Gemtexter - One Bash script to rule it all

                                                               o .,<>., o
                                                               |\/\/\/\/|
                                                               '========'
                                                               (_ SSSSSSs
                                                               )a'`SSSSSs
                                                              /_   SSSSSS
                                                              .=## SSSSS
                                                              .####  SSSSs
                                                              ###::::SSSSS
                                                             .;:::""""SSS
                                                            .:;:'  . .  \\
                                                           .::/  '     .'|
                                                          .::( .         |
                                                          :::)           \
                                                          /\(            /
                                                         /)            ( |
                                                       .'  \  .       ./ /
                                                    _-'    |\  .        |
                                  _..--..   .  /"---\      | ` |      . |
          -=====================,' _     \=(*#(7.#####()   |  `/_..   , (
                      _.-''``';'-''-) ,.  \ '  '+/// |   .'/   \  ``-.) \
                    ,'  _.-  ((    `-'  `._\    `` \_/_.'  )    /`-._  ) |
                  ,'\ ,'  _.'.`:-.    \.-'                 /   <_L   )"  |
                _/   `._,' ,')`;  `-'`'                    |     L  /    /
               / `.   ,' ,|_/ / \                          (    <_-'     \
               \ / `./  '  / /,' \                        /|`         `. |
               )\   /`._   ,'`._.-\                       |)            \'
              /  `.'    )-'.-,' )__)                      |\            `|
             : /`. `.._(--.`':`':/ \                      ) \             \
             |::::\     ,'/::;-))  /                      ( )`.            |
             ||:::::  . .::':  :`-(                       |/    .          |
             ||::::|  . :|  |==[]=:                       .        -       \
             |||:::|  : ||  :  |  |                      /\           `     |
 ___ ___     '|;:::|  | |'   \=[]=|                     /  \                \
|   /_  ||``|||:::::  | ;    | |  |                     \_.'\_               `-.
:   \_``[]--[]|::::'\_;'     )-'..`._                 .-'\``:: ` .              \
 \___.>`''-.||:.__,'     SSt |_______`>              <_____:::.         . . \  _/
                                                           `+a:f:......jrei'''

Written by Paul Buetow 2021-06-05

You might have read my previous blog post about entering the Geminispace, where I pointed out the benefits of having and maintaining an internet presence there. This whole site (the blog and all other pages) is composed in the Gemtext markup language.

Welcome to the Geminispace

This comes with the benefit that I can write content in my favourite text editor (Vim).

Motivation

Another benefit of using Gemini is that the Gemtext markup language is easy to parse. As my site is dual-hosted (Gemini+HTTP), I could, in theory, just write a shell script to deal with the conversion from Gemtext to HTML; there is no need for a full-featured programming language here. I have done a lot of Bash in the past, but I am also often revisiting old tools and techniques for refreshing and keeping the knowledge up to date here.

Motivational comic strip:

I have exactly done that - I wrote a Bash script, named Gemtexter, for that:

https://github.com/snonux/gemtexter

In short, Gemtexter is a static site generator and blogging engine that uses Gemtext as its input format.

Output formats

Gemtexter takes the Gemntext Markup files as the input and generates the following outputs from it (you find examples for each of these output formats on the Gemtexter GitHub page):

• HTML files for my website
• Markdown files for a GitHub page
• A Gemtext Atom feed for my blog posts
• A Gemfeed for my blog posts (a particular feed format commonly used in Geminispace. The Gemfeed can be used as an alternative to the Atom feed).
• An HTML Atom feed of my blog posts

I could have done all of that with a more robust language than Bash (such as Perl, Ruby, Go...), but I didn't. The purpose of this exercise was to challenge what I can do with a "simple" Bash script and learn new things.

Taking it as far as I should, but no farther

The Bash is suitable very well for small scripts and ad-hoc automation on the command line. But it is for sure not a robust programming language. Writing this blog post, Gemtexter is nearing 1000 lines of code, which is actually a pretty large Bash script.

Modularization

I modularized the code so that each core functionality has its own file in ./lib. All the modules are included from the main Gemtexter script. For example, there is one module for HTML generation, one for Markdown generation, and so on.

paul in uranus in gemtexter on 🌱 main
❯ wc -l gemtexter lib/*
    117 gemtexter
     59 lib/assert.source.sh
    128 lib/atomfeed.source.sh
     64 lib/gemfeed.source.sh
    161 lib/generate.source.sh
     50 lib/git.source.sh
    162 lib/html.source.sh
     30 lib/log.source.sh
     63 lib/md.source.sh
     834 total

This way, the script could grow far beyond 1000 lines of code and still be maintainable. With more features, execution speed may slowly become a problem, though. I already notice that Gemtexter doesn't produce results instantly but requires few seconds of runtime already. That's not a problem yet, though.

Bash best practises and ShellCheck

While working on Gemtexter, I also had a look at the Google Shell Style Guide and wrote a blog post on that:

Personal bash coding style guide

I followed all these best practices, and in my opinion, the result is a pretty maintainable Bash script (given that you are fluent with all the sed and grep commands I used).

ShellCheck, a shell script analysis tool written in Haskell, is run on Gemtexter ensuring that all code is acceptable. I am pretty impressed with what ShellCheck found.

It, for example, detected "some_command | while read var; do ...; done" loops and hinted that these create a new subprocess for the while part. The result is that all variable modifications taking place in the while-subprocess won't reflect the primary Bash process. ShellSheck then recommended rewriting the loop so that no subprocess is spawned as "while read -r var; do ...; done < <(some_command)". ShellCheck also pointed out to add a "-r" to "read"; otherwise, there could be an issue with backspaces in the loop data.

Furthermore, ShellCheck recommended many more improvements. Declaration of unused variables and missing variable and string quotations were the most common ones. ShellSheck immensely helped to improve the robustness of the script.

https://shellcheck.net

Unit testing

There is a basic unit test module in ./lib/assert.source.sh, which is used for unit testing. I found this to be very beneficial for cross-platform development. For example, I noticed that some unit tests failed on macOS while everything still worked fine on my Fedora Linux laptop.

After digging a bit, I noticed that I had to install the GNU versions of the sed and grep commands on macOS and a newer version of the Bash to make all unit tests pass and Gemtexter work.

It has been proven quite helpful to have unit tests in place for the HTML part already when working on the Markdown generator part. To test the Markdown part, I copied the HTML unit tests and changed the expected outcome in the assertions. This way, I could implement the Markdown generator in a test-driven way (writing the test first and afterwards the implementation).

HTML unit test example

gemtext='=> http://example.org Description of the link'
assert::equals "$(generate::make_link html "$gemtext")" \
    '<a class="textlink" href="http://example.org">Description of the link</a><br />'

Markdown unit test example

gemtext='=> http://example.org Description of the link'
assert::equals "$(generate::make_link md "$gemtext")" \
    '[Description of the link](http://example.org)  '

Handcrafted HTML styles

I had a look at some ready off the shelf CSS styles, but they all seemed too bloated. There is a whole industry selling CSS styles on the interweb. I preferred an effortless and minimalist style for the HTML site. So I handcrafted the Cascading Style Sheets manually with love and included them in the HTML header template.

For now, I have to re-generate all HTML files whenever the CSS changes. That should not be an issue now, but I might move the CSS into a separate file one day.

It's worth mentioning that all generated HTML files and Atom feeds pass the W3C validation tests.

Configurability

In case someone else than me wants to use Gemtexter for his own site, it is pretty much configurable. It is possible to specify your own configuration file and your own HTML templates. Have a look at the GitHub page for examples.

Future features

I could think of the following features added to a future version of Gemtexter:

• Templating of Gemtext files so that the .html files are generated from .html.tpl files. The template engine could do such things as an automatic table of contents and sitemap generation. It could also include the output of inlined shell code, e.g. a fortune quote.
• Add support for more output formats, such as Groff, PDF, plain text, Gopher, etc.
• External CSS file for HTML.
• Improve speed by introducing parallelism and/or concurrency and/or better caching.

Conclusion

It was quite a lot of fun writing Gemtexter. It's a relatively small project, but given that I worked on that in my spare time once in a while, it kept me busy for several weeks.

I finally revamped my personal internet site and started to blog again. I wanted the result to be exactly how it is now: A slightly retro-inspired internet site built for fun with unconventional tools.

E-Mail me your thoughts at comments@mx.buetow.org!

Personal Bash coding style guide

   .---------------------------.
  /,--..---..---..---..---..--. `.
 //___||___||___||___||___||___\_|
 [j__ ######################## [_|
    \============================|
 .==|  |"""||"""||"""||"""| |"""||
/======"---""---""---""---"=|  =||
|____    []*          ____  | ==||
//  \\               //  \\ |===||  hjw
"\__/"---------------"\__/"-+---+'

Written by Paul Buetow 2021-05-16

Lately, I have been polishing and writing a lot of Bash code. Not that I never wrote a lot of Bash, but now as I also looked through the Google Shell Style Guide, I thought it is time also to write my thoughts on that. I agree with that guide in most, but not in all points.

Google Shell Style Guide

My modifications

These are my modifications to the Google Guide.

Shebang

Google recommends using always...

#!/bin/bash 

... as the shebang line, but that does not work on all Unix and Unix-like operating systems (e.g., the *BSDs don't have Bash installed to /bin/bash). Better is:

#!/usr/bin/env bash

Two space soft-tabs indentation

I know there have been many tab- and soft-tab wars on this planet. Google recommends using two space soft-tabs for Bash scripts.

I don't care if I use two or four space indentations. I agree, however, that we should not use tabs. I tend to use four-space soft-tabs as that's how I currently configured Vim for any programming language. What matters most, though, is consistency within the same script/project.

Google also recommends limiting the line length to 80 characters. For some people, that seems to be an old habit from the '80s, where all computer terminals couldn't display longer lines. But I think that the 80 character mark is still a good practice, at least for shell scripts. For example, I am often writing code on a Microsoft Go Tablet PC (running Linux, of course), and it comes in convenient if the lines are not too long due to the relatively small display on the device.

I hit the 80 character line length quicker with the four spaces than with two spaces, but that makes me refactor the Bash code more aggressively, which is a good thing.

Breaking long pipes

Google recommends breaking up long pipes like this:

# All fits on one line
command1 | command2

# Long commands
command1 \
  | command2 \
  | command3 \
  | command4

I think there is a better way like the following, which is less noisy. The pipe | already indicates the Bash that another command is expected, thus making the explicit line breaks with \ obsolete:

# Long commands
command1 |
    command2 |
    command3 |
    command4

Quoting your variables

Google recommends always quote your variables. Generally, it would be best if you did that only for variables where you are unsure about the content/values of the variables (e.g., content is from an external input source and may contain whitespace or other special characters). In my opinion, the code will become quite noisy when you always quote your variables like this:

greet () {
    local -r greeting="${1}"
    local -r name="${2}"
    echo "${greeting} ${name}!"
}

In this particular example, I agree that you should quote them as you don't know the input (are there, for example, whitespace characters?). But if you are sure that you are only using simple bare words, then I think that the code looks much cleaner when you do this instead:

say_hello_to_paul () {
    local -r greeting=Hello
    local -r name=Paul
    echo "$greeting $name!"
}

You see, I also omitted the curly braces { } around the variables. I only use the curly braces around variables when it makes the code either easier/clearer to read or if it is necessary to use them:

declare FOO=bar
# Curly braces around FOO are necessary
echo "foo${FOO}baz"

A few more words on always quoting the variables: For the sake of consistency (and for making ShellCheck happy), I am not against quoting everything I encounter. I also think that the larger the Bash script becomes, the more critical it becomes always to quote variables. That's because it will be more likely that you might not remember that some of the functions don't work on values with spaces in them, for example. It's just that I won't quote everything in every small script I write.

Prefer built-in commands over external commands

Google recommends using the built-in commands over available external commands where possible:

# Prefer this:
addition=$(( X + Y ))
substitution="${string/#foo/bar}"

# Instead of this:
addition="$(expr "${X}" + "${Y}")"
substitution="$(echo "${string}" | sed -e 's/^foo/bar/')"

I can't entirely agree here. The external commands (especially sed) are much more sophisticated and powerful than the built-in Bash versions. Sed can do much more than the Bash can ever do by itself when it comes to text manipulation (the name "sed" stands for streaming editor, after all).

I prefer to do light text processing with the Bash built-ins and more complicated text processing with external programs such as sed, grep, awk, cut, and tr. However, there is also medium-light text processing where I would want to use external programs. That is so because I remember using them better than the Bash built-ins. The Bash can get relatively obscure here (even Perl will be more readable then - Side note: I love Perl).

Also, you would like to use an external command for floating-point calculation (e.g., bc) instead of using the Bash built-ins (worth noticing that ZSH supports built-in floating-points).

I even didn't get started with what you can do with awk (especially GNU Awk), a fully-fledged programming language. Tiny Awk snippets tend to be used quite often in Shell scripts without honouring the real power of Awk. But if you did everything in Perl or Awk or another scripting language, then it wouldn't be a Bash script anymore, wouldn't it? ;-)

My additions

Use of 'yes' and 'no'

Bash does not support a boolean type. I tend just to use the strings 'yes' and 'no' here. I used 0 for false and 1 for true for some time, but I think that the yes/no strings are easier to read. Yes, the Bash script would need to perform string comparisons on every check, but if performance is crucial to you, you wouldn't want to use a Bash script anyway, correct?

declare -r SUGAR_FREE=yes
declare -r I_NEED_THE_BUZZ=no

buy_soda () {
    local -r sugar_free=$1

    if [[ $sugar_free == yes ]]; then
        echo 'Diet Dr. Pepper'
    else
        echo 'Pepsi Coke'
    fi
}

buy_soda $I_NEED_THE_BUZZ

Non-evil alternative to variable assignments via eval

Google is in the opinion that eval should be avoided. I think so too. They list these examples in their guide:

# What does this set?
# Did it succeed? In part or whole?
eval $(set_my_variables)

# What happens if one of the returned values has a space in it?
variable="$(eval some_function)"

However, if I want to read variables from another file, I don't have to use eval here. I only have to source the file:

% cat vars.source.sh
declare foo=bar
declare bar=baz
declare bay=foo

% bash -c 'source vars.source.sh; echo $foo $bar $baz'
bar baz foo

And suppose I want to assign variables dynamically. In that case, I could just run an external script and source its output (This is how you could do metaprogramming in Bash without the use of eval - write code which produces code for immediate execution):

% cat vars.sh
#!/usr/bin/env bash
cat <<END
declare date="$(date)"
declare user=$USER
END

% bash -c 'source <(./vars.sh); echo "Hello $user, it is $date"'
Hello paul, it is Sat 15 May 19:21:12 BST 2021

The downside is that ShellCheck won't be able to follow the dynamic sourcing anymore.

Prefer pipes over arrays for list processing

When I do list processing in Bash, I prefer to use pipes. You can chain them through Bash functions as well, which is pretty neat. Usually, my list processing scripts are of a structure like this:

filter_lines () {
    echo 'Start filtering lines in a fancy way!' >&2
    grep ... | sed ....
}

process_lines () {
    echo 'Start processing line by line!' >&2
    while read -r line; do
        ... do something and produce a result...
        echo "$result"
    done 
}

# Do some post-processing of the data
postprocess_lines () {
    echo 'Start removing duplicates!' >&2
    sort -u
}

genreate_report () {
    echo 'My boss wants to have a report!' >&2
    tee outfile.txt
    wc -l outfile.txt
}

main () {
    filter_lines |
        process_lines |
        postprocess_lines |
        generate_report
}

main

The stdout is always passed as a pipe to the next following stage. The stderr is used for info logging.

Assign-then-shift

I often refactor existing Bash code. That leads me to add and removing function arguments quite often. It's pretty repetitive work changing the $1, $2.... function argument numbers every time you change the order or add/remove possible arguments.

The solution is to use of the "assign-then-shift"-method, which goes like this: "local -r var1=$1; shift; local -r var2=$1; shift". The idea is that you only use "$1" to assign function arguments to named (better readable) local function variables. You will never have to bother about "$2" or above. That is very useful when you constantly refactor your code and remove or add function arguments. It's something that I picked up from a colleague (a pure Bash wizard) some time ago:

some_function () {
    local -r param_foo="$1"; shift
    local -r param_baz="$1"; shift
    local -r param_bay="$1"; shift
    ...
}

Want to add a param_baz? Just do this:

some_function () {
    local -r param_foo="$1"; shift
    local -r param_bar="$1"; shift
    local -r param_baz="$1"; shift
    local -r param_bay="$1"; shift
    ...
}

Want to remove param_foo? Nothing easier than that:

some_function () {
    local -r param_bar="$1"; shift
    local -r param_baz="$1"; shift
    local -r param_bay="$1"; shift
    ...
}

As you can see, I didn't need to change any other assignments within the function. Of course, you would also need to change the function argument lists at every occasion where the function is invoked - you would do that within the same refactoring session.

Paranoid mode

I call this the paranoid mode. The Bash will stop executing when a command exits with a status not equal to 0:

set -e
grep -q foo <<< bar
echo Jo

Here 'Jo' will never be printed out as the grep didn't find any match. It's unrealistic for most scripts to run in paranoid mode purely, so there must be a way to add exceptions. Critical Bash scripts of mine tend to look like this:

#!/usr/bin/env bash

set -e

some_function () {
    .. some critical code
    ...

    set +e
    # Grep might fail, but that's OK now
    grep ....
    local -i ec=$?
    set -e

    .. critical code continues ...
    if [[ $ec -ne 0 ]]; then
        ...
    fi
    ...
}

Learned

There are also a couple of things I've learned from Google's guide.

Unintended lexicographical comparison.

The following looks like a valid Bash code:

if [[ "${my_var}" > 3 ]]; then
    # True for 4, false for 22.
    do_something
fi

... but it is probably an unintended lexicographical comparison. A correct way would be:

if (( my_var > 3 )); then
    do_something
fi

or

if [[ "${my_var}" -gt 3 ]]; then
    do_something
fi

PIPESTATUS

I have never used the PIPESTATUS variable before. I knew that it's there, but I never bothered to understand how it works until now thoroughly.

The PIPESTATUS variable in Bash allows checking of the return code from all parts of a pipe. If it's only necessary to check the success or failure of the whole pipe, then the following is acceptable:

tar -cf - ./* | ( cd "${dir}" && tar -xf - )
if (( PIPESTATUS[0] != 0 || PIPESTATUS[1] != 0 )); then
    echo "Unable to tar files to ${dir}" >&2
fi

However, as PIPESTATUS will be overwritten as soon as you do any other command, if you need to act differently on errors based on where it happened in the pipe, you'll need to assign PIPESTATUS to another variable immediately after running the command (don't forget that [ is a command and will wipe out PIPESTATUS).

tar -cf - ./* | ( cd "${DIR}" && tar -xf - )
return_codes=( "${PIPESTATUS[@]}" )
if (( return_codes[0] != 0 )); then
    do_something
fi
if (( return_codes[1] != 0 )); then
    do_something_else
fi

Use common sense and BE CONSISTENT.

The following two paragraphs are thoroughly quoted from the Google guidelines. But they hit the hammer on the head:

If you are editing code, take a few minutes to look at the code around you and determine its style. If they use spaces around their if clauses, you should, too. If their comments have little boxes of stars around them, make your comments have little boxes of stars around them too.

The point of having style guidelines is to have a common vocabulary of coding so people can concentrate on what you are saying rather than on how you are saying it. We present global style rules here, so people know the vocabulary. But local style is also important. If the code you add to a file looks drastically different from the existing code around it, the discontinuity throws readers out of their rhythm when they go to read it. Try to avoid this.

Advanced Bash learning pro tip

I also highly recommend having a read through the "Advanced Bash-Scripting Guide" (not from Google). I use it as the universal Bash reference and learn something new every time I look at it.

Advanced Bash-Scripting Guide

E-Mail me your thoughts at comments@mx.buetow.org!

Welcome to the Geminispace

Written by Paul Buetow 2021-04-24, last updated 2021-06-18, ASCII Art by Andy Hood

Have you reached this article already via Gemini? It requires a Gemini client; web browsers such as Firefox, Chrome, Safari, etc., don't support the Gemini protocol. The Gemini address of this site (or the address of this capsule as people say in Geminispace) is:

https://snonux.de

However, if you still use HTTP, you are just surfing the fallback HTML version of this capsule. In that case, I suggest reading on what this is all about :-).

    /\
   /  \
  |    |
  |NASA|
  |    |
  |    |
  |    |
 '      `
 |Gemini|
 |      |
 |______|
  '-`'-`   .
  / . \'\ . .'
 ''( .'\.' ' .;'
'.;.;' ;'.;' ..;;' AsH

Motivation

My urge to revamp my personal website

For some time, I had to urge to revamp my personal website. Not to update the technology and its design but to update all the content (+ keep it current) and start a small tech blog again. So unconsciously, I began to search for an excellent platform to do all of that in a KISS (keep it simple & stupid) way.

My still great Laptop running hot

Earlier this year (2021), I noticed that my almost seven-year-old but still great Laptop started to become hot and slowed down while surfing the web. Also, the Laptop's fan became quite noisy. This was all due to the additional bloat such as JavaScript, excessive use of CSS, tracking cookies+pixels, ads, and so on there was on the website.

All I wanted was to read an interesting article, but after a big advertising pop-up banner appeared and made everything worse, I gave up and closed the browser tab.

Discovering the Gemini internet protocol

Around the same time, I discovered a relatively new, more lightweight protocol named Gemini, which does not support all these CPU-intensive features like HTML, JavaScript, and CSS. Also, tracking and ads are unsupported by the Gemini protocol.

The "downside" is that due to the limited capabilities of the Gemini protocol, all sites look very old and spartan. But that is not a downside; that is, in fact, a design choice people made. It is up to the client software how your capsule looks. For example, you could use a graphical client, such as Lagrange, with nice font renderings and colours to improve the appearance. Or you could use a very minimalistic command line black-and-white Gemini client. It's your (the user's) choice.

Screenshot Amfora Gemini terminal client surfing this site:
Screenshot graphical Lagrange Gemini client surfing this site:

Why is there a need for a new protocol? As the modern web is a superset of Gemini, can't we use simple HTML 1.0 instead? That's a good and valid question. It is not a technical problem but a human problem. We tend to abuse the features once they are available. You can ensure that things stay efficient and straightforward as long as you are using the Gemini protocol. On the other hand, you can't force every website on the modern web to only create plain and straightforward-looking HTML pages.

My own Gemini capsule

As it is effortless to set up and maintain your own Gemini capsule (Gemini server + content composed via the Gemtext markup language), I decided to create my own. What I like about Gemini is that I can use my favourite text editor and get typing. I don't need to worry about the style and design of the presence, and I also don't have to test anything in ten different web browsers. I can only focus on the content! As a matter of fact, I am using the Vim editor + its spellchecker + auto word completion functionality to write this.

This site was generated with Gemtexter. You can read more about it here:

Gemtexter - One Bash script to rule it all

Gemini advantages summarised

• Supports an alternative to the modern bloated web
• Easy to operate and easy to write content
• No need to worry about various web browser compatibilities
• It's the client's responsibility how the content is designed+presented
• Lightweight (although not as lightweight as the Gopher protocol)
• Supports privacy (no cookies, no request header fingerprinting, TLS encryption)
• Fun to play with (it's a bit geeky, yes, but a lot of fun!)

Dive into deep Gemini space

Check out one of the following links for more information about Gemini. For example, you will find a FAQ that explains why the protocol is named Gemini. Many Gemini capsules are dual-hosted via Gemini and HTTP(S) so that people new to Gemini can sneak peek at the content with a regular web browser. Some people go as far as tri-hosting all their content via HTTP(S), Gemini and Gopher.

https://gemini.circumlunar.space
https://gemini.circumlunar.space

E-Mail me your thoughts at comments@mx.buetow.org!

DTail - The distributed log tail program

Written by Paul Buetow 2021-04-22, last updated 2021-04-26

DTail logo image:

This article first appeared at the Mimecast Engineering Blog but I made it available here in my personal internet site too.

Original Mimecast Engineering Blog post at Medium

Running a large cloud-based service requires monitoring the state of huge numbers of machines, a task for which many standard UNIX tools were not really designed. In this post, I will describe a simple program, DTail, that Mimecast has built and released as Open-Source, which enables us to monitor log files of many servers at once without the costly overhead of a full-blown log management system.

At Mimecast, we run over 10 thousand server boxes. Most of them host multiple microservices and each of them produces log files. Even with the use of time series databases and monitoring systems, raw application logs are still an important source of information when it comes to analysing, debugging, and troubleshooting services.

Every engineer familiar with UNIX or a UNIX-like platform (e.g., Linux) is well aware of tail, a command-line program for displaying a text file content on the terminal which is also especially useful for following application or system log files with tail -f logfile.

Think of DTail as a distributed version of the tail program which is very useful when you have a distributed application running on many servers. DTail is an Open-Source, cross-platform, fairly easy to use, support and maintain log file analysis & statistics gathering tool designed for Engineers and Systems Administrators. It is programmed in Google Go.

A Mimecast Pet Project

DTail got its inspiration from public domain tools available already in this area but it is a blue sky from-scratch development which was first presented at Mimecast’s annual internal Pet Project competition (awarded with a Bronze prize). It has gained popularity since and is one of the most widely deployed DevOps tools at Mimecast (reaching nearly 10k server installations) and many engineers use it on a regular basis. The Open-Source version of DTail is available at:

https://dtail.dev

Try it out — We would love any feedback. But first, read on…

Differentiating from log management systems

Why not just use a full-blown log management system? There are various Open-Source and commercial log management solutions available on the market you could choose from (e.g. the ELK stack). Most of them store the logs in a centralized location and are fairly complex to set up and operate. Possibly they are also pretty expensive to operate if you have to buy dedicated hardware (or pay fees to your cloud provider) and have to hire support staff for it.

DTail does not aim to replace any of the log management tools already available but is rather an additional tool crafted especially for ad-hoc debugging and troubleshooting purposes. DTail is cheap to operate as it does not require any dedicated hardware for log storage as it operates directly on the source of the logs. It means that there is a DTail server installed on all server boxes producing logs. This decentralized comes with the direct advantages that there is no introduced delay because the logs are not shipped to a central log storage device. The reduced complexity also makes it more robust against outages. You won’t be able to troubleshoot your distributed application very well if the log management infrastructure isn’t working either.

DTail sample session animated gif:

As a downside, you won’t be able to access any logs with DTail when the server is down. Furthermore, a server can store logs only up to a certain capacity as disks will fill up. For the purpose of ad-hoc debugging, these are not typically issues. Usually, it’s the application you want to debug and not the server. And disk space is rarely an issue for bare metal and VM-based systems these days, with sufficient space for several weeks’ worth of log storage being available. DTail also supports reading compressed logs. The currently supported compression algorithms are gzip and zstd.

Combining simplicity, security and efficiency

DTail also has a client component that connects to multiple servers concurrently for log files (or any other text files).

The DTail client interacts with a DTail server on port TCP/2222 via SSH protocol and does not interact in any way with the system’s SSH server (e.g., OpenSSH Server) which might be running at port TCP/22 already. As a matter of fact, you don’t need a regular SSH server running for DTail at all. There is no support for interactive login shells at TCP/2222 either, as by design that port can only be used for text data streaming. The SSH protocol is used for the public/private key infrastructure and transport encryption only and DTail implements its own protocol on top of SSH for the features provided. There is no need to set up or buy any additional TLS certificates. The port 2222 can be easily reconfigured if you preferred to use a different one.

The DTail server, which is a single static binary, will not fork an external process. This means that all features are implemented in native Go code (exception: Linux ACL support is implemented in C, but it must be enabled explicitly on compile time) and therefore helping to make it robust, secure, efficient, and easy to deploy. A single client, running on a standard Laptop, can connect to thousands of servers concurrently while still maintaining a small resource footprint.

Recent log files are very likely still in the file system caches on the servers. Therefore, there tends to be a minimal I/O overhead involved.

The DTail family of commands

Following the UNIX philosophy, DTail includes multiple command-line commands each of them for a different purpose:

• dserver: The DTail server, the only binary required to be installed on the servers involved.
• dtail: The distributed log tail client for following log files.
• dcat: The distributed cat client for concatenating and displaying text files.
• dgrep: The distributed grep client for searching text files for a regular expression pattern.
• dmap: The distributed map-reduce client for aggregating stats from log files.

DGrep sample session animated gif:

Usage example

The use of these commands is almost self-explanatory for a person already used to the standard command line in Unix systems. One of the main goals is to make DTail easy to use. A tool that is too complicated to use under high-pressure scenarios (e.g., during an incident) can be quite detrimental.

The basic idea is to start one of the clients from the command line and provide a list of servers to connect to with –servers. You also must provide a path of remote (log) files via –files. If you want to process multiple files per server, you could either provide a comma-separated list of file paths or make use of file system globbing (or a combination of both).

The following example would connect to all DTail servers listed in the serverlist.txt, follow all files with the ending .log and filter for lines containing the string error. You can specify any Go compatible regular expression. In this example we add the case-insensitive flag to the regex:

dtail –servers serverlist.txt –files ‘/var/log/*.log’ –regex ‘(?i:error)’

You usually want to specify a regular expression as a client argument. This will mean that responses are pre-filtered for all matching lines on the server-side and thus sending back only the relevant lines to the client. If your logs are growing very rapidly and the regex is not specific enough there might be the chance that your client is not fast enough to keep up processing all of the responses. This could be due to a network bottleneck or just as simple as a slow terminal emulator displaying the log lines on the client-side.

A green 100 in the client output before each log line received from the server always indicates that there were no such problems and 100% of all log lines could be displayed on your terminal (have a look at the animated Gifs in this post). If the percentage falls below 100 it means that some of the channels used by the servers to send data to the client are congested and lines were dropped. In this case, the color will change from green to red. The user then could decide to run the same query but with a more specific regex.

You could also provide a comma-separated list of servers as opposed to a text file. There are many more options you could use. The ones listed here are just the very basic ones. There are more instructions and usage examples on the GitHub page. Also, you can study even more of the available options via the –help switch (some real treasures might be hidden there).

Fitting it in

DTail integrates nicely into the user management of existing infrastructure. It follows normal system permissions and does not open new “holes” on the server which helps to keep security departments happy. The user would not have more or less file read permissions than he would have via a regular SSH login shell. There is a full SSH key, traditional UNIX permissions, and Linux ACL support. There is also a very low resource footprint involved. On average for tailing and searching log files less than 100MB RAM and less than a quarter of a CPU core per participating server are required. Complex map-reduce queries on big data sets will require more resources accordingly.

Advanced features

The features listed here are out of the scope of this blog post but are worthwhile to mention:

• Distributed map-reduce queries on stats provided in log files with dmap. dmap comes with its own SQL-like aggregation query language.
• Stats streaming with continuous map-reduce queries. The difference to normal queries is that the stats are aggregated over a specified interval only on the newly written log lines. Thus, giving a de-facto live stat view for each interval.
• Server-side scheduled queries on log files. The queries are configured in the DTail server configuration file and scheduled at certain time intervals. Results are written to CSV files. This is useful for generating daily stats from the log files without the need for an interactive client.
• Server-side stats streaming with continuous map-reduce queries. This for example can be used to periodically generate stats from the logs at a configured interval, e.g., log error counts by the minute. These then can be sent to a time-series database (e.g., Graphite) and then plotted in a Grafana dashboard.
• Support for custom extensions. E.g., for different server discovery methods (so you don’t have to rely on plain server lists) and log file formats (so that map-reduce queries can parse more stats from the logs).

For the future

There are various features we want to see in the future.

• A spartan mode, not printing out any extra information but the raw remote log files would be a nice feature to have. This will make it easier to post-process the data produced by the DTail client with common UNIX tools. (To some degree this is possible already, just disable the ANSI terminal color output of the client with -noColors and pipe the output to another program).
• Tempting would be implementing the dgoawk command, a distributed version of the AWK programming language purely implemented in Go, for advanced text data stream processing capabilities. There are 3rd party libraries available implementing AWK in pure Go which could be used.
• A more complex change would be the support of federated queries. You can connect to thousands of servers from a single client running on a laptop. But does it scale to 100k of servers? Some of the servers could be used as middleware for connecting to even more servers.
• Another aspect is to extend the documentation. Especially the advanced features such as map-reduce query language and how to configure the server-side queries currently do require more documentation. For now, you can read the code, sample config files or just ask the author for that! But this will be certainly addressed in the future.

Open Source

Mimecast highly encourages you to have a look at DTail and submit an issue for any features you would like to see. Have you found a bug? Maybe you just have a question or comment? If you want to go a step further: We would also love to see pull requests for any features or improvements. Either way, if in doubt just contact us via the DTail GitHub page.

https://dtail.dev

E-Mail me your thoughts at comments@mx.buetow.org!

Realistic load testing with I/O Riot for Linux

       .---.
      /     \
      \.@-@./
      /`\_/`\
     //  _  \\
    | \     )|_
   /`\_`>  <_/ \
jgs\__/'---'\__/

Written by Paul Buetow 2018-06-01, last updated 2021-05-08

Foreword

This text first was published in the german IT-Administrator computer Magazine. 3 years have passed since and I decided to publish it on my blog too.

https://www.admin-magazin.de/Das-Heft/2018/06/Realistische-Lasttests-mit-I-O-Riot

I havn't worked on I/O Riot for some time now, but all what is written here is still valid. I am still using I/O Riot to debug I/O issues and pattern once in a while, so by all means the tool is not obsolete yet. The tool even helped to resolve a major production incident at work caused by disk I/O.

I am eagerly looking forward to revamp I/O Riot so that it uses the new BPF Linux capabilities instead of plain old Systemtap (or alternatively: Newer versions of Systemtap can also use BPF as the backend I have learned). Also, when I wrote I/O Riot initially, I didn't have any experience with the Go programming language yet and therefore I wrote it in C. Once it gets revamped I might consider using Go instead of C as it would spare me from many segmentation faults and headaches during development ;-). I might also just stick to C for plain performance reasons and just refactor the code dealing with concurrency.

Pleace notice that some of the screenshots show the command "ioreplay" instead of "ioriot". That's because the name has changed after taking those.

The article

With I/O Riot IT administrators can load test and optimize the I/O subsystem of Linux-based operating systems. The tool makes it possible to record I/O patterns and replay them at a later time as often as desired. This means bottlenecks can be reproduced and eradicated.

When storing huge amounts of data, such as more than 200 billion archived emails at Mimecast, it's not only the available storage capacity that matters, but also the data throughput and latency. At the same time, operating costs must be kept as low as possible. The more systems involved, the more important it is to optimize the hardware, the operating system and the applications running on it.

Background: Existing Techniques

Conventional I/O benchmarking: Administrators usually use open source benchmarking tools like IOZone and bonnie++. Available database systems such as Redis and MySQL come with their own benchmarking tools. The common problem with these tools is that they work with prescribed artificial I/O patterns. Although this can test both sequential and randomized data access, the patterns do not correspond to what can be found on production systems.

Testing by load test environment: Another option is to use a separate load test environment in which, as far as possible, a production environment with all its dependencies is simulated. However, an environment consisting of many microservices is very complex. Microservices are usually managed by different teams, which means extra coordination effort for each load test. Another challenge is to generate the load as authentically as possible so that the patterns correspond to a productive environment. Such a load test environment can only handle as many requests as its weakest link can handle. For example, load generators send many read and write requests to a frontend microservice, whereby the frontend forwards the requests to a backend microservice responsible for storing the data. If the frontend service does not process the requests efficiently enough, the backend service is not well utilized in the first place. As a rule, all microservices are clustered across many servers, which makes everything even more complicated. Under all these conditions it is very difficult to test I/O of separate backend systems. Moreover, for many small and medium-sized companies, a separate load test environment would not be feasible for cost reasons.

Testing in the production environment: For these reasons, benchmarks are often carried out in the production environment. In order to derive value from this such tests are especially performed during peak hours when systems are under high load. However, testing on production systems is associated with risks and can lead to failure or loss of data without adequate protection.

Benchmarking the Email Cloud at Mimecast

For email archiving, Mimecast uses an internally developed microservice, which is operated directly on Linux-based storage systems. A storage cluster is divided into several replication volumes. Data is always replicated three times across two secure data centers. Customer data is automatically allocated to one or more volumes, depending on throughput, so that all volumes are automatically assigned the same load. Customer data is archived on conventional, but inexpensive hard disks with several terabytes of storage capacity each. I/O benchmarking proved difficult for all the reasons mentioned above. Furthermore, there are no ready-made tools for this purpose in the case of self-developed software. The service operates on many block devices simultaneously, which can make the RAID controller a bottleneck. None of the freely available benchmarking tools can test several block devices at the same time without extra effort. In addition, emails typically consist of many small files. Randomized access to many small files is particularly inefficient. In addition to many software adaptations, the hardware and operating system must also be optimized.

Mimecast encourages employees to be innovative and pursue their own ideas in the form of an internal competition, Pet Project. The goal of the pet project I/O Riot was to simplify OS and hardware level I/O benchmarking. The first prototype of I/O Riot was awarded an internal roadmap prize in the spring of 2017. A few months later, I/O Riot was used to reduce write latency in the storage clusters by about 50%. The improvement was first verified by I/O replay on a test system and then successively applied to all storage systems. I/O Riot was also used to resolve a production incident caused by disk I/O load.

Using I/O Riot

First, all I/O events are logged to a file on a production system with I/O Riot. It is then copied to a test system where all events are replayed in the same way. The crucial point here is that you can reproduce I/O patterns as they are found on a production system as often as you like on a test system. This results in the possibility of optimizing the set screws on the system after each run.

Installation

I/O Riot was tested under CentOS 7.2 x86_64. For compiling, the GNU C compiler and Systemtap including kernel debug information are required. Other Linux distributions are theoretically compatible but untested. First of all, you should update the systems involved as follows:

% sudo yum update

If the kernel is updated, please restart the system. The installation would be done without a restart but this would complicate the installation. The installed kernel version should always correspond to the currently running kernel. You can then install I/O Riot as follows:

% sudo yum install gcc git systemtap yum-utils kernel-devel-$(uname -r)
% sudo debuginfo-install kernel-$(uname -r)
% git clone https://github.com/mimecast/ioriot
% cd ioriot
% make
% sudo make install
% export PATH=$PATH:/opt/ioriot/bin

Note: It is not best practice to install any compilers on production systems. For further information please have a look at the enclosed README.md.

Recording of I/O events

All I/O events are kernel related. If a process wants to perform an I/O operation, such as opening a file, it must inform the kernel of this by a system call (short syscall). I/O Riot relies on the Systemtap tool to record I/O syscalls. Systemtap, available for all popular Linux distributions, helps you to take a look at the running kernel in productive environments, which makes it predestined to monitor all I/O-relevant Linux syscalls and log them to a file. Other tools, such as strace, are not an alternative because they slow down the system too much.

During recording, ioriot acts as a wrapper and executes all relevant Systemtap commands for you. Use the following command to log all events to io.capture:

% sudo ioriot -c io.capture

Screenshot I/O recording:

A Ctrl-C (SIGINT) stops recording prematurely. Otherwise, ioriot terminates itself automatically after 1 hour. Depending on the system load, the output file can grow to several gigabytes. Only metadata is logged, not the read and written data itself. When replaying later, only random data is used. Under certain circumstances, Systemtap may omit some system calls and issue warnings. This is to ensure that Systemtap does not consume too many resources.

Test preparation

Then copy io.capture to a test system. The log also contains all accesses to the pseudo file systems devfs, sysfs and procfs. This makes little sense, which is why you must first generate a cleaned and playable version io.replay from io.capture as follows:

% sudo ioriot -c io.capture -r io.replay -u $USER -n TESTNAME

The parameter -n allows you to assign a freely selectable test name. An arbitrary system user under which the test is to be played is specified via paramater -u.

Test Initialization

The test will most likely want to access existing files. These are files the test wants to read but does not create by itself. The existence of these must be ensured before the test. You can do this as follows:

% sudo ioriot -i io.replay

To avoid any damage to the running system, ioreplay only works in special directories. The tool creates a separate subdirectory for each file system mount point (e.g. /, /usr/local, /store/00,...) (here: /.ioriot/TESTNAME, /usr/local/.ioriot/TESTNAME, /store/00/.ioriot/TESTNAME,...). By default, the working directory of ioriot is /usr/local/ioriot/TESTNAME.

Screenshot test preparation:

You must re-initialize the environment before each run. Data from previous tests will be moved to a trash directory automatically, which can be finally deleted with "sudo ioriot -P".

Replay

After initialization, you can replay the log with -r. You can use -R to initiate both test initialization and replay in a single command and -S can be used to specify a file in which statistics are written after the test run.

You can also influence the playback speed: "-s 0" is interpreted as "Playback as fast as possible" and is the default setting. With "-s 1" all operations are performed at original speed. "-s 2" would double the playback speed and "-s 0.5" would halve it.

Screenshot replaying I/O:

As an initial test, for example, you could compare the two Linux I/O schedulers CFQ and Deadline and check which scheduler the test runs the fastest. They run the test separately for each scheduler. The following shell loop iterates through all attached block devices of the system and changes their I/O scheduler to the one specified in variable $new_scheduler (in this case either cfq or deadline). Subsequently, all I/O events from the io.replay protocol are played back. At the end, an output file with statistics is generated:

% new_scheduler=cfq
% for scheduler in /sys/block/*/queue/scheduler; do
    echo $new_scheduler | sudo tee $scheduler
done
% sudo ioriot -R io.replay -S cfq.txt
% new_scheduler=deadline
% for scheduler in /sys/block/*/queue/scheduler; do
   echo $new_scheduler | sudo tee $scheduler
done
% sudo ioriot -R io.replay -S deadline.txt

According to the results, the test could run 940 seconds faster with Deadline Scheduler:

% cat cfq.txt
Num workers: 4
hreads per worker: 128
otal threads: 512
Highest loadavg: 259.29
Performed ioops: 218624596
Average ioops/s: 101544.17
Time ahead: 1452s
Total time: 2153.00s
% cat deadline.txt
Num workers: 4
Threads per worker: 128
Total threads: 512
Highest loadavg: 342.45
Performed ioops: 218624596
Average ioops/s: 180234.62
Time ahead: 2392s
Total time: 1213.00s

In any case, you should also set up a time series database, such as Graphite, where the I/O throughput can be plotted. Figures 4 and 5 show the read and write access times of both tests. The break-in makes it clear when the CFQ test ended and the deadline test was started. The reading latency of both tests is similar. Write latency is dramatically improved using the Deadline Scheduler.

Graphite visualization of the mean read access times in ms with CFQ and Deadline Scheduler.:
Graphite visualization of the average write access times in ms with CFQ and Deadline Scheduler.:

You should also take a look at the iostat tool. The iostat screenshot shows the output of iostat -x 10 during a test run. As you can see, a block device is fully loaded with 99% utilization, while all other block devices still have sufficient buffer. This could be an indication of poor data distribution in the storage system and is worth pursuing. It is not uncommon for I/O Riot to reveal software problems.

Output of iostat. The block device sdy seems to be almost fully utilized by 99%.:

I/O Riot is Open Source

The tool has already proven to be very useful and will continue to be actively developed as time and priority permits. Mimecast intends to be an ongoing contributor to Open Source. You can find I/O Riot at:

https://github.com/mimecast/ioriot

Systemtap

Systemtap is a tool for the instrumentation of the Linux kernel. The tool provides an AWK-like programming language. Programs written in it are compiled from Systemtap to C- and then into a dynamically loadable kernel module. Loaded into the kernel, the program has access to Linux internals. A Systemtap program written for I/O Riot monitors when, with which parameters, at which time, and from which process I/O syscalls take place and their return values.

For example, the open syscall opens a file and returns the responsible file descriptor. The read and write syscalls can operate on a file descriptor and return the number of read or written bytes. The close syscall closes a given file descriptor. I/O Riot comes with a ready-made Systemtap program, which you have already compiled into a kernel module and installed to /opt/ioriot. In addition to open, read and close, it logs many other I/O-relevant calls.

https://sourceware.org/systemtap/

More refereces

IOZone
Bonnie++
Graphite
Memory mapped I/O

E-Mail me your thoughts at comments@mx.buetow.org!

Methods in C

Written by Paul Buetow 2016-11-20

You can do some sort of object-oriented programming in the C Programming Language. However, that is very limited. But also very easy and straightforward to use.

Example

Let's have a look at the following sample program. All you have to do is to add a function pointer such as "calculate" to the definition of struct "something_s". Later, during the struct initialization, assign a function address to that function pointer:

#include <stdio.h>

typedef struct {
    double (*calculate)(const double, const double);
    char *name;
} something_s;

double multiplication(const double a, const double b) {
    return a * b;
}

double division(const double a, const double b) {
    return a / b;
}

int main(void) {
    something_s mult = (something_s) {
        .calculate = multiplication,
        .name = "Multiplication"
    };

    something_s div = (something_s) {
        .calculate = division,
        .name = "Division"
    };

    const double a = 3, b = 2;

    printf("%s(%f, %f) => %f\n", mult.name, a, b, mult.calculate(a,b));
    printf("%s(%f, %f) => %f\n", div.name, a, b, div.calculate(a,b));
}

As you can see, you can call the function (pointed by the function pointer) the same way as in C++ or Java via:

printf("%s(%f, %f) => %f\n", mult.name, a, b, mult.calculate(a,b));
printf("%s(%f, %f) => %f\n", div.name, a, b, div.calculate(a,b));

However, that's just syntactic sugar for:

printf("%s(%f, %f) => %f\n", mult.name, a, b, (*mult.calculate)(a,b));
printf("%s(%f, %f) => %f\n", div.name, a, b, (*div.calculate)(a,b));

Output:

pbuetow ~/git/blog/source [38268]% gcc methods-in-c.c -o methods-in-c
pbuetow ~/git/blog/source [38269]% ./methods-in-c
Multiplication(3.000000, 2.000000) => 6.000000
Division(3.000000, 2.000000) => 1.500000

Not complicated at all, but nice to know and helps to make the code easier to read!

The flaw

However, that's not really how it works in object-oriented languages such as Java and C++. The method call in this example is not a method call as "mult" and "div" in this example are not "message receivers". I mean that the functions can not access the state of the "mult" and "div" struct objects. In C, you would need to do something like this instead if you wanted to access the state of "mult" from within the calculate function, you would have to pass it as an argument:

mult.calculate(mult,a,b));

How to overcome this? You need to take it further.

Taking it further

If you want to take it further, type "Object-Oriented Programming with ANSI-C" into your favourite internet search engine, you will find some crazy stuff. Some go as far as writing a C preprocessor in AWK, which takes some object-oriented pseudo-C and transforms it to plain C so that the C compiler can compile it to machine code. This is similar to how the C++ language had its origins.

E-Mail me your thoughts at comments@mx.buetow.org!

Spinning up my own authoritative DNS servers

Written by Paul Buetow 2016-05-22

Background

Finally, I had time to deploy my authoritative DNS servers (master and slave) for my domains "buetow.org" and "buetow.zone". My domain name provider is Schlund Technologies. They allow their customers to edit the DNS records (BIND files) manually. And they also allow you to set your authoritative DNS servers for your domains. From now, I am making use of that option.

Schlund Technologies

All FreeBSD Jails

To set up my authoritative DNS servers, I installed a FreeBSD Jail dedicated for DNS with Puppet on my root machine as follows:

include freebsd

freebsd::ipalias { '2a01:4f8:120:30e8::14':
  ensure    => up,
  proto     => 'inet6',
  preflen   => '64',
  interface => 're0',
  aliasnum  => '5',
}

include jail::freebsd

class { 'jail':
  ensure              => present,
  jails_config        => {
    dns                     => {
      '_ensure'             => present,
      '_type'               => 'freebsd',
      '_mirror'             => 'ftp://ftp.de.freebsd.org',
      '_remote_path'        => 'FreeBSD/releases/amd64/10.1-RELEASE',
      '_dists'              => [ 'base.txz', 'doc.txz', ],
      '_ensure_directories' => [ '/opt', '/opt/enc' ],
      'host.hostname'       => "'dns.ian.buetow.org'",
      'ip4.addr'            => '192.168.0.15',
      'ip6.addr'            => '2a01:4f8:120:30e8::15',
    },
    .
    .
  }
}

PF firewall

Please note that "dns.ian.buetow.org" is just the Jail name of the master DNS server (and "caprica.ian.buetow.org" the name of the Jail for the slave DNS server) and that I am using the DNS names "dns1.buetow.org" (master) and "dns2.buetow.org" (slave) for the actual service names (these are the DNS servers visible to the public). Please also note that the IPv4 address is an internal one. I have a PF to use NAT and PAT. The DNS ports are being forwarded (TCP and UDP) to that Jail. By default, all ports are blocked, so I am adding an exception rule for the IPv6 address. These are the PF rules in use:

% cat /etc/pf.conf
.
.
# dns.ian.buetow.org 
rdr pass on re0 proto tcp from any to $pub_ip port {53} -> 192.168.0.15
rdr pass on re0 proto udp from any to $pub_ip port {53} -> 192.168.0.15
pass in on re0 inet6 proto tcp from any to 2a01:4f8:120:30e8::15 port {53} flags S/SA keep state
pass in on re0 inet6 proto udp from any to 2a01:4f8:120:30e8::15 port {53} flags S/SA keep state
.
.

Puppet managed BIND zone files

In "manifests/dns.pp" (the Puppet manifest for the Master DNS Jail itself), I configured the BIND DNS server this way:

class { 'bind_freebsd':
  config         => "puppet:///files/bind/named.${::hostname}.conf",
  dynamic_config => "puppet:///files/bind/dynamic.${::hostname}",
}

The Puppet module is a pretty simple one. It installs the file "/usr/local/etc/named/named.conf" and it populates the "/usr/local/etc/named/dynamicdb" directory with all my zone files.

Once (Puppet-) applied inside of the Jail, I get this:

paul uranus:~/git/blog/source [4268]% ssh admin@dns1.buetow.org.buetow.org pgrep -lf named
60748 /usr/local/sbin/named -u bind -c /usr/local/etc/namedb/named.conf
paul uranus:~/git/blog/source [4269]% ssh admin@dns1.buetow.org.buetow.org tail -n 13 /usr/local/etc/namedb/named.conf
zone "buetow.org" {
    type master;
    notify yes;
    allow-update { key "buetoworgkey"; };
    file "/usr/local/etc/namedb/dynamic/buetow.org";
};

zone "buetow.zone" {
    type master;
    notify yes;
    allow-update { key "buetoworgkey"; };
    file "/usr/local/etc/namedb/dynamic/buetow.zone";
};
paul uranus:~/git/blog/source [4277]% ssh admin@dns1.buetow.org.buetow.org cat /usr/local/etc/namedb/dynamic/buetow.org
$TTL 3600
@    IN   SOA   dns1.buetow.org. domains.buetow.org. (
     25       ; Serial
     604800   ; Refresh
     86400    ; Retry
     2419200  ; Expire
     604800 ) ; Negative Cache TTL
; Infrastructure domains
@ IN NS dns1
@ IN NS dns2
* 300 IN CNAME web.ian
buetow.org. 86400 IN A 78.46.80.70
buetow.org. 86400 IN AAAA 2a01:4f8:120:30e8:0:0:0:11
buetow.org. 86400 IN MX 10 mail.ian
dns1 86400 IN A 78.46.80.70
dns1 86400 IN AAAA 2a01:4f8:120:30e8:0:0:0:15
dns2 86400 IN A 164.177.171.32
dns2 86400 IN AAAA 2a03:2500:1:6:20::
.
.
.
.

That is my master DNS server. My slave DNS server runs in another Jail on another bare-metal machine. Everything is set up similar to the master DNS server. However, that server is located in a different DC and different IP subnets. The only difference is the "named.conf". It's configured to be a slave, and that means that the "dynamicdb" gets populated by BIND itself while doing zone transfers from the master.

paul uranus:~/git/blog/source [4279]% ssh admin@dns2.buetow.org tail -n 11 /usr/local/etc/namedb/named.conf
zone "buetow.org" {
    type slave;
    masters { 78.46.80.70; };
    file "/usr/local/etc/namedb/dynamic/buetow.org";
};

zone "buetow.zone" {
    type slave;
    masters { 78.46.80.70; };
    file "/usr/local/etc/namedb/dynamic/buetow.zone";
};

The result

The result looks like this now:

% dig -t ns buetow.org
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> -t ns buetow.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37883
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;buetow.org.			IN	NS

;; ANSWER SECTION:
buetow.org.		600	IN	NS	dns2.buetow.org.
buetow.org.		600	IN	NS	dns1.buetow.org.

;; Query time: 41 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Sun May 22 11:34:11 BST 2016
;; MSG SIZE  rcvd: 77

% dig -t any buetow.org @dns1.buetow.org
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> -t any buetow.org @dns1.buetow.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49876
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;buetow.org.			IN	ANY

;; ANSWER SECTION:
buetow.org.		86400	IN	A	78.46.80.70
buetow.org.		86400	IN	AAAA	2a01:4f8:120:30e8::11
buetow.org.		86400	IN	MX	10 mail.ian.buetow.org.
buetow.org.		3600	IN	SOA	dns1.buetow.org. domains.buetow.org. 25 604800 86400 2419200 604800
buetow.org.		3600	IN	NS	dns2.buetow.org.
buetow.org.		3600	IN	NS	dns1.buetow.org.

;; ADDITIONAL SECTION:
mail.ian.buetow.org.	86400	IN	A	78.46.80.70
dns1.buetow.org.	86400	IN	A	78.46.80.70
dns2.buetow.org.	86400	IN	A	164.177.171.32
mail.ian.buetow.org.	86400	IN	AAAA	2a01:4f8:120:30e8::12
dns1.buetow.org.	86400	IN	AAAA	2a01:4f8:120:30e8::15
dns2.buetow.org.	86400	IN	AAAA	2a03:2500:1:6:20::

;; Query time: 42 msec
;; SERVER: 78.46.80.70#53(78.46.80.70)
;; WHEN: Sun May 22 11:34:41 BST 2016
;; MSG SIZE  rcvd: 322

Monitoring

For monitoring, I am using Icinga2 (I am operating two Icinga2 instances in two different DCs). I may have to post another blog article about Icinga2, but to get the idea, these were the snippets added to my Icinga2 configuration:

apply Service "dig" {
    import "generic-service"

    check_command = "dig"
    vars.dig_lookup = "buetow.org"
    vars.timeout = 30

    assign where host.name == "dns.ian.buetow.org" || host.name == "caprica.ian.buetow.org"
}

apply Service "dig6" {
    import "generic-service"

    check_command = "dig"
    vars.dig_lookup = "buetow.org"
    vars.timeout = 30
    vars.check_ipv6 = true

    assign where host.name == "dns.ian.buetow.org" || host.name == "caprica.ian.buetow.org"
}

DNS update workflow

Whenever I have to change a DNS entry, all I have to do is:

• Git clone or update the Puppet repository
• Update/commit and push the zone file (e.g. "buetow.org")
• Wait for Puppet. Puppet will deploy that updated zone file. And it will reload the BIND server.
• The BIND server will notify all slave DNS servers (at the moment, only one). And it will transfer the new version of the zone.

That's much more comfortable now than manually clicking at some web UIs at Schlund Technologies.

E-Mail me your thoughts at comments@mx.buetow.org!

Offsite backup with ZFS (Part 2)

 ________________
|# :           : #|
|  : ZFS/GELI  :  |________________ 
|  :   Offsite : |# :           : #|
|  :  Backup 1 : |  : ZFS/GELI  :  |
|  :___________: |  :   Offsite :  |
|     _________  |  :  Backup 2 :  |
|    | __      | |  :___________:  |
|    ||  |     | |     _________   |
\____||__|_____|_|    | __      |  |
                 |    ||  |     |  |
                 \____||__|_____|__|

Written by Paul Buetow 2016-04-16

Read the first part before reading any furter here...

I enhanced the procedure a bit. From now on, I have two external 2TB USB hard drives. Both are set up precisely the same way. To decrease the probability that both drives will not fail simultaneously, they are of different brands. One drive is kept at a secret location. The other one is held at home, right next to my HP MicroServer.

Whenever I update the offsite backup, I am doing it to the drive, which is kept locally. Afterwards, I bring it to the secret location, swap the drives, and bring the other back home. This ensures that I will always have an offsite backup available at a different location than my home - even while updating one copy of it.

Furthermore, I added scrubbing ("zpool scrub...") to the script. It ensures that the file system is consistent and that there are no bad blocks on the disk and the file system. To increase the reliability, I also run a "zfs set copies=2 zroot". That setting is also synchronized to the offsite ZFS pool. ZFS stores every data block to disk twice now. Yes, it consumes twice as much disk space, making it better fault-tolerant against hardware errors (e.g. only individual disk sectors going bad).

E-Mail me your thoughts at comments@mx.buetow.org!

Jails and ZFS with Puppet on FreeBSD

            __     __
           (( \---/ ))
            )__   __(
           / ()___() \
           \  /(_)\  /
            \ \_|_/ /
      _______>     <_______
     //\      |>o<|      /\\
     \\/___           ___\//
           |         |
           |         |
           |         |
           |         |
           `--....---'
             \     \
              \     `.     hjw
               \      `.

Written by Paul Buetow 2016-04-09

Over the last couple of years I wrote quite a few Puppet modules in order to manage my personal server infrastructure. One of them manages FreeBSD Jails and another one ZFS file systems. I thought I would give a brief overview in how it looks and feels.

https://github.com/snonux/puppet-modules

ZFS

The ZFS module is a pretty basic one. It does not manage ZFS pools yet as I am not creating them often enough which would justify implementing an automation. But let's see how we can create a ZFS file system (on an already given ZFS pool named ztank):

Puppet snippet:

zfs::create { 'ztank/foo':
  ensure     => present,
  filesystem => '/srv/foo',

  require => File['/srv'],
}

Puppet run:

admin alphacentauri:/opt/git/server/puppet/manifests [1212]% puppet.apply
Password:
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for alphacentauri.home in environment production in 7.14 seconds
Info: Applying configuration version '1460189837'
Info: mount[files]: allowing * access
Info: mount[restricted]: allowing * access
Notice: /Stage[main]/Main/Node[alphacentauri]/Zfs::Create[ztank/foo]/Exec[ztank/foo_create]/returns: executed successfully
Notice: Finished catalog run in 25.41 seconds
admin alphacentauri:~ [1213]% zfs list | grep foo
ztank/foo                     96K  1.13T    96K  /srv/foo
admin alphacentauri:~ [1214]% df | grep foo
ztank/foo                  1214493520        96 1214493424     0%    /srv/foo
admin alphacentauri:~ [1215]% 

The destruction of the file system just requires to set "ensure" to "absent" in Puppet:

zfs::create { 'ztank/foo':
  ensure     => absent,
  filesystem => '/srv/foo',

  require => File['/srv'],
}¬

Puppet run:

admin alphacentauri:/opt/git/server/puppet/manifests [1220]% puppet.apply
Password:
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for alphacentauri.home in environment production in 6.14 seconds
Info: Applying configuration version '1460190203'
Info: mount[files]: allowing * access
Info: mount[restricted]: allowing * access
Notice: /Stage[main]/Main/Node[alphacentauri]/Zfs::Create[ztank/foo]/Exec[zfs destroy -r ztank/foo]/returns: executed successfully
Notice: Finished catalog run in 22.72 seconds
admin alphacentauri:/opt/git/server/puppet/manifests [1221]% zfs list | grep foo
zsh: done       zfs list | 
zsh: exit 1     grep foo
admin alphacentauri:/opt/git/server/puppet/manifests [1222:1]% df | grep foo
zsh: done       df | 
zsh: exit 1     grep foo

Jails

Here is an example in how a FreeBSD Jail can be created. The Jail will have its own public IPv6 address. And it will have its own internal IPv4 address with IPv4 NAT to the internet (this is due to the limitation that the host server only got one public IPv4 address which requires sharing between all the Jails).

Furthermore, Puppet will ensure that the Jail will have its own ZFS file system (internally it is using the ZFS module). Please notice that the NAT requires the packet filter to be setup correctly (not covered in this blog post).

include jail::freebsd

# Cloned interface for Jail IPv4 NAT
freebsd::rc_config { 'cloned_interfaces':
  value => 'lo1',
}
freebsd::rc_config { 'ipv4_addrs_lo1':
  value => '192.168.0.1-24/24'
}

freebsd::ipalias { '2a01:4f8:120:30e8::17':
  ensure    => up,
  proto     => 'inet6',
  preflen   => '64',
  interface => 're0',
  aliasnum  => '8',
}

class { 'jail':
  ensure              => present,
  jails_config        => {
    sync                     => {
      '_ensure'             => present,
      '_type'               => 'freebsd',
      '_mirror'             => 'ftp://ftp.de.freebsd.org',
      '_remote_path'        => 'FreeBSD/releases/amd64/10.1-RELEASE',
      '_dists'              => [ 'base.txz', 'doc.txz', ],
      '_ensure_directories' => [ '/opt', '/opt/enc' ],
      '_ensure_zfs'         => [ '/sync' ],
      'host.hostname'       => "'sync.ian.buetow.org'",
      'ip4.addr'            => '192.168.0.17',
      'ip6.addr'            => '2a01:4f8:120:30e8::17',
    },
  }
}

This is how the result looks like:

admin sun:/etc [1939]% puppet.apply
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for sun.ian.buetow.org in environment production in 1.80 seconds
Info: Applying configuration version '1460190986'
Notice: /Stage[main]/Jail/File[/etc/jail.conf]/ensure: created
Info: mount[files]: allowing * access
Info: mount[restricted]: allowing * access
Info: Computing checksum on file /etc/motd
Info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum fced1b6e89f50ef2c40b0d7fba9defe8
Notice: /Stage[main]/Jail/Jail::Create[sync]/File[/jail/sync]/ensure: created
Notice: /Stage[main]/Jail/Jail::Create[sync]/Zfs::Create[zroot/jail/sync]/Exec[zroot/jail/sync_create]/returns: executed successfully
Notice: /Stage[main]/Jail/Jail::Create[sync]/File[/jail/sync/opt]/ensure: created
Notice: /Stage[main]/Jail/Jail::Create[sync]/File[/jail/sync/opt/enc]/ensure: created
Notice: /Stage[main]/Jail/Jail::Create[sync]/Jail::Ensure_zfs[/sync]/Zfs::Create[zroot/jail/sync/sync]/Exec[zroot/jail/sync/sync_create]/returns: executed successfully
Notice: /Stage[main]/Jail/Jail::Create[sync]/Jail::Freebsd::Create[sync]/File[/jail/sync/.jailbootstrap]/ensure: created
Notice: /Stage[main]/Jail/Jail::Create[sync]/Jail::Freebsd::Create[sync]/File[/etc/fstab.jail.sync]/ensure: created
Notice: /Stage[main]/Jail/Jail::Create[sync]/Jail::Freebsd::Create[sync]/File[/jail/sync/.jailbootstrap/bootstrap.sh]/ensure: created
Notice: /Stage[main]/Jail/Jail::Create[sync]/Jail::Freebsd::Create[sync]/Exec[sync_bootstrap]/returns: executed successfully
Notice: Finished catalog run in 49.72 seconds
admin sun:/etc [1942]% ls -l /jail/sync
total 154
-r--r--r--   1 root  wheel  6198 11 Nov  2014 COPYRIGHT
drwxr-xr-x   2 root  wheel    47 11 Nov  2014 bin
drwxr-xr-x   7 root  wheel    43 11 Nov  2014 boot
dr-xr-xr-x   2 root  wheel     2 11 Nov  2014 dev
drwxr-xr-x  23 root  wheel   101  9 Apr 10:37 etc
drwxr-xr-x   3 root  wheel    50 11 Nov  2014 lib
drwxr-xr-x   3 root  wheel     4 11 Nov  2014 libexec
drwxr-xr-x   2 root  wheel     2 11 Nov  2014 media
drwxr-xr-x   2 root  wheel     2 11 Nov  2014 mnt
drwxr-xr-x   3 root  wheel     3  9 Apr 10:36 opt
dr-xr-xr-x   2 root  wheel     2 11 Nov  2014 proc
drwxr-xr-x   2 root  wheel   143 11 Nov  2014 rescue
drwxr-xr-x   2 root  wheel     6 11 Nov  2014 root
drwxr-xr-x   2 root  wheel   132 11 Nov  2014 sbin
drwxr-xr-x   2 root  wheel     2  9 Apr 10:36 sync
lrwxr-xr-x   1 root  wheel    11 11 Nov  2014 sys -> usr/src/sys
drwxrwxrwt   2 root  wheel     2 11 Nov  2014 tmp
drwxr-xr-x  14 root  wheel    14 11 Nov  2014 usr
drwxr-xr-x  24 root  wheel    24 11 Nov  2014 var
admin sun:/etc [1943]% zfs list | grep sync;df | grep sync
zroot/jail/sync                 162M   343G   162M  /jail/sync
zroot/jail/sync/sync            144K   343G   144K  /jail/sync/sync
/opt/enc                                                 5061624     84248    4572448     2%    /jail/sync/opt/enc
zroot/jail/sync                                        360214972    166372  360048600     0%    /jail/sync
zroot/jail/sync/sync                                   360048744       144  360048600     0%    /jail/sync/sync
admin sun:/etc [1944]% cat /etc/fstab.jail.sync
# Generated by Puppet for a Jail.
# Can contain file systems to be mounted curing jail start.
admin sun:/etc [1945]% cat /etc/jail.conf
# Generated by Puppet

allow.chflags = true;
exec.start = '/bin/sh /etc/rc';
exec.stop = '/bin/sh /etc/rc.shutdown';
mount.devfs = true;
mount.fstab = "/etc/fstab.jail.$name";
path = "/jail/$name";

sync {
      host.hostname = 'sync.ian.buetow.org';
      ip4.addr = 192.168.0.17;
      ip6.addr = 2a01:4f8:120:30e8::17;
}
admin sun:/etc [1955]% sudo service jail start sync
Password:
Starting jails: sync.
admin sun:/etc [1956]% jls | grep sync
   103  192.168.0.17    sync.ian.buetow.org           /jail/sync
admin sun:/etc [1957]% sudo jexec 103 /bin/csh
root@sync:/ # ifconfig -a
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
     options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
     ether 50:46:5d:9f:fd:1e
     inet6 2a01:4f8:120:30e8::17 prefixlen 64 
     nd6 options=8021<PERFORMNUD,AUTO_LINKLOCAL,DEFAULTIF>
     media: Ethernet autoselect (1000baseT <full-duplex>)
     status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
     options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
     nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
     lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
     options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
     inet 192.168.0.17 netmask 0xffffffff 
     nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Inside-Jail Puppet

To automatically setup the applications running in the Jail I am using Puppet as well. I wrote a few scripts which bootstrap Puppet inside of a newly created Jail. It is doing the following:

• Mounts an encrypted container (containing a secret Puppet manifests [git repository])
• Activates "pkg-ng", the FreeBSD binary package manager, in the Jail
• Installs Puppet plus all dependencies in the Jail
• Updates the Jail via "freebsd-update" to the latest version
• Restarts the Jail and invokes Puppet.
• Puppet then also schedules a periodic cron job for the next Puppet runs.

admin sun:~ [1951]% sudo /opt/snonux/local/etc/init.d/enc activate sync
Starting jails: dns.
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
[sync.ian.buetow.org] Installing pkg-1.7.2...
[sync.ian.buetow.org] Extracting pkg-1.7.2: 100%
Updating FreeBSD repository catalogue...
[sync.ian.buetow.org] Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
[sync.ian.buetow.org] Fetching packagesite.txz: 100%    5 MiB   5.6MB/s    00:01   
Processing entries: 100%
FreeBSD repository update completed. 25091 packages processed.
Updating database digests format: 100%
The following 20 package(s) will be affected (of 0 checked):

  New packages to be INSTALLED:
          git: 2.7.4_1
          expat: 2.1.0_3
          python27: 2.7.11_1
          libffi: 3.2.1
          indexinfo: 0.2.4
          gettext-runtime: 0.19.7
          p5-Error: 0.17024
          perl5: 5.20.3_9
          cvsps: 2.1_1
          p5-Authen-SASL: 2.16_1
          p5-Digest-HMAC: 1.03_1
          p5-GSSAPI: 0.28_1
          curl: 7.48.0_1
          ca_root_nss: 3.22.2
          p5-Net-SMTP-SSL: 1.03
          p5-IO-Socket-SSL: 2.024
          p5-Net-SSLeay: 1.72
          p5-IO-Socket-IP: 0.37
          p5-Socket: 2.021
          p5-Mozilla-CA: 20160104

          The process will require 144 MiB more space.
          30 MiB to be downloaded.
[sync.ian.buetow.org] Fetching git-2.7.4_1.txz: 100%    4 MiB   3.7MB/s    00:01    
[sync.ian.buetow.org] Fetching expat-2.1.0_3.txz: 100%   98 KiB 100.2kB/s    00:01    
[sync.ian.buetow.org] Fetching python27-2.7.11_1.txz: 100%   10 MiB  10.7MB/s    00:01    
[sync.ian.buetow.org] Fetching libffi-3.2.1.txz: 100%   35 KiB  36.2kB/s    00:01    
[sync.ian.buetow.org] Fetching indexinfo-0.2.4.txz: 100%    5 KiB   5.0kB/s    00:01    
[sync.ian.buetow.org] Fetching gettext-runtime-0.19.7.txz: 100%  148 KiB 151.1kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Error-0.17024.txz: 100%   24 KiB  24.8kB/s    00:01    
[sync.ian.buetow.org] Fetching perl5-5.20.3_9.txz: 100%   13 MiB   6.9MB/s    00:02    
[sync.ian.buetow.org] Fetching cvsps-2.1_1.txz: 100%   41 KiB  42.1kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Authen-SASL-2.16_1.txz: 100%   44 KiB  45.1kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Digest-HMAC-1.03_1.txz: 100%    9 KiB   9.5kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-GSSAPI-0.28_1.txz: 100%   41 KiB  41.7kB/s    00:01    
[sync.ian.buetow.org] Fetching curl-7.48.0_1.txz: 100%    2 MiB   2.2MB/s    00:01    
[sync.ian.buetow.org] Fetching ca_root_nss-3.22.2.txz: 100%  324 KiB 331.4kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Net-SMTP-SSL-1.03.txz: 100%   11 KiB  10.8kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-IO-Socket-SSL-2.024.txz: 100%  153 KiB 156.4kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Net-SSLeay-1.72.txz: 100%  234 KiB 239.3kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-IO-Socket-IP-0.37.txz: 100%   27 KiB  27.4kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Socket-2.021.txz: 100%   37 KiB  38.0kB/s    00:01    
[sync.ian.buetow.org] Fetching p5-Mozilla-CA-20160104.txz: 100%  147 KiB 150.8kB/s    00:01    
Checking integrity...
[sync.ian.buetow.org] [1/12] Installing libyaml-0.1.6_2...
[sync.ian.buetow.org] [1/12] Extracting libyaml-0.1.6_2: 100%
[sync.ian.buetow.org] [2/12] Installing libedit-3.1.20150325_2...
[sync.ian.buetow.org] [2/12] Extracting libedit-3.1.20150325_2: 100%
[sync.ian.buetow.org] [3/12] Installing ruby-2.2.4,1...
[sync.ian.buetow.org] [3/12] Extracting ruby-2.2.4,1: 100%
[sync.ian.buetow.org] [4/12] Installing ruby22-gems-2.6.2...
[sync.ian.buetow.org] [4/12] Extracting ruby22-gems-2.6.2: 100%
[sync.ian.buetow.org] [5/12] Installing libxml2-2.9.3...
[sync.ian.buetow.org] [5/12] Extracting libxml2-2.9.3: 100%
[sync.ian.buetow.org] [6/12] Installing dmidecode-3.0...
[sync.ian.buetow.org] [6/12] Extracting dmidecode-3.0: 100%
[sync.ian.buetow.org] [7/12] Installing rubygem-json_pure-1.8.3...
[sync.ian.buetow.org] [7/12] Extracting rubygem-json_pure-1.8.3: 100%
[sync.ian.buetow.org] [8/12] Installing augeas-1.4.0...
[sync.ian.buetow.org] [8/12] Extracting augeas-1.4.0: 100%
[sync.ian.buetow.org] [9/12] Installing rubygem-facter-2.4.4...
[sync.ian.buetow.org] [9/12] Extracting rubygem-facter-2.4.4: 100%
[sync.ian.buetow.org] [10/12] Installing rubygem-hiera1-1.3.4_1...
[sync.ian.buetow.org] [10/12] Extracting rubygem-hiera1-1.3.4_1: 100%
[sync.ian.buetow.org] [11/12] Installing rubygem-ruby-augeas-0.5.0_2...
[sync.ian.buetow.org] [11/12] Extracting rubygem-ruby-augeas-0.5.0_2: 100%
[sync.ian.buetow.org] [12/12] Installing puppet38-3.8.4_1...
===> Creating users and/or groups.
Creating group 'puppet' with gid '814'.
Creating user 'puppet' with uid '814'.
[sync.ian.buetow.org] [12/12] Extracting puppet38-3.8.4_1: 100%
.
.
.
.
.
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching public key from update4.freebsd.org... done.
Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 874 patches.....10....20....30....
.
.
.
Applying patches... done.
Fetching 1594 files... 
Installing updates...
done.
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Could not retrieve fact='pkgng_version', resolution='<anonymous>': undefined method `pkgng_enabled' for Facter:Module
Warning: Config file /usr/local/etc/puppet/hiera.yaml not found, using Hiera defaults
Notice: Compiled catalog for sync.ian.buetow.org in environment production in 1.31 seconds
Warning: Found multiple default providers for package: pkgng, gem, pip; using pkgng
Info: Applying configuration version '1460192563'
Notice: /Stage[main]/S_base_freebsd/User[root]/shell: shell changed '/bin/csh' to '/bin/tcsh'
Notice: /Stage[main]/S_user::Root_files/S_user::All_files[root_user]/File[/root/user]/ensure: created
Notice: /Stage[main]/S_user::Root_files/S_user::My_files[root]/File[/root/userfiles]/ensure: created
Notice: /Stage[main]/S_user::Root_files/S_user::My_files[root]/File[/root/.task]/ensure: created
.
.
.
.
Notice: Finished catalog run in 206.09 seconds

Managing multiple Jails

Of course I am operating multiple Jails on the same host this way with Puppet:

• A Jail for the MTA
• A Jail for the Webserver
• A Jail for BIND DNS server
• A Jail for syncing data forth and back between various servers
• A Jail for other personal (experimental) use
• ...etc

All done in a pretty automated manor.

E-Mail me your thoughts at comments@mx.buetow.org!

Offsite backup with ZFS

 ________________
|# :           : #|
|  : ZFS/GELI  :  |
|  :   Offsite :  |
|  :  Backup   :  |
|  :___________:  |
|     _________   |
|    | __      |  |
|    ||  |     |  |
\____||__|_____|__|

Written by Paul Buetow 2016-04-03

Please don't lose all my pictures again!

When it comes to data storage and potential data loss, I am a paranoid person. It is due to my job and a personal experience I encountered over ten years ago: A single drive failure and loss of all my data (pictures, music, etc.).

A little about my personal infrastructure: I am running my own (mostly FreeBSD based) root servers (across several countries: Two in Germany, one in Canada, one in Bulgaria) which store all my online data (E-Mail and my Git repositories). I am syncing incremental (and encrypted) ZFS snapshots between these servers forth and back so either data can be recovered from the other server.

Local storage box for offline data

Also, I am operating a local server (an HP MicroServer) at home in my apartment. Full snapshots of all ZFS volumes are pulled from the "online" servers to the local server every other week and the incremental ZFS snapshots every day. That local server has a ZFS ZMIRROR with three disks configured (local triple redundancy). I keep up to half a year worth of ZFS snapshots of all volumes. That local server also contains all my offline data such as pictures, private documents, videos, books, various other backups, etc.

Once weekly, all the local server data is copied to two external USB drives as a backup (without the historic snapshots). For simplicity, these USB drives are not formatted with ZFS but with good old UFS. This gives me a chance to recover from a (potential) ZFS disaster. ZFS is a complex thing. Sometimes it is good not to trust complicated things!

Storing it at my apartment is not enough

Now I am thinking about an offsite backup of all this local data. The problem is that all the data remains on a single physical location: My local MicroServer. What happens when the house burns or my server, including the internal disks and the attached USB drives, gets stolen? My first thought was to back up everything to the "cloud". However, the significant issue here is the limited amount of available upload bandwidth (only 1MBit/s).

The solution is adding another USB drive (2TB) with an encryption container (GELI) and a ZFS pool. The GELI encryption requires a secret key and a secret passphrase. I am updating the data to that drive once every three months (my calendar is reminding me about it), and afterwards, I keep that drive at a secret location outside of my apartment. All the information needed to decrypt (mounting the GELI container) is stored at another (secure) place. Key and passphrase are kept at different sites, though. Even if someone knew of it, he would not be able to decrypt it as some additional insider knowledge would be required as well.

Walking one round less

I am thinking of buying a second 2TB USB drive and setting it up the same way as the first one. So I could alternate the backups. One drive would be at the secret location, and the other drive would be at home. And these drives would swap place after each cycle. This would give some security about the failure of that drive, and I would have to go to the secret location only once (swapping the drives) instead of twice (picking that drive up to update the data + bringing it back to the remote location).

E-Mail me your thoughts at comments@mx.buetow.org!

Run Debian on your phone with Debroid

 ____       _               _     _ 
|  _ \  ___| |__  _ __ ___ (_) __| |
| | | |/ _ \ '_ \| '__/ _ \| |/ _` |
| |_| |  __/ |_) | | | (_) | | (_| |
|____/ \___|_.__/|_|  \___/|_|\__,_|
                                    

Written by Paul Buetow 2015-12-05, last updated 2021-05-16

You can use the following tutorial to install a full-blown Debian GNU/Linux Chroot on an LG G3 D855 CyanogenMod 13 (Android 6). First of all, you need to have root permissions on your phone, and you also need to have the developer mode activated. The following steps have been tested on Linux (Fedora 23).

Foreword

A couple of years have passed since I last worked on Debroid. Currently, I am using the Termux app on Android, which is less sophisticated than a fully blown Debian installation but sufficient for my current requirements. The content of this site may be still relevant, and it would also work with more recent versions of Debian and Android. I would expect that some minor modifications need to be made, though.

Step by step guide

All scripts mentioned here can be found on GitHub at:

https://github.com/snonux/debroid

First debootstrap stage

This is to be performed on a Fedora Linux machine (could work on a Debian too, but Fedora is just what I use on my Laptop). The following steps prepare an initial Debian base image, which can then be transferred to the phone.

sudo dnf install debootstrap
# 5g
dd if=/dev/zero of=jessie.img bs=$[ 1024 * 1024 ] \
  count=$[ 1024 * 5 ]

# Show used loop devices
sudo losetup -f
# Store the next free one to $loop
loop=loopN
sudo losetup /dev/$loop jessie.img

mkdir jessie
sudo mkfs.ext4 /dev/$loop
sudo mount /dev/$loop jessie
sudo debootstrap --foreign --variant=minbase \
  --arch armel jessie jessie/ \
  http://http.debian.net/debian
sudo umount jessie

Copy Debian image to the phone

Now setup the Debian image on an external SD card on the Phone via Android Debugger as follows:

adb root && adb wait-for-device && adb shell
mkdir -p /storage/sdcard1/Linux/jessie
exit

# Sparse image problem, may be too big for copying otherwise
gzip jessie.img
# Copy over
adb push jessie.img.gz /storage/sdcard1/Linux/jessie.img.gz
adb shell
cd /storage/sdcard1/Linux
gunzip jessie.img.gz

# Show used loop devices
losetup -f
# Store the next free one to $loop
loop=loopN

# Use the next free one (replace the loop number)
losetup /dev/block/$loop $(pwd)/jessie.img
mount -t ext4 /dev/block/$loop $(pwd)/jessie

# Bind-Mound proc, dev, sys`
busybox mount --bind /proc $(pwd)/jessie/proc
busybox mount --bind /dev $(pwd)/jessie/dev
busybox mount --bind /dev/pts $(pwd)/jessie/dev/pts
busybox mount --bind /sys $(pwd)/jessie/sys

# Bind-Mound the rest of Android
mkdir -p $(pwd)/jessie/storage/sdcard{0,1}
busybox mount --bind /storage/emulated \
  $(pwd)/jessie/storage/sdcard0
busybox mount --bind /storage/sdcard1 \
  $(pwd)/jessie/storage/sdcard1

# Check mounts
mount | grep jessie

Second debootstrap stage

This is to be performed on the Android phone itself (inside a Debian chroot):

chroot $(pwd)/jessie /bin/bash -l
export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
/debootstrap/debootstrap --second-stage
exit # Leave chroot
exit # Leave adb shell

Setup of various scripts

jessie.sh deals with all the loopback mount magic and so on. It will be run later every time you start Debroid on your phone.

# Install script jessie.sh
adb push storage/sdcard1/Linux/jessie.sh /storage/sdcard/Linux/jessie.sh
adb shell
cd /storage/sdcard1/Linux
sh jessie.sh enter

# Bashrc
cat <<END >~/.bashrc
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
export EDITOR=vim
hostname $(cat /etc/hostname)
END

# Fixing an error message while loading the profile
sed -i s#id#/usr/bin/id# /etc/profile

# Setting the hostname
echo phobos > /etc/hostname
echo 127.0.0.1 phobos > /etc/hosts
hostname phobos

# Apt-sources
cat <<END > sources.list
deb http://ftp.uk.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.uk.debian.org/debian/ jessie main contrib non-free
END
apt-get update
apt-get upgrade
apt-get dist-upgrade
exit # Exit chroot

Entering Debroid and enable a service

This enters Debroid on your phone and starts the example service uptimed:

sh jessie.sh enter

# Setup example serice uptimed
apt-get install uptimed
cat <<END > /etc/rc.debroid
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
service uptimed status &>/dev/null || service uptimed start
exit 0
END

chmod 0755 /etc/rc.debroid
exit # Exit chroot
exit # Exit adb shell

Include to Android startup:

If you want to start Debroid automatically whenever your phone starts, then do the following:

adb push data/local/userinit.sh /data/local/userinit.sh
adb shell
chmod +x /data/local/userinit.sh
exit

Reboot & test! Enjoy!

E-Mail me your thoughts at comments@mx.buetow.org!

The fibonacci.pl.c Polyglot

Written by Paul Buetow 2014-03-24

In computing, a polyglot is a computer program or script written in a valid form of multiple programming languages, which performs the same operations or output independent of the programming language used to compile or interpret it.

https://en.wikipedia.org/wiki/Polyglot_(computing)

The Fibonacci numbers

For fun, I programmed my own Polyglot, which is both valid Perl and C code. The exciting part about C is that $ is a valid character to start variable names with:

#include <stdio.h>

#define $arg function_argument
#define my int
#define sub int
#define BEGIN int main(void)

my $arg;

sub hello() {
	printf("Hello, welcome to Perl-C!\n");
	printf("This program is both valid C and Perl code!\n");
	printf("It calculates all fibonacci numbers from 0 to 9!\n\n");
	return 0;
}

sub fibonacci() {
	my $n = $arg;

	if ($n < 2) {
		return $n;
	}

	$arg = $n - 1;
	my $fib1 = fibonacci();
	$arg = $n - 2;
	my $fib2 = fibonacci();

	return $fib1 + $fib2;
}

BEGIN {
	hello();
	my $i = 0;

	for ($i = 0; $i <= 10; ++$i) {
		$arg = $i;
		printf("fib(%d) = %d\n", $i, fibonacci());
	}

	return 0;
}

You can find the full source code at GitHub:

https://github.com/snonux/perl-c-fibonacci

Let's run it with Perl:

❯ perl fibonacci.pl.c
Hello, welcome to Perl-C!
This program is both valid C and Perl code!
It calculates all fibonacci numbers from 0 to 9!

fib(0) = 0
fib(1) = 1
fib(2) = 1
fib(3) = 2
fib(4) = 3
fib(5) = 5
fib(6) = 8
fib(7) = 13
fib(8) = 21
fib(9) = 34
fib(10) = 55

Let's compile it as C and run the binary:

❯ gcc fibonacci.pl.c -o fibonacci
❯ ./fibonacci
Hello, welcome to Perl-C!
This program is both valid C and Perl code!
It calculates all fibonacci numbers from 0 to 9!

fib(0) = 0
fib(1) = 1
fib(2) = 1
fib(3) = 2
fib(4) = 3
fib(5) = 5
fib(6) = 8
fib(7) = 13
fib(8) = 21
fib(9) = 34
fib(10) = 55

It's entertaining to play with :-).

E-Mail me your thoughts at comments@mx.buetow.org!

Perl Daemon (Service Framework)

   a'!   _,,_ a'!   _,,_     a'!   _,,_
     \\_/    \  \\_/    \      \\_/    \.-,
      \, /-( /'-,\, /-( /'-,    \, /-( /
      //\ //\\   //\ //\\       //\ //\\jrei

Written by Paul Buetow 2011-05-07, last updated 2021-05-07

PerlDaemon is a minimal daemon for Linux and other Unix like operating systems programmed in Perl. It is a minimal but pretty functional and fairly generic service framework. This means that it does not do anything useful other than providing a framework for starting, stopping, configuring and logging. To do something useful, a module (written in Perl) must be provided.

Features

PerlDaemon supports:

• Automatic daemonizing
• Logging
• log rotation (via SIGHUP)
• Clean shutdown support (SIGTERM)
• Pid file support (incl. check on startup)
• Easy to configure
• Easy to extend
• Multi-instance support (just use a different directory for each instance).

Quick Guide

# Starting
 ./bin/perldaemon start (or shortcut ./control start)

# Stopping
 ./bin/perldaemon stop (or shortcut ./control stop)

# Alternatively: Starting in foreground 
./bin/perldaemon start daemon.daemonize=no (or shortcut ./control foreground)

To stop a daemon from running in foreground mode, "Ctrl+C" must be hit. To see more available startup options run "./control" without any argument.

How to configure

The daemon instance can be configured in "./conf/perldaemon.conf". If you want to change a property only once, it is also possible to specify it on the command line (which will take precedence over the config file). All available config properties can be displayed via "./control keys":

pb@titania:~/svn/utils/perldaemon/trunk$ ./control keys
# Path to the logfile
daemon.logfile=./log/perldaemon.log

# The amount of seconds until the next event look takes place
daemon.loopinterval=1

# Path to the modules dir
daemon.modules.dir=./lib/PerlDaemonModules

# Specifies either the daemon should run in daemon or foreground mode
daemon.daemonize=yes

# Path to the pidfile
daemon.pidfile=./run/perldaemon.pid

# Each module should run every run interval seconds
daemon.modules.runinterval=3

# Path to the alive file (is touched every loop interval seconds, usable for monitoring)
daemon.alivefile=./run/perldaemon.alive

# Specifies the working directory
daemon.wd=./

Example

So let's start the daemon with a loop interval of 10 seconds:

$ ./control keys | grep daemon.loopinterval
daemon.loopinterval=1
$ ./control keys daemon.loopinterval=10 | grep daemon.loopinterval
daemon.loopinterval=10
$ ./control start daemon.loopinterval=10; sleep 10; tail -n 2 log/perldaemon.log
Starting daemon now...
Mon Jun 13 11:29:27 2011 (PID 2838): Triggering PerlDaemonModules::ExampleModule 
(last triggered before 10.002106s; carry: 7.002106s; wanted interval: 3s)
Mon Jun 13 11:29:27 2011 (PID 2838): ExampleModule Test 2
$ ./control stop
Stopping daemon now...

If you want to change that property forever, either edit perldaemon.conf or do this:

$ ./control keys daemon.loopinterval=10 > new.conf; mv new.conf conf/perldaemon.conf

HiRes event loop

PerlDaemon uses `Time::HiRes` to make sure that all the events run incorrect intervals. For each loop run, a time carry value is recorded and added to the next loop run to catch up on lost time.

Writing your own modules

Example module

This is one of the example modules you will find in the source code. It should be pretty self-explanatory if you know Perl :-).

package PerlDaemonModules::ExampleModule;

use strict;
use warnings;

sub new ($$$) {
  my ($class, $conf) = @_;

  my $self = bless { conf => $conf }, $class;

  # Store some private module stuff
  $self->{counter} = 0;

  return $self;
}

# Runs periodically in a loop (set interval in perldaemon.conf)
sub do ($) {
  my $self = shift;
  my $conf = $self->{conf};
  my $logger = $conf->{logger};

  # Calculate some private module stuff
  my $count = ++$self->{counter};

  $logger->logmsg("ExampleModule Test $count");
}

1;

Your own module

Want to give it some better use? It's just as easy as:

 cd ./lib/PerlDaemonModules/
 cp ExampleModule.pm YourModule.pm
 vi YourModule.pm
 cd -
 ./bin/perldaemon restart (or shortcurt ./control restart)

Now watch `./log/perldaemon.log` closely. It is a good practice to test your modules in 'foreground mode' (see above how to do that).

BTW: You can install as many modules within the same instance as desired. But they are run in sequential order (in future, they can also run in parallel using several threads or processes).

May the source be with you

You can find PerlDaemon (including the examples) at:

https://github.com/snonux/perldaemon

E-Mail me your thoughts at comments@mx.buetow.org!

The Fype Programming Language

      ____                                      _        __       
     / / _|_   _ _ __   ___    _   _  ___  __ _| |__    / _|_   _ 
    / / |_| | | | '_ \ / _ \  | | | |/ _ \/ _` | '_ \  | |_| | | |
 _ / /|  _| |_| | |_) |  __/  | |_| |  __/ (_| | | | |_|  _| |_| |
(_)_/ |_|  \__, | .__/ \___|   \__, |\___|\__,_|_| |_(_)_|  \__, |
           |___/|_|            |___/                        |___/ 

Written by Paul Buetow 2010-05-09, last updated 2021-05-05

Fype is an interpreted programming language created by me for learning and fun. The interpreter is written in C. It has been tested on FreeBSD and NetBSD and may also work on other Unix like operating systems such as Linux based ones. Besides learning and fun, there is no other use case of why Fype exists as many other programming languages are much faster and more powerful.

The Fype syntax is straightforward and uses a maximum look ahead of 1 and an effortless top-down parsing mechanism. Fype is parsing and interpreting its code simultaneously. This means that syntax errors are only detected during program runtime.

Fype is a recursive acronym and means "Fype is For Your Program Execution" or "Fype is Free Yak Programmed for ELF". You could also say, "It's not a hype - it's Fype!".

Object-oriented C style

The Fype interpreter is written in an object-oriented style of C. Each "main component" has its own .h and .c file. There is a struct type for each (most components at least) component, which can be initialized using a "COMPONENT_new" function and destroyed using a "COMPONENT_delete" function. Method calls follow the same schema, e.g. "COMPONENT_METHODNAME". There is no such as class inheritance and polymorphism involved.

To give you an idea of how it works here as an example is a snippet from the main Fype "class header":

typedef struct {
   Tupel *p_tupel_argv; // Contains command line options
   List *p_list_token; // Initial list of token
   Hash *p_hash_syms; // Symbol table
   char *c_basename;
} Fype;

And here is a snippet from the primary Fype "class implementation":

Fype*
fype_new() {
   Fype *p_fype = malloc(sizeof(Fype));

   p_fype->p_hash_syms = hash_new(512);
   p_fype->p_list_token = list_new();
   p_fype->p_tupel_argv = tupel_new();
   p_fype->c_basename = NULL;

   garbage_init();

   return (p_fype);
}

void
fype_delete(Fype *p_fype) {
   argv_tupel_delete(p_fype->p_tupel_argv);

   hash_iterate(p_fype->p_hash_syms, symbol_cleanup_hash_syms_cb);
   hash_delete(p_fype->p_hash_syms);

   list_iterate(p_fype->p_list_token, token_ref_down_cb);
   list_delete(p_fype->p_list_token);

   if (p_fype->c_basename)
      free(p_fype->c_basename);

   garbage_destroy();
}

int
fype_run(int i_argc, char **pc_argv) {
   Fype *p_fype = fype_new();

   // argv: Maintains command line options
   argv_run(p_fype, i_argc, pc_argv);

   // scanner: Creates a list of token
   scanner_run(p_fype);

   // interpret: Interpret the list of token
   interpret_run(p_fype);

   fype_delete(p_fype);

   return (0);
}

Data types

Fype uses auto type conversion. However, if you want to know what's going on, you may take a look at the following basic data types:

• integer - Specifies a number
• double - Specifies a double-precision number
• string - Specifies a string
• number - May be an integer or a double number
• any- May be any type above
• void - No type
• identifier - It's a variable name or a procedure name, or a function name

There is no boolean type, but we can use the integer values 0 for false and 1 for true. There is support for explicit type casting too.

Syntax

Comments

Text from a # character until the end of the current line is considered being a comment. Multi-line comments may start with an #* and with a *# anywhere. Exceptions are if those signs are inside of strings.

Variables

Variables are defined with the "my" keyword (inspired by Perl :-). If you don't assign a value during declaration, it uses the default integer value 0. Variables may be changed during program runtime. Variables may be deleted using the "undef" keyword! Example:

my foo = 1 + 2;
say foo; 

my bar = 12, baz = foo;
say 1 + bar;
say bar;

my baz;
say baz; # Will print out 0

You may use the "defined" keyword to check if an identifier has been defined or not:

ifnot defined foo {
	say "No foo yet defined";
}

my foo = 1;

if defined foo {
	put "foo is defined and has the value ";
	say foo;
}

Synonyms

Each variable can have as many synonyms as wished. A synonym is another name to access the content of a specific variable. Here is an example of how to use it:

my foo = "foo";
my bar = \foo;
foo = "bar";

# The synonym variable should now also set to "bar"
assert "bar" == bar;

Synonyms can be used for all kind of identifiers. It's not limited to standard variables but can also be used for function and procedure names (more about functions and procedures later).

# Create a new procedure baz
proc baz { say "I am baz"; }

# Make a synonym baz, and undefine baz
my bay = \baz;

undef baz;

# bay still has a reference of the original procedure baz
bay; # this prints aut "I am baz" 

The "syms" keyword gives you the total number of synonyms pointing to a specific value:

my foo = 1;
say syms foo; # Prints 1

my baz = \foo; 
say syms foo; # Prints 2
say syms baz; # Prints 2

undef baz;
say syms foo; # Prints 1

Statements and expressions

A Fype program is a list of statements. Each keyword, expression or function call is part of a statement. Each statement is ended with a semicolon. Example:

my bar = 3, foo = 1 + 2; 
say foo;
exit foo - bar;

Parenthesis

All parenthesis for function arguments is optional. They help to make the code better readable. They also help to force the precedence of expressions.

Basic expressions

Any "any" value holding a string will be automatically converted to an integer value.

(any) <any> + <any>
(any) <any> - <any>
(any) <any> * <any>
(any) <any> / <any>
(integer) <any> == <any>
(integer) <any> != <any>
(integer) <any> <= <any>
(integer) <any> gt <any>
(integer) <any> <> <any>
(integer) <any> gt <any>
(integer) not <any>

Bitwise expressions

(integer) <any> :< <any>
(integer) <any> :> <any>
(integer) <any> and <any>
(integer) <any> or <any>
(integer) <any> xor <any>

Numeric expressions

(number) neg <number>

... returns the negative value of "number":

(integer) no <integer>

... returns 1 if the argument is 0; otherwise, it will return 0! If no argument is given, then 0 is returned!

(integer) yes <integer>

... always returns 1. The parameter is optional. Example:

# Prints out 1, because foo is not defined
if yes { say no defined foo; } 

Control statements

Control statements available in Fype:

if <expression> { <statements> }

... runs the statements if the expression evaluates to a true value.

ifnot <expression> { <statements> }

... runs the statements if the expression evaluates to a false value.

while <expression> { <statements> }

... runs the statements as long as the expression evaluates to a true value.

until <expression> { <statements> }

... runs the statements as long as the expression evaluates to a false value.

Scopes

A new scope starts with an { and ends with an }. An exception is a procedure, which does not use its own scope (see later in this manual). Control statements and functions support scopes. The "scope" function prints out all available symbols at the current scope. Here is a small example:

my foo = 1;

{
	# Prints out 1
	put defined foo;
	{
		my bar = 2;

		# Prints out 1
		put defined bar;

		# Prints out all available symbols at this
		# point to stdout. Those are: bar and foo
		scope;
	}

	# Prints out 0
	put defined bar;

	my baz = 3;
}

# Prints out 0
say defined bar;

Another example including an actual output:

./fype -e ’my global; func foo { my var4; func bar { my var2, var3; func baz { my var1; scope; } baz; } bar; } foo;’
Scopes:
Scope stack size: 3
Global symbols:
SYM_VARIABLE: global (id=00034, line=-0001, pos=-001, type=TT_INTEGER, dval=0.000000, refs=-1)
SYM_FUNCTION: foo
Local symbols:
SYM_VARIABLE: var1 (id=00038, line=-0001, pos=-001, type=TT_INTEGER, dval=0.000000, refs=-1)
1 level(s) up:
SYM_VARIABLE: var2 (id=00036, line=-0001, pos=-001, type=TT_INTEGER, dval=0.000000, refs=-1)
SYM_VARIABLE: var3 (id=00037, line=-0001, pos=-001, type=TT_INTEGER, dval=0.000000, refs=-1)
SYM_FUNCTION: baz
2 level(s) up:
SYM_VARIABLE: var4 (id=00035, line=-0001, pos=-001, type=TT_INTEGER, dval=0.000000, refs=-1)
SYM_FUNCTION: bar

Definedness

(integer) defined <identifier>

... returns 1 if "identifier" has been defined. Returns 0 otherwise.

(integer) undef <identifier>

... tries to undefine/delete the "identifier". Returns 1 if it succeeded, otherwise 0 is returned.

System

These are some system and interpreter specific built-in functions supported:

(void) end

... exits the program with the exit status of 0.

(void) exit <integer>

... exits the program with the specified exit status.

(integer) fork

... forks a subprocess. It returns 0 for the child process and the PID of the child process otherwise! Example:

my pid = fork;

if pid {
	put "I am the parent process; child has the pid ";
	say pid;

} ifnot pid {
	say "I am the child process";
}

To execute the garbage collector do:

(integer) GC

It returns the number of items freed! You may wonder why most of the time, it will produce a value of 0! Fype tries to free not needed memory ASAP. This may change in future versions to gain faster execution speed!

I/O

(any) put <any>

... prints out the argument

(any) say <any>

is the same as put, but also includes an ending newline.

(void) ln

... just prints a new line.

Procedures and functions

Procedures

A procedure can be defined with the "proc" keyword and deleted with the "undef" keyword. A procedure does not return any value and does not support parameter passing. It's using already defined variables (e.g. global variables). A procedure does not have its own namespace. It's using the calling namespace. It is possible to define new variables inside of a procedure in the current namespace.

proc foo {
	say 1 + a * 3 + b;
	my c = 6;
}

my a = 2, b = 4;

foo; # Run the procedure. Print out "11\n"
say c; # Print out "6\n";

Nested procedures

It's possible to define procedures inside of procedures. Since procedures don't have their own scope, nested procedures will be available to the current scope as soon as the main procedure has run the first time. You may use the "defined" keyword to check if a procedure has been defined or not.

proc foo {
	say "I am foo";

	undef bar;
	proc bar {
		say "I am bar";
	}
}

# Here bar would produce an error because 
# the proc is not yet defined!
# bar; 

foo; # Here the procedure foo will define the procedure bar!
bar; # Now the procedure bar is defined!
foo; # Here the procedure foo will redefine bar again!

Functions

A function can be defined with the "func" keyword and deleted with the "undef" keyword. Function do not yet return values and do not yet supports parameter passing. It's using local (lexical scoped) variables. If a certain variable does not exist, when It's using already defined variables (e.g. one scope above).

func foo {
	say 1 + a * 3 + b;
	my c = 6;
}

my a = 2, b = 4;

foo; # Run the procedure. Print out "11\n"
say c; # Will produce an error because c is out of scope!

Nested functions

Nested functions work the same way the nested procedures work, except that nested functions will not be available anymore after the function has been left!

func foo {
	func bar {
		say "Hello i am nested";
	}

	bar; # Calling nested
}

foo;
bar; # Will produce an error because bar is out of scope!

Arrays

Some progress on arrays has been made too. The following example creates a multidimensional array "foo". Its first element is the return value of the func which is "bar". The fourth value is a string" 3" converted to a double number. The last element is an anonymous array which itself contains another anonymous array as its final element:

func bar { say ”bar” }
my foo = [bar, 1, 4/2, double ”3”, [”A”, [”BA”, ”BB”]]];
say foo;

It produces the following output:

% ./fype arrays.fy
bar
01
2
3.000000
A
BA
BB

Fancy stuff

Fancy stuff like OOP or Unicode or threading is not planed. But fancy stuff like function pointers and closures may be considered.:)

May the source be with you

You can find all of this on the GitHub page. There is also an "examples" folders containing some Fype scripts!

https://github.com/snonux/fype

E-Mail me your thoughts at comments@mx.buetow.org!

Lazy Evaluation with Standard ML

      _____|~~\_____      _____________
  _-~               \    |    \
  _-    | )     \    |__/   \   \
  _-         )   |   |  |     \  \
  _-    | )     /    |--|      |  |
 __-_______________ /__/_______|  |_________
(                |----         |  |
 `---------------'--\\\\      .`--'          -Glyde-
                              `||||

Written by Paul Buetow 2010-05-07

In contrast to Haskell, Standard SML does not use lazy evaluation by default but an eager evaluation.

https://en.wikipedia.org/wiki/Eager_evaluation
https://en.wikipedia.org/wiki/Lazy_evaluation

You can solve specific problems with lazy evaluation easier than with eager evaluation. For example, you might want to list the number Pi or another infinite list of something. With the help of lazy evaluation, each element of the list is calculated when it is accessed first, but not earlier.

Emulating lazy evaluation in SML

However, it is possible to emulate lazy evaluation in most eager evaluation languages. This is how it is done with Standard ML (with some play with an infinite list of natural number tuples filtering out 0 elements):

type ’a lazy = unit -> ’a;

fun force (f:’a lazy) = f ();
fun delay x = (fn () => x) : ’a lazy;

datatype ’a sequ = NIL | CONS of ’a * ’a sequ lazy;

fun first 0 s = []
  | first n NIL = []
  | first n (CONS (i,r)) = i :: first (n-1) (force r);

fun filters p NIL = NIL
  | filters p (CONS (x,r)) =
      if p x
          then CONS (x, fn () => filters p (force r))
      else
          filters p (force r);

fun nat_pairs () =
    let
        fun from_pair (x,0) =
              CONS ((x,0), fn () => from_pair (0,x+1))
          | from_pair (up,dn) =
              CONS ((up,dn), fn () => from_pair (up+1,dn-1))
        in from_pair (0,0)
    end;

(* Test
val test = first 10 (nat_pairs ())
*)

fun nat_pairs_not_null () =
    filters (fn (x,y) => x > 0 andalso y > 0) (nat_pairs ());

(* Test
val test = first 10 (nat_pairs_not_null ());
*)

http://smlnj.org/

Real laziness with Haskell

As Haskell already uses lazy evaluation by default, there is no need to construct a new data type. Lists in Haskell are lazy by default. You will notice that the code is also much shorter and easier to understand than the SML version.

{- Just to make it look like the ML example -}
first = take
filters = filter

{- Implementation -}
nat_pairs = from_pair 0 0
    where
        from_pair x 0 = [x,0] : from_pair 0 (x+1)
        from_pair up dn = [up,dn] : from_pair (up+1) (dn-1)

{- Test:
first 10 nat_pairs
-}

nat_pairs_not_null = filters (\[x,y] -> x > 0 && y > 0) nat_pairs

{- Test:
first 10 nat_pairs_not_null
-}

http://www.haskell.org/

E-Mail me your thoughts at comments@mx.buetow.org!

Standard ML and Haskell

Written by Paul Buetow 2010-04-09

I am currently looking into the functional programming language Standard ML (aka SML). The purpose is to refresh my functional programming skills and to learn something new too. Since I already knew a little Haskell, I could not help myself, and I also implemented the same exercises in Haskell.

As you will see, SML and Haskell are very similar (at least when it comes to the basics). However, the syntax of Haskell is a bit more "advanced". Haskell utilizes fewer keywords (e.g. no val, end, fun, fn ...). Haskell also allows to write down the function types explicitly. What I have been missing in SML so far is the so-called pattern guards. Although this is a very superficial comparison for now, so far, I like Haskell more than SML. Nevertheless, I thought it would be fun to demonstrate a few simple functions of both languages to show off the similarities.

Haskell is also a "pure functional" programming language, whereas SML also makes explicit use of imperative concepts. I am by far not a specialist in either of these languages, but here are a few functions implemented in both SML and Haskell:

Defining a multi-data type

Standard ML:

datatype ’a multi
	= EMPTY
	| ELEM of ’a
	| UNION of ’a multi * ’a multi

Haskell:

data (Eq a) => Multi a
    = Empty
    | Elem a
    | Union (Multi a) (Multi a)
    deriving Show

Processing a multi

Standard ML:

fun number (EMPTY) _ = 0
	| number (ELEM x) w = if x = w then 1 else 0
	| number (UNION (x,y)) w = (number x w) + (number y w)
fun test_number w = number (UNION (EMPTY, \
    UNION (ELEM 4, UNION (ELEM 6, \
    UNION (UNION (ELEM 4, ELEM 4), EMPTY))))) w 

Haskell:

number Empty _ = 0
number (Elem x) w = if x == w then 1 else 0
test_number w = number (Union Empty \
    (Union (Elem 4) (Union (Elem 6) \
    (Union (Union (Elem 4) (Elem 4)) Empty)))) w

Simplify function

Standard ML:

fun simplify (UNION (x,y)) =
    let fun is_empty (EMPTY) = true | is_empty _ = false
        val x’ = simplify x
        val y’ = simplify y
    in if (is_empty x’) andalso (is_empty y’)
            then EMPTY
       else if (is_empty x’)
            then y’
       else if (is_empty y’)
            then x’
       else UNION (x’, y’)
    end
  | simplify x = x

Haskell:

simplify (Union x y)
    | (isEmpty x’) && (isEmpty y’) = Empty
    | isEmpty x’ = y’
    | isEmpty y’ = x’
    | otherwise = Union x’ y’
    where
        isEmpty Empty = True
        isEmpty _ = False
        x’ = simplify x
        y’ = simplify y
simplify x = x

Delete all

Standard ML:

fun delete_all m w =
    let fun delete_all’ (ELEM x) = if x = w then EMPTY else ELEM x
          | delete_all’ (UNION (x,y)) = UNION (delete_all’ x, delete_all’ y)
          | delete_all’ x = x
    in simplify (delete_all’ m)
    end

Haskell:

delete_all m w = simplify (delete_all’ m)
    where
        delete_all’ (Elem x) = if x == w then Empty else Elem x
        delete_all’ (Union x y) = Union (delete_all’ x) (delete_all’ y)
        delete_all’ x = x

Delete one

Standard ML:

fun delete_one m w =
    let fun delete_one’ (UNION (x,y)) =
            let val (x’, deleted) = delete_one’ x
                in if deleted
                   then (UNION (x’, y), deleted)
                   else let val (y’, deleted) = delete_one’ y
                       in (UNION (x, y’), deleted)
                   end
                end
          | delete_one’ (ELEM x) =
            if x = w then (EMPTY, true) else (ELEM x, false)
          | delete_one’ x = (x, false)
            val (m’, _) = delete_one’ m
        in simplify m’
    end

Haskell:

delete_one m w = do
    let (m’, _) = delete_one’ m
    simplify m’
    where
        delete_one’ (Union x y) =
            let (x’, deleted) = delete_one’ x
            in if deleted
                then (Union x’ y, deleted)
                else let (y’, deleted) = delete_one’ y
                    in (Union x y’, deleted)
        delete_one’ (Elem x) =
            if x == w then (Empty, True) else (Elem x, False)
        delete_one’ x = (x, False)

Higher-order functions

The first line is always the SML code, the second line the Haskell variant:

fun make_map_fn f1 = fn (x,y) => f1 x :: y
make_map_fn f1 = \x y -> f1 x : y

fun make_filter_fn f1 = fn (x,y) => if f1 x then x :: y else y
make_filter_fn f1 = \x y -> if f1 then x : y else y

fun my_map f l = foldr (make_map_fn f) [] l
my_map f l = foldr (make_map_fn f) [] l

fun my_filter f l = foldr (make_filter_fn f) [] l
my_filter f l = foldr (make_filter_fn f) [] l

E-Mail me your thoughts at comments@mx.buetow.org!

Perl Poetry

 '\|/'                                  *
-- * -----
  /|\      ____
 ' | '    {_   o^>       *
   :        -_  /)
   :         (   (        .-''`'.
   .          \   \      /       \
   .           \    \   /         \
                \    `-'           `'.
                 \    . '        /    `.
                  \  ( \  )     (     .')
   ,,   t          '. |  /       |     (
  '|``_/^\___        '|  |`'-..-'|   ( ()
_~~|~/_|_|__/|~~~~~~~ |  / ~~~~~ |   | ~~~~~~~~
 -_  |L[|]L|/         | |\ MJP   )   )
                      ( |(       /  /|
   ~~ ~  ~ ~~~~       | /\\     / /| |
                      ||  \\  _/ / | |
             ~ ~ ~~~ _|| (_/ (___)_| |Nov291999
                    (__)         (____)

Written by Paul Buetow 2008-06-26, last updated 2021-05-04

Here are some Perl Poems I wrote. They don't do anything useful when you run them, but they don't produce a compiler error either. They only exist for fun and demonstrate what you can do with Perl syntax.

Wikipedia: "Perl poetry is the practice of writing poems that can be compiled as legal Perl code, for example the piece known as Black Perl. Perl poetry is made possible by the large number of English words that are used in the Perl language. New poems are regularly submitted to the community at PerlMonks."

https://en.wikipedia.org/wiki/Perl

math.pl

#!/usr/bin/perl

# (C) 2006 by Paul C. Buetow (http://paul.buetow.org) 

goto library for study $math;
BEGIN { s/earching/ books/ 
and read $them, $at, $the } library:

our $topics, cos and tan, 
require strict; import { of, tied $patience };

do { int'egrate'; sub trade; };
do { exp'onentize' and abs'olutize' };
study and study and study and study;

foreach $topic ({of, math}) {
you, m/ay /go, to, limits }

do { not qw/erk / unless $success 
and m/ove /o;$n and study };

do { int'egrate'; sub trade; };
do { exp'onentize' and abs'olutize' };
study and study and study and study;

grep /all/, exp'onents' and cos'inuses';
/seek results/ for @all, log'4rithms';

'you' =~ m/ay /go, not home 
unless each %book ne#ars
$completion;

do { int'egrate'; sub trade; };
do { exp'onentize' and abs'olutize' };

#at
home: //ig,'nore', time and sleep $very =~ s/tr/on/g;
__END__

christmas.pl

#!/usr/bin/perl

# (C) 2006 by Paul C. Buetow (http://paul.buetow.org) 

Christmas:{time;#!!!

Children: do tell $wishes;

Santa: for $each (@children) { 
BEGIN { read $each, $their, wishes and study them; use Memoize#ing

} use constant gift, 'wrapping'; 
package Gifts; pack $each, gift and bless $each and goto deliver
or do import if not local $available,!!! HO, HO, HO;

redo Santa, pipe $gifts, to_childs;
redo Santa and do return if last one, is, delivered; 

deliver: gift and require diagnostics if our $gifts ,not break;
do{ use NEXT; time; tied $gifts} if broken and dump the, broken, ones;
The_children: sleep and wait for (each %gift) and try { to => untie $gifts };

redo Santa, pipe $gifts, to_childs;
redo Santa and do return if last one, is, delivered; 

The_christmas_tree: formline s/ /childrens/, $gifts;
alarm and warn if not exists $Christmas{ tree}, @t, $ENV{HOME};  
write <<EMail
 to the parents to buy a new christmas tree!!!!111
 and send the
EMail
;wait and redo deliver until defined local $tree;

redo Santa, pipe $gifts, to_childs;
redo Santa and do return if last one, is, delivered ;}

END {} our $mission and do sleep until next Christmas ;}

__END__

This is perl, v5.8.8 built for i386-freebsd-64int

shopping.pl

#!/usr/bin/perl

# (C) 2007 by Paul C. Buetow (http://paul.buetow.org) 

BEGIN{} goto mall for $shopping; 

m/y/; mall: seek$s, cool products(), { to => $sell };
for $their (@business) { to:; earn:; a:; lot:; of:; money: }

do not goto home and exit mall if exists $new{product};
foreach $of (q(uality rich products)){} package products; 

our $news; do tell cool products() and do{ sub#tract
cool{ $products and shift @the, @bad, @ones;

do bless [q(uality)], $products 
and return not undef $stuff if not (local $available) }};

do { study and study and study for cool products() }
and do { seek $all, cool products(), { to => $buy } };

do { write $them, $down } and do { order: foreach (@case) { package s } };
goto home if not exists $more{money} or die q(uerying) ;for( @money){};

at:;home: do { END{} and:; rest:; a:; bit: exit $shopping } 
and sleep until unpack$ing, cool products();

__END__
This is perl, v5.8.8 built for i386-freebsd-64int

More...

Did you like what you saw? Have a look at Github to see my other poems too:

https://github.com/snonux/perl-poetry

E-Mail me your thoughts at comments@mx.buetow.org!