ixs' Vodkamelone

Introduction

dss_cli is a small command line program written in Python which can serve as the base for automating tasks on the Open-E Data Storage Server. A sysadmin can use it to control regular maintainance from the shell instead of having to log into the web-interface through a browser.
It can access the existing API via SSH and provides missing functionality by interfacing with the web-server on the DSS appliance. It is using both mechanize and Beautiful Soup to make it resiliant to changes in the webinterface. While it was originally written on a DSS v6, initial tests showed that it mostly works on the DSS v7 release as well.

Background

The "Data Storage Server" from Open-E is a linux based software appliance. After installing the software on a server, the server can then offer NAS and iSCSI storage to attached clients and is manageable through a web-interface.

One interesting feature of the appliance is, that it does offer failover for both iSCSI exported block devices as well as for NFS shared folders, something which makes it very interesting for Bawue.Net. The active/passive failover pair should give us better availability for maintenance as one half of the failover pair can be taken down for maintenance without affecting the virtual machines using the filer as a storage.

During testing of the DSS v6 system we did notice however a certain lack of functionality: The webinterface is great to manage the servers, create volumes, export these and set them up for replication. But using the webinterface is a manual process full of repetitive steps while the tasks at hand call for automation to reduce operator errors and to allow configuration through tools like puppet.

In order to help with automation, the DSS appliance offers an API/CLI access via ssh: Generate a key, connect to the server via ssh and pass some commands:

$ ssh -p 22223 -i filer1.key -l api 192.168.2.220 get_driveslist -v
Unit       Size(GB)   Serial Number  Status
S001       1862.64    4096e40371761527 vg,arc_vol_000
S002       279.40     4096e41532029185 vg,arc_vol_001

In order to address this lack of functionality, I wrote dss_cli, a command line client aimed at owners and administrators of DSS appliances in order to support all daily administration tasks needed on these filers.

Future plans

Provide a second tool to combine common steps for creation of iSCSI and NAS targets in a cluster.
Otherwise I am also taking nominations for needed functionality.

Installation

The current code is available on GitHub::ixs/dss_cli and is published under the GPLv2. Preqrequisites to running the dss_cli command is a recent Python installation with the Paramiko module for SSH connectivity and mechanize and Beautiful Soup for the web-scraping functionality.

Installation is simple: Download the latest code, unzip it in a new directory and edit config.ini to reflect your environment.
The [failovergroup] section contains your failover pairs, one group per line.
The example below defines one failovergroup called main, containing the dss1 and the dss2 filer.
The [dss1] and [dss2] section define their address, their admin passwords, the ssh_key needed for the API functionality and whether they are the primary or the secondary host in the failover group.

[failovergroups]
main = dss1 dss2

[dss1]
address = 192.168.220.1
password = admin
sshkey = dss1_api.key
mode = primary

[dss2]
address = 192.168.220.2
password = admin
sshkey = dss2_api.key
mode = secondary

Usage

./dss_cli --help
Usage: dss_cli [options]  

Command Line Interface to interact with an Open-E DSS Storage Server

Options:
  -h, --help            show this help message and exit
  -f FILE, --file=FILE  Configuration file to use
  -l, --list            List all commands available
  -g, --failovergroup   List all configured failover groups
  -d, --debug

Use --list to get a list of all supported commands. Each command should
support the --help parameter to get a list of accepted arguments.

Running ./dss-cli -l dss1 does give a list of all commands supported on that device:

$ ./dss_cli -l filer1
build                     - Lists and sets default build.
check_mk_agent            - Returns information from check_mk monitor
create_iscsilv            - Creates a logical iSCSI Volume.
create_naslv              - Creates a logical NAS volume.
date                      - Sets time and date; please use the following format: yyyy-mm-dd hh:mm:ss
failover                  - This function allows you to stop, run or change the operation mode for the given server.
failover_task             - Manage a failover task
get_TXbytes               - Returns total number of bytes transmitted for the given interface.
get_TXpackets             - Returns total number of packets transmitted for the given interface.
get_driveslist            - Fetches a list of drives.
get_hwstatus              - Returns information from system hardware monitor.
get_memorystatus          - Fetches memory status.
get_nichealth             - Fetches the status of the given Network Interface Card.
get_nicslist              - Lists Network Interface Cards.
get_raidstatus            - Returns information about RAID.
help                      - Lists all available methods
iscsi_target_access       - Configure Target IP access
iscsi_target_assign       - Assign lv with given name to existing iSCSI target.
iscsi_target_create       - Creates a new iSCSI target.
iscsi_target_list         - Lists iSCSI targets (syntax: alias;name).
iscsi_target_remove       - Remove an existing iSCSI target
iscsi_target_restart      - Restart iSCSI target service.
iscsi_target_sessions     - Shows and manages iSCSI target sessions.
iscsi_target_status       - Lists the parameters of the selected target.
iscsi_target_unassign     - Unassign from given iSCSI target lvname.
lv_remove                 - Remove a logical volume
nas_settings_http         - Enables and disables access to shares via HTTP.
nas_share_access_afp      - Modifies AFP share access.
nas_share_access_ftp      - Enables and disables access to shares via FTP
nas_share_access_http     - Enables and disables access to shares via HTTP.
nas_share_access_nfs      - Enables and disables access to the given share via NFS.
nas_share_access_smb      - Modifies SMB/AFP share access.
nas_share_create          - Create share on specified volume.
nas_share_details         - Display detailed configuration of share
nas_share_edit            - Changes share location or comment.
nas_share_groups          - Groups manipulation functions.
nas_share_list            - Lists shares
nas_share_remove          - Removes the given share.
nas_share_toggle_smb      - Enable or disable SMB support for a share
nas_share_users           - Users manipulation functions.
nas_user_add              - Create user in the system.
nas_user_groups           - Adding and removing users to groups.
nas_user_remove           - Removes the given user from the system.
nas_user_rename           - Rename NAS user.
ntp                       - Fetches the time and date from an NTP server.
reboot                    - Reboots the system.
set_nic                   - Configures Network Interface Cards.
set_powersettings         - Sets the power button action scheme.
shutdown                  - Shuts the system down.
snapshot_task             - Starts and stops snapshots.
task                      - This function allows you to start task.
test                      - Generates an example of a help message.
unit_manager              - Creates new volume group or adds unit(s) to existing volume group.
update                    - Initiates and checks the status of software update.
version                   - Fetches the software version.
volume_group_status       - Lists Volume Groups.
volume_iscsi_remove       - Removes a logical iSCSI volume
volume_replication        - Adds and removes replication to volume.
volume_replication_mode   - Set volume replication mode to source or destination
volume_replication_remove - Removes replication from Volume
volume_replication_task_create - Create a volume replication task
volume_replication_task_remove - Remove a replication task
volume_replication_task_status - Status of a replication task
volume_replication_task_stop - Stop a replication task
volume_status             - Displays storage info.

Example

The following commands would serve to create a failover iSCSI volume on dss1 and dss2:

Create the logical volumes on both filers as part of the arc_vol_000 volume group. Command line arguments are create_iscsilv <vg_name> <size> blockio
The size argument is specified in 32MB blocks. 150GB * 1024 / 32 = 4800.

$ ./dss_cli filer1 create_iscsilv arc_vol_000 4800 blockio lvarc_vol_00000
$ ./dss_cli filer2 create_iscsilv arc_vol_000 4800 blockio lvarc_vol_00000

Enable volume replication for both logical volumes on both filers and set the logical volume on filer2 to be a secondary volume/replication destination.

$ ./dss_cli filer1 volume_replication add lvarc_vol_00000
$ ./dss_cli filer2 volume_replication add lvarc_vol_00000
$ ./dss_cli filer2 volume_replication_mode lvarc_vol_00000 secondary

Create, start and monitor the replication task on the primary filer and give it 80MBps bandwidth for initial synchronisation.

$ ./dss_cli filer1 volume_replication_task_create lvarc_vol_00000 lvarc_vol_00000 failover_iscsi_target0 80
$ ./dss_cli filer1 task --start VREP failover_iscsi_target0
$ ./dss_cli filer1 volume_replication_task_status failover_iscsi_target0

Create the iSCSI targets on both systems.

$ ./dss_cli filer1 iscsi_target_create target0
$ ./dss_cli filer2 iscsi_target_create target0

Assign the created volume to the just created iSCSI target on both systems. The server will report back with a randomly generated SCSI id for the LUN. Make sure to pass this one when assigning the volume on the secondary system. These ids need to be the same.

$ ./dss_cli filer1 iscsi_target_assign target0 lvarc_vol_00000
lvarc_vol_00000:target0:0:wt:Dgp5VLni08UGb5W5
$ ./dss_cli filer2 iscsi_target_assign target0 lvarc_vol_00000 -s Dgp5VLni08UGb5W5
lvarc_vol_00000:target0:0:wt:Dgp5VLni08UGb5W5

Add the replication task to the list of active failover tasks and make sure that failover services are started.

$ ./dss_cli filer1 failover_task failover_iscsi_target0 enable
$ ./dss_cli filer1 failover --start

Contact

Es passiert regelmässiger, dass ich unterwegs bin und dort ein Telekom Hotspot vorhanden ist. Aktuell ist dies z.B. im Novotel Karlsruhe der Fall.

Telekom Hotspots haben wie die meisten öffentlichen Hotspots ein sogenantes Captive Portal durch das die Authentifizierung stattfindet.

Ich bin glücklicher Besitzer einer Telekom Hotspot Flatrate und möchte diesen Account gerne verwenden. Allerdings ist die regelmässig wiederkehrende Authentifizierung sehr nervig. Obwohl der Browser Login und Passwort nicht speichert wäre es dennoch schön wenn diese Anmeldung automatisch geschehen könnte.

Gesagt, getan. Hier ein kleines Python Script dass genau diese Aufgabe übernimmt:

As I am travelling quite a bit I am often in the situation that I have a hotel room with a network cable and Internet access, but I have a notebook and a smart phone with me and the only device with an Ethernet connector is the notebook.

When I saw the ASUS WL-330N3G wireless mobile router I immediately bought the gadget. It's a small and portable router with 3 main uses for me:

• Connect a 3G stick to it and the router will share the UMTS Internet via cable and a wifi network.
• Connect it to the Ethernet cable from the hotel and use the internet via the wifi network.
• Connect the router to a wireless hotel hotspot, authenticate and then use the single device hotspot account for accessing the Internet from both wired and wireless devices.

When playing around with the router you can brick the device (e.g. uploading incorrectly rebuilt firmware from the GPL sources). If this happens, the device will not boot correctly any more but will be flashing it's power LED and possibly the network activity LED as well. The device can be put into rescue mode however where it will take a tftp uploaded firmware file and flash it:

1. Connect the router to the Ethernet port of your computer.
2. Connect the router to your USB port or the supplied USB power adapter.
3. Press the restore button on the back of the device and hold it for 10 seconds or so.
   If you are running tcpdump on the Ethernet interface you should see ARP requests from 192.168.1.1 for 192.168.1.20.
4. Configure your Ethernet IPv4 address as static: 192.168.1.20 netmask 255.255.255.0.
5. Use tftp to upload a firmware file to the device:
   Under Windows this can be done with "tftp -i 192.168.1.1 put WL-330N3G_1.0.2.0.trx".
   Under Linux you can use the "tftp 192.168.1.1" command and then send the following commans: "binary", "trace", "rexmt 1" and finally "put WL-330NG_1.0.2.0.trx" to upload the firmware image.
6. Wait...
7. The tftp server on the device will send OACK and reboot

At this point the device has recovered and you'll be able to log in again...

$ while true; do for i in '|' '/' '-' '\'; do echo -n $i; sleep 0.25; echo -ne '\b'; done; done

Christoph Wickert already wrote a lot about FrOSCon 2011 so I do not have to add much. Thank god for that as I find blogging to be rather tedious lately...

Suffice to say the conference was great fun.

Even though I wasn't at FrOSCon for Fedora but for my employer Booking.com, who was one of the FrOSCon sponsors, I still managed to spend quite some time with the fellow Fedora people. I even got roped into providing a talk during the Fedora Activity Day.

As a topic I chose func, a remote execution framework we have been using quite successfully at Booking for automating a lot of processes.

For the people who either missed the talk or want the slides for later reference, the slidedeck is available as a PDF.

Reading the fedora planet I got the impression that the new Fedora 15 alpha release must suck.

This impression is mostly based on the screenshots Nicu posted as well as the accompanying, vicious review.

Having seen these, I naturally had to try the new F15 release for myself to see what this is all about.

Having booted it up in a virtual machine I am now ready to proclaim that Fedora 15 does not suck. The system greets me the same way prior releases did and the only noticable difference is a different release name and newer kernel release.

However, in the few minutes I spent with the new release I have to say that I already found two bugs:
After switching to the graphical login screen with gdm3, the screen becomes garbled. Suddenly the background is full of scanlines reminding me of the old days when I didn't had the correct modeline in the /etc/X11/X11.conf file.
I was assured however on IRC, that my hardware is not broken and this is the normal design for the Alpha release and the final one will not destroy my display. Thank god for that.

The other bug is that after ignoring the garbled screen and actually logging in, the desktop has become totally broken and hideous. Black and grey bars are alternating and hurting my eyes, functionality is missing, I have to switch constantly to the command line to change settings etc...

Again however the friendly people on the IRC channel came to the rescue and informed me that this is a known bug (tracked in the ohh so aptly named F15GnomeFAIL tracker) and it is actually not a software bug but human error.
It seems I just picked the wrong iso image thinking that the Desktop-ISO is actually for the Desktop. It looks like this is a common mistake and the real Desktop Spin is further down on the Download page. Silly me, we obviously have to better educate our Target Audience to pick the right image.

While I am actually very interested in seeing what the Gnome3 shell actually has to offer, this is not the release to do so. I seriously ask myself if this is the most unfinished and broken-by-default Fedora release there ever was. The Go/No-Go meeting should have just taken the hard decision and delayed the F15 release by 6 months. Maybe then this would look more like a release and less than a trainwreck.
I am basically disgusted at this point.

Snom is the maker of pretty decent VoIP phones running Linux. I have had a Snom 360 for some time now and am reasonably happy with it.

The Snom phones do support SNMP but their SNMP daemon is severly limited. It only supports GETs on a small number of OIDs, doesn't support WALK and standard MIBs like the system-MIB are not supported. The Snom Wiki has a list of the supported OIDs and a description how to enable SNMP on the phones.
The limited support makes autodetection by network management systems or MRTG's cfgmaker fail. In order to chart this data, a manually created template is therefore needed.

Traffic Monitoring (bytes) a Snom Phone

Traffic Monitoring (packets) a Snom Phone

Some other values worth charting could be CPU load and free memory or the number of registered extensions. This could be useful for tracking down errors. Unfortunately, mrtg is unable to chart this correctly out of the box and needs some help converting the data.
This is therefore left as an excercise to the reader.

The proprietary version of Oracle VirtualBox does offer USB support.
This means that the guest operating system can access USB devices plugged into the host system.

This USB passthrough feature is also available with many other desktop virtualization solutions, e.g. KVM and Qemu. Nevertheless it seems VirtualBox is favoured by a large number of users who are installing VirtualBox only to find that they cannot actually make their USB devices visible to the guest operating system. The common problem seems to be that they checkboxes next to the devices are grayed out, preventing the user from marking them to be added to the guest.

There are a large number of forum articles and blog posts available which all claim to have a solution to the issue. Very often the suggested solution is to change the mount options for /proc/bus/usb in fstab or add an appropriate entry. Sometimes it is suggested to mount usbdevfs to /sys/bus/usb/drivers. Some report success by editing certain udev rules so that files the in the procfs belong to the user executing the VirtualBox binary.

All these solutions have one thing in common:
They are all wrong!
The fact that they are mindlessly repeated by posters in a large number of user-centric web forums does not help at all.
It is still wrong!
I said it before but it still is true: Web forums are full of cargo-cult users: No idea what they are doing but trying and talking about it in the hope that it will achieve something.

The right solution is actually very simple. All that is needed is to add the user running VirtualBox to the vboxusers group:

[root@minos ~]# usermod -a -G vboxusers athienemann
[root@minos ~]# groups athienemann
athienemann : athienemann vboxusers
[root@minos ~]# 

That's all. The user athienemann now can add and remove USB devices from VirtualBox guests.
Wasn't that easy? No fiddling with udev or fstab needed.

Mein geschätzter Kollege Kris schreibt etwas über Unix und Standards. Neben der Tatsache dass das schöne an Standards ist, dass es so viele gibt und man sich einen aussuchen kann, erwähnte Kris auch die Befürchtung dass BTRFS möglicherweise relizensiert werden könnte.

Die Gefahrt dass BTRFS relizensiert wird besteht nicht.

In diesem Fall kann die relizensierte Version als Fork angesehen werden und die bekannten Probleme kommen dann zur Geltung.
Der Spruch mit Eiche und Sau dürfte in diesem Fall nicht unangebracht sein.

My first day at LinuxTag was rather uneventful as I only arrived in Berlin during the evening and thus couldn't attend the fair during the day. In short, the day looked as follows:

Took the car to Berlin, went directly to the hotel, handed the car off, dropped off the luggage and went for Dinner with the other Fedora guys waiting in front of the hotel.

Dinner was at a steakhouse a few minutes from the hotel and was enjoyable. The steak was nice and the opportunity to catch up on things with Andreas, Christoph, Fabian, Gerold, Robert, Sandro and Thomas was even better.

Afterwards we returned to the Hotel and spent a few hours in the lobby, chatting some more with the other Fedora people sharing the same hotel. As the night was still young we moved outside to a few tables in front of the hotel, enjoying the warm summer night and exchanging some more gossip and ranting about the things in Fedora which made us unhappy.

After all, a very nice first day where I could catch up with old friends and had the ability to make some new acquaintances.

I enjoy you immensly, it's been great meting old friends and making some new ones. Furthermore you are perfect for catching up with some former colleagues, other developers and for talking about lingering issues in a much more sensible setting than a mailing list filled with people with too much time for pointless bickering.

Ignore the people claiming that you're at the wrong time, the wrong location or the wrong anything. Sure, you're not always next door and sometimes you're even at the other end of the world. I won't be attending you in such cases, but there's always a FUDCon closer by which is worth it. Ignore the haters, they are just cramping your style.

But talking about style, I would really, really pretty please with sugar on top have you offering a more relaxed setting for conducting chats between a small group of people or just one-on-one talks. You have something called a lounge, but it's not really conductive for staying longer, the chairs are horrible. And your little brother FUDPub is too wild. No time there.
So please FUDCon, improve your style a bit and make your "lounge" a real lounge. I'll love you for that even more.

I'm thinking about something like that here:

Sakura Lounge for Japan Airlines at Narita Airport Terminal 2 by Hirohisat

Your biggest fan

I've been traveling to Amsterdam today and as usual for airtravel, you spend an awful lot of time with the security theater. Today cost me about ~15 minutes. Unlike the normal horror stories however, today was a notable exception. In fact, what happened today at the security checkpoint of the Stuttgart airport was a very interesting experience.

I was asked to take my notebook out of my bag and put it on the belt by itself. Easily done. Usually the security guys ask you to switch it on for a moment. No idea why that is though.
Anyway, this time it was a bit different, the security guy asked me if the notebook sporting the Linux advertisement (lovingly applied by Alex Maier) is actually running Linux. After confirming this and stating that it's only natural as I've been with Red Hat in the past, was wearing my Spacewalk Hacker shirt and am still doing Fedora work, the guy was very happy as he seemingly could vent his frustration with Linux at someone knowledgable.

The security guy was telling me that he's been using Linux in the past, but it's just not user friendly enough. His pet peeve was the need to mount and unmount removable media.
Especially the unmounting was a major hassle for him as it makes working with the system difficult for the inexperienced user.
I explained to him the technical reasons why the system is acting as it is, how the filesystem cache is playing it's part and the need to sync data before being able to remove a disk and how the eject button on his cd drive is disabled. After having explained the technical details of the kernel, I told him that the current Desktops do automounting of CDs and other removable media but that I wasn't sure about removal. This should at least partly solve his problem with the mounting. About unmounting, I have no idea as it has been more than 5 years since I last touched a CD. Fast Networks and PXE all but obsoleted optical media for my use-cases.

After this was cleared up, he mentioned another problem he considered important: The claimed amount of technical knowledge needed to expertly use linux.
I tried explaining my point of view, that a certain amount of technical knowledge is immensely helpful in order to understand the system and thus being able to spot problems and fix them accordingly. Without the technical knowledge, which can be picked up rapidly by the way, the user would be forced to always get help from a third party for each small problem. Not optimal either.
At the same time however, I stressed the fact that the current distributions are all trying very hard to be usable, even for the inexperienced user.

As a good deed for the day, I mentioned that F11 is being released today and that he should give the Live-CD a shot, he might like it. The security guy was countering that the Live-CD might be nice, but what he would really like is a Live-USB media with persistent storage. Luckily, Fedora can score big time here and satisfy that requirement: Live USB with added persistence was one of the main features touted at last year's Linuxtag.

As I had to leave for my plane which was starting to board, I left a business card with my personal email address and asked the guy to please report back on his experience with the Live-USB. Feedback is always good, especially if it is about a failure in our system.
It might give us some nice usability data and show where we can improve our documentation or presentation.
Anyone in Fedoraland interested in the possible follow-up?

But as interesting that chat was, no good deed goes unpunished: I'll have to find out now where these imbeciles in Schiphol lost my luggage with my documents and all clothes for tomorrow's meeting and my hayfever medicine.

*RAGE*
HATE U!

Today it's voting day for me. As Hendrik already mentioned, it's time to vote for the European Parliament.

Besides that, I had to fill in three local ballots. One for my town council, and two times for the regional council.

But there's an even more important vote going on: Fedora has three elections running, one for the next Release name, one deciding about 5 seats on the next FESCO and three seats for the Board.

Unfortunately my preferred candidate, Cthulhu, wasn't running for any of the elections which meant I indeed had to settle for the lesser evil.

In case you haven't voted yet, do so at https://admin.fedoraproject.org/voting/.
You can find out about the candidates and their platforms at the nominataion page for FESCO or the nomination page for the Board.
Another good way of understanding the candidates and their intentions is the Questionaire every candidate was asked to fill in. This was the first time we've ever tried gathering questions from the Fedora contributors and submitting them to the candidates. The answers are very interesting and can be found in either plain text or as an OpenOffice Spreadsheet. My suggestion would be to look at the spreadsheet, it's easier to compare the different stances of each candidate.
And then, there are of course the Town Hall Meeting transcripts. The #fedora-townhall is a moderated IRC Chanel where the candidates are taking questions from the audience and try to answer them. The logs can be found on the normal Fedora Election pages.
There are a lot of worthwhile candidates, not the least your's truly. So don't waste your vote.

With current virtualization technology it is often desirable to install an absolute minimal system and then only add the one service running on the system.

Unfortunately, this is not as easy as the "Minimal Installation" of RHEL (I'm not even going to think about fedora) is rather huge and contains lots of unnecessary gems people do not want on a server.

The easiest way of achieving a minimal installation is to use a kickstart file and select only the necessary packages.

The following kickstart file only installs a usable base system but leaves out the unnecessary stuff often being installed on a "server" installation.
The %post script is used to do some final clean up.
In this case i386 packages are removed if running on a x86_64 system in order to prevent having a mixed userland.
For people not running with IPv6, v6 support is disabled/removed as well.

This template kickstart file should be customized and then be published on a ftp or http server.
The anaconda installer can be instructed to use this file by passing ks=http://your.server/minimal.ks on the command line.

#
# Minimal RHEL5 Installation
# http://blog.vodkamelone.de/archives/151-Red-Hat-Enterprise-LinuxCentOS-5-minimal-installation.html
#

install
# Mirror URL
url --url Your Mirror URL, e.g. http://mirror.centos.org/centos/5/os/x86_64
lang en_US.UTF-8
keyboard de-latin1-nodeadkeys
network --device eth0 --bootproto dhcp
# Your root password
rootpw --iscrypted your root password as a crypted string
firewall --enabled --ssh
firstboot --disable
authconfig --enableshadow --enablemd5
selinux --enforcing
# Timezone, change as needed
timezone --utc Europe/Berlin
bootloader --location=mbr
# Append the following line if you need serial console support
#--append="console=tty0 console=ttyS0,115200n8r"
# or for Xen:
#--append="console=tty0 console=xvc0"
key --skip
logging --host=You syslog server
skipx
# uncomment if you only need a text mode installation
#text
reboot
services --disabled ip6tables
clearpart --initlabel --all
autopart

# Packages selection.
%packages --nobase
kernel
yum
openssh-server
openssh-clients
dhclient
audit
man
logrotate
tmpwatch
vixie-cron
crontabs
# Remove some stuff we do not need.
-iptables-ipv6
-system-config-securitylevel-tui
-gnu-efi
-Deployment_Guide-en-US
-redhat-release-notes
-cryptsetup-luks
# Remove some further packages
-hal
-pm-utils
-dbus
-dbus-glib
# If you're using xen, the following packages can be removed as well
#-setserial
#-hal
#-pm-utils
#-kudzu
#-dbus
#-dbus-glib

# Run a post script to clean up a bit
%post
chvt 3
(
echo "Disabling IPv6"
sed -i -e 's/\(NETWORKING_IPV6=\).*/\1no/' /etc/sysconfig/network

cat << EOF >> /etc/modprobe.conf
# disable IPv6
alias net-pf-10 off
EOF

echo "Disabling Zeroconf"
grep -q '^NOZEROCONF=yes' /etc/sysconfig/network || sed -i -e '/^NETWORKING=yes/a NOZEROCONF=yes' /etc/sysconfig/network

# Running on x86_64? Remove i386 rpms
if [ "$(uname -m)" == "x86_64" ]; then
	echo "We're on x86_64, removing unwanted i386 libraries"
	rpm -qa --queryformat='%{n}-%{v}-%{r}.%{arch}\n' | grep '\.i[3456]86$' | xargs rpm -ev
	echo "done"
fi

# Adding ssh key
# You could add your ssh key here
#echo "Adding ssh key"
#mkdir -p /root/.ssh
#chmod 700 /root/.ssh
#echo 'your ssh key' > /root/.ssh/authorized_keys
#chmod 600 /root/.ssh/authorized_keys


# Running on XEN? Add serial console if not already configured
if [ -f /proc/xen/capabilities ] && [ $(cat /proc/xen/capabilities | wc -l) -eq 0 ]; then
	echo "Adding XEN serial console support"
	# Check it's not already configured and add it and allow root-logins
	grep -q xvc0 /etc/inittab || sed -i -e '/^# Run gettys/a co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav ' /etc/inittab 
	grep -q xvc0 /etc/securetty || echo xvc0 >> /etc/securetty
fi

) 2>&1 | tee /root/ks-post.log
chvt 1

Den üblichen Verächtigen dürfte bekannt sein, dass unsere nicht vertrauenswürdige Familienministerin gerade dabei ist die Weichen für das neue, kindersichere und reingewaschene Internet zu stellen.

Böse Zeitgenossen nehmen gerne das ebenso böse Wort "Zensur" in den Mund und vergessen dabei an die Kinder zu denken. Frau von der Leyens Internetsperren weisen jedoch den richtigen Weg.

Da dies ja ein hauptsächlich technisches Blog ist, hier also ein kleines Rezept für mod_rewrite um Besuchern der eigenen Webseite schonmal einen kleinen Vorgeschmack zu geben auf die Zukunft des deutschen Internets:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ![den_eigenen_domainnamen_bitte_hier_einfügen] [NC]
RewriteCond %{HTTP_REFERER} !bmi\.pifo\.biz [NC]
RewriteRule ^(.*)$      http://bmi.pifo.biz/?http://%{HTTP_HOST}/$1 [R,L]

Sobald dieser Konfigurationsschnipsel in einer .htaccess Datei im Webroot einer Webseite abgelegt wurde, wird die Funktionsweise der bundesdeutschen Filterliste realitätsnah simuliert. Der Besucher wird beim ersten Aufruf einer Webseite auf eine täuschen echte Simulation der STOP Seite für gefährliche Internetangebote umgeleitet.

Sobald er sich von dieser humoristischen Seite auf die eigentlich besuchte Seite durchgeklickt hat, kann er diese jedoch normal durchklicken... Eigetnlich auch nicht anders als die blauen Free-Speech Schleifchen, die man vor vielleicht 12 Jahren überall im Web vorfand.

Ein kleines Beispiel für die in Zukunft sicher regelmäßig auftretenden, jedoch sehr bedauerliche Einzelfällen von Fehlkategorisierungen: blog.vodkamelone.de auf der Sperrliste. :-)