Stream

NeoPhyte Representative

Shared publicly  - 
 
 
+Lennart Poettering just posted the 21nd part of the systemd For Administrator series, this time covering container integration. Enjoy!
4 comments on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Earlier today I gave a talk at the NLUUG Najaarsconferentie
2014 in Bunnik, Netherlands, about "Security Features in systemd". I promised to upload the slides, so here they are.

Even if you didn't attend the conference the slides might be interesting, please have a look.

Oh, and before you ask: no, to my knowledge the presentation was not videotaped.
2 comments on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Here's a little gem I just added to systemd's "nss-myhostname" NSS module: in addition to resolving the local host name to the locally configured IP addresses, and to resolving the host name "localhost" to the usual 127.0.0.1 and ::1, it will now also resolve the special host name "gateway" to the local default gateway address. This is pretty useful inside of containers or in local LANs, as it assigns a stable name to the container's host or the router if there's one. With this in place, a "ping gateway" command on the shell prompt will do just that: ping the default gateway. And if you enter http://gateway/ into your web browser, you'll now always end up on the configuration UI of your WLAN router. How cool is that?

Of course, if the name "gateway" is used in DNS it still overrides this new magic assignment, in order not to break existing setups that use that name.
nss-myhostname: always resolve the host name "gateway" to the local default gatewayHEADmaster. This is useful inside of containers or local networks to intrdouce a stable name of the default gateway host (in case of containers usually the host, in case of LANs usually local router).
42 comments on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Here's a small, but powerful new tool I added to +systemd today: "systemd-import" can pull and update container images from the Internet, in the format and via the APIs of today's best known Linux container solution. This lightweight tool downloads the images, converts them into btrfs subvolumes/snapshots and makes them available as simple directory trees in /var/lib/container/, like any other container tree, which you then can boot with "systemd-nspawn".

This how you use it:

# systemd-import pull-dkr mattdm/fedora
# systemd-nspawn -M fedora

This first downloads "mattdm/fedora", and installs it into /var/lib/container/fedora, and then boots it directly via systemd-nspawn, like any other container tree.

All this with only a bit of C code, as part of the systemd suite. No new dependencies. No Go, no Python, no other runtime.

Next: add support for non-btrfs systems for this (by transparently creating a dynamically sized loopback file somewhere in /var, with btrfs inside, which can be used for this, so that only the redundant container images can reside in it, but your private user data and the rest of the OS don't have to be entrusted to btrfs).

Enjoy!
This adds a simply but powerful tool for downloading container images from the most popular container solution used today. Use it like this: # systemd-import pull-dck mattdm/fedora # systemd-nspawn -M fedora This will donwload the layers for "mattdm/fedora", and make them available locally as ...
46 comments on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Here's another new small feature in systemd-nspawn: the -i switch can now be used to boot MBR disk images, too, if they follow certain rules (like: only one partition of type 0x83, marked bootable). Previously it already worked for GPT images.

What's so great about this? Well, this means you can invoke nspawn directly on an official, unmodified, Fedora Cloud disk image and it will boot it up.

For details see the the commit linked below.
With this change nspawn's -i switch now can now make sense of MBR disk images too - however only if there's only a single, bootable partition of type 0x83 on the image. For all other cases we cannot really make sense from the partition table alone. The big benefit of this change is that upstream ...
2 comments on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
+Lennart Poettering just posted the 21nd part of the systemd For Administrator series, this time covering container integration. Enjoy!
4 comments on original post
1
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Last week I posted my slides from my talk at NLUUG Najaarsconferentie 2014 about security features in +systemd . Apparently the talk was videotaped after all and the videos are now online. Hence: here you go!

(Slides at http://0pointer.net/public/systemd-nluug-2014.pdf)

Enjoy!
2 comments on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
A new Linux Action Show is OUT: http://bit.ly/las342

+Lennart Poettering shares the surprising origins of systemd, and answers our questions,  +Brandon Philips the co-founder of +CoreOS discusses Rocket, +Matthew Miller from the +Fedora Project talks about the upcoming Fedora 21, and more!

Enjoy: http://bit.ly/las342
View original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Here's an interesting analysis about who contributed to systemd. Enjoy!
Who wrote systemd? (30 grudnia 2014, 21:24:06). When it comes to systemd middleware, Lennart Poettering often takes the blame and has sole authorship attributed. But there are many more developers (git shows 593 authors in total) – missing their portion of berating, thus unappreciated and ...
1 comment on original post
1
Add a comment...

NeoPhyte Representative

Shared publicly  - 
 
 
Here's a new interview with yours truly in +Linux Voice. The online version is only the first part of it, the full interview is in the print magazine.

Go, and buy it, it's good, and the Linux Voice guys are certainly the good guys, and truly believe in Free Software, so please support them!
Few pieces of software in history have been so fiercely debated as Systemd. Initially a replacement for Sysvinit, the boot scripts that start up a Linux installation, Systemd has grown into a hugely powerful – and sometimes complex – replacement for the “bag of bits” that make up the Linux base ...
33 comments on original post
1
Add a comment...