[homepage.git] / blog / tags / sysadmin / sysadmin.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
        <channel>
                <title>Petter Reinholdtsen - Entries tagged sysadmin</title>
                <description>Entries tagged sysadmin</description>
                <link>http://www.hungry.com/~pere/blog/</link>

        
        <item>
                <title>Some of my 2024 free software activities</title>
                <link>http://www.hungry.com/~pere/blog/Some_of_my_2024_free_software_activities.html</link>
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Some_of_my_2024_free_software_activities.html</guid>
                <pubDate>Mon, 10 Feb 2025 09:30:00 +0100</pubDate>
                <description>&lt;p&gt;It is a while since I posted a summary of the free software and
open culture activities and projects I have worked on.  Here is a
quick summary of the major ones from last year.&lt;/p&gt;

&lt;p&gt;I guess the biggest project of the year has been migrating orphaned
packages in Debian without a version control system to have a git
repository on salsa.debian.org.  When I started in April around 450
the orphaned packages needed git.  I&#39;ve since migrated around 250 of
the packages to a salsa git repository, and around 40 packages were
left when I took a break.  Not sure who did the around 160 conversions
I was not involved in, but I am very glad I got some help on the
project.  I stopped partly because some of the remaining packages
needed more disk space to build than I have available on my
development machine, and partly because some had a strange build setup
I could not figure out.  I had a time budget of 20 minutes per
package, if the package proved problematic and likely to take longer,
I moved to another package.  Might continue later, if I manage to free
up some disk space.&lt;/p&gt;

&lt;p&gt;Another rather big project was the translation to Norwegian Bokmål
and publishing of the first book ever published by a Sámi woman, the
«&lt;a href=&quot;http://www.hungry.com/~pere/publisher/#infoerlifellerdoed2024&quot;&gt;Møter
vi liv eller død?&lt;/a&gt;» book by Elsa Laua, with a PD0 and CC-BY
license.  I released it during the summer, and to my surprise it has
already sold several copies.  As I suck at marketing, I did not expect
to sell any.&lt;/p&gt;

&lt;p&gt;A smaller, but more long term project (for more than 10 years now),
and related to orphaned packages in Debian, is my project to ensure a
simple way to install hardware related packages in Debian when the
relevant hardware is present in a machine.  It made a fairly big
advance forward last year, partly because I have been poking and
begging package maintainers and upstream developers to include
AppStream metadata XML in their packages.  I&#39;ve also released a few
new versions of the isenkram system with some robustness improvements.
Today 127 packages in Debian provide such information, allowing
&lt;tt&gt;isenkram-lookup&lt;/tt&gt; to propose them.  Will keep pushing until the
around 35 package names currently hard coded in the isenkram package
are down to zero, so only information provided by individual packages
are used for this feature.&lt;/p&gt;

&lt;p&gt;As part of the work on AppStream, I have sponsored several packages
into Debian where the maintainer wanted to fix the issue but lacked
direct upload rights.  I&#39;ve also sponsored a few other packages, when
approached by the maintainer.&lt;/p&gt;

&lt;p&gt;I would also like to mention two hardware related packages in
particular where I have been involved, the megactl and mfi-util
packages.  Both work with the hardware RAID systems in several Dell
PowerEdge servers, and the first one is already available in Debian
(and of course, proposed by isenkram when used on the appropriate Dell
server), the other is waiting for NEW processing since this autumn.  I
manage several such Dell servers and would like the tools needed to
monitor and configure these RAID controllers to be available from
within Debian out of the box.&lt;/p&gt;

&lt;p&gt;Vaguely related to hardware support in Debian, I have also been
trying to find ways to help out the Debian ROCm team, to improve the
support in Debian for my artificial idiocy (AI) compute node.  So far
only uploaded one package, helped test the initial packaging of
llama.cpp and tried to figure out how to get good speech recognition
like Whisper into Debian.&lt;p&gt;

&lt;p&gt;I am still involved in the LinuxCNC project, and organised a
developer gathering in Norway last summer.  A new one is planned the
summer of 2025.  I&#39;ve also helped evaluate patches and uploaded new
versions of LinuxCNC into Debian.&lt;/p&gt;

&lt;p&gt;After a 10 years long break, we managed to get a new and improved
upstream version of &lt;tt&gt;lsdvd&lt;/tt&gt; released just before Christmas.  As
I use it regularly to maintain my DVD archive, I was very happy to
finally get out a version supporting DVDDiscID useful for uniquely
identifying DVDs.  I am dreaming of a Internet service mapping DVD IDs
to IMDB movie IDs, to make life as a DVD collector easier.&lt;/p&gt;

&lt;p&gt;My involvement in Norwegian archive standardisation and the free
software implementation of the vendor neutral Noark 5 API continued
for the entire year.  I&#39;ve been pushing patches into both the API and
the test code for the API, participated in several editorial meetings
regarding the Noark 5 Tjenestegrensesnitt specification, submitted
several proposals for improvements for the same.  We also organised a
small seminar for Noark 5 interested people, and is organising a new
seminar in a month.&lt;/p&gt;

&lt;p&gt;Part of the year was spent working on and coordinating a Norwegian
Bokmål translation of the marvellous children&#39;s book
«&lt;a href=&quot;https://fsfe.org/activities/ada-zangemann/&quot;&gt;Ada and
Zangemann&lt;a&gt;», which focus on the right to repair and control your own
property, and the value of controlling the software on the devices you
own.  The translation is mostly complete, and is now waiting for a
transformation of the project and manuscript to use Docbook XML
instead of a home made semi-text based format.  Great progress is
being made and the new book build process is almost complete.&lt;/p&gt;

&lt;p&gt;I have also been looking at how to companies in Norway can use free
software to report their accounting summaries to the Norwegian
government.  Several new regulations make it very hard for companies
to do use free software for accounting, and I would like to change
this.  Found a few drafts for opening up the reporting process, and
have read up on some of the specifications, but nothing much is
working yet.&lt;/p&gt;

&lt;p&gt;These were just the top of the iceberg, but I guess this blog post
is long enough now. If you would like to help with any of these
projects, please get in touch, either directly on the project mailing
lists and forums, or with me via email, IRC or Signal. :)&lt;/p&gt;
 
&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Secure Socket API - a simple and powerful approach for TLS support in software</title>
                <link>http://www.hungry.com/~pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html</link>
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html</guid>
                <pubDate>Sat, 6 Jun 2020 12:40:00 +0200</pubDate>
                <description>&lt;p&gt;As a member of the &lt;a href=&quot;https://www.nuug.no/&quot;&gt;Norwegian Unix
User Group&lt;/a&gt;, I have the pleasure of receiving the
&lt;a href=&quot;https://www.usenix.org/&quot;&gt;USENIX&lt;/a&gt; magazine
&lt;a href=&quot;https://www.usenix.org/publications/login/&quot;&gt;;login:&lt;/a&gt;
several times a year.  I rarely have time to read all the articles,
but try to at least skim through them all as there is a lot of nice
knowledge passed on there.  I even carry the latest issue with me most
of the time to try to get through all the articles when I have a few
spare minutes.&lt;/p&gt;

&lt;p&gt;The other day I came across a nice article titled
&quot;&lt;a href=&quot;https://www.usenix.org/publications/login/winter2018/oneill&quot;&gt;The
Secure Socket API: TLS as an Operating System Service&lt;/a&gt;&quot; with a
marvellous idea I hope can make it all the way into the POSIX standard.
The idea is as simple as it is powerful.  By introducing a new
socket() option IPPROTO_TLS to use TLS, and a system wide service to
handle setting up TLS connections, one both make it trivial to add TLS
support to any program currently using the POSIX socket API, and gain
system wide control over certificates, TLS versions and encryption
systems used.  Instead of doing this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;the program code would be doing this:&lt;p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS);
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;According to the ;login: article, converting a C program to use TLS
would normally modify only 5-10 lines in the code, which is amazing
when compared to using for example the OpenSSL API.&lt;/p&gt;

&lt;p&gt;The project has set up the
&lt;a href=&quot;https://securesocketapi.org/&quot;&gt;https://securesocketapi.org/&lt;/a&gt;
web site to spread the idea, and the code for a kernel module and the
associated system daemon is available from two github repositories:
&lt;a href=&quot;https://github.com/markoneill/ssa&quot;&gt;ssa&lt;/a&gt; and
&lt;a href=&quot;https://github.com/markoneill/ssa-daemon&quot;&gt;ssa-daemon&lt;/a&gt;.
Unfortunately there is no explicit license information with the code,
so its copyright status is unclear.  A
&lt;a href=&quot;https://github.com/markoneill/ssa/issues/2&quot;&gt;request to solve
this&lt;/a&gt; about it has been unsolved since 2018-08-17.&lt;/p&gt;

&lt;p&gt;I love the idea of extending socket() to gain TLS support, and
understand why it is an advantage to implement this as a kernel module
and system wide service daemon, but can not help to think that it
would be a lot easier to get projects to move to this way of setting
up TLS if it was done with a user space approach where programs
wanting to use this API approach could just link with a wrapper
library.&lt;/p&gt;

&lt;p&gt;I recommend you check out this simple and powerful approach to more
secure network connections. :)&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Some notes on fault tolerant storage systems</title>
                <link>http://www.hungry.com/~pere/blog/Some_notes_on_fault_tolerant_storage_systems.html</link>
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Some_notes_on_fault_tolerant_storage_systems.html</guid>
                <pubDate>Wed, 1 Nov 2017 15:35:00 +0100</pubDate>
                <description>&lt;p&gt;If you care about how fault tolerant your storage is, you might
find these articles and papers interesting.  They have formed how I
think of when designing a storage system.&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;USENIX :login; &lt;a
href=&quot;https://www.usenix.org/publications/login/summer2017/ganesan&quot;&gt;Redundancy
Does Not Imply Fault Tolerance.  Analysis of Distributed Storage
Reactions to Single Errors and Corruptions&lt;/a&gt; by Aishwarya Ganesan,
Ramnatthan Alagappan, Andrea C. Arpaci-Dusseau, and Remzi
H. Arpaci-Dusseau&lt;/li&gt;

&lt;li&gt;ZDNet
&lt;a href=&quot;http://www.zdnet.com/article/why-raid-5-stops-working-in-2009/&quot;&gt;Why
RAID 5 stops working in 2009&lt;/a&gt; by Robin Harris&lt;/li&gt;

&lt;li&gt;ZDNet
&lt;a href=&quot;http://www.zdnet.com/article/why-raid-6-stops-working-in-2019/&quot;&gt;Why
RAID 6 stops working in 2019&lt;/a&gt; by Robin Harris&lt;/li&gt;

&lt;li&gt;USENIX FAST&#39;07
&lt;a href=&quot;http://research.google.com/archive/disk_failures.pdf&quot;&gt;Failure
Trends in a Large Disk Drive Population&lt;/a&gt; by Eduardo Pinheiro,
Wolf-Dietrich Weber and Luiz André Barroso&lt;/li&gt;

&lt;li&gt;USENIX ;login: &lt;a
href=&quot;https://www.usenix.org/system/files/login/articles/hughes12-04.pdf&quot;&gt;Data
Integrity.  Finding Truth in a World of Guesses and Lies&lt;/a&gt; by Doug
Hughes&lt;/li&gt;

&lt;li&gt;USENIX FAST&#39;08
&lt;a href=&quot;https://www.usenix.org/events/fast08/tech/full_papers/bairavasundaram/bairavasundaram_html/&quot;&gt;An
Analysis of Data Corruption in the Storage Stack&lt;/a&gt; by
L. N. Bairavasundaram, G. R. Goodson, B. Schroeder, A. C.
Arpaci-Dusseau, and R. H. Arpaci-Dusseau&lt;/li&gt;

&lt;li&gt;USENIX FAST&#39;07 &lt;a
href=&quot;https://www.usenix.org/legacy/events/fast07/tech/schroeder/schroeder_html/&quot;&gt;Disk
failures in the real world: what does an MTTF of 1,000,000 hours mean
to you?&lt;/a&gt; by B. Schroeder and G. A. Gibson.&lt;/li&gt;

&lt;li&gt;USENIX ;login: &lt;a
href=&quot;https://www.usenix.org/events/fast08/tech/full_papers/jiang/jiang_html/&quot;&gt;Are
Disks the Dominant Contributor for Storage Failures?  A Comprehensive
Study of Storage Subsystem Failure Characteristics&lt;/a&gt; by Weihang
Jiang, Chongfeng Hu, Yuanyuan Zhou, and Arkady Kanevsky&lt;/li&gt;

&lt;li&gt;SIGMETRICS 2007
&lt;a href=&quot;http://research.cs.wisc.edu/adsl/Publications/latent-sigmetrics07.pdf&quot;&gt;An
analysis of latent sector errors in disk drives&lt;/a&gt; by
L. N. Bairavasundaram, G. R. Goodson, S. Pasupathy, and J. Schindler&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;Several of these research papers are based on data collected from
hundred thousands or millions of disk, and their findings are eye
opening.  The short story is simply do not implicitly trust RAID or
redundant storage systems.  Details matter.  And unfortunately there
are few options on Linux addressing all the identified issues.  Both
ZFS and Btrfs are doing a fairly good job, but have legal and
practical issues on their own.  I wonder how cluster file systems like
Ceph do in this regard.  After all, there is an old saying, you know
you have a distributed system when the crash of a computer you have
never heard of stops you from getting any work done.  The same holds
true if fault tolerance do not work.&lt;/p&gt;

&lt;p&gt;Just remember, in the end, it do not matter how redundant, or how
fault tolerant your storage is, if you do not continuously monitor its
status to detect and replace failed disks.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Detecting NFS hangs on Linux without hanging yourself...</title>
                <link>http://www.hungry.com/~pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html</link>
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html</guid>
                <pubDate>Thu, 9 Mar 2017 15:20:00 +0100</pubDate>
                <description>&lt;p&gt;Over the years, administrating thousand of NFS mounting linux
computers at the time, I often needed a way to detect if the machine
was experiencing NFS hang.  If you try to use &lt;tt&gt;df&lt;/tt&gt; or look at a
file or directory affected by the hang, the process (and possibly the
shell) will hang too.  So you want to be able to detect this without
risking the detection process getting stuck too.  It has not been
obvious how to do this.  When the hang has lasted a while, it is
possible to find messages like these in dmesg:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
nfs: server nfsserver not responding, still trying
&lt;br&gt;nfs: server nfsserver OK
&lt;/blockquote&gt;&lt;/p&gt;
  
&lt;p&gt;It is hard to know if the hang is still going on, and it is hard to
be sure looking in dmesg is going to work.  If there are lots of other
messages in dmesg the lines might have rotated out of site before they
are noticed.&lt;/p&gt;

&lt;p&gt;While reading through the nfs client implementation in linux kernel
code, I came across some statistics that seem to give a way to detect
it.  The om_timeouts sunrpc value in the kernel will increase every
time the above log entry is inserted into dmesg.  And after digging a
bit further, I discovered that this value show up in
/proc/self/mountstats on Linux.&lt;/p&gt;

&lt;p&gt;The mountstats content seem to be shared between files using the
same file system context, so it is enough to check one of the
mountstats files to get the state of the mount point for the machine.
I assume this will not show lazy umounted NFS points, nor NFS mount
points in a different process context (ie with a different filesystem
view), but that does not worry me.&lt;/p&gt;

&lt;p&gt;The content for a NFS mount point look similar to this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
[...]
device /dev/mapper/Debian-var mounted on /var with fstype ext3
device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=1.1
        opts:   rw,vers=3,rsize=65536,wsize=65536,namlen=255,acregmin=3,acregmax=60,acdirmin=30,acdirmax=60,soft,nolock,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=129.240.3.145,mountvers=3,mountport=4048,mountproto=udp,local_lock=all
        age:    7863311
        caps:   caps=0x3fe7,wtmult=4096,dtsize=8192,bsize=0,namlen=255
        sec:    flavor=1,pseudoflavor=1
        events: 61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0 
        bytes:  166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809 
        RPC iostats version: 1.0  p/v: 100003/3 (nfs)
        xprt:   tcp 925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
        per-op statistics
                NULL: 0 0 0 0 0 0 0 0
             GETATTR: 61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
             SETATTR: 463469 463470 0 92005440 66739536 63787 603235 687943
              LOOKUP: 17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
              ACCESS: 14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
            READLINK: 125 125 0 20472 18620 0 1112 1118
                READ: 4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
               WRITE: 8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
              CREATE: 171708 171708 0 38084748 46702272 873 1041833 1050398
               MKDIR: 3680 3680 0 773980 993920 26 23990 24245
             SYMLINK: 903 903 0 233428 245488 6 5865 5917
               MKNOD: 80 80 0 20148 21760 0 299 304
              REMOVE: 429921 429921 0 79796004 61908192 3313 2710416 2741636
               RMDIR: 3367 3367 0 645112 484848 22 5782 6002
              RENAME: 466201 466201 0 130026184 121212260 7075 5935207 5961288
                LINK: 289155 289155 0 72775556 67083960 2199 2565060 2585579
             READDIR: 2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
         READDIRPLUS: 1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
              FSSTAT: 6144 6144 0 1010516 1032192 51 9654 10022
              FSINFO: 2 2 0 232 328 0 1 1
            PATHCONF: 1 1 0 116 140 0 0 0
              COMMIT: 0 0 0 0 0 0 0 0

device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
[...]
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The key number to look at is the third number in the per-op list.
It is the number of NFS timeouts experiences per file system
operation.  Here 22 write timeouts and 5 access timeouts.  If these
numbers are increasing, I believe the machine is experiencing NFS
hang.  Unfortunately the timeout value do not start to increase right
away.  The NFS operations need to time out first, and this can take a
while.  The exact timeout value depend on the setup.  For example the
defaults for TCP and UDP mount points are quite different, and the
timeout value is affected by the soft, hard, timeo and retrans NFS
mount options.&lt;/p&gt;

&lt;p&gt;The only way I have been able to get working on Debian and RedHat
Enterprise Linux for getting the timeout count is to peek in /proc/.
But according to
&lt;ahref=&quot;http://docs.oracle.com/cd/E19253-01/816-4555/netmonitor-12/index.html&quot;&gt;Solaris
10 System Administration Guide: Network Services&lt;/a&gt;, the &#39;nfsstat -c&#39;
command can be used to get these timeout values.  But this do not work
on Linux, as far as I can tell.  I
&lt;ahref=&quot;http://bugs.debian.org/857043&quot;&gt;asked Debian about this&lt;/a&gt;,
but have not seen any replies yet.&lt;/p&gt;

&lt;p&gt;Is there a better way to figure out if a Linux NFS client is
experiencing NFS hangs?  Is there a way to detect which processes are
affected?  Is there a way to get the NFS mount going quickly once the
network problem causing the NFS hang has been cleared?  I would very
much welcome some clues, as we regularly run into NFS hangs.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian Jessie, PXE and automatic firmware installation</title>
                <link>http://www.hungry.com/~pere/blog/Debian_Jessie__PXE_and_automatic_firmware_installation.html</link>
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Debian_Jessie__PXE_and_automatic_firmware_installation.html</guid>
                <pubDate>Fri, 17 Oct 2014 14:10:00 +0200</pubDate>
                <description>&lt;p&gt;When PXE installing laptops with Debian, I often run into the
problem that the WiFi card require some firmware to work properly.
And it has been a pain to fix this using preseeding in Debian.
Normally something more is needed.  But thanks to
&lt;a href=&quot;https://packages.qa.debian.org/i/isenkram.html&quot;&gt;my isenkram
package&lt;/a&gt; and its recent tasksel extension, it has now become easy
to do this using simple preseeding.&lt;/p&gt;

&lt;p&gt;The isenkram-cli package provide tasksel tasks which will install
firmware for the hardware found in the machine (actually, requested by
the kernel modules for the hardware).  (It can also install user space
programs supporting the hardware detected, but that is not the focus
of this story.)&lt;/p&gt;

&lt;p&gt;To get this working in the default installation, two preeseding
values are needed.  First, the isenkram-cli package must be installed
into the target chroot (aka the hard drive) before tasksel is executed
in the pkgsel step of the debian-installer system.  This is done by
preseeding the base-installer/includes debconf value to include the
isenkram-cli package.  The package name is next passed to debootstrap
for installation.  With the isenkram-cli package in place, tasksel
will automatically use the isenkram tasks to detect hardware specific
packages for the machine being installed and install them, because
isenkram-cli contain tasksel tasks.&lt;/p&gt;

&lt;p&gt;Second, one need to enable the non-free APT repository, because
most firmware unfortunately is non-free.  This is done by preseeding
the apt-mirror-setup step.  This is unfortunate, but for a lot of
hardware it is the only option in Debian.&lt;/p&gt;

&lt;p&gt;The end result is two lines needed in your preseeding file to get
firmware installed automatically by the installer:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
base-installer base-installer/includes string isenkram-cli
apt-mirror-setup apt-setup/non-free boolean true
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The current version of isenkram-cli in testing/jessie will install
both firmware and user space packages when using this method.  It also
do not work well, so use version 0.15 or later.  Installing both
firmware and user space packages might give you a bit more than you
want, so I decided to split the tasksel task in two, one for firmware
and one for user space programs.  The firmware task is enabled by
default, while the one for user space programs is not.  This split is
implemented in the package currently in unstable.&lt;/p&gt;

&lt;p&gt;If you decide to give this a go, please let me know (via email) how
this recipe work for you. :)&lt;/p&gt;

&lt;p&gt;So, I bet you are wondering, how can this work.  First and
foremost, it work because tasksel is modular, and driven by whatever
files it find in /usr/lib/tasksel/ and /usr/share/tasksel/.  So the
isenkram-cli package place two files for tasksel to find.  First there
is the task description file (/usr/share/tasksel/descs/isenkram.desc):&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
Task: isenkram-packages
Section: hardware
Description: Hardware specific packages (autodetected by isenkram)
 Based on the detected hardware various hardware specific packages are
 proposed.
Test-new-install: show show
Relevance: 8
Packages: for-current-hardware

Task: isenkram-firmware
Section: hardware
Description: Hardware specific firmware packages (autodetected by isenkram)
 Based on the detected hardware various hardware specific firmware
 packages are proposed.
Test-new-install: mark show
Relevance: 8
Packages: for-current-hardware-firmware
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The key parts are Test-new-install which indicate how the task
should be handled and the Packages line referencing to a script in
/usr/lib/tasksel/packages/.  The scripts use other scripts to get a
list of packages to install.  The for-current-hardware-firmware script
look like this to list relevant firmware for the machine:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
#
PATH=/usr/sbin:$PATH
export PATH
isenkram-autoinstall-firmware -l
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;With those two pieces in place, the firmware is installed by
tasksel during the normal d-i run. :)&lt;/p&gt;

&lt;p&gt;If you want to test what tasksel will install when isenkram-cli is
installed, run &lt;tt&gt;DEBIAN_PRIORITY=critical tasksel --test
--new-install&lt;/tt&gt; to get the list of packages that tasksel would
install.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://wiki.debian.org/DebianEdu/&quot;&gt;Debian Edu&lt;/a&gt; will be
pilots in testing this feature, as isenkram is used there now to
install firmware, replacing the earlier scripts.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Scripting the Cerebrum/bofhd user administration system using XML-RPC</title>
                <link>http://www.hungry.com/~pere/blog/Scripting_the_Cerebrum_bofhd_user_administration_system_using_XML_RPC.html</link>
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Scripting_the_Cerebrum_bofhd_user_administration_system_using_XML_RPC.html</guid>
                <pubDate>Thu, 6 Dec 2012 10:30:00 +0100</pubDate>
                <description>&lt;p&gt;Where I work at the &lt;a href=&quot;http://www.uio.no/&quot;&gt;University of
Oslo&lt;/a&gt;, we use the
&lt;a href=&quot;http://sourceforge.net/projects/cerebrum/&quot;&gt;Cerebrum user
administration system&lt;/a&gt; to maintain users, groups, DNS, DHCP, etc.
I&#39;ve known since the system was written that the server is providing
an &lt;a href=&quot;http://en.wikipedia.org/wiki/XML-RPC&quot;&gt;XML-RPC&lt;/a&gt; API, but
I have never spent time to try to figure out how to use it, as we
always use the bofh command line client at work.  Until today.  I want
to script the updating of DNS and DHCP to make it easier to set up
virtual machines.  Here are a few notes on how to use it with
Python.&lt;/p&gt;

&lt;p&gt;I started by looking at the source of the Java
&lt;a href=&quot;http://cerebrum.svn.sourceforge.net/viewvc/cerebrum/trunk/cerebrum/clients/jbofh/&quot;&gt;bofh
client&lt;/a&gt;, to figure out how it connected to the API server.  I also
googled for python examples on how to use XML-RPC, and found
&lt;a href=&quot;http://tldp.org/HOWTO/XML-RPC-HOWTO/xmlrpc-howto-python.html&quot;&gt;a
simple example in&lt;/a&gt; the XML-RPC howto.&lt;/p&gt;

&lt;p&gt;This simple example code show how to connect, get the list of
commands (as a JSON dump), and how to get the information about the
user currently logged in:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
#!/usr/bin/env python
import getpass
import xmlrpclib
server_url = &#39;https://cerebrum-uio.uio.no:8000&#39;;
username = getpass.getuser()
password = getpass.getpass()
server = xmlrpclib.Server(server_url);
#print server.get_commands(sessionid)
sessionid = server.login(username, password)
print server.run_command(sessionid, &quot;user_info&quot;, username)
result = server.logout(sessionid)
print result
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;Armed with this knowledge I can now move forward and script the DNS
and DHCP updates I wanted to do.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>