When one is developing a daemonized service, it’s rather usual to encounter minor errors that require no further attention than just restarting the daemon. That could be like not being able to connect to a remote machine for some time:


Traceback (most recent call last):
(...)
File "python2.6/urllib2.py", line 1170, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "python2.6/urllib2.py", line 1145, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno 111] Connection refused>


Granted, we want to fix this on the code so that the daemon does not die, but meanwhile it’s good to have a safety net that we can rely on. That’s were supervisord comes in handy. Let’s see how it’s done.

Continue reading →

I’ve just pushed a set of trivial modules system scripts that will hopefully ease your deployment of Cloudera Distribution for Hadoop 3 Beta 4 on your university cluster… partly, at least. This sad “partly” made me think about the current state of things on IT and HPC.

Over time I’ve learnt that there are several unexpected issues when deploying hadoop on custom clusters that you don’t own. Those are mainly related to software management policies, non-root access (being auto-deployment unfriendly), quotas and queueing or “batch” systems.

Ignoring most of these “fixable” issues, it becomes apparent that the most juicy problem for a sysadmin trying to get the most of hadoop-related tools is the batch system. Be it SGE, SLURM or other non-DRMAA compliant exotic batch system implementations, you’ll have to deal with annoying integration quirks at some point, granted.

Making it all work can be challenging to say the least… but the question is: does it have to be that hard ?

Continue reading →

So you want to backup all your bas^H^H google documents ? You may do it manually, but isn’t it more interesting to do it by code ?

GoogleCL has been around for a while, but it’s becoming more stable and interesting as time goes on. Let’s see how to install it first, since the documented way on INSTALL.txt is broken at the time of writing these lines.

Continue reading →

I would have preferred that my Android 1.6 device supported OpenVPN out of the box. Unfortunately, this is only available for rooted devices and a bit of suffering. Instead, I went for configuring IPsec inside L2TP VPN server. All of it stuffed into an old and low-end Soekris net4511 board running Voyage Linux.

First, I will just redirect you to the well-documented, lengthy but primary resource:

Using a Linux L2TP/IPsec VPN server

On the client side, this post is quite complete:

Adding VPN connections to Android 1.6 (Donut)

If you’re feeling impatient and brave, perhaps you’ll succeed with the configuration files that follow (they worked for me)… since those are highly dependant on your network setup, YMMV, a lot.

Before jumping right into the meat and to avoid confusion, let’s see what is the game all these evil daemons are going to play:

1. A client (my android phone), connects to the server on port 4500.
2. IPsec server (OpenSWAN) responds and asks for the PSK.
3. If the previous “gatekeeper” is ok with you, control is handed over L2TP, the other “tunnel keeper” who will ask for another password.
4. If L2TP is satisfied with your answer, PPPD, the ancient UNIX beast will be waken up and ask for… your user and password !
5. Congrats ! You’re survived the gates, now you’re on your home network from your smartphone, ain’t it cool ?

Continue reading →

In one single day I had to deal with two nasty tricks to get the following e-administration to work properly:

1. My swedish e-legitimation BankID software token.
2. My spanish digital certificate renewal request.

The first one failed to authenticate (silently!) because the (propietary) software, BankID, refused to work properly on 64-bit Ubuntu. Adding a wrapper solved the issue:


sudo apt-get install nspluginwrapper
sudo nspluginwrapper -i /usr/local/lib/personal/libplugins.so


On the other hand, the spanish counterpart, complained like this:

"Su certificado no ha permitido generar una firma válida"

Pasting the error on google sufficed to find the solution as well.

Now I wonder how our mums can cope with these big user annoyances :-S

Hopefully not everything is a lost cause here… openness and common sense in security seem to start making their way on Spain regarding DNIe: PKCS11 sources have been recently released !.