Cern Week 9

So Monday was spent converting LeTex to wiki and doing some final stress test and such on my server. Further I checked the failover mechanism. Which seams to work fine. Quite simple in OpenLdap to sync servers. The next day I started benchmarking client performance. Which seams to be totaly ok. This is a little test where lxb5477 authentikates over Ldap and lxb5478 uses /etc/passwd.
bash-3.00$ time ssh lxb5477 "/bin/true"

real 0m0.388s
user 0m0.013s
sys 0m0.010s
bash-3.00$ time ssh lxb5478 "/bin/true"

real 0m0.373s
user 0m0.009s
sys 0m0.014s
This is quite a nice result. Further I investigated in using a caching mechanism on the client so that not every
has to do an ldap query. I tested some tools and sort of stuck with nscd (name service cache daemon) which improved performace hugely.
[root@lxb5477 ~]# /etc/init.d/nscd stop
Stopping nscd: [ OK ]
$ time for i in `seq 100`; do ls ; done
real 0m1.684s
user 0m0.253s
sys 0m0.453s

[root@lxb5477 ~]# /etc/init.d/nscd start
Starting nscd: [ OK ]
$ time for i in `seq 100`; do ls ; done
real 0m0.393s
user 0m0.099s
sys 0m0.254s
So I did some research on this an configured it to fit with owr cluster system.

I registred for an intel training on multi core programming which Cern is paying for me. And the good thing is that I get a fancy Certificate everyone wants nowerdays.
From :
A Multi-threading and Parallelism Workshop will be held on the 4th and 5th of October at CERN. Experts from Intel will lead the two day event and help you improve your knowledge by explaining the key intricacies of parallel programming and presenting the most efficient solutions to popular multi-threading problems. A hands-on lab is also planned where participants will be able to improve their understanding of multi-threaded programming methodologies and learn to use tools for debugging and profiling multi-threaded applications.

So to prepare for this I started to hack up some pthreaded programs. What was quite fun. I wrote a little clone of GNU seq to use both cores of my 2 core machine. This was basically a tradeoff from memory to speed. Bacause I cach the results of one core in memory. But now I hink I can keep up with the geeks that work here.
Then I startd a little car share app, which I will talk about some other time. Then I decided to develop dbooks a little further so I can use it in my final year.

Cern Week 8

Another week is over, so what did I do. I finally decided that OpenLdap is quite fast. After one whole night of benchmarking and a network load of 100%, the server was still rock solid. Not to mention the clients (See other post). So after that I started thinking about security and did some testes with TLS, SASL and certificates. This turned out to be incredibly slow. The initial setup cost of the encryption stands in no relation to the security it offers. I further implemented a server certificate so that the server can not be changed without the clients knowing. Which seams to only work with TLS. (I have to spend a little more time here) Further I finished the migration of my development cluster to ldap. So now all machines authenticate over ldap and it should work for all people at cern.
After asking a few people about my requirements document, I was happy to realise that Bournemouth Uni does actually teach you something. Really Ruth, Frank and Peter teach you something you will really need in a production environment. The guy here at Cern that writes quite a few requirements was quite impressed to see what I had come up with and quote "It is nice to see such a clean and good requirements document from a student" One thing they don't teach you at bmth is security, what is quite important here and should be everywhere. So I have to do some private study about that.
I spent some time having to migrate my loved tex and cvs combo to a shitty little twiki interface that doesn't allow comments in your twiki make up language and crashes on you all the time. Now I am spending hours counting spaces to get the bullet points right. And it is very slow. Just klicking on save takes 5 seconds in one case and in the other it crashes. Further it has no spell checker.
I did a little work on my project (ldap bench) but not even a cvs commit worth.

/var full

Yesterday I was benchmarking my OpenLdap server. For this I used the production cluster with 210 machines. So I sshed to all machines and started my little ldap bench program in a `while [ true ]` loop and whent home. This morning I came back stopped all the jobs and had a look at my ldap server. It was still fine and I was quite happy with the outcome. This afternoon then I got and Mail from one of the cluster admins that I had shredded quite a few machines through filling up /var. This happend because every network connection is logged in /var/log/messages. So when the log wanted to roll over gzip failed because it didn't have any space, further sendmail had gone into zomby mode as it couldn't log anymore. So my first real fuck up. But at least then we knew that any user can take down the cluster through syslog. This has been fixed :)


Marco and me had a look at the GNU coreutlis because we where fed up with some functions they did or didn't provide us. So I had a quite brows through them, now I want to comment on them :
While looking at the code I found a huge amount of FIXME comments. To be precise 119.
Just for the people that don't know coreutils are programs like ln, echo, rm, cp, mv ....
Let me list some examples:

copy.c :

/* FIXME: this should (at the very least) be moved into the following
if-block. More likely, it should be removed, because it inhibits
making backups. But removing it will result in a change in behavior
that will probably have to be documented -- and tests will have to
be updated. */

/* FIXME: shouldn't this be testing whether we're making symlinks? */

/* FIXME: this is a little fragile in that it relies on rename(2)
failing with a specific errno value. Expect problems
on non-POSIX systems. */

/* See if the destination is already the desired symlink.
FIXME: This behavior isn't documented, and seems wrong
in some cases, e.g., if the destination symlink has the
wrong ownership, permissions, or time stamps. */

/* Can't preserve ownership of symlinks.
FIXME: maybe give a warning or even error for symlinks
in directories with the sticky bit set -- there, not
preserving owner/group is a potential security problem. */

Ok this is just copy. I can't belive it. Every linux distro has this installed and then I read comments like this

/* FIXME: is this dead code?
Consider the test, pos == start_pos, above. */

/* FIXME: is this dead code? */

Now I am board.

P.S. Edd is going to be very happy. How many fixme's are there in OpenBSD?

Cern Week 7

So my main task this week was to benchmark the OpenLdap Server I set up. For this I wrote a little test suit. (It can be found under I built in loads of features to do a proper stress test (Cache prevention, simultaneous thread execution(for the 4 core machines), a little data base system, etc..). I further migrated all the current user files to the Ldap server (20874 active user entries) There are actually more users but quite a few are mapped to one user name. Especially for batch jobs and groups. Like MIT has one user but many people log on on as this one user. After doing this I did some analysis on the passwd file. And had some ideas of optimising this (mainly ordering and caching). I will have to wait till next week to submit the patch set because my boss wasn't there this week. Further I wrote a little bash script that can send out an email without having anything configured through interacting with smtp over a file descriptor that is actually a tcp socket (here). I further attended a meeting and some other management stuff(Not really of any interest).
So in conclusion I programmed a hell of a lot of C, what was nice as a little refresh.

How to send a mail in bash

This is something very simple. How do you send a email in bash without having sendmail configured. Ok so I spent the whole afternoon writing this. It basically creates a file descriptor over a tcp socket and then sends data over it. Not really error robust, but it should do. I have to sleep all the time as I don't know when the server will respond. And I can't cat,tail or head the filedescriptor as I don't have a EOF. Anyway quite horrible hack, but maybe you can learn something from it. For example how smtp works :)

 1 #!/bin/bash
2 #
3 # A little script that sends out a mail purly in Bash :)
4 # Very very slow act
5 # {Jan.Michael,Geerd-Dietger.Hoffmann}
6 #
8 #set up some vars we need
9 nameofme=`uname -n`
10 ipofmail=`host | cut -d ' ' -f 4` #Have fun if dhcp goes down
12 #TODO : Something like if [ `ping -c 1 $ipofmail | wc -l` -eq 5];then echo "host down"; fi
14 #Create file pointer
15 exec 4<>/dev/tcp/$ipofmail/25
16 sleep 2
17 echo -en "EHLO $\r\n" >&4
18 sleep 5
19 echo -en "MAIL From:<> SIZE=770\r\n" >&4
20 sleep 2
21 echo -en "RCPT To:<you@root>\r\n" >&4
22 sleep 2
23 #And off we go
24 echo -en "DATA\r\n" >&4
25 sleep 1
26 echo -en "Nobody said computers were going to be polite.\r\n" >&4
27 sleep 1
28 echo -en ".\r\n" >&4
29 sleep 1
30 echo -en "QUIT\r\n" >&4
32 # Disable this if you don't wan't output
33 # Could be used for error checking something like this would be ok
34 # if [! `wc -l <&4` -eq 22];then echo "error in line count"; fi
35 sleep 1
36 cat <&4

Note: This of course will only work if you can reverse DNS and own the world

C rand function

Just for completeness here the c rand function
#include stdlib.h
as I compared the Java one in August:

A nother window manager

If you have followed my Blog you know that Edd and me made a deal in switching to another window manager, So as I started my placement I thought OK next one. (After using enlightenment)
I decided to try JWM (Joe's Window Manager) this is a nice little wm. It works really well has nearly no dependencies and looks really good. It has all the nice little features a wm should have and is really nicely configurable. After using it for a while I encountered a few problems though. Trough grabbing the modifier of a key right away shortcuts in programs tend not to work. (So if I press CTRL-S for save) this will not work as I used CTRL for my special functions.
Remapping this didn't work either. I tried to rewrite the code but then noticed that this is a little too much to do while at work. Further I found out what the hyper key is :)
So now I installed ice wm to try the next one.

Have a look at this

Posted by Picasa

Ldap benchmark

A little program I wrote to test the ldap servers.
Please have a look at it.

Cern Week 6

So this week was a little bit stupid as I managed to pull a muscle and not beeing able to go to work. Otherwise I went to Berlin on the Weekend to see Juanan which was really nice. But workwise I summarized some emails and put them up on twiki

sendmail automation script

Here a little script that will send a email to some people out of a bash script. Not very hard.
 1 #!/bin/bash
2 from=""
3 emailtarget=","
4 subject="What do you want"
5 sendmail=/usr/sbin/sendmail
9 Really what you want to put here
10 ----
11 "`fortune`
13 msgdate=`date +"%a, %e %Y %T %z"`
14 daemail=$(cat <<!
15 Date: $msgdate
16 From: $from
17 To: $emailtarget
18 Subject: $subject
19 Mime-Version: 1.0
20 X-Mailer: Didi Mail
24 !)
26 echo "$daemail" | $sendmail -t