Crossed Wires

Vic’s Blog

My flood volunteering day

Jan 19

Posted by Vic in Life | No Comments

On Saturday (a couple of days ago as I type this) I volunteered to assist the cleanup in Brisbane’s suburbs — the city council organised volunteering locations where you could sign up and be transported to places that needed help.

The process was well organised, except at the location I went to where the buses departed from a nearby bus terminal — mildly inconvenient if you’d transported yourself to the bus terminal and walked to the marshalling site, only to have to walk yourself back to the bus terminal… But honestly, mild inconvenience was probably far from most people’s minds right then.

The registration process was quick and easy, but I missed the briefing entirely because in a crowded high school hall with a couple of hundred (at least) people inside our briefing was delivered by a lady equipped with a librarian’s clipboard and the voice to match.  A couple of people near me managed to pick up Oxley and Chelmer as potential locations, but I heard nothing else.

Council also seemed to have been a bit unprepared for the number of volunteers.  Two shifts — one morning, one afternoon — were planned, and 6000 volunteers were expected across the four sites over the day. By lunchtime it was announced that 7000 people had arrived for the morning shift alone!   There were not enough buses available after I’d been processed, so I and a couple of hundred other volunteers had to wait for transportation.

Part of the queue of volunteers waiting to be bussed to flood-devastated parts of Brisbane.

Part of the queue of volunteers waiting to be bussed to flood-devastated parts of Brisbane. The South-East Freeway is in the left of field -- that's where the horns of encouragement were coming from.

While we were standing in line for buses, the line stretched from the bus stop near Garden City across a bridge over the South East Freeway.  We must have been clearly visible to the freeway traffic below, standing there with our shovels and brooms and buckets, because several cars and trucks blew their horns in encouragement as they passed below.

Eventually we were on a bus, and along the way I got my first view of some of the devastation.  On Riawena Rd, muddy leaves on a roadside shrub near the bank of Stable Swamp Creek while we stood at traffic lights waiting to cross Beaudesert Road.   I looked up to the creek bank and saw a couple of porta-loos that had been unceremoniously dumped on the other side of the creek.   Then the traffic got moving, and we crossed Beaudesert Road to Granard Road, which was badly affected.  Riding in a council bus, I was looking out the window to business that were well higher than the road level, and the water line was a good metre or so up the wall — had my bus been there at the flood peak, it likely would have been submerged.  The front parking areas of the shops along Granard Road were littered with the contents of the various shops.  My breath caught in my throat.

And then, suddenly, everything was normal again as we crested the high ground midway along Granard Road.  I couldn’t help thinking “is that all?”.  I was quickly answered “No”, as the bus turned onto the Ipswich Motorway.

I would find out later we were headed for Oxley Road, but the off-ramp was still under a metre or so of water.   The Harvey Norman store at that off-ramp had a watermark at least a metre up the wall, and there was no-body around.  It was eerie, since the car park of the Good Guys store just up the road was teeming with people…  I later worked out that the HN store was probably still inaccessible.  So because the off-ramp we needed was inundated, we had to go well up the Motorway and backtrack, and since none of us really knew where we were going (other than generalities) we wondered if our driver was lost.  We did turn off onto Oxley Road however, to see a more human side of the tragedy.

I say “more human” now, looking back on my reaction to what I saw.  When it was stores and industry, it wasn’t as personal as seeing those first few houses along Oxley Road and the nearby streets…  Suddenly it was people’s homes, people’s lives, and it seemed somehow more real.  Some of the side streets were full of equipment helping clean up, others just seemed like normal streets (albeit very dirty and messy-looking streets).  Then, suddenly, just like happened on Granard Road, everything was normal again as we got to some high ground.

The roundabout at Oxley Station Road was under police control; they were stopping normal traffic from going any further up Oxley Road.  The roundabout was under a couple of inches of water still.  I realised that I was close to the house where a friend and former colleague used to live with his brother and a few mates.  I couldn’t remember exactly where the house was, but there’s a good chance it would have gone under.

Bridge Street, Chelmer

A mud-slick Bridge Street in Chelmer. Walking in vehicle wheel-tracks was essential.

I expected that we would be dropped off at any time, but we kept driving, back into high ground now, through Oxley, then Corinda, then at Sherwood we jockeyed across onto Honour Avenue (our spirits still fairly high, as we cheered the driver through a very tight left turn onto Sherwood Road from Oxley Road).  Still we drove on, leaving Sherwood and on through Graceville…

Just before the crest of the hill to get onto the Indooroopilly Bridge, at the intersection of Bridge Street, the bus stopped and the doors opened.  We were in Chelmer, and the support I was pretty-much expecting to be awaiting us, to direct our efforts and so-on, was non-existent.  We worked out fairly quickly that we simply had to find a place that looked like they needed help, and… help.

I took a couple of photos in that first part of the walk, but it was becoming too difficult to walk on the mud-slick streets and footpaths while looking for photo opportunities.  Besides, I realised that I was turning into a “flood tourist”.

Intersection of Oxley Road and Bridge Street in Chelmer

Intersection of Oxley Road and Bridge Street -- starting to get very hazardous here. That mud was really slippery, and thick enough that once you started to slide there was no stopping you.

I was there to work — I put the camera away.

My sense of direction being pretty good, I wandered in the direction where I knew the river to be, expecting that closer to the river would be where most help was needed.  My sense of local geography however being pretty lousy, I didn’t realise that the houses closest to the river in that part of Chelmer (near Gordon Thompson Park) were actually among the highest, and therefore the least in need.  For a little while I actually wondered if I was walking in completely the wrong direction.

I found myself near another small group of volunteers and tagged a long for a little while. We encountered a house which had a lot of activity around it — but they, thanks for asking, were going okay for now.  I turned one corner, then another, and found myself in Campsey Street, in front of a house where a man was pushing mud down the driveway.  I found myself saying something like “you look like you need a hand”, and he replied with something like “I certainly do”.

And I worked at that little house in Campsey Street for the rest of the morning, alongside people I’d never met and likely will never meet again. Shovelling mud, pushing mud, bucketing mud, barrowing mud. There was a couple who lived nearby who just decided to go looking for somewhere to help and, like me, found that house. A young lady who I assume lived nearby, but will soon be going back to Europe where she’s doing overseas study.  An off-duty policeman from Logan who might have known the owner (owners? I don’t even know that much).

There were some light moments.  We had been shovelling and sweeping mud down the driveway for almost an hour when a guy with a bobcat came by.  He’d found a dumped mattress and had pinched it in the bucket of the bobcat and was using it like a big squeegee to clear footpaths and driveways.  In about five minutes work he’d done as much as we had done in that hour.  A couple of us looked at each other, grinned a wry grin and said “we needed him an hour ago”.  That would have been funny enough, but within another hour it happened again — we started clearing the path up the side of the house (where a bobcat wouldn’t be able to go) and another guy came by on a dingo (a kind-of mini bobcat) and did the same thing on that side path.  Same looks, same wry grins…  I make light of them, but the contribution guys like that made was excellent.  They were just riding around the streets on their dingos and bobcats, looking for places that could use them, five minutes here and five minutes there.  Brilliant.

It wasn’t just the ones working that I need to mention.  At about morning tea time a lass came around with a Tupperware tray of slices and biscuits in one hand, and a tray of jam donuts in the other — “Sugar hit?” she asked.  Too right!  Earlier in the morning I’d noticed a van parked in the intersection nearby with signs saying “TEA COFFEE AND MILO, FREE FOR VOLUNTEERS”.  My workmates and I eventually took a break and visited the van, which remarkably was still there, with the signs, and were offered hot tea by a couple from Lismore in NSW (who I hope had other business in Chelmer that day and didn’t, as much as I appreciated the tea, just come up all that way to make refreshing beverages for everyone).

Thankfully the sun didn’t get too strong, as it was the back of my shirt was totally drenched and I kept having to pace myself (of all the times to be out of my heart meds!).

I had taken a bucket with me, but hadn’t used it for anything more than protecting the bag I’d taken.  After we’d had our cuppa the activity moved to the house next door where there was suddenly an absolute army of people (earlier there had been almost no-one) moving mud.  A swarm of wheelbarrows came with them, and people were using shovels to try and get the very viscous mud out of the gutter and into the barrows.  A few small round-edged buckets started to appear, but at that minute I was glad that I’d resisted the temptation to leave that square-edged bucket at home.  The mud was gone from that part of the street in pretty short order with about a dozen people with shovels, small buckets and one big flat-sided bucket and the half-dozen wheelbarrows we were filling!

There was one other man working at that Campsey Street house who had also come on the council bus from Macgregor, and we’d discussed earlier in the day that neither of us knew for sure how to get home when our “shift” was finished.  Between us we decided that we would just make our way back to roughly where the bus dropped us off, and we’d be collected.  Well while I was scooping mud with the bucket, I started thinking about the time and wondering if I’d have to make a move.  Sure enough, it was 11:25 by the time I was able to check what time it was, and my fellow council volunteer seemed to have already left.  I cleaned the broom (a new broom that was definitely coming home), decided to donate the bucket (an old bucket, now covered in mud, that was likely to get much more meaningful use in Chelmer than at my house), and turned to go… but the strangest thing happened.

I didn’t want to go.

If you’ve read this blog before, you’ll have read that I experience a kind of “travellers’ regret” when I visit somewhere that has touched me (the regret part is usually the result of knowing that I may never visit there again). It happens strongest in places that have really moved me — I felt it in Lake Louise, Canada, at the Kennedy Space Center, and in the shadow of the London Eye.  I felt it at Paris Gare du Lyon, and at New York’s Grand Central Terminal.  It was not so strong in Newport, Rhode Island (I visited there because it’s where the Aussie yacht Australia II won the Americas Cup in 1982); very strongly at le Viaduc de Millau.

On Campsey Street, Chelmer, in my own home town, it was as strong as I’ve ever felt it.  Despite the place looking like arse — no: because the place looked like arse — I needed to stay; there was so much more to do…  but it was more than that even.  I felt in some way connected to the other people who were helping there, even though I knew no-one’s name.  I probably would have stayed, had I not arranged with Susan that she would do the afternoon shift.  I tore myself away and headed back toward Honour Avenue.

I had to wait for a while, as the buses were being delayed getting through Toowong and Indooroopilly to pick us up.   Then, we went on a crazy route that seemed to loop through Sherwood and Graceville a couple of times before we headed back via Coronation Drive to Macgregor.  This gave me a chance to see some other things I’d only seen on TV — the Regatta Hotel looked almost normal again, and so too did the Drift restaurant.

It turned out that Susan didn’t get her turn to volunteer.  Thanks to my delayed return, it was almost 1:30 before she got to the marshalling area and by then they already had more than enough people in line and didn’t want any more.

So that was my first volunteering effort.  I was absolutely wrecked by it, and days later I’m still sore.  The best part has been knowing that I’ve actually helped someone (maybe multiple someones) start to get some order back in their life.  The kudos earned from friends and family has been a nice fringe benefit also, I have to admit.  I got a SMS message of appreciation from Lord Mayor Campbell Newman today as well (okay, so it wasn’t the actual Lord Mayor — the giveaway was the words “Stop messages? reply STOP” at the end of the message — but it’s the thought that counts, right?).

Tags:

Floods in Brisbane

Jan 12

Posted by Vic in Life | No Comments

I was four or five years old when Brisbane encountered its last major flood disaster in 1974. I have vague memories — so vague I don’t know for sure if they are real or imagined — of looking out the front window of the house we lived in at the time and seeing the water pooled in our front yard.
Obviously the memories this time around will be clearer. In case you’re wondering, my family and I are out of reach of the flood waters but, like many, we know folks who are directly affected. On the work front, one of our customers has lost access to both their Production *and* DR data centers, and I’m involved in getting them back in action.

I was in the CBD yesterday as the water started to rise. Shops were closed, and normally traffic-choked streets were almost empty, adding to the nervous tension that was building even then, some 24 hours ago. On the bus crossing the Brisbane River via the Victoria Bridge (in fact, if bridges were named so it would be Victoria Bridge the Third, because at least one but I’m pretty sure two previous bridges also called Victoria and in the same spot have been washed away in previous floods) I could see the river having broken its banks at the Queensland Museum and Southbank precincts. Today, as the first of the tidal peaks hits, streets in the CBD are starting to go under — and there’s another metre of water coming with the next peak, due tomorrow morning.

The heavy rain of the last month-or-so that has exacerbated this drama has eased today, but as I type this a sun shower has just started to fall. I guess Mother Nature wants to remind us that she’s still in charge…

Tags:

Nagios service check for IAX

Nov 6

Posted by Vic in Linux, Networks, Telephony | No Comments

I’ve been using Nagios for ages to monitor the Crossed Wires campus network, but it’s fallen into a little disrepair.  Nothing worse than your monitoring needing monitoring…  so I set about tidying it up. Network topology changes, removal of old kit, and some fixes to service checks no longer working correctly.

One of the problems I needed to fix was the service check for IAX connections into my Asterisk box.  The script (the standard check_asterisk.pl from the Nagios Plugins package) was set up correctly, but it would fail with a “Got no reply” message.

I started doing traces and “iax2 debug” in Asterisk, but got nowhere — Asterisk was rejecting the packet from the check script.  Finally I decided to JFGI, and eventually I found this page with the explanation and the fix.  Basically, sometime in the 1.6 stream Asterisk toughened up security on the control message the Nagios service check used to use.  Thankfully, at the same time a new control message specifically designed for availability checking was implemented, and the fix is to update the script to use the new control message.  Easy!

BTW, while on Nagios, I got burned by the so-called “vconfig patch” which broke the check_ping script.  I’ve had to mask version 1.4.14-r2 and above of the nagios-plugins package until the issue is fixed.

Tags: , , , , , ,

Sharing an OSA port in Layer 2 mode

Nov 4

Posted by Vic in Hardware, Linux, Networks, Work | No Comments

I posted on my developerWorks blog about an experience I had sharing an OSA port in Layer 2 mode.  Thrilling stuff.  What’s more thrilling is the context of where I had my OSA-port-sharing experience: my large-scale Linux on System z cloning experiment.  One of these days I’ll get around to writing that up.

Tags: , , ,

Asterisk and a Patton SmartNode

Jul 26

Posted by Vic in Hardware, Linux, Telephony | No Comments

It’s been ages since I did an update on the main network machine here, and I bit the bullet over the weekend. 250+ packages emerged with surprisingly little trouble, and all I was left to do was build the updated kernel and reboot.
I usually end up with something that doesn’t restart after the reboot, usually because of a kernel module that needs to be rebuilt after the kernel (because I forget to remerge the package before the reboot, oops). This time the culprit was Asterisk (the phone system), which I also often have trouble with after an update due to a couple of codec modules external to the Asterisk build. This time however the problem ended up being due to the Asterisk CAPI channel driver failing.
Thinking it was the usual didn’t-rebuild-the-module problem, I went looking for the package I had to rebuild… only to find it was masked. Turns out the driver for the ISDN card in the box, a FritzCard PCI, is no longer maintained and doesn’t build on modern kernels, which has resulted in the Gentoo folks hard-masking the entire set of AVM’s out-of-tree drivers.
Help was at hand in the form of a Patton SmartNode 4552 ISDN VoIP router I’d bought months ago to replace the Fritz card. Even though there isn’t much information about how to configure the SmartNode for Asterisk around, I managed to get the setup working in only a couple of hours. I even managed to get the outgoing routing for the work line set up right!
Eventually I’ll get something posted here that goes into a bit more detail about the configuration. Let me know in a comment if you need to hurry me up! :-)

Tags: , , , ,

Amsterdam trip report

May 30

Posted by Vic in Fun, Life, Travel | No Comments

I recently spent a week in Amsterdam, attending the Novell BrainShare conference there.  This visit to Amsterdam was unlike any I’ve made before: certainly unlike the last one, where I barely made it halfway from the airport to the city and was there for less than 40 hours.

Firstly my arrival was disrupted by the Iceland volcano.  About 45 minutes away from Amsterdam I noticed that the little diamond that represented our destination on the flight-map display had jumped somewhere into western Germany, and the plane’s direction had changed — we were now flying almost due south instead of following the gentle arc that traced almost all the way back to Hong Kong.  About 5 minutes later, the captain announced that due to volcanic ash we had been diverted to Frankfurt: “we’re 40 minutes away from Amsterdam, but they’re closing the airport in 20″.  To the credit of Cathay Pacific, however, they had arrangements for our “connection” to Amsterdam underway before we had landed.  Cathay’s airport manager at FRA boarded the plane almost as soon as the door opened, and made an announcement that we would be bussed to Amsterdam and what the process would be.  Once we made it into the Frankfurt terminal we only had a couple of hours wait before we got to shuffle ourselves to some waiting coaches for our unexpected bus tour of north-west Germany and north Holland.

The bus ride was uneventful — except that I don’t ever tire of seeing fine German automobiles at-speed in their natural habitat: the autobahn.  As it turned out, the whole event actually solved a problem for me: how to fill in the nine hours between arrival at Schiphol and being allowed to check in to the hotel (S thought I was being way too positive when I told her that).  It actually was not an unpleasant way to spend a day post-long-haul-flight.

After catching a train from Schiphol to Centraal, finding my hotel, checking in, and cleaning up from the trip, it was time to get a bit of rest before meeting the rest of the Australian contingent to BrainShare for dinner.  We dined at Restaurant d’Vijff Vlieghen, a fine restaurant that (unbeknown to me beforehand) is one of the best in Amsterdam for traditional Dutch cuisine.  I’m amazed I stayed awake through the five courses, but luckily my travel didn’t catch up with me until I made it back to the hotel.

I had Tuesday pretty-much to myself.  I did quite a bit of walking around, trying to push through the jet-lag.  Early afternoon I walked with a couple of colleagues from Novell to the conference venue to register, and had a late lunch afterward. By late afternoon I realised that I wasn’t over the jet-lag and decided to rest up for the start of the conference.

The next couple of days are a bit of a blur.  Keynotes, demos, technical sessions, product launch parties, beer, food, sunsets after 10pm…  It was an incredible week.  As far as the BrainShare content goes, even though Linux is just a part of the Novell “story” I was never really starved for something interesting.  I enjoyed the demos of SUSE Studio, and learned some things about the High Availability extension for SLES and the Subscription Management Tool.

I had a great time.  The crew from Novell that hosted me were fantastic, and every time I go there I fall a little bit more in love with Amsterdam.

ppc Linux on the PowerMac G5

Apr 18

Posted by Vic in Hardware, Linux, Operating Systems | 3 Comments

With Apple’s abandonment of PPC as of Snow Leopard, I began wondering what to do with the old PowerMac. It’s annoying that so (comparatively) recent a piece of equipment should be given up by its manufacturer, but that’s a rant for another day. Yes, we can still run Leopard until it goes out of support, but with S and I both on MacBook Pros with current OS I know that we would both become frustrated with a widening functionality gap between the systems.

I had always resisted runing Linux on the PowerMac, thinking that the last thing I needed was yet another Linux box in the house. I had tried a couple of times, but it was in the early days of support for the liquid cooling system in the dual-2.5Ghz model and those attempts failed dismally. I figured that by now those issues would be resolved and I would have a much better time.

I assumed that Yellow Dog was still the ‘benchmark’ PPC Linux distro, so I went to their site. I saw a lot of data there about PS3 and Cell; it seems that YDL is transitioning to the cluster and/or research market by focussing on Cell.

The next thing I discovered is the lack of distributions that have a PPC version, even as a secondary platform. My old standby Gentoo still supports PPC, as does Fedora (I think: I saw a reference to downloading a PPC install disk, bit didn’t follow it), but every other major distro has dropped it — openSUSE, for example, with their very latest release (their download page still has a picture of a disc labelled “ppc”, but no such download exists, oops). I guess that since the major producer of desktop PPC systems stopped doing so, the distros saw their potential install base disappear. Unfortunately for those distros, I can see the reverse happening: now that Apple has fully left PPC behind, plenty of folks like me who have moderately recent G4 and G5 hardware and who still want to run a current OS will come to Linux looking for an alternative… I guess time will tell who is right on this one.

So I went to install Gentoo, and to cut a long story short I had exactly the same problem as before: critical temperature condition leading to emergency system power-off. I found that if I capped the CPU speed to 2Ghz I could stay up long enough to get things built, but then the system refused to boot because it couldn’t find the root filesystem. Probably something to do with yaboot, SATA drives and OpenFirmware. So again I’m putting it aside.

My next plan was to treat it as a file server. Surely a BSD would support my G5 hardware: after all, Mac OS X is BSD at heart… Well, no. FreeBSD has no support for SATA on ppc, OpenBSD specifically mentioned liquid-cooled G5s as having no support, and I don’t think I saw any ppc support on NetBSD more recent than G3 [1].

This is one of the things that annoys me about the computer industry: that somehow it’s okay to so completely disregard your older releases. What if the automotive industry worked that way?

So I may yet try Fedora, or give the game away for another year or so and see what the situation looks like then.

[1] I may have mixed up a couple of these details.

Edit: Gentoo’s yaboot has managed to make it so that I can’t boot Mac OS X on the machine any more.  Oh dear.

Tags: , , , , ,

Network virtualisation

Feb 21

Posted by Vic in Linux, Networks | 8 Comments

I’ve been doing a lot of mucking around with KVM with libvirt (I keep promising an update here, don’t I).  In my desktop virtualisation requirements I had a need for presenting VLAN traffic to guests: simple enough, and I’ve done it before.  You can do what I usually do, and configure all your VLANs against the physical interface then create a bridge for each VLAN you want to present to a guest.  The guest then attaches to the bridge appropriate to the VLAN it wants access to, with no need to configure 8021q.

(The other method of combining VLAN-tagging and bridging is to bridge the physical interface first, then create VLANs on the bridge.  I couldn’t work out how to get VLAN-unaware guests attached to this kind of setup, and it didn’t work for me even to give IP access to the host using a br0.100 for example.  Still, it must work for someone as it’s written about a lot…)

I realised that from particular virtual machines I needed to get access to the VLAN tags — I needed VLAN-awareness.  Now I knew up-front that the way I could do this was to just throw another NIC into the machine and either dedicate it to the virtual guest or set up a bridge with VLAN tags intact.  I really wanted to exhaust all possible avenues to solve the problem without throwing hardware around (as I’ve been doing a bit of that recently, I have to admit).

First, I tried to use standard Linux bridges as a solution, but discovered that an interface can’t belong to more than one bridge at a time, which put paid to my plan to have one or more VLAN-untagging bridges and a VLAN-tagged bridge.  I figured it could be done with bridges, but I envisaged a stacked mess of bridge-to-tap-to-bridge-to-tap-to-guest connections and decided that wasn’t the way to go.

Next I checked out VDE, which I had first seen a couple of years ago — but something gave me the impression that VDE either wasn’t really going to give me anything more than bridging would, or was not flexible enough to do what I needed.  I like the distributed aspect of VDE (the D in the name) but I’d rarely use that capability so it wasn’t a big drawcard.  I widened my search, and found two interesting projects — one that eventually became my solution, and another that I think is quite incredible in its scope and capability.

First, the amazing one: ns-3, “a great network simulator for research and education”.  As the name suggests, it simulates networks.  It is completely programmable (in fact your network “scripts” are actually C++ code using the product’s libraries and functions) and can be used to accurately model the behaviour of a real network when faced with network traffic.  The project states that ns-3 models of real networks have produced libpcap traces that are almost indistinguishable from the traces of the real networks being modelled…  I’ll take their word for that, but when you get to configure the propogation delay between nodes in your simulated network it seems to me it’s pretty thorough.  Although the way that I found ns-3 was via a forum posting from someone who claimed to have used it to solve a similar situation as me, and ns-3 does provide a way to “bridge” between the simulated network and real networks, the simulation aspect of ns-3 seems to be more complexity than I’m looking for in this instance.  It does look like a fascinating tool however, and one I’ll definitely be keeping at least half-an-eye on.

To my eventual solution, then: Open vSwitch.  Designed with exactly my scenario in mind–network connection for virtualisation–it has at least two functions that make it ideal for me:

  • a Linux-bridging compatibility mode, allowing the brctl command to still function
  • IEEE 802.1Q VLAN support (innovatively at that)

The Open vSwitch capability can be built as a kernel module (there’s a second module that supports the brctl compatibility mode), or very recent versions have the ability to be run in user-space (with a corresponding performance drop).

On the surface, configuring an OvS bridge does seem to result in something that looks exactly like a brctl bridge (especially if you use brctl and the OvS bridging compatibility feature to configure it), but its native support for VLANs really brings it into its own for me.  In summary, for each “real” bridge you configure in OvS, you can configure a “fake” bridge that passes through packets for a single VLAN from the real bridge (the “parent” bridge).  This is exactly what I needed!

For the guest interfaces that needed full VLAN-awareness, I simply provided the name of my OvS bridge as the name of the bridge for libvirt to connect the guest to–OvS bridge-compatibility mode took care of the brctl commands issued in the background by libvirt.  The VLAN-unaware guest interfaces presented a bit of a challenge–the OvS “fake” bridge does not present itself like a Linux bridge, so it doesn’t work with libvirt’s bridge interface support.  This ended up being moderately easy to overcome as well, thanks to libvirt’s ability to set up an interface configured by an arbitrary script–I hacked the supplied /etc/qemu-ifup script and made a version that adds the tap interface created by libvirt to the OvS fake bridge.

The only thing I might want from this now is an ability for an OvS bridge to have visibility over a subset of the VLANs presented on the physical NIC.  The OvS website talks about extensive filtering capability though, so I’ve little doubt that the capability is there and I’m just yet to find it.  From a functionality aspect, OvS is packed to the gills with support for various open management protocols, including something called OpenFlow that I’d never heard of before (but I hope that some certain folks in upstate New York have!) but is apparently an open standard that enables secure centralised management of switches.

Detail of exactly how I pulled this all together will come in a page on this site; I’ll make a bunch of pages that describe all the mucky details of my KVM adventures and update this post with a link, so stay tuned!

Tags: , ,

LDAP groups in Postfix

Feb 10

Posted by Vic in Linux | 1 Comment

For a long time I’ve been managing virtual e-mail addresses (the ones you create when you sign up to a web service, so that you know where your spam is originating) using Postfix’s LDAP alias capability.  At the time I was still putting every bit of configuration I could into LDAP–particularly if it was user-id related–and I’ve never had a need to change what was working really well.

N’s school recently decided to distribute the weekly school newsletter via e-mail, and had allowance for one e-mail address per family.  Not wanting the additional overhead of having to have either S or me receive it and then having to forward it to the other, I thought it would be neat to have a single common address that, when items arrived, distributed the mail to multiple boxes.  Of course I took the stupid path of providing the school with a yet-to-be-created e-mail address, foolishly trusting my ability to set the system up before they tried to send anything to it…  but in the end it was not so foolish after all, as unbeknown to me I already had everything I needed to achieve my objective.

Unfortunately the first thing I did was assume that I needed mailing list software.  I installed Mailman, and started to read-up on the process to get it working.  I did this on my yet-to-be-commissioned KVM-hosted mail server (a blog post for another day), and started trying to diagnose why mail wasn’t getting delivered.  I had set up Postfix on this mail server to point to my existing LDAP to test, and thought that there was a problem there (but also started to work out if there was a way to use the LDAP server to manage the Mailman aliases).  I re-found the Postfix LDAP HOWTO, and stumbled over the section entitled “Example: expanding LDAP groups”.  Et voila: multidrop incoming mail without the need for a mailing list manager!

I had always assumed that e-mail aliases were a one-to-one mapping of alias address to real destination.  Not the case: an alias can have multiple destinations.  It doesn’t just apply to LDAP alias support, either: as per the “aliases” man page you can do

name: value1, value2, ...

In my LDAP situation, all I need to do is list the alias in the “mailLocalAddress” attribute of which ever users need to receive mail for that alias.  Done!

I may have to keep Mailman, however.  Shortly after this success, I wondered how cool it would be to have the notification SMS messages for voicemail received at home, that currently go only to S, come to me as well.  I’m using a hosted email-to-SMS gateway service for this, so the “alias” would have to expand to multiple external e-mail addresses.  I’m not sure if you can alias mail addresses that are not in your domain…  I’ll have to try and see–might be easier to do that than subscribing to a Mailman list via SMS-to-email!  :-)

Tags: , ,

Travel report: Driving to Sindelfingen

Dec 13

Posted by Vic in Life, Travel | 1 Comment

Since I’ve been back home now for almost a month, it seems silly to call these posts “travel updates”.  :)

With the experience of visiting le Viaduc de Millau still buzzing in my head, I pointed my trusty Peugeot back toward Montpellier for the journey to Germany.  The run down the mountain back toward the coast was a really nice drive, but by the time I was back in Montpellier it was back to nasty busy city driving.  I think I made a little bit of an error: instead of following the path that Google found for me to get to the A9 (which was more-or-less back through the middle of town), I followed the first sign I saw that said “A9 NIMES”.  This ended up taking me on a Cooks Tour of bypass roads around the south outskirts of the city, past industrial estates and the consequent heavy workaday traffic.  The city path was very likely to have been quicker and easier.  Oh well.

Once I made it to the A9 for the trip north, I was able to settle in and enjoy the drive again.  The autoroutes in France are excellent, with a great smooth driving surface (in spite of the heavy-vehicle traffic they carry) and plenty of visibility and clearance for cars to be able to carry the 130km/h speed limit (again, in spite of the heavy-vehicle traffic, which is only permitted to do about 90km/h).  Mind you I ended up paying around 50€ in tolls while I was in France!  If it’s a demonstration of how tolling a road can lead to better quality, I don’t mind at all.

The traffic bogged down a bit going through Lyon, but soon opened up again.  I was starting to get a bit worried about the time: I’d left Montpellier three or four hours before, yet seemed to be only a third of the way there!  Night was starting to fall as I turned east onto the A36 — the car was at last actually pointing toward Germany!  A short while after that, I stopped for some dinner before making the last part of the drive.   I was not far from the border by this time, and it looked like I was making good time after all.

I hadn’t planned for my first drive on an autobahn to be at night, but that’s how it worked out.  About the only indication that I’d actually crossed into Germany was the change in the road signage!  The speed limit dropped to 120km/h, but a little while later I saw a sign that showed the 120 crossed-out.  This, I eventually worked out, was the only indication I would get that I was on one of the famous speed-unlimited autobahnen (well, the Mercs and Beemers and Audis rocketing past me were another indication).  Because it took me so long to work out what was going on, I almost didn’t get to go for a rocket myself — I had wound the Peugeot up to about 140-150 and was still getting passed like I was stationary, so I decided to give it a run.  In a few seconds the little Pug was at 195km/h, and seemed like it could have gone a bit higher, but slower traffic ahead meant I had to back off.  As it turned out, I didn’t get another chance to wind it out because we were in and out of roadworks for the last part of the run to Stuttgart.

Eventually I found the last motorway exit I had to take, and I was on the streets of Sindelfingen.  I had made it all the way from Montpellier, without a single wrong turn!  Before congratulating myself too heartily though, I had to find my hotel…  and this was a bigger challenge than I had thought.  I found it, eventually, but not before I’d driven up the same street three times (at least) and done at least one U-turn in front of the place without realising it…

Tags: , ,