreter</code> just for problematical task.</p>
    - copy:
        src: /etc/fstab
        dest: /tmp/fstab
      vars:
        ansible_python_interpreter: /usr/bin/python3
</code></pre>
Which one should I use? The ansible_python_interpreter</code> creates a dependency with the system that is often annoying. I prefer to avoid this strategy. Overall it's better to use PyPI's SELinux because it will preserve the interaction with SELinux, but sometimes, the delta between the version of Python is too important and the system binary module just cannot be loaded. In this case, use selinux-please-lie-to-me</code> as a fallback option. Just remember that this Python module will silently inhibit all the SElinux operations.</p>


Ansible Molecule, how to use the local copy of the dependencies
Unknown — Wed, 22 Sep 2021 13:28:52 +0000
The community.okd collection depends on kubernetes.core. It uses Molecule</a> to run the tests. We can call it using either the Makefile and the make molecule</code> command. We can also install molecule manually with pip and run it with molecule test</code>.</p>
When I work on community.okd, I often need to also adjust the kubernetes.core collection. By default Molecule fetches the dependencies silently from internet. This is done during either the prerun</code> or the dependency</code> steps. The mechanism is handy when you focus on one single collection at a time. But in my case, it's a bit annoying. The clean copy of kubernetes.core overwrites my local changes and prevents the testing of my local copy of the dependency.</p>
This is how I ensure Molecule uses my local copy of the collections. I store them in the default location ~/.ansible/collections/ansible_collections.</p>
In molecule/default/molecule.yml I set the following key to turn off the prerun</code>:</p>
prerun: false
</code></pre>
and I set the following block in the dependency:</code> section:</p>
 dependency:
   name: galaxy
   enabled: False
</code></pre>
This will turn off the dependency resolver. Molecule won't call galaxy anymore to fetch the roles</code> and the collections</code> defined in the galaxy.yml.</p>
You're done; as a bonus, the startup of molecule</code> should be slightly faster!</p>


Extract data from an Android phone
Unknown — Sun, 11 Jul 2021 10:29:24 +0000
So, I've got an old phone with 35GB of pictures that I want to save. So far, I tried NextCloud sync, scp copy, GIO/MTP file. For all of those, it's a 12+ hour operation. And the real solution is to enable the developer mode on the phone and go straight to adb</code>:</p>
$ adb pull /sdcard/DCIM
/sdcard/DCIM/: 5825 files pulled. 31.9 MB/s (37517869453 bytes in 1122.166s)
</code></pre>


Performance: expanduser with pathlib or os.path
Unknown — Wed, 23 Jun 2021 18:28:19 +0000
Python 3 provides a new fancy library to manage pretty much all the path-related operations. This is a really welcome improvement since before that we had to use a long list of unrelated modules.</p>
I recently had to choose between Pathlib and os.path to expand a string in the ~/path format to the absolute path. Since performance was important, I took the time to benchmark the two options:</p>
#!/usr/bin/env python3

import timeit

setup = '''
from pathlib import PosixPath
'''
with_pathlib = timeit.timeit("abs_remote_tmp = str(PosixPath('~/.ansible/tmp').expanduser())", setup=setup)

setup = '''
from os.path import expanduser
'''

with_os_path = timeit.timeit("abs_remote_tmp = expanduser('~/.ansible/tmp')", setup=setup)

print(f"with pathlib: {with_pathlib}\nwith os.path: {with_os_path}")
</code></pre>
os.path is about 4 times faster for this very specific case. The fact that we need to instantiate a PosixPath object has an impact. Also, once again we observe a nice performance boost with Python 3.8 onwards.</p>
</a></p>


Ansible collections and venv
Unknown — Wed, 02 Jun 2021 17:46:10 +0000
I work on a large number of collections and in order to test them properly, I have to switch between the Python versions and the associated PyPI dependencies. Nothing special here, this is pretty much the life of all of us who work on the Ansible collections.</p>
Initially, I was maintaining a set of clean Python virtual environments. Basically, one per version of Python. And I was juggling between them. Sadly, it's easy to lose track of what's going on. Every time I was switching to a different collection, I had to pull a new set of dependencies and the order was never the same.</p>
I ended up frustrated by the wasted time spent looking at the pip freeze</code> output to understand some oddity. It's so easy to mess up the whole cathedral. A good example is that I frequently use pip install -e git/something</code> to install a local copy of a library. And as a result, any change there can potentially nuke the fragile little creature.</p>
</a></p>
So now, I use another approach. I've got a script that spawns a virtual environment on the fly, pulls the right dependencies and initializes the shell. It may sound like a trivial thing, but I actually use it several times every day and I don't call pip freeze</code> that much.</p>
For instance, if I need to work with Ansible 2.10 and Python 3.10, I just need to do:</p>
$ cd .ansible/collections/ansible_collections/vmware/vmware_rest
$ source ~/bin/ansible-venv.fish 3.10 stable-2.10
</code></pre>
and I'm ready to run ansible-playbook</code> or ansible-test</code> in my clean environment. And when I want to reinitialize the venv, I just have to remove the venv directory.</p>
The script is here</a> and depends on FishShell</a>, my favorite shell.</p>


Update on BSD Cloud Image
Unknown — Mon, 17 May 2021 01:05:27 +0000
I've pushed some new images on https://bsd-cloud-image.org/</a>:</p>

OpenBSD 6.9, bsd.rd is now a compressed file</a></li>
FreeBSD 13.0: boot1.efifat does not exist anymore</a></li>
DragonFly BSD 6.0.0, I've refreshed my Cloud-Init PR</a>. Hopefully this time I will manage to get it merged.</li>
</ul>
These images also include a recent fix for non-standard MTU values</a>.</p>


0ad, Firewall and Fedora33
Unknown — Sun, 21 Feb 2021 02:19:17 +0000
</a></p>
By default, the firewall will prevent connection to your 0ad</a> server. To adjust that, you need to open up the port 20595 (UDP). This three lines create a Firewalld service called 0ad, attach it to the default zone and reload the firewall:</p>
$ sudo firewall-cmd --permanent --new-service=0ad --set-description="0ad, A free, open-source game of ancient warfare" --add-port=20595/udp
$ sudo firewall-cmd --zone=FedoraWorkstation --add-service=0ad --permanent
$ sudo firewall-cmd --reload
</code></pre>


eGPU, Wayland, Gnome3 and Fedora
Unknown — Fri, 12 Feb 2021 21:10:19 +0000
I've just got a Razer Core X that I use with a Radeon graphics card. By default Wayland, well Mutter actually, continues to use the Intel card of my T580.</p>
To force it to use the second card, I had to add a udev rule and reboot. And that's all!</p>
$ cat /etc/udev/rules.d/61-mutter-primary-gpu.rules
ENV{DEVNAME}=="/dev/dri/card1", TAG+="mutter-device-preferred-primary"
</code></pre>
note: You need Gnome 3.38.2 for this to work properly. See: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1562</a></p>
update: the post was initially written for Fedora 33, but the fix also works great with Fedora 34.</p>


How to waste a Friday...
Unknown — Sun, 24 Jan 2021 00:14:24 +0000
Yesterday morning I got frustrated by a really slow download speed of some files. What should have taken seconds with my 400 Mb/s connection actually took more than 16 minutes. In addition, I was able to reproduce the problem on my router.</p>
Here, the curl statistics show a 26:52 minute download at 415kb/s:</p>
$ curl -o /dev/null https://s3.us-east-2.amazonaws.com/zuul-images/fedora-open-vm-tools-livecd.iso% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 627M 0 2684k 0 0 398k 0 0:26:52 0:00:06 0:26:46 415k^C
</code></pre>
Just to be sure, I retried with a lower MTU. The issue remained. Two friends in Montréal also confirmed everything worked well for them.</p>
My laptop uses a wired connection that I've been using for years now. A large part of the population works from home and the Internet is under constant pressure. So I suspected an ISP bandwidth limitation to preserve the Quality of Service. I contacted them and ... complained... a lot.</p>
</a></p>
At some point, the technician managed to get my attention and asked me to connect the modem directly to my laptop.</p>
This is an obviously pointless request since the downloads are also slow from the router. But well, if I want them to act, I also need to be cooperative. I gave it a try and... I immediately felt embarrassed. It was damn fast! The download speed was actually even above the 400 Mb/s ceiling. WTF.</p>
So I started to reconsider my whole life in a deep introspection. How can this be real? My router runs OpenBSD 6.7 with an absolutely basic pf configuration. Its hardware is decent (Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz). The router is connected to the modem with a very common Realtek RTL8125 and the LAN is connected to an Intel I350. I can download large files between my laptop and the router at full speed.</p>
All this ruled out my laptop, the ethernet cable, and the router's I350. The last potential culprit was the Realtek NIC. I replaced it with another Intel I350 and retried. Same problem. The downloads were still slow on my laptop and the router. The Realtek NIC was innocent.</p>
So I started thinking. Why is the rest of the family not really affected by the poor performance of the Internet connection? And so, I tried to download the same file from another computer. And it was fast... Damn, what's going on? I switched some ports of the switch just to be sure. The problem was now between my laptop and the ethernet cable.</p>
My laptop uses a bonding of the WiFi and the wired connection</a>. This gives me the ability to move around with the laptop without losing all my open connections. For instance, I can remove my ethernet cable in the middle of a meeting and the laptop will use the WiFi seamlessly. But well, I digress. I removed this special configuration. And... the problem remained.</p>
But during this last check, I also saw a large number of RX errors associated with the laptop NIC. Interesting; let me try another NIC. I plugged in a USB 3.0 Realtek RTL8156 NIC and this time... it worked.</p>
The ethernet cable is a CAT6 cable and is not that long (20m), but it seemed like the NIC (Intel I219-LM) of my T580 was a bit picky with the quality of the signal. It could also be a problem with the e1000e driver of the new 5.10 kernel. The cable was good, I had just tested it. Anyway, I put a switch just before my laptop NIC and everything works great now.</p>
I'm still not sure why my downloads are still slow on OpenBSD. But this is an adventure for another day. The slow downloads were all with HTTPS sites (S3 and a Caddy website), the DF flag was on (TCP Don't Fragment) which exacerbated the impact of the transmission errors.</p>
I found the whole situation to be interesting. It's a series of wrong assumptions and the solution is really far from what I would have imagined.</p>
Also, thank you Teksavvy for your great support.</p>
Update: this</a> partially explains the OpenBSD S3 download problem.</p>
Update 2: I'm now running Linux 5.10.11 and... I don't see any RX errors anymore! The S3 download is just as fast as it should be. So this was indeed a problem with the e1000e driver.</p>
Update 3: The problem is back, I'm not sure if it's a hardware limitation of the NIC itself. I now use the Realtek NIC all the time.</p>


My Github workflow
Unknown — Fri, 08 Jan 2021 14:47:12 +0000
The Ansible community uses Github to develop ansible-core and most of the Ansible Collections. The only exception I know is the Openstack's ansible-collection-openstack which uses a Gerrit (ansible-collections-openstack</a>).</p>
So, as an Ansible developer, my normal day-to-day activities involve a lot of GitHub interactions. I review Pull Requests (PRs) and prepare new PRs all the time.</p>
Before joining Ansible, I was working with Gerrit</a> which is a nice alternative solution to collaborate on a stream of patches.</p>
In Gerrit, each patch from a branch is a PR. Every time we update a patch, its sha2 changes, and so Gerrit tracks them with a dedicated ID called Change-id</a>. It looks like an extra line in the body of the commit message. e.g:</p>
Change-Id: Ic8aaa0728a43936cd4c6e1ed590e01ba8f0fbf5b</p>
Gerrit provides a tool called git-review to pull and push the patches. When a contributor pushes a series of patches, each patch is correctly tracked by Gerrit and updates the right existing PR. This allows the contributor to reorganize the patches, change the order of series or import a patch from another branch.</p>
With GitHub, a branch is a PR and most of the time, the projects prefer to use the branch to trace the iteration of the PR:</p>

my fancy feature</li>
fix: correct the test-suite</li>
fix: fix the fix</li>
fix: typo in previous commit</li>
bla</li>
</ul>
And this is fine, because most of the time, the branch will ultimately be squashed (one branch -> one Git commit) during the final merge.</p>
GitHub workflow is certainly more friendly for newcomers but it tends to be a source of complexity when you want to work on several PRs at the same time. For instance, I work on a new feature, but I also want to cherry-pick an experimental commit from a contributor. In this case I must remove this commit before I push my branch back on GitHub, or the extra commit will end-up in my feature branch.</p>
Another example, if I'm working on a feature branch and find an issue with something unrelated, I need to switch to another branch to commit my fix and push it. This is cumbersome and often people just prefer to merge the fix in their feature branch which leads to confusion and questions during the code review.</p>
To simplify, Gerrit allows better code modularity but also implies a better understanding of Git which is annoying when we try to attract new contributors. This is the reason why we use the current workflow.</p>
To address the problem I wrote a script called push-patch (https://github.com/goneri/push-patch). I use it to push just my commits. For instance, I work on this branch:</p>

1: doc: explain how to do something</li>
2: typo: adjust a few details</li>
3: a workaround for issue #19 that should not be merged</li>
</ul>
The first two commits are not directly related to the feature I'm implementing. And I would like to submit them immediately.</p>
push-patch will allow me to only push the change 1 and 2 in two dedicated PR. Both branches will be based on main and can be merged independently.</p>
$ push-patch 1
$ push-patch 2
</code></pre>
Now, and that's the cool part 😋</strong></a>! Let's imagine I want to push another revision of my first patch, I can use "git rebase -i" to adjust this commit and use push-patch again to use the updated patch.</p>
$ vim foo
$ git add foo
$ git rebase --continue
$ ./push-patch 1
</code></pre>
Internally push-patch uses git-notes to trace the remote branch of the patch. The Public-Branch field traces the name of the branch in my remote clone of the project and Pr-Url is the URL of the PR in the upstream project. e.g:</p>
commit 1198db8807ebf9f4099598bcd41df25d465cbcae (HEAD -> main)Author: Gonéri Le Bouder <goneri@lebouder.net>Date:   Thu Jan 7 11:31:41 2021 -0500   elb_application_lb: enable the functional test       Remove the `unsupported` aliases for the `elb_application_lb` test.       Use HTTP instead of HTTPS to avoid the dependency on   `iam:ListServerCertificates` and the other Certificate related operations.Notes:   Public-Branch: elb_application_lb-enable-the-functional-test_24328       PR-Url: https://github.com/ansible-collections/community.aws/pull/348
</code></pre>
This means that even if the patch content evolves, push-patch will still be able to continue to update the right PR.</p>
In a nutshell, for each patch it will:</p>


clone the project and switch on the main branch</p>
</li>

read the patch notes</p>

if a branch name already exists it will use it, otherwise it will create a new one</li>
</ol>
</li>

switch to the branch</p>
</li>

cherry-pick the patch</p>
</li>

push the branch</p>
</li>
</ol>
push-patch expects just the sha2 of the commit to push. It also accepts a list of sha2. This is the reason why I often type thing like that:</p>
push-patch</strong> $(git</strong> log -2 --pretty=tformat:%H)</p>
The command passes to push-patch the SHA2 of the two last commits. It will push them in the two associated branches upstream. And at the end, I can use git log</code>, or better tig</code></a>, to get the URL of the Github review.</p>
Right now, the command is a shell script and depends on the hub</a> command. I would like to rewrite it with a better programming language.</p>
What about you? Do you also use some special tools to handle your PR?</p>


Ansible: How we prepare the vSphere instances of the VMware CI
Unknown — Mon, 14 Dec 2020 19:22:08 +0000
As briefly explained in CI of the Ansible modules for VMware: a retrospective</a>, the Ansible CI uses OpenStack to spawn ephemeral vSphere labs. Our CI tests are run against them.</p>
A full vSphere deployment is a long process that requires quite a lot of resources. In addition to that, vSphere is rather picky regarding its execution environment.</p>
The CI of the VMware modules for Ansible runs on OpenStack. Our OpenStack providers use KVM-based hypervisors. They expect images in the qcow2 format</a>.</p>
In this blog post, we will explain how we prepare a cloud image of vSphere (also called a golden image).</p>
</a>a full lab running on libvirt</p>
First, get a large ESXi instance</h2>
The vSphere (VCSA) installation process depends on an ESXi. In our case, we use a script</a> and Virt-Lightning</a> to prepare and run an ESXi image on Libvirt. But you can use your own ESXi node as long as it meets the following minimal constraints:</p>

12GB of memory</li>
50GB of disk space</li>
2 vCPUs</li>
</ul>
Deploy the vSphere VM (VCSA)</h2>
For this, I use my own role called goneri.ansible-role-vcenter-instance</a>. It delegates the deployment to the vcsa-deploy</code> command. As a result, you don't need any human interaction during the full process. This is handy if you want to deploy your vSphere in a CI environment.</p>
At the end of the process, you've got a large VM running on your ESXi node.</p>
In my case, all these steps are handled by the following playbook: https://github.com/virt-lightning/vcsa_to_qcow2/blob/master/install_vcsa.yml</a></p>
Tune-up the instance</h2>
Before you shut down the freshly created VM, you would like to make some adjustments.
I use the following playbook for this: prepare_vm.yml</a></p>
During this step, I ensure that:</p>

Cloud-Init</a> is installed,</li>
the root account is enabled with a real shell,</li>
the virtio drivers are available</li>
</ul>
Cloud-Init is the de-facto tool that handles all the post-configuration tasks that we can expect from a Cloud image: inject the user SSH key, resize the filesystem, create a user account, etc.</p>
By default, the vSphere VCSA comes with many disks, which is a problem in a cloud environment where an instance is associated with a single disk image.
So I also move the content of the different partitions to the root filesystem and adjust the /etc/fstab to remove all the references to the other disks. This way I will be able to maintain only one qcow2 image.</p>
All these steps are handled by the following playbook: prepare_vm.yml</a></p>
Prepare the final Qcow2 image</h2>
At this stage, the VM is still running, so I shut it down.
Once this is done, I extract the raw image of the disk using the curl command:</p>
curl -v -k --user 'root:!234AaAa56' -o vCenterServerAppliance.raw 'https://192.168.123.5/folder/vCenter-Server-Appliance/vCenter-Server-Appliance-flat.vmdk?dcPath=ha%252ddatacenter&dsName=l
ocal'
</code></pre>

root:!234AaAa56</code> is my login and password</li>
vCenterServerAppliance.raw</code> is the name of the local file</li>
192.168.123.5</code> is the IP address of my ESXi</li>
vCenter-Server-Appliance is the name of the vSphere instance. vCenter-Server-Appliance-flat.vmdk</code> is the associated raw disk</li>
</ul>
The local .raw file is large (50GB), so ensure you've got enough free space.</p>
You can finally convert the raw file to a qcow2 file. You can use Qemu's qemu-img</a> for that, it will work fine but the image will be monstrously large. I instead use virt-sparsify</a> from the libGuestFS</a> project. This command will reduce the size of the image to the bare minimum.</p>
virt-sparsify --tmp tmp --compress --convert qcow2 vCenterServerAppliance.raw vSphere.qcow2
</code></pre>
Conclusion</h2>
You can upload the image in your OpenStack project with the following command:</p>
openstack image create --disk-format qcow2 --file vSphere.qcow2 --property hw_qemu_guest_agent=no vSphere
</code></pre>
If your OpenStack provider uses Ceph, you will probably want to reconvert the image to a flat raw file before the upload. With vSphere 6.7U3 and before, you need to force the use of a e1000 NIC. For that, add --property hw_vif_model=e1000</code> to the command above.</p>
I've just done the whole process with vSphere 7.0.0U1 in 1h30 (Lenovo T580 laptop). I use the ./run.sh</code> script from https://github.com/virt-lightning/vcsa_to_qcow2</a>, which automates everything.</p>
The final result is certainly not supported by VMware, but we've already run hundreds of successful CI jobs with this kind of vSphere instances. The CI prepares a fresh CI lab in around 10 minutes.</p>


Ansible and k8s: How to get the K8S_AUTH_API_KEY value?
Unknown — Mon, 07 Dec 2020 21:37:00 +0000
The community.kubernetes </a>collection accepts an api_key</code> parameter that may sounds a bit confusing. It's actually the value of the token of a serviceaccount. It's actually an OAuth 2.0 (Bearer) token, it's associated with a user and a secret key. It's rather similar to what we can do with a login and a password.</p>
</a></p>
In this example, we want to run our playbook as the k8sadmin user. We need to find the token associated with the user. The are actually looks for the a secret. You can list them this way:</p>
[root@kind-vm ~]# kubectl -n kube-system get secret
NAME                                             TYPE                                  DATA   AGE
(...)
foobar                                           Opaque                                0      5h3m
foobar-token-w8lmt                               kubernetes.io/service-account-token   3      5h15m
foobar2-token-hpd6f                              kubernetes.io/service-account-token   3      5h9m
generic-garbage-collector-token-l7hvk            kubernetes.io/service-account-token   3      25h
horizontal-pod-autoscaler-token-sssg5            kubernetes.io/service-account-token   3      25h
job-controller-token-dnfds                       kubernetes.io/service-account-token   3      25h
k8sadmin-token-bklpd                             kubernetes.io/service-account-token   3      5h40m
(...)
</code></pre>
The use the -n</code> parameter to specific the kube-system</code> namespace. Our system account is in the list, it's k8sadmin-token-bklpd. We can see the content of the token with this command:</p>
[root@kind-vm ~]# kubectl -n kube-system describe secret k8sadmin-token-bklpd
Name:         k8sadmin-token-bklpd
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: k8sadmin
             kubernetes.io/service-account.uid: 412bf773-ca8e-4afa-a778-dac0f11b7807

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciO(...)2A
ca.crt:     1066 bytes

Here, you're done. The token is in the command output. You need now to pass its content to Ansible. Just keep in mind the token needs to remain secret. So it's a good idea to encrypt it with Ansible Vault.
You can use the K8S_AUTH_API_KEY environment variable to pass the token to the k8s_* modules:
</code></pre>
$ K8S_AUTH_API_KEY=eyJhbGciO(...)2A ansible-playbook my_playbook.yaml</p>


Ansible: Performance Impact of the Python version
Unknown — Thu, 26 Nov 2020 20:01:54 +0000
Until recently, I was not really paying attention to the version of Python I was using with Ansible, as long as it was Python 3. The default version was always good enough for Ansible.</p>
During the last few weeks, I spent the majority of my time working on the performance of the community.kubernetes collection. The modules of this collection depend on a large library (OpenShift SDK) and Python needs to reload it before every task execution. The goal was to benefit from what is already in place with vmware.vmware_rest: See: my AnsibleFest presentation</a>.</p>
While working on this, I realized that my metrics were not consistent; I was not able to reproduce some test cases from 2 months ago. After a quick investigation, the Python version matters much more than expected.</p>
To compare the different Python versions, I decided to run some tests.</p>
The target host is a t2.medium instance (2 vCPUs, 4GiB) running on AWS. The operating system is Fedora 33, which is really handy for this because it includes all the Python versions from 3.6 to 3.10!</p>
I use the latest stable version of Ansible (2.10.3) that I install with pip</code> in a Python virtual environment. Here is the list of dependencies present in the virtualenvs.</a></p>
Finally, I deploy Kubernetes on Podman</a> with Kubernetes Kind</a>.</p>
For the first test, I use a Python one-liner to evaluate the time Python takes to load the OpenShift SDK. This is one of the operations I want to optimize for my work, so it matters a lot to me.</p>
https://gist.github.com/goneri/c4f8ec63d0c51f7e6236173b2c60db66</p>
Here, the loading is done 100 times in a row.</p>
The result shows a steady improvement of the performance since Python 3.6.</p>
</th> Python3.6</th> Python3.7</th> Python3.8</th> Python3.9</th> Python3.10</th></tr></thead>

time (sec)</td> 48.401</td> 45.088</td> 41.751</td> 40.924</td> 40.385</td></tr>
</tbody></table>
With this test, the loading of the SDK is 16.5% faster</strong> with Python 3.10.</p>
The next test does the same thing, but this time through Ansible. My test uses the following playbook:</p>
https://gist.github.com/goneri/ad252e30d48cfea99aaeb2e18736303e</p>
It runs the k8s_info</code> module 100 times in a row. In addition, I use an ansible.cfg</code> with the following content. This way, ansible-playbook returns a nice output of the task execution duration:</p>
https://gist.github.com/goneri/e364c17d6344fd4cd11c1ed2e0ba12ce</p>
</th> Python3.6</th> Python3.7</th> Python3.8</th> Python3.9</th> Python3.10</th></tr></thead>

time (sec)</td> 85.5</td> 80.5</td> 75.35</td> 75.05</td> 71.19</td></tr>
</tbody></table>
It's a 16.76%</strong> boost between Python 3.6 and Python 3.10. I was not expecting such tight correlation between the two tests.</p>
</a></p>
While Python is obviously not the fastest technology out there, it's great to see how its performance improves with each release. Python 3.10 is not even released yet and looks promising.</p>
If your playbooks use some modules with dependencies on large Python libraries, it may be interesting to try the latest Python versions.</p>
And for those who are still running Python 2.7, I get a 49.2%</strong> performance boost between 2.7 and 3.10.</p>


How to start minishift on Fedora-33
Unknown — Thu, 05 Nov 2020 19:43:51 +0000
update: minishift is basically dead and won't support OpenShift 4. You probably want to use crc</a> instead.</strong></p>
I just spent too much time trying to start minishift</a> with my user account. After 3 hours fighting with permission issues between libvirt and the ~/.minishift</code> directory, I've finally decided to stay sane and use sudo</code>... This is how I start minishift on my Fedora 33.</p>
Install and start libvirt</h3>
sudo dnf install -y libvirt qemu-kvm
sudo systemctl start libvirtd
</code></pre>
Fetch and install minishift and the kvm driver</h3>
sudo dnf install -y origin-clients
curl -L https://github.com/minishift/minishift/releases/download/v1.34.3/minishift-1.34.3-linux-amd64.tgz|sudo tar -C /usr/local/bin -xvz minishift-1.34.3-linux-amd64/minishift  --strip-components=1
sudo curl -L https://github.com/dhiltgen/docker-machine-kvm/releases/download/v0.10.0/docker-machine-driver-kvm-centos7 -o /usr/local/bin/docker-machine-driver-kvm
sudo chmod +x /usr/local/bin/docker-machine-driver-kvm
</code></pre>
Start minishift (with sudo...)</h3>
sudo minishift</p>
And configure the local user</h3>
sudo cp -r /root/.kube /home/goneri
sudo chown -R goneri:goneri /home/goneri/.kube
</code></pre>


How to speed up your (API client) modules
Unknown — Tue, 13 Oct 2020 18:54:03 +0000
https://www.slideshare.net/goneri/how-to-speed-up-your-api-client-modules</p>
The slide deck of my presentation for AnsibleFest 2020. It focuses on the modules designed to interact with a remote service (REST, SOAP, etc). In general these modules just wrap an SDK library; the presentation explains how to improve the performance. I actually use this strategy ( ansible_turbo.module</a> ) with the vmware.vmware_rest collection</a> to speed up the modules.</p>
how-to-speed-up-your-api-client-modules (PDF)</a>Download</a></p>


How we use auto-generated content in the documentation of our Ansible collection
Unknown — Wed, 07 Oct 2020 21:11:54 +0000
Introduction</h2>
Most of the content of the vmware.vmware_rest</a> collection is auto-generated. This article focuses on the documentation and explains how we build it.</p>
Auto-generated example blocks</h2>
This collection comes with an exhaustive series of functional tests. Technically speaking, these tests are simply Ansible playbooks that we run with ansible-playbook. They should run all the modules and ideally in all the potential scenarios (e.g.: create, modify, delete). If the playbook execution is successful, the test passes and we assume the modules are in a consistent state.</p>
We cannot easily generate all documentation content manually, but these playbooks are an interesting source of inspiration since they actually cover and go beyond all the use cases that we want to document.</p>
Our strategy is to record all the tasks and their results in a directory. Our documentation will just point to this content. This provides two interesting benefits:</p>

We know our examples work fine because it's actually the output of the CI.</li>
When the format of a result changes, our documentation will take it into account automatically.</li>
</ul>
We import these files into our git repository, git diff shows us the difference between the previous version. It's an opportunity to spot a regression.</p>
</a> Cooking the collection</p>
How do we collect the tasks and the results?</h2>
For this, we use a callback plugin ( https://github.com/goneri/ansible-collection-goneri.utils</a> ). The configuration is done using three environment variables:</p>

ANSIBLE_CALLBACK_WHITELIST=goneri.utils.collect_task_outputs</code>: Ask Ansible to load the callback plugin.</li>
COLLECT_TASK_OUTPUTS_COLLECTION=vmware.vmware_rest</code>: Specify the name of the collection.</li>
COLLECT_TASK_OUTPUTS_TARGET_DIR=/somewhere</code>: Target directory where to write the results.</li>
</ul>
When we finally call the ansible-playbook</code> command, the callback plugin will be loaded, record all the interactions of the vmware.vmware_rest modules, and store the results in the target directory.</p>
The final script looks like this:</p>
#!/usr/bin/env bash
set -eux

export ANSIBLE_CALLBACK_WHITELIST=goneri.utils.collect_task_outputs
export COLLECT_TASK_OUTPUTS_COLLECTION=vmware.vmware_rest
export COLLECT_TASK_OUTPUTS_TARGET_DIR=$(realpath ../../../../docs/source/vmware_rest_scenarios/task_outputs/)
export INVENTORY_PATH=/tmp/inventory-vmware_rest
source ../init.sh
exec ansible-playbook -i ${INVENTORY_PATH} playbook.yaml
</code></pre>
The documentation</h2>
Like many Python projects, Ansible uses ReStructuredText</a> for its documentation. To include our samples we use the literalinclude</code> directive. The result looks like that, the includes are done on lines 3 and 8:</p>
Here we use ``vcenter_datastore_info`` to get a list of all the datastores:

.. literalinclude:: task_outputs/Retrieve_a_list_of_all_the_datastores.task.yaml

Result
------

.. literalinclude:: task_outputs/Retrieve_a_list_of_all_the_datastores.result.json

</code></pre>
This is how the final result looks like:</p>
</p>
And the RETURN blocks?</h2>
Each Ansible module is supposed to come with a RETURN block ( https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_documenting.html#documentation-block</a> ) that describe the output of the module. Each key of the module output is documented in this JSON structure.

The RETURN section and the task result above should be consistent. We can actually reformat the result and generate a JSON structure that matches the RETURN block expectation.

Once this is done, we just need to inject the content in the module file.</p>
We reuse the task results in our modules with the following command:</p>
./scripts/inject_RETURN.py ~/.ansible/collections/ansible_collections/vmware/vmware_rest/docs/source/vmware_rest_scenarios/task_outputs/ ~/git_repos/ansible-collections/vmware_rest/ --config-file config/inject_RETURN.yaml
</code></pre>


vmware_rest: why a new Ansible Collection?
Unknown — Tue, 29 Sep 2020 17:03:03 +0000
vmware.vmware_rest</strong> (https://galaxy.ansible.com/vmware/vmware_rest</a>) is a new Ansible Collection for VMware. You can use it to manage the guests of your vCenter. If you're familiar with Ansible and VMware, you will notice this collection overlaps with some features of community.vmware. You may think the two collections are competing and that it's a waste of resources. It's not that simple.</p>
A bit of context will be necessary to fully understand why it’s not exactly the case. The development of the community.vmware collection started during the vCenter 6.0 cycle. At this time, the de facto SDK to build Python applications was pyvmomi, which you may know as the vSphere SDK for Python. This Python library relies on the SOAP interface that has been around for more than a decade. By comparison, the vSphere REST interface was still a novelty. The support of some important APIs were missing and documentation was limited.</p>
Today, the situation has evolved. Pyvmomi is not actively maintained anymore and some new services are only exposed through the REST interface; a good example is the tagging API. VMware has also introduced a new Python SDK called vSphere Automation SDK (https://github.com/vmware/vsphere-automation-sdk-python</a>) to consume this new API. For instance, this is what community.vmware_tag_info uses underneath.</p>
This new SDK comes at a cost for users. They need to pull an extra Python dependency in addition to pyvmomi and to make matters worse, this library is not on PyPI (See: https://github.com/vmware/vsphere-automation-sdk-python/issues/38</a>), Python's official library repository. They need to install it from GitHub instead. This is a source of confusion for our users.</p>
From a development perspective, we don't like when a module needs to load a gazillion Python dependencies because this slows down the execution time and it's a source of complexity. But we cannot ditch pyvmomi immediately because a lot of modules rely on it. We can potentially rewrite these modules to use the vSphere Automation SDK.</p>
These modules are already stable and of high quality. Many users depend on them. Modifying these modules to use the vSphere Automation SDK is risky. Any single regression would have a wide impact.</p>
Our users would be frustrated by such a transition, especially because it would bring absolutely zero new features to them. This also means we would have to reproduce the exact same behavior, and we would miss an opportunity to improve the modules.</p>
Technically speaking, an application that consumes a REST interface doesn't really need an SDK. It can be handy sometimes, for instance for the authentication, but overall the standard HTTP client should be enough. After all, the 'S' of REST stands for Simple for a reason.</p>
The vSphere REST API is not always consistent, but it's well documented. VMware maintains a tool called vmware-openapi-generator (https://github.com/vmware/vmware-openapi-generator</a>) to extract it in a machine compatible format (Swagger 2.0 or OpenAPI 3).</p>
During our quest for a solution to this Python dependency problem, we've designed a Proof of Concept (PoC). It was based on a set of modules with no dependency on any third-party library. And of course, these modules were auto-generated. We've mentioned the conclusion of the PoC back in March during the VMware / Ansible weekly meeting (https://github.com/ansible/community/issues/423</a>).</p>
The feedback convinced us we were on the right path. And here we go, 5 months later. The first beta release of vmware.vmware_rest</strong> has just been announced on Ansible's blog</a>!</p>


CI of the Ansible modules for VMware: a retrospective
Unknown — Fri, 21 Aug 2020 20:13:14 +0000
</a></p>
Since January 2020, every new Ansible VMware pull request is tested by the CI against a real VMware lab. Creating the CI environment against a real VMware lab has been a long journey, which I'll share in this blog post.</p>
Ansible VMware provides more than 170 modules, each of them dedicated to a specific area. You can use them to manage your ESXi hosts, the vCenter instances, the vSAN, perform the common day-to-day guest management, etc.</p>
Our modules are maintained by a community of contributors, and a large number of the pull requests (PRs) are contributions from newcomers. The classic scenario is a user who has found a problem or a limitation with a module, and would like to address it.</p>
This is the reason why our contributors are not necessarily developers. The average contributor doesn't necessarily have advanced Python experience. We can hardly ask them to write Python unit tests. Requiring this level of work creates a barrier to contribution. This would be a source of confusion and frustration and we would lose a lot of valuable contributions. However, they are power users. They have a great understanding of VMware and Ansible, and so we maintain a test playbook for most of the modules.</p>
Previously, when a new change was submitted, the CI was running the light Ansible sanity test suite and an integration test against govcsim, a VMware API simulator (https://github.com/vmware/govmomi/tree/master/vcsim</a>).</p>
govcsim is a handy piece of software; you can start it locally to mock a vSphere infrastructure. But it doesn't fully support some important VMware components like the network devices or datastores. As a consequence, the core reviewers were asked to download the changeset locally, and run the functional tests against their own vSphere lab.</p>
In our context, a vSphere lab is:</p>
- a vCenter instance</p>
- 2 ESXi hosts</p>
- 2 NFS datastores, with some pre-existing files.</p>
We also had challenges in our test environment. Functional tests destroy or create network switches, enable IPv6, add new datastores, and rarely if ever restore the system to initial configuration once complete, leaving the labs in disarray and growing worse with each series of tests. Consequently, the reviews were slow, and we were wasting days fixing our infrastructures. Since the tests were not reproducible and done locally, it was hard to distinguish setup errors from actual issues and therefore it was hard to provide meaningful feedback to contributors: Is this error coming from my setup? I need to manually copy/paste the error with the contributor, sometimes several days after the initial commit.</p>
This was a frustrating situation for us, and for the contributors. But well, we've spent years doing that...</p>
You may find we like to suffer, which is probably true to some extent, but the real problem is that it's rather complex to automate the full deployment of a lab. vSphere is an appliance VM in the OVA format. It has to be deployed on an ESXi host. Officially, ESXi hosts can't be virtualized, unless they run on ESXi hosts themselves. In addition, we use Evaluation licenses, and as a consequence, we cannot rely on features like snapshotting, and we have to redeploy our lab every 60 days.</p>
We can do better! Some others did!</h2>
The Ansible network modules were facing similar challenges. Network devices are required to fully validate a change, but it's costly to stack and maintain operation of hundreds of devices just for validation.</p>
They've decided to invest in OpenStack and a CI solution called Zuul-CI (https://zuul-ci.org/). I don't want to elaborate too much on Zuul since the topic itself is worth a book. But basically, every time a change gets pushed, Zuul will spawn a multi-node test environment, prepare the test execution using ... Ansible, Yeah! And finally, run the test and collect the result. This environment makes use of appliances coming from the vendors. It's basically just a VM. OpenStack is pretty flexible for this use-case, especially when you've got top-notch support with the providers.</p>
Let's build some VMware Cloud images!</h2>
To run a VM in a cloud environment, it has to match the following requirements:</p>

use a single disk image, a qcow2 in the case of OpenStack.</li>
support the hardware exposed by the hypervisor, qemu-kvm in our case</li>
configure itself according to the metadata information exposed by the cloud provider (IP, SSH keys, etc). This service is handled by Cloud-Init most of the time.</li>
</ul>
ESXi cloud image</h3>
For ESXi, the first step was to deploy ESXi on libvirt/qemu-kvm. This works fine as we avoid virtio. And with a bit more effort, we can automate the process ( https://github.com/virt-lightning/esxi-cloud-images</a> ). But our VM is not yet self-configuring. We need an alternative to Cloud-init. This is what esxi-cloud-init ( https://github.com/goneri/esxi-cloud-init/</a> ) will do for us. It reads the cloud metadata and prepares the network configuration of the ESXi host, and it also injects the SSH keys.</p>
The image build process is rather simple once you've got libvirt and virt-install on your machine:</p>
$ git clone https://github.com/virt-lightning/esxi-cloud-images
</code></pre>
$ cd esxi-cloud-images</p>
$ ./build.sh ~/Downloads/VMware-VMvisor-Installer-7.0.0-15525992.x86_64.iso</p>
(...)</p>
$ ls esxi-6.7.0-20190802001-STANDARD.qcow2</p>
</a></p>
The image can run on OpenStack, but also on libvirt. Virt-Lightning (https://virt-lightning.org/) is the tool we use to spawn our environment locally.</p>
</p>
vCenter cloud image too?</h3>
update: See Ansible: How we prepare the vSphere instances of the VMware CI</a> for a more detailed explanation of the VCSA deployment process.</em></p>
We wanted to deploy vCenter on our instance, but this is daunting. vCenter has a slow installation process, it requires an ESXi host, and is extremely sensitive to any form of network configuration changes...</p>
So the initial strategy was to spawn a ESXi instance, and deploy vCenter on it. This is handled by ansible-role-vcenter-instance ( https://github.com/goneri/ansible-role-vcenter-instance</a> ). The full process takes about 25m.</p>
We became operational but the deployment process overwhelmed our lab. Additionally, the ESXi instance (16GB of RAM) was too much for running on a laptop. I started investigating new options.</p>
Technically speaking, the vCenter Server Appliance or VCSA, is based on Photon Linux, the Linux distribution of VMware, and the VM actually comes with 15 large disks. This is a bit problematic since our final cloud image must be a single disk and be as small as possible. I developed this strategy:</p>

connect to the running VCSA, move all the content from the partition to the main partition, and drop the extra disk from the /etc/fstab</li>
do some extra things regarding the network and Cloud-init configuration.</li>
stop the server</li>
extract the raw disk image from the ESXi datastore</li>
convert it to the qcow2 format</li>
and voilà! You've got a nice cloud image of your vCenter.</li>
</ol>
All the steps are automated by the following tool: https://github.com/virt-lightning/vcsa_to_qcow2</a>. It also enables virtio for better performance.</p>
Preparing development environment locally</h3>
To simplify the deployment, I use the following tool: https://github.com/goneri/deploy-vmware-ci. It will use virt-lightning to spawn the nodes, and do the post-configuration with Ansible. It reuses the roles that we consume in the CI to configure the vCenter, the host names, and populate the datastore.</p>
In this example, I use it to start my ESXi environment on my Lenovo T580 laptop; the full run takes 15 minutes: https://asciinema.org/a/349246</p>
Being able to redeploy a work environment in 15 minutes has been a life changer. I often recreate it several times a day. In addition, the local deployment workflow reproduces what we do in the CI, it's handy to validate a changeset, or troubleshoot a problem.</p>
The CI integration</h3>
Each Ansible module is different, which makes for different test requirements. We've got 3 topologies:</p>

vcenter_only: only one single vCenter instance</li>
vcenter_1esxi_with_nested: one vCenter with an ESXi, this ESXi is capable of starting a nested VM.</li>
vcenter_1_esxi_without_nested: the same, but this time, we don't start nested VM. Compared to the previous case, this set-up is compatible with all our providers.</li>
vcenter_2_esxi_without_nested: well, like the previous one, but with a second ESXi, for instance to test ha or migration.</li>
</ul>
The nodeset definition is done in the following file: https://github.com/ansible/ansible-zuul-jobs/blob/master/zuul.d/nodesets.yaml</a></p>
We split the hours long test execution time on the different environments. An example of job result:</p>
</p>
As you can see, we still run govcsim in the CI, even if it's superseded by a real test environment. Since govcsim jobs run faster, we assume that failure would also fail against the real lab and abort the other jobs. This is a way to save time and resources.</p>
I would like to thank Chuck Copello for the helpful review of this blog post.</p>


Cloud images, which one is the fastest?
Unknown — Thu, 13 Aug 2020 23:13:09 +0000
Introduction</p>
This post compares the start-up duration of the most popular cloud images. By start-up, I mean the time until we've got an operational SSH server.</p>
For this test, I use a pet project called Virt-Lightning ( https://virt-lightning.org/</a> ). This tool allows any Linux user to start standard cloud images locally. It will prepare the meta-data and start a VM in your local libvirt. It's very handy for people like me, who work on Linux and spend the day starting new VMs. The images are in the QCow2 format, and it uses the OpenStack meta-data format. Technically speaking, the performance should match what you get with OpenStack.</p>
Actually, OpenStack is often slightly slower because it does some extra operations. It may need to create a volume on Ceph, or prepare extra network configuration.</p>
The 2.0.0 release of Virt-Lightning exposes a public API. My test scenario</a> is built on top of that. It uses Python to pull the different images, and create a VM from it 10 times in a row.</p>
All the images are public; Virt-Lightning can fetch them with the vl pull foo</code> command:</p>
vl pull centos-6
</code></pre>
During the boot process, the VM will set up a static network configuration, resize the filesystem, create a user, and inject an SSH key.</p>
By default, Virt-Lightning uses a static network configuration because it's faster, and it gives better performance when we start a large number of VMs at the same time. I chose to stick with this.</p>
I did my tests on my Lenovo T580, which comes with a NVMe storage, and 32GB of memory. I would be curious to see the results with the same scenario, but on a regular spinning disk.</p>
The target images</p>
For this test, I compare the following Linux distributions: CentOS, Debian, Fedora, Ubuntu, and OpenSUSE. As far as I know, there is no public cloud image available for the other common distributions. If you think I'm wrong, please post a comment below.</p>
I also included the latest FreeBSD, NetBSD, and OpenBSD releases. They don't provide official cloud images. This is the reason why I reuse the unofficial ones from https://bsd-cloud-image.org/</a>.</p>
The lack of a pre-existing Windows image is the reason why this OS is not included.</p>
Results</p>
</p>
Debian 10 is by far the fastest image with an impressive 15s on average. Basically, 5s less than any other cloud image.</p>
</p>
Regarding the BSDs, FreeBSD is the only system able to resize the root filesystem without a reboot. Consequently, OpenBSD and NetBSD need to start twice in a row. This explains the big difference. The NetBSD kernel hardware probe is rather slow, for instance it takes 5s to initialize the ATA bus of the CD-ROM. This is the reason why the results look rather bad.</p>
</p>
About Ubuntu, I was surprised by the boot duration of Ubuntu 18.04. It is about two times longer than for 16.04. 20.04 is a bit better but still, we are far from the 15s of 14.04. I would be curious to know the origin of this. Maybe AppArmor?</p>
</p>
CentOS 6 results are not really consistent. They vary between 17.9s and 25.21s. This is the largest delta if you compare with the other distribution. This being said, CentOS 6 is rather old, and won't be supported anymore</a> at the end of the year.</p>
Conclusions</p>
All the recent Linux images are based on systemd. It would be great to extract the metrics from systemd-analyze</code> to understand what impacts the performance the most.</p>
Most of the time, when I deploy a test VM, the very first thing I do is the installation of some important packages. This scenario may be covered later in another blog post.</p>
Raw results for each image</p>
CentOS 6</p>
image from: https://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2</a>

Date: Thu, 08 Aug 2019 13:28:32 GMT

Size: 806748160</p>
distro=centos-6, elapsed_time=023.20
distro=centos-6, elapsed_time=021.41
distro=centos-6, elapsed_time=024.97
distro=centos-6, elapsed_time=025.21
distro=centos-6, elapsed_time=020.29
distro=centos-6, elapsed_time=020.67
distro=centos-6, elapsed_time=020.13
distro=centos-6, elapsed_time=019.83
distro=centos-6, elapsed_time=020.09
distro=centos-6, elapsed_time=017.92
</code></pre>
The average is 21.3s.</p>
CentOS 7</p>
image from: http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2</a>

Date: Wed, 22 Apr 2020 12:24:07 GMT

Size: 858783744</p>
distro=centos-7, elapsed_time=020.88
distro=centos-7, elapsed_time=020.51
distro=centos-7, elapsed_time=020.42
distro=centos-7, elapsed_time=020.58
distro=centos-7, elapsed_time=020.18
distro=centos-7, elapsed_time=021.14
distro=centos-7, elapsed_time=020.74
distro=centos-7, elapsed_time=020.80
distro=centos-7, elapsed_time=020.48
distro=centos-7, elapsed_time=020.15
</code></pre>
Average: 20.5s</p>
CentOS 8</p>
image from: https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.1.1911-20200113.3.x86_64.qcow2</a>

Date: Mon, 13 Jan 2020 21:57:45 GMT

Size: 716176896</p>
distro=centos-8, elapsed_time=023.55
distro=centos-8, elapsed_time=023.27
distro=centos-8, elapsed_time=024.39
distro=centos-8, elapsed_time=023.61
distro=centos-8, elapsed_time=023.52
distro=centos-8, elapsed_time=023.49
distro=centos-8, elapsed_time=023.53
distro=centos-8, elapsed_time=023.30
distro=centos-8, elapsed_time=023.34
distro=centos-8, elapsed_time=023.67
</code></pre>
Average: 23.5s</p>
Debian 9</p>
image from: https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2</a>

Date: Wed, 29 Jul 2020 09:59:59 GMT

Size: 594190848</p>
distro=debian-9, elapsed_time=020.69
distro=debian-9, elapsed_time=020.59
distro=debian-9, elapsed_time=020.16
distro=debian-9, elapsed_time=020.30
distro=debian-9, elapsed_time=020.02
distro=debian-9, elapsed_time=020.01
distro=debian-9, elapsed_time=020.71
distro=debian-9, elapsed_time=020.48
distro=debian-9, elapsed_time=020.65
distro=debian-9, elapsed_time=020.57
</code></pre>
Average is 20.4s.</p>
Debian 10</p>
image from: https://cdimage.debian.org/cdimage/openstack/current-10/debian-10-openstack-amd64.qcow2</a>

Date: Sat, 01 Aug 2020 20:10:01 GMT

Size: 530629120</p>
distro=debian-10, elapsed_time=015.25
distro=debian-10, elapsed_time=015.28
distro=debian-10, elapsed_time=014.88
distro=debian-10, elapsed_time=015.07
distro=debian-10, elapsed_time=015.39
distro=debian-10, elapsed_time=015.35
distro=debian-10, elapsed_time=015.47
distro=debian-10, elapsed_time=014.94
distro=debian-10, elapsed_time=015.57
distro=debian-10, elapsed_time=015.57
</code></pre>
Average is 15.2s</p>
Debian testing</p>
Debian testing is a rolling release, so I won't include it in the charts, but I found interesting to include it in the results.</p>
image from: https://cdimage.debian.org/cdimage/openstack/testing/debian-testing-openstack-amd64.qcow2</a>

Date: Mon, 01 Jul 2019 08:39:27 GMT

Size: 536621056</p>
distro=debian-testing, elapsed_time=015.07
distro=debian-testing, elapsed_time=015.03
distro=debian-testing, elapsed_time=014.93
distro=debian-testing, elapsed_time=015.33
distro=debian-testing, elapsed_time=014.85
distro=debian-testing, elapsed_time=015.53
distro=debian-testing, elapsed_time=014.94
distro=debian-testing, elapsed_time=015.22
distro=debian-testing, elapsed_time=015.19
distro=debian-testing, elapsed_time=014.86
</code></pre>
Average 15s</p>
Fedora 31</p>
image from: https://download.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2</a>

Date: Wed, 23 Oct 2019 23:06:38 GMT

Size: 355350528</p>
distro=fedora-31, elapsed_time=020.48
distro=fedora-31, elapsed_time=020.39
distro=fedora-31, elapsed_time=020.37
distro=fedora-31, elapsed_time=020.30
distro=fedora-31, elapsed_time=020.29
distro=fedora-31, elapsed_time=020.31
distro=fedora-31, elapsed_time=020.50
distro=fedora-31, elapsed_time=020.51
distro=fedora-31, elapsed_time=020.27
distro=fedora-31, elapsed_time=020.91
</code></pre>
Average 20.4s</p>
Fedora 32</p>
image from: https://download.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-1.6.x86_64.qcow2</a>

Date: Wed, 22 Apr 2020 22:36:57 GMT

Size: 302841856</p>
distro=fedora-32, elapsed_time=021.68
distro=fedora-32, elapsed_time=022.43
distro=fedora-32, elapsed_time=022.17
distro=fedora-32, elapsed_time=023.06
distro=fedora-32, elapsed_time=022.23
distro=fedora-32, elapsed_time=022.83
distro=fedora-32, elapsed_time=022.54
distro=fedora-32, elapsed_time=021.46
distro=fedora-32, elapsed_time=022.37
distro=fedora-32, elapsed_time=023.14
</code></pre>
Average: 22.4s</p>
FreeBSD 11.4</p>
image from: https://bsd-cloud-image.org/images/freebsd/11.4/freebsd-11.4.qcow2</a>

Date: Wed, 05 Aug 2020 01:24:32 GMT

Size: 412895744</p>
distro=freebsd-11.4, elapsed_time=030.68
distro=freebsd-11.4, elapsed_time=030.64
distro=freebsd-11.4, elapsed_time=030.29
distro=freebsd-11.4, elapsed_time=030.29
distro=freebsd-11.4, elapsed_time=029.86
distro=freebsd-11.4, elapsed_time=029.74
distro=freebsd-11.4, elapsed_time=029.90
distro=freebsd-11.4, elapsed_time=029.77
distro=freebsd-11.4, elapsed_time=030.04
distro=freebsd-11.4, elapsed_time=029.70
</code></pre>
Average 30s</p>
FreeBSD 12.1</p>
image from: https://bsd-cloud-image.org/images/freebsd/12.1/freebsd-12.1.qcow2</a>

Date: Wed, 05 Aug 2020 01:46:11 GMT

Size: 479029760</p>
distro=freebsd-12.1, elapsed_time=029.78
distro=freebsd-12.1, elapsed_time=030.32
distro=freebsd-12.1, elapsed_time=029.56
distro=freebsd-12.1, elapsed_time=029.60
distro=freebsd-12.1, elapsed_time=029.76
distro=freebsd-12.1, elapsed_time=029.89
distro=freebsd-12.1, elapsed_time=029.55
distro=freebsd-12.1, elapsed_time=029.66
distro=freebsd-12.1, elapsed_time=029.31
distro=freebsd-12.1, elapsed_time=029.77
</code></pre>
Average 29.7</p>
NetBSD 8.2</p>
image from: https://bsd-cloud-image.org/images/netbsd/8.2/netbsd-8.2.qcow2</a>

Date: Wed, 05 Aug 2020 02:06:57 GMT

Size: 155385856</p>
distro=netbsd-8.2, elapsed_time=066.71
distro=netbsd-8.2, elapsed_time=067.80
distro=netbsd-8.2, elapsed_time=067.15
distro=netbsd-8.2, elapsed_time=066.97
distro=netbsd-8.2, elapsed_time=066.84
distro=netbsd-8.2, elapsed_time=067.01
distro=netbsd-8.2, elapsed_time=066.98
distro=netbsd-8.2, elapsed_time=067.73
distro=netbsd-8.2, elapsed_time=067.34
distro=netbsd-8.2, elapsed_time=066.90
</code></pre>
Average 67.1</p>
NetBSD 9.0</p>
image from: https://bsd-cloud-image.org/images/netbsd/9.0/netbsd-9.0.qcow2</a>

Date: Wed, 05 Aug 2020 02:25:11 GMT

Size: 149291008</p>
distro=netbsd-9.0, elapsed_time=067.04
distro=netbsd-9.0, elapsed_time=066.92
distro=netbsd-9.0, elapsed_time=066.89
distro=netbsd-9.0, elapsed_time=067.24
distro=netbsd-9.0, elapsed_time=067.41
distro=netbsd-9.0, elapsed_time=067.13
distro=netbsd-9.0, elapsed_time=066.14
distro=netbsd-9.0, elapsed_time=066.75
distro=netbsd-9.0, elapsed_time=067.25
distro=netbsd-9.0, elapsed_time=066.60
</code></pre>
Average: 66.9s</p>
OpenBSD 6.6</p>
image from: https://bsd-cloud-image.org/images/openbsd/6.7/openbsd-6.7.qcow2</a>

Date: Wed, 05 Aug 2020 04:09:44 GMT

Size: 520704512</p>
distro=openbsd-6.6, elapsed_time=048.80
distro=openbsd-6.6, elapsed_time=049.72
distro=openbsd-6.6, elapsed_time=049.07
distro=openbsd-6.6, elapsed_time=048.36
distro=openbsd-6.6, elapsed_time=049.28
distro=openbsd-6.6, elapsed_time=049.12
distro=openbsd-6.6, elapsed_time=049.36
distro=openbsd-6.6, elapsed_time=049.80
distro=openbsd-6.6, elapsed_time=048.05
distro=openbsd-6.6, elapsed_time=049.71
</code></pre>
Average: 49.1s</p>
OpenBSD 6.7</p>
image from: https://bsd-cloud-image.org/images/openbsd/6.7/openbsd-6.7.qcow2</a>

Date: Wed, 05 Aug 2020 04:09:44 GMT

Size: 520704512</p>
distro=openbsd-6.7, elapsed_time=048.81
distro=openbsd-6.7, elapsed_time=048.96
distro=openbsd-6.7, elapsed_time=049.86
distro=openbsd-6.7, elapsed_time=049.12
distro=openbsd-6.7, elapsed_time=049.75
distro=openbsd-6.7, elapsed_time=050.63
distro=openbsd-6.7, elapsed_time=050.85
distro=openbsd-6.7, elapsed_time=049.92
distro=openbsd-6.7, elapsed_time=048.98
distro=openbsd-6.7, elapsed_time=050.83
</code></pre>
Average: 49.7s</p>
Ubuntu 14.04</p>
image from: https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img</a>

Date: Thu, 07 Nov 2019 15:38:05 GMT

Size: 264897024</p>
distro=ubuntu-14.04, elapsed_time=014.40
distro=ubuntu-14.04, elapsed_time=014.42
distro=ubuntu-14.04, elapsed_time=014.94
distro=ubuntu-14.04, elapsed_time=015.44
distro=ubuntu-14.04, elapsed_time=015.64
distro=ubuntu-14.04, elapsed_time=014.59
distro=ubuntu-14.04, elapsed_time=015.02
distro=ubuntu-14.04, elapsed_time=015.22
distro=ubuntu-14.04, elapsed_time=015.44
distro=ubuntu-14.04, elapsed_time=015.44
</code></pre>
Average: 15s</p>
Ubuntu 16.04</p>
image from: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img</a>

Date: Thu, 13 Aug 2020 08:36:38 GMT

Size: 309657600</p>
distro=ubuntu-16.04, elapsed_time=015.13
distro=ubuntu-16.04, elapsed_time=015.39
distro=ubuntu-16.04, elapsed_time=015.42
distro=ubuntu-16.04, elapsed_time=015.62
distro=ubuntu-16.04, elapsed_time=015.29
distro=ubuntu-16.04, elapsed_time=015.60
distro=ubuntu-16.04, elapsed_time=015.62
distro=ubuntu-16.04, elapsed_time=015.21
distro=ubuntu-16.04, elapsed_time=015.62
distro=ubuntu-16.04, elapsed_time=015.67
</code></pre>
Average: 15.4</p>
Ubuntu 18.04</p>
image from: https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img</a>

Date: Wed, 12 Aug 2020 16:58:30 GMT

Size: 357302272</p>
distro=ubuntu-18.04, elapsed_time=028.58
distro=ubuntu-18.04, elapsed_time=028.25
distro=ubuntu-18.04, elapsed_time=028.36
distro=ubuntu-18.04, elapsed_time=028.45
distro=ubuntu-18.04, elapsed_time=028.79
distro=ubuntu-18.04, elapsed_time=028.28
distro=ubuntu-18.04, elapsed_time=028.11
distro=ubuntu-18.04, elapsed_time=028.07
distro=ubuntu-18.04, elapsed_time=027.75
distro=ubuntu-18.04, elapsed_time=028.25
</code></pre>
Average: 28.3s</p>
Ubuntu 20.04</p>
image from: https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img</a>

Date: Mon, 10 Aug 2020 22:19:47 GMT

Size: 545587200</p>
distro=ubuntu-20.04, elapsed_time=023.23
distro=ubuntu-20.04, elapsed_time=022.74
distro=ubuntu-20.04, elapsed_time=023.20
distro=ubuntu-20.04, elapsed_time=022.96
distro=ubuntu-20.04, elapsed_time=024.04
distro=ubuntu-20.04, elapsed_time=024.06
distro=ubuntu-20.04, elapsed_time=023.60
distro=ubuntu-20.04, elapsed_time=023.88
distro=ubuntu-20.04, elapsed_time=023.24
distro=ubuntu-20.04, elapsed_time=024.27
</code></pre>
Average: 23.5s</p>
OpenSUSE Leap 15.2</p>
image from: https://download.opensuse.org/repositories/Cloud:/Images:/Leap_15.2/images/openSUSE-Leap-15.2-OpenStack.x86_64.qcow2</a>

Date: Sun, 07 Jun 2020 11:42:01 GMT

Size: 566047744</p>
distro=opensuse-leap-15.2, elapsed_time=027.10
distro=opensuse-leap-15.2, elapsed_time=027.61
distro=opensuse-leap-15.2, elapsed_time=027.07
distro=opensuse-leap-15.2, elapsed_time=027.12
distro=opensuse-leap-15.2, elapsed_time=027.57
distro=opensuse-leap-15.2, elapsed_time=026.86
distro=opensuse-leap-15.2, elapsed_time=027.25
distro=opensuse-leap-15.2, elapsed_time=027.10
distro=opensuse-leap-15.2, elapsed_time=027.69
distro=opensuse-leap-15.2, elapsed_time=027.39
</code></pre>
Average: 27.3s</p>


How to clean Docker up when used on Btrfs
Unknown — Thu, 08 Jan 2015 13:05:16 +0000
Docker often leaves behind files when I remove images with rmi</code>.</p>
systemctl stop docker.service
systemctl stop docker.socket
rm -rf /var/lib/docker/
btrfs subvolume list /var/lib/docker|awk '/ID/ {print "/"$9}'|xargs btrfs sub delete
</code></pre>


Create thumbnail images of a set of pictures
Unknown — Sat, 03 Jan 2015 14:10:32 +0000
Load 4 pictures at a time from the input directory and create thumbnail montage images:</p>
#!/usr/bin/env python3

import glob
import subprocess

inputs = glob.glob('input/*.JPG')

cpt = 0
while len(inputs) > 0:
to_process = inputs[:4] + ['logo:', 'logo:', 'logo:']
inputs = inputs[4:]
cpt += 1
subprocess.call(["montage"] + to_process[:4] + ["-geometry", "800x600+2+2", "final/final_%02d.jpg" % cpt])
</code></pre>


Pbuilder on Debian kFreeBSD Wheezy
Unknown — Mon, 06 Oct 2014 19:57:17 +0000
There is a little trick if you want to use pbuilder on kFreeBSD. Add these lines in /etc/pbuilderrc:</p>
MIRRORSITE=http://cdn.debian.net/debian
USEPROC=yes
USEDEVFS=yes
USEDEVPTS=yes
BINDMOUNTS="/home/goneri"
</code></pre>


Getting BURP to use Puppet CA
Unknown — Wed, 16 Oct 2013 13:20:56 +0000
I'm a big fan of BURP</a> to maintain my backups. This article explains how to reuse the PuppetMaster CA for authentication. I use Debian burp package on Wheezy.</p>
First, you need to generate the dhfile.pem on both the server and the agent:</p>
openssl dhparam -outform PEM -out /etc/burp/dhfile.pem 1024
</code></pre>
The server</h2>
The configuration is in /etc/burp/burp-server.conf:</p>
mode = server
(...)
# ca_conf = /etc/burp/CA.cnf
# ca_name = burpCA
# ca_server_name = burpserver
# ca_burp_ca = /usr/sbin/burp_ca
(...)
ssl_cert_ca = /var/lib/puppet/ssl/certs/ca.pem
ssl_cert = /var/lib/puppet/ssl/ca/signed/newpuppet.lebouder.net.pem
ssl_key = /var/lib/puppet/ssl/private_keys/newpuppet.lebouder.net.pem
ssl_key_password = password
ssl_dhfile = /etc/burp/dhfile.pem
(...)
</code></pre>
The agent</h2>
The configuration file is /etc/burp/burp.conf:</p>
mode = client
port = 4971
server = newpuppet.lebouder.net
ssl_cert_ca = /var/lib/puppet/ssl/certs/ca.pem
ssl_cert = /var/lib/puppet/ssl/certs/newclient.lebouder.net.pem
ssl_key = /var/lib/puppet/ssl/private_keys/newclient.lebouder.net.pem
ssl_peer_cn = newpuppet.lebouder.net
(...)
</code></pre>
newpuppet.lebouder.net is the Puppet server.</p>


Refresh all my git clones
Unknown — Sun, 15 Sep 2013 21:58:22 +0000
These are the commands I use to refresh all my git clones. For example, when I know I will be offline in the coming hours:</p>
locate --regex '\.git$'|parallel 'cd {} && cd .. && echo $PWD && git fetch --all'
</code></pre>
The use of GNU parallel is helpful to reduce the sync duration.</p>


Duide Antidote8 sur Debian Sid
Unknown — Fri, 09 Aug 2013 13:44:07 +0000
J’ai acheté le correcteur orthographique Antidote 8</a> que j’ai installé hier. L’outil est vraiment impressionnant et agréable à utiliser.</p>
L’installation sur Debian Sid n’est pas supportée, cependant son utilisation est possible. Je dois encore voir si je peux l’intégrer avec Firefox (Iceweasel) et Thunderbird (Icedove).</p>
Installation</h1>
# apt-get install libx11-6 libxslt1.1 libvorbis0a libxrender1 libgstreamer-plugins-base0.10-0 libpulse0 libpulse0 libpulse-mainloop-glib0 libfreetype6libpulse-mainloop-glib0 libfontconfig1 libxext6 libicu48``# wget http://ftp.fr.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb
# dpkg -i libssl0.9.8_0.9.8o-4squeeze14_amd64.deb
</code></pre>
# wget http://ftp.fr.debian.org/debian/pool/main/i/icu/libicu44_4.4.1-8_amd64.deb
# dpkg -i libicu44_4.4.1-8_amd64.deb
</code></pre>
Pour éviter un problème avec les kernel >= 3 il faut faire une petite manip présentée ici : http://www.debian-fr.org/certains-logiciels-dysfonctionnent-en-changeant-de-noyau-t42688.html</p>
# wget https://mail.gnome.org/archives/evolution-list/2003-December/txtBEWSVk2eft.txt -O /tmp/uname.c
$ (echo #define _GNU_SOURCE; cat /tmp/uname.c) > /tmp/uname.c
$ gcc -shared -fPIC -ldl uname.c -o /opt/Druide/Antidote8/Programmes64/fake-uname.so`
</code></pre>
Il ne reste plus qu'a ajouter les deux lignes suivantes au début du script /opt/Druide/Antidote8/Programmes64/Antidote8.</p>
export LD_PRELOAD=/opt/Druide/Antidote8/Programmes64/fake-uname.so
export RELEASE=$(uname -r | sed 's/^\(...\)/\1.0-antidote-fix/g')
</code></pre>


Finally, a 4096 GnuPG key
Unknown — Tue, 18 Jun 2013 12:42:20 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I finally generated a 4096 key ( 0x049ED9B94765572E ) which is signed
by my old key 0x37D9412C. I will revoke this old key in the coming months.

The old 1024bit key:
pub 1024D/37D9412C 2004-08-18
Key fingerprint = D3BC 65BB 48B1 1DA8 BC8A 5C88 B0A4 C5A4 37D9 412C
uid Gonéri Le Bouder
uid Gonéri Le Bouder
uid Gonéri Le Bouder
uid Gonéri Le Bouder
uid [jpeg image of size 7650]
uid Gonéri Le Bouder (Professional address)
uid [jpeg image of size 4672]
sub 1024g/E47802B2 2004-08-18
sub 2048R/F89D348A 2013-06-01

The new key:
pub 4096R/4765572E 2013-06-18 [expires: 2023-07-15]
Key fingerprint = 1FF3 68E8 0199 1373 1705 B8AF 049E D9B9 4765 572E
uid Gonéri Le Bouder
uid Gonéri Le Bouder
uid Gonéri Le Bouder
uid [jpeg image of size 7650]
uid Gonéri Le Bouder
sub 4096R/E496738B 2013-06-18

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJlJjsACgkQsKTFpDfZQSxwzwCeLDuJoMOwJ4H2fbQionyejDck
GX8Anjp0V+rZHJ5fLlLv3yXWbsBt9K5m
=RHzK
-----END PGP SIGNATURE-----
</code></pre>


Avahi / Bonjour on Windows
Unknown — Sun, 16 Jun 2013 12:10:05 +0000
How to resolve .local Avahi/Bonjour names on Windows: http://support.apple.com/kb/DL999</p>


ext4 with barrier=1 and performance
Unknown — Mon, 04 Feb 2013 09:41:35 +0000
The use of nobarrier provides a great performance gain on my laptop. I think I will continue with this approach even if my hard drive has no battery unit.</p>
With ext4 (rw,noatime,errors=remount-ro,data=ordered)</h2>
#fs_mark -t 4 -s 10240 -n 1000 -d /home/goneri/tmp/test # Version 3.3, 4 thread(s) starting at Mon Feb 4 10:35:47 2013
# Sync method: INBAND FSYNC: fsync() per file in write loop.
# Directories: no subdirectories used
# File names: 40 bytes long, (16 initial bytes of time stamp with 24 random bytes at end of name)
# Files info: size 10240 bytes, written with an IO size of 16384 bytes per write
# App overhead is time in microseconds spent in the test not doing file writing related system calls. FSUse% Count Size Files/sec App Overhead
o 84 4000 10240 35.2 113031
</code></pre>
ext4 (rw,noatime,nobarrier,errors=remount-ro,commit=15,data=ordered)</h2>
tosh-r630:/tmp$ fs_mark -t 4 -s 10240 -n 1000 -d ~/tmp/test # fs_mark -t 4 -s 10240 -n 1000 -d /home/goneri/tmp/test # Version 3.3, 4 thread(s) starting at Mon Feb 4 10:40:06 2013
# Sync method: INBAND FSYNC: fsync() per file in write loop.
# Directories: no subdirectories used
# File names: 40 bytes long, (16 initial bytes of time stamp with 24 random bytes at end of name)
# Files info: size 10240 bytes, written with an IO size of 16384 bytes per write
# App overhead is time in microseconds spent in the test not doing file writing related system calls. FSUse% Count Size Files/sec App Overhead 84 4000 10240 839.9 99672
</code></pre>


Debian Wheezy and cfengine
Unknown — Sat, 17 Nov 2012 20:10:24 +0000
How to bootstrap a cfengine node with Debian Wheezy Cfengine:</p>
# cp /usr/share/doc/cfengine3/example_config/* /etc/cfengine3/
# sed -i 's,"/var/lib/cfengine3/inputs","/etc/cfengine3",' /etc/cfengine3/update.cf
# sed -i 's,RUN_CFEXECD=0,RUN_CFEXECD=1,' /etc/default/cfengine3
# /etc/init.d/cfengine3 restart
# cf-agent --bootstrap --policy-server 2a01:e35:242d:e930:250:XXXX:XXXX:XXXXX
</code></pre>


Prefetch apt packages
Unknown — Tue, 13 Nov 2012 10:26:46 +0000
I use this command to speed up deb package downloads. It will do parallel downloads of the required .deb files with puf.</p>
For example with otrs:</p>
cd /var/cache/apt/archives/ && apt-get -y --print-uris install otrs|awk '{print $1}'|grep "'http" | xargs puf
</code></pre>


git gc --prune on a complete directory structure
Unknown — Wed, 13 Jun 2012 10:43:56 +0000
To run "git gc --prune" on a structure of subdirectories of git repositories, like for example a /git directory on a server:</p>
find /git -type d -execdir sh -c '[ -f "description" ] && sudo git gc --prune' \;`
</code></pre>


git gc and bup
Unknown — Sat, 31 Dec 2011 00:34:23 +0000
To avoid the OOM killer after a git gc</code> call on a bup repository:</p>
$ git config --global pack.windowMemory 512m
$ git config --global pack.threads 10
</code></pre>


Backup LVM LV with bup
Unknown — Sat, 31 Dec 2011 00:11:50 +0000
Bup is a backup software that uses git for storage. Bup imports chunks of files to deduplicate large files.</p>
$ cat /dev/mapper/virtualmachines-sarge | bup split -n virtualmachines-sarges
bloom: adding 1 file (10967 objects).
$ bup join virtualmachines-sarges > /tmp/sarges.img
$ file /tmp/sarges.img /tmp/sarges.img: x86 boot sector; GRand Unified Bootloader, stage1 version 0x3, stage2 address 0x2000, stage2 segment 0x200, GRUB version 0.94; partition 1: ID=0x83, active, starthead 1, startsector 63, 9976302 sectors; partition 2: ID=0x5, starthead 0, startsector 9976365, 498015 sectors, code offset 0x48
</code></pre>


Wininetd 0.7
Unknown — Sun, 04 Dec 2011 22:29:25 +0000
Just a reminder, this is the command line needed to build WinInetd</a> with gcc:</p>
gcc service.c wininetd.c -lws2_32 -lm
</code></pre>


OpenSSL1.0.0e+Net::SSLeay on Windows
Unknown — Sat, 03 Dec 2011 01:24:37 +0000
I managed to get Net::SSLeay to work with the latest OpenSSL release. Here are just some notes for myself.</p>
OpenSSL test-suite build will fail but the .a and the openssl.exe files are ok.</p>
; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD\_LIBRARY\_PATH=$LIBPATH:$LD\_LIBRARY\_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=ideatest.exe} ideatest.o ${LIBDEPS} )
make[2]: Leaving directory `/cygdrive/c/strawberry/openssl-1.0.0e/test'
gcc -I.. -I../include -DOPENSSL\_THREADS -D\_MT -DDSO\_WIN32 -DL\_ENDIAN -DWIN32\_LEAN\_AND\_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL\_BN\_ASM\_PART\_WORDS -DOPENSSL\_IA32\_SSE2 -DOPENSSL\_BN\_ASM\_MONT -DSHA1\_ASM -DSHA256\_ASM -DSHA512\_ASM -DMD5\_ASM -DRMD160\_ASM -DAES\_ASM -DWHIRLPOOL\_ASM -c -o md2test.o md2test.c
md2test.c:1: error: expected identifier or '(' before '!' token
md2test.c:1: error: stray '\\377' in program
md2test.c:1: error: stray '\\376' in program
md2test.c:1:14: warning: null character(s) ignored
md2test.c:1:16: warning: null character(s) ignored
md2test.c:1:18: warning: null character(s) ignored
md2test.c:1:20: warning: null character(s) ignored
md2test.c:1:22: warning: null character(s) ignored
md2test.c:1:24: warning: null character(s) ignored
md2test.c:1:26: warning: null character(s) ignored
md2test.c:1:28: warning: null character(s) ignored
md2test.c:1:30: warning: null character(s) ignored
md2test.c:1:32: warning: null character(s) ignored
md2test.c:1:34: warning: null character(s) ignored
: recipe for target `md2test.o' failed
make[1]: \*\*\* [md2test.o] Error 1
make[1]: Leaving directory `/cygdrive/c/strawberry/openssl-1.0.0e/test'
Makefile:255: recipe for target `build\_tests' failed
make: \*\*\* [build\_tests] Error 1 Administrator@ordi-de-gon▒ri /cygdrive/c/strawberry/openssl-1.0.0e
</code></pre>
The openssl.exe binary is in apps/ on Windows, not bin. Net::SSLeay's Makefile.PL file fails to find the OpenSSL distribution because of that.</p>
(...)
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x251a): undefined reference to `\_imp\_\_CertOpenStore@20'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x255f): undefined reference to `imp\_\_CertFreeCertificateContext@4'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x2576): undefined reference to `\_imp\_\_CertCloseStore@8'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x25d5): undefined reference to `\_imp\_\_CertEnumCertificatesInStore@8'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x2e1a): undefined reference to `\_imp\_\_CertOpenStore@20'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x2e4d): undefined reference to `\_imp\_\_CertEnumCertificatesInStore@8'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x2f28): undefined reference to `\_imp\_\_CertDuplicateCertificateContext@4'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x2fb1): undefined reference to `\_imp\_\_CertCloseStore@8'
c:\\strawberry\\openssl-1.0.0e\\libcrypto.a(e\_capi.o):e\_capi.c:(.text+0x30e6): undefined reference to `\_imp\_\_CertFreeCertificateContext@4'
collect2: ld returned 1 exit status
dmake: Error code 129, while making 'blib\\arch\\auto\\Net\\SSLeay\\SSLeay.dll'
</code></pre>
The patch to apply to get Net::SSLeay to build.</p>
--- Net-SSLeay-1.42.orig/inc/Module/Install/PRIVATE/Net/SSLeay.pm 2011-10-03 08:23:34.000000000 +0200
+++ Net-SSLeay-1.42/inc/Module/Install/PRIVATE/Net/SSLeay.pm 2011-12-03 02:22:28.286660290 +0100
@@ -90,7 +90,7 @@ EOM # libeay32 and ssleay32. # This construction will not complain as long as it find at least one # libssl32.a is made by openssl onWin21 with the ms/minw32.bat builder
- push @{ $opts-\>{lib\_links} }, qw( libeay32MD ssleay32MD libeay32 ssleay32 libssl32);
+ push @{ $opts-\>{lib\_links} }, qw( libssl libcrypto Crypt32 ); } else { $opts-\>{optimize} = '-O2 -g'; push @{ $opts-\>{lib\_links} },
@@ -172,9 +172,10 @@ sub find\_openssl\_exec { my ($self, $prefix) = @\_; my $exe\_path;
- for my $subdir (qw( bin sbin out32dll )) {
+ for my $subdir (qw( apps bin sbin out32dll )) { my $path = File::Spec-\>catfile($prefix, $subdir, "openssl$Config{\_exe}");
- if ( -x $path ) {
+
+ if ( -e $path ) { return $path; } }
</code></pre>


How to build Thunderbird 3.0.4 from source
Unknown — Thu, 22 Apr 2010 13:13:07 +0000
Commit references can be found in the release notes on the wiki: https://wiki.mozilla.org/Releases/Thunderbird_3.0.4</a></p>
hg clone -r b8e06312e645 http://hg.mozilla.org/releases/comm-1.9.1 thunderbird
cd thunderbird
echo 'ac_add_options --enable-application=mail' > .mozconfig
echo 'mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/objdir-tb-release' >> .mozconfig
hg clone -r ead1204d8b81 http://hg.mozilla.org/releases/mozilla-1.9.1 mozilla
</code></pre>
Install the build dependencies (https://developer.mozilla.org/En/Simple_Firefox_build</a>).</p>
Now we can start the build</p>
make -f client.mk
</code></pre>


Debian Vserver cheat sheet
Unknown — Tue, 09 Mar 2010 17:55:05 +0000
This is just to keep track for myself on how to create a Vserver with Internet connectivity.</p>
Create the network interface</strong> Edit /etc/network/interfaces</code> and add:</p>
auto dummy0
iface dummy0 inet static address 192.168.50.1 netmask 255.255.255.0
</code></pre>
Restart the network</strong> /etc/init.d/networking restart</code></p>
Turn the NAT on</strong></p>
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
</code></pre>
Replace eth0 with the network interface you use for your network access.</p>
Create the VM</strong> sudo vserver build build -n cyrus2.3 -m debootstrap --netdev dummy0 --interface 192.168.50.2/24 -- -d lenny</code></p>
Enter the VM</strong></p>
sudo vserver cyrus2.3 start
sudo vserver cyrus2.3 enter
</code></pre>


SheevaPlug
Unknown — Wed, 30 Dec 2009 21:54:00 +0000
SheevaPlug</a> + Debian = ♥♥♥♥</p>
Thank you Martin Michlmayr!</p>


How to query Windows Vista registry with Samba4 regshell
Unknown — Mon, 12 Oct 2009 15:15:50 +0000
In this example, I list the installed software on the Vista machine from a Debian Sid system using Samba</a> 4 packages.</p>
I had to enable (with lusrmgr.msc) and use the Administrator account.</p>
% regshell --remote=192.168.50.10 -U Administrateur%castorLapon
HKEY_CLASSES_ROOT> predef HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE> cd SOFTWARE
New path is: HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE> cd Microsoft
New path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft> cd Windows
New path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows> cd CurrentVersion
New path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion> cd Uninstall
New path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall> list
K 7-Zip
K AddressBook
K Adobe Flash Player ActiveX
K Bazaar_is1
K Connection Manager
K DirectDrawEx
K DXM_Runtime
K Fontcore
K IE40
K IE4Data
K IE5BAKEX
K IEData
K Microsoft .NET Framework 3.5 Language Pack SP1 - fra
K Microsoft .NET Framework 3.5 SP1
K MobileOptionPack
K Mozilla Firefox (3.5.3)
K MPlayer2
K OCS Inventory Agent
K PuTTY_is1
K SchedulingAgent
K Vim 7.2
K WIC
K {205C6BDD-7B73-42DE-8505-9A093F35A238}
K {26A24AE4-039D-4CA4-87B4-2F83216016FF}
K {3E31821C-7917-367E-938E-E65FC413EA31}
K {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
K {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
K {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
K {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
K {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
K {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
K {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
K {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
K {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
K {F18B31E4-E2E3-4F4F-A2C9-BA579D6AF400}
K {FC857AFE-FC36-3C91-BC17-F8E233C21B4B}
</code></pre>


thunderbird 2.0.0.23 built by Mozilla and Debian Squeeze
Unknown — Thu, 03 Sep 2009 16:40:04 +0000
Mozilla still builds against libstdc++5...</p>
/opt/thunderbird-2.0.0.23$ ./thunderbird
./thunderbird-bin: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory
</code></pre>
The solution is very simple. Just use libstdc++5 from Lenny:</p>
wget http://ftp.fi.debian.org/debian/pool/main/g/gcc-3.3/libstdc++5_3.3.6-18_i386.deb
sudo dpkg -i libstdc++5_3.3.6-18_i386.deb
</code></pre>


Nouveau blog !
Unknown — Thu, 06 Aug 2009 22:21:57 +0000
Après plus d'une année de réflexion, j'ai laissé tomber l'administration de mon propre Wordpress et je ne switcherai finalement pas à pyBlosxon que je trouve un peu juste au niveau interactivité.</p>
Donc finalement me voila chez Wordpress.com</a></p>
Je vais de nouveau avoir un outil pour raler de façon efficace !</p>


S270 Wifi au boot sur Debian Sid
Unknown — Sat, 07 Jan 2006 03:11:00 +0000
Ce soir, j'ai découvert que pour que les parametres wireless_* du /etc/network/interfaces l'interface doit déjà être "up".</p>
Voila ce que ça donne :</p>
iface eth1 inet dhcp
# j'up l'interface avant tout
pre-up ifconfig eth1 up
wireless_mode managed
wireless_channel 6
wireless_nick clara
wireless_key off
# sinon j'ai des problemes de stablitié du signal
wireles_rate 11M
# essid en dernier !
wireless_essid BZH
</code></pre>
J'ai ce problème avec le chipset rt2500, ça mérite surement un rapport de bug :). A étudier…</p>


Klibido in Sid
Unknown — Sun, 18 Sep 2005 14:00:00 +0000
So, Klibido 0.2.4.1</a> is the first release to enter in Debian Sid :).</p>


klibido
Unknown — Sat, 17 Sep 2005 12:11:00 +0000
Yesterday my Sponsor, Neil McGovern, uploaded klibido. That means, if every thing is ok, that klibido will enter Sid quickly.</p>


klibido 0.2.3.4.1
Unknown — Thu, 15 Sep 2005 00:14:00 +0000
</p>
Well, tonight a updated klibido</a> with the last bugs fix release from Bauno.</p>


Sarge user:
Add this line in your /etc/apt/sources.list unless that's allready done.</p>

deb http://orniere-du-globe.net/debian/ ./</p>
</blockquote>
</li>

Sid use:
Add this line:</p>

deb http://orniere-du-globe.net/debian**-sid**/ ./</p>
</blockquote>
</li>
</ul>
Then you've just to:</p>

apt-get update
apt-get install klibido</p>
</blockquote>
Ubuntu users, you'll certainly have to rebuild the package. If you do the job, please can you submit a link with a fresh package in the comments.</p>


klibido 0.2.4
Unknown — Sat, 10 Sep 2005 01:01:00 +0000
New klibido release: 0.2.4-1</p>

deb http://orniere-du-globe.net/debian-sid/ ./</p>
</blockquote>
Because of the gcc4 ABI transition, the package is break on Sarge.</p>
Update: Klibido is in Debian Unstable now. Don't use this repository anymore.</p>


Debian Sarge
Unknown — Sat, 20 Aug 2005 01:43:00 +0000
Je commençais a en avoir marre de la migration vers gcc4 qui se passe en se moment sur Sid. Mon système devenait de plus en plus nonchalant. Je me suis donc installé une Sarge le temps que les choses se calment un peu. C'est cool de pouvoir faire un «apt-get install gnome kde» sans avoir un troupeau d'erreur qui pète a la gueule.</p>
Le paquet de klibido</a> ne s'installe pas sur Sid, je suis au courant. De toutes façons, c'est l'ensemble de KDE qui marche sur 3 roues en ce moment. Dès que possible, c'est a dire lorsque KDE 3.4 sera intégré, je metterai a jour le paquage de klibido pour gcc4 et qu'il puisse enfin rentrer sur la Sid.</p>
Ce soir, j'ai corrigé 2 bugs de klibido, maintenant on peut annuler si l'on a lancé klibido par erreur et que l'on ne veut pas le configurer. Il ne reste plus qu'a esperer que Bauno ne le trouve pas trop cracra et l'accepte :).</p>


overclocking
Unknown — Sun, 26 Jun 2005 16:56:00 +0000
Avec mon pc qui me rappelle régulièrement qu'il a très chaud en plantant joyeusement, j'ai trouvé l'illustration de ce poste</a> particulièrement marrante :) (blog de Dew</a>).</p>


addimage.py
Unknown — Sun, 26 Jun 2005 05:22:00 +0000
Jusque a présent, pour ajouter des photos sur mon blog, je n'ai qu'a appeller le fichier avec un script Perl qui se charge de l'uploader proprement sur le serveur.</p>
Suite au prosélitisme de Dukez</a>, j'ai fini par vouloir tester le language Python</a>, c'est ainsi que j'ai refais mon script dans ce language. Le script addimage.py</a> est l'oeuvre d'un debutant, j'implore votre indulgence fasse a la qualité du code :|.</p>
Le script se charge de généré une image miniature si l'on upload une image et qu'elle est superieur a une certaine taille. Il place les fichiers dans un dossier qui créé en fonction de la date. Par exemple 19810611 pour le 11 Juin 1981. Enfin, a la fin du processus, il affiche le code html qui ne reste plus qu'a copier-coller.</p>


klibido 0.2.3-2
Unknown — Sat, 25 Jun 2005 00:48:00 +0000
</p>
I've just finish to update the klibido</a> package for Debian. For the moment, it can't be upload in the official repository before the end of the gcc4 ABI transition</a>. The majors changes are the inclusion of Bauno's "Please subscribe me!" patch and another patch from Loïc Pefferkorn.</p>
Loïc Pefferkorn decided to package klibido for Ubuntu, since this distribution is based on Debian he asked me for working together. Welcome Loïc !
Tonight i add a patch from him to move the "klibido.desktop" file to a more common place. Thanks ;).</p>
To install klibido on you Debian, please add this lines on your /etc/apt/sources.list file.</p>

deb http://orniere-du-globe.net/debian ./
deb-src http://orniere-du-globe.net/debian ./</p>
</blockquote>
Than you have just to update the index and install it.</p>

apt-get update
apt-get install klibido</p>
</blockquote>


UML avec rootstrap
Unknown — Sat, 18 Jun 2005 00:16:00 +0000
Introduction</h2>
Depuis, quelques temps, je voulais pouvoir m'installer une Ubuntu</a> et une Debian</a> Sarge afin de pouvoir mieux vérifier les paquages de Klibido</a>.</p>
Sukria</a> m'avait expliqué qu'il utilisait vserver</a> pour avoir un système virtuel tous en gardant de très bonne performance. Je pensais aussi a Xen Linux qui permet plus ou moins la même chose. Ce qui m'a découragé, c'est que dans les deux cas, il faut recompiler la kernellette et j'ai un chipset IT8212 qui n'est supporté que dans les branche -ac et -mm du Kernel, or, j'ai clairement la flemme de me prendre la tête a repasser sur un kernel "officiel" pour ensuite le patcher.</p>
Déploiment</h2>
Donc me voila parti sur UserModeLinux</a> (UML) qui est certe plus lent, mais qui marche très bien sur un kernel classique. Pour l'installation de la partition, j'ai utilisé rootstrap.</p>
apt-get install rootstrap user-mode-linux
</code></pre>
La configuration est dans /etc/rootstrap/rootstrap.conf</p>
[global]
fstype=ext2
initialsize=2048
freespace=0
modules=network mkfs mount debian uml umount
PATH=/bin:/sbin:/usr/bin:/usr/sbin

[network]
hostname=sarge
interface=eth0
transport=tuntap
host=192.168.0.69
uml=192.168.0.15
nameserver=213.228.0.95
gateway=192.168.0.1
</code></pre>


Klibido dans Debian
Unknown — Fri, 17 Jun 2005 23:56:00 +0000
</p>
Aujourd'hui, Neil McGovern, mon sponsor Debian a uploader klibido dans la distribution Debian Sid, le pocessus prend quelques jours et normalement d'ici le milieu de la semaine prochaine, le paquage devrait être disponible pour tous le monde.</p>
Donc, voila, si tous se passe bien, d'ici la fin de la semaine prochaine je serai officiellement maintenant Debian \o/, a moi les bimbos nues ! Au passage, merci Alexis</a> pour ton aide ;).</p>


Tunning
Unknown — Sat, 04 Jun 2005 11:35:00 +0000
Je me suis un peu amusé a bidouillé mon interface.</p>
</a></p>


DotClear Vs Wordpress
Unknown — Tue, 31 May 2005 17:45:00 +0000
Finalement, après quelques heures d'utilisation, j'ai prit la décision de revenir à Wordpress. Le problème qui m'a fait changer d'avis est que les liens qui pointes sur mes pages statiques générées par Wordpress font tomber dans le vide intersidéral du Ouaïb ! Et ça, c'est inacceptable !</p>
D'un autre coté je suis vraiment contant de DotClear et en particulier de la vitesse d'affichage. Maintenant que je sais que l'on peut basculer assez facilement, je tâcherais de switcher lorsque j'aurais trouvé une solution.</p>


MSN search
Unknown — Tue, 31 May 2005 17:26:00 +0000
Depuis quelques mois déjà, j'utilise une extension pour Firefox</a> qui permet d'avoir une miniature de chaques pages que listé dans les résultats de Google. C'est très pratique lorsque on est a la recherche d'un site que l'on a fermé trop vite et que l'on n'a qu'un vague souvenir de sa charte graphique...</p>
MSN sembe s'y être mis aussi</a>, il est maintenant possible d'avoir une miniature du site a coté de la recherche. Pour le moment la feature n'est pas utilisé sur le site principal. C'est curieux de voir que lorsque Microsft n'a pas le monomple, il cherche a inover.</p>
Il ne reste plus qu'a espérer que Google intègre directement dans son moteur cette option.</p>


DotClear
Unknown — Tue, 31 May 2005 17:24:00 +0000
Ce soir, je voulais mettre à jour mon Wordpress</a> pour corriger les derniers problèmes de sécurités. Au final, me voila avec un DotClear</a> tous neuf :).</p>
La migration c'est bien passé à l'exeption d'un probleme d'id pour la catégorie «Générale».</p>


Mainactor 5.5
Unknown — Tue, 10 May 2005 01:24:00 +0000
</a></p>
La société allemande Mainconcept</a> a décidé de sortir Mainactor 5.5 pour Linux. Cette sortie a été faite avant celle pour Windows. Surement une façon pour eux de se faire la publicité facilement (la preuve) en faisant parler d'eux et de tester leur nouveau logiciel de montage vidéo sur une base plus réduite d'utilisateurs.</p>
Je viens d'essayer le logiciel, c'est la première fos que j'arrive a monter facilement un petit film sous Linux. Jusque a présent les logiciels que j'avais essayé m'imposait soit le DV ou des formats obscures pour moi, pauvre nOob de la vidéo :). Durant mon teste, je n'ai rencontré qu'un petit couâk. Un plantage durant un "Undo". Lorsque j'ai relancé le logiciel, il a restauré proprement le fichier lui même. Globalement, je reste sur une très bonne impression.</p>

Gonéri's blog

Delete all the files older than a specific date

Quickly-validate-a-kubernetes-pull-secret

Run VSCode-Ansible tests locally

Claude and Github MCP tools

Virt-Lightning 2.5.0

What's new in 2.5.0</h2> This release brings several improvements to image management:</p>

FreeBSD 15 comes with an official Cloud image

Run Virt-Lightning on CoreOS

Migration to Zola

Installing CRC on CoreOS

Btrfs disk upgrade done wrong

Llama.cpp with Vulkan

numpy: AssertionError: CUDA_HOME is not set

Pushing a container image over SSH

Allow broken certificate for a specific host with Python's requests

List all pods by age that are not from OpenShift

Ollama: apply a Lora on a model

VSCode container and OAuth2 Web callback

bsd-cloud-image.org 2nd^w3rd rewrite

firewalld: add a new service

Sharing Internet connection on Fedora 40

Vidéotron Helix Fi 2

AWS: How to retrieve a KeyPair private key

Nextcloud photo backups

My GNOME configuration and its extensions

BSD-Cloud-Image.org new images

Elixir: xmerl/include/xmerl.hrl could not be found

Virt-Lightning 2.2.0

Ansible's vmware.vmware_rest collection, Execution Environment and ansible-navigator

Connect to ZooKeeper over TLS/SSL

Zuul cheat sheet

Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!

Ansible Molecule, how to use the local copy of the dependencies

Extract data from an Android phone

Performance: expanduser with pathlib or os.path

Ansible collections and venv

Update on BSD Cloud Image

0ad, Firewall and Fedora33

eGPU, Wayland, Gnome3 and Fedora

How to waste a Friday...

My Github workflow

Ansible: How we prepare the vSphere instances of the VMware CI

Conclusion</h2> You can upload the image in your OpenStack project with the following command:</p>

Ansible and k8s: How to get the K8S_AUTH_API_KEY value?

Ansible: Performance Impact of the Python version

How to start minishift on Fedora-33

Start minishift (with sudo...)</h3> sudo minishift</p>

And configure the local user</h3> sudo cp -r /root/.kube /home/goneri sudo chown -R goneri:goneri /home/goneri/.kube </code></pre>

How to speed up your (API client) modules

How we use auto-generated content in the documentation of our Ansible collection

vmware_rest: why a new Ansible Collection?

CI of the Ansible modules for VMware: a retrospective

Let's build some VMware Cloud images!</h2> To run a VM in a cloud environment, it has to match the following requirements:</p>

The CI integration</h3> Each Ansible module is different, which makes for different test requirements. We've got 3 topologies:</p>

Cloud images, which one is the fastest?

How to clean Docker up when used on Btrfs

Create thumbnail images of a set of pictures

Pbuilder on Debian kFreeBSD Wheezy

Getting BURP to use Puppet CA

Refresh all my git clones

Duide Antidote8 sur Debian Sid

Finally, a 4096 GnuPG key

Avahi / Bonjour on Windows

ext4 with barrier=1 and performance

Debian Wheezy and cfengine

Prefetch apt packages

git gc --prune on a complete directory structure

git gc and bup

Backup LVM LV with bup

Wininetd 0.7

OpenSSL1.0.0e+Net::SSLeay on Windows

How to build Thunderbird 3.0.4 from source

Debian Vserver cheat sheet

SheevaPlug

How to query Windows Vista registry with Samba4 regshell

thunderbird 2.0.0.23 built by Mozilla and Debian Squeeze

Nouveau blog !

S270 Wifi au boot sur Debian Sid

Klibido in Sid

Start minishift (with sudo...)</h3>
sudo minishift</p>

And configure the local user</h3>
`sudo cp -r /root/.kube /home/goneri sudo chown -R goneri:goneri /home/goneri/.kube </code></pre>`