how to use ssh escape characters

So you’ve learned screen, ssh and vim. Time to take your skills to level two.

Day one: You’ve logged in to your server remotely via ssh. You run “screen -xRR”, and two minutes later you’re busy chatting away in irssi and vim is running in the other window, because, you know, real sysadmins don’t use emacs.

Lunch time: You grab your laptop and head off for lunch. When you open the lid and look at your terminals, they’re all frozen, because the tcp connections have died. You force quit the terminals, and you’re back in 30 seconds with new tcp connections.

Day two: Since lunch is a daily occurence, it would be nice to avoid this altogether. Enter ssh escape characters. Do a: “man ssh” and search for: “ESCAPE CHARACTERS”.

Lunch time: Hit: ~ . (tilde-period) in an ssh session. This will probably require you hold <shift> to get a “tilde”, (then release) and enter a period (you should know how to type!) Instead of period, you can enter a ? in case you want see about the other cool commands. If ever this doesn’t work, press <enter> at least once to “unconfuse” the escape sequence listener and you can now try again.

Day three: You learn about SCTP and decide this is the future for your multihomed life. Bonus points for someone who comments about how they use it.

Happy Hacking!

James

sparse rsync magic

Dear internets,

Once upon a time, I had one of those “brain teaser-of-the-day” calendars. Free business tip: someone should make an ‘rsync’ version. That would be brilliant. (If you don’t know what rsync is, then you should probably go read a different blog.)

Anyone who’s used kvm might know, linux virtual machines can have sparse .raw file backing stores. This means the operating system could think it has one TiB of space, when it is actually sharing a one TiB physical harddrive with many others.

Tip #1: man ls
# ls -lAhs
29G -rwxr-xr-x. 1 qemu qemu 1000G Feb 22 18:39 cobbler.raw

You’ll notice that the ‘s’ flag shows you how much space the file is actually taking up on your harddrive. This gives me lots of room to grow my cobbler virtual machine, without having to actually resize partitions, lv’s or filesystems.

Warning: Make sure to monitor your individual virtual machines, because if the .raw files grow bigger than the size of your host filesystem then they’ll freeze.

Tip #2: use rsync like a boss
This all started out about rsync, remember ? As anyone who’s tried might know, running an rsync on your images/ directory as the source will cause your destination to swell to the size of the virtual hard drives! Solution? add in -S and enjoy the rsync magic.

Happy hacking!

James

 

git, gitosis, gitweb and friends…

In case it wasn’t already obvious, I am a huge fan of git, and often prefer it over sliced bread. Recently to help a small team of programmers collaborate, I decided to setup a private git server for them to use. By no claim of mine is the following tutorial unique, however I am writing this to aid those who had trouble following other online tutorials.

Goal:
Setup a central git server for private or public source sharing, without having to give everyone a separate shell account.

Step 1:
Install git, gitosis, and gitweb by the method of your choosing. Most distributions probably have packages for all of these.

Step 2:
Create a user account named “git”, “gitosis”, or something sensible if it hasn’t already been done by some packagers install script. The shell command to do this yourself looks something like:

sudo adduser --system
--shell /bin/sh
--gecos 'git version control'
--group
--disabled-password
--home /srv/gitosis
gitosis


In my particular case, I edited the /etc/passwd file to change the automatically added account, however running sudo dpkg-reconfigure gitosis is probably an easier way to do this.

Step 3:
Authentication is done by public ssh key, and gitosis takes care of the magic relationships between a users key and the read/write access per repository. As such, gitosis needs initialization, and it needs the public key of the administrator. If you aren’t familiar with ssh public key authentication, go learn about this now.

To initialize gitosis most tutorials alledge that you should run something like:

sudo -H -u gitosis gitosis-init < SSH_KEY.pub

In my case, this didn’t work (likely due to environment variable problems, but try it first anyways) so I cut to the chase and ran:

sudo su - gitosis
gitosis-init < /tmp/SSH_KEY.pub

which worked perfectly right away. Note that you have to copy your public key to a publicly readable location like /tmp/ first.

Step 4:
Now it’s time to change the gitosis configuration file to your liking. Instead of editing the file directly on the server, the model employed is quite clever: git-clone a special repository, edit what’s necessary and commit, then push the changes back up. Once this is done, git runs a special commit-hook that generates special files needed for correct operation. The code:

git clone gitosis@SERVER:gitosis-admin.git

Step 5:
To add a new repository, and its users, into the machine, the obvious bits are done by making changes in the recently cloned git directory. Once a user has access, setup the new remote, and push.

git remote add origin gitosis@SERVER:the_repository_name.git
git push origin master:refs/heads/master

Subsequent pushes don’t need the master:refs/heads/master part, and everything else should function as normal.

Gitweb:
I still don’t have a happy gitweb+gitosis installation. I’m using apache as a webserver, and I wanted to leave the main /etc/gitweb.conf as unchanged as possible. The gitweb package that I installed, comes with an: /etc/apache2/conf.d/gitweb and all I added was:

SetEnv GITWEB_CONFIG /srv/gitosis/.gitweb.conf

between the <directory> braces. I used the template gitweb configuration file as provided by gitosis.

Gitosis:
The last small change that I needed for perfection is to store the gitweb configuration in the gitosis-admin.git directory. To do this, I added a symlink to /srv/gitosis/repositories/gitosis-admin.git/gitweb.conf from the above gitweb config location. The problem is that the file isn’t in the git repo. This would require patching gitosis to recognize it as a special file, and since the author doesn’t respond to patch offers, and since the gitweb config is usually completely static, I didn’t bother taking this any further.

Gitolite:
It seems there is a well maintained and more fine grained alternative to gitosis called gitolite. The author was very friendly and responsive, and it seems his software provides finer grained control than gitosis. If I hadn’t already setup gitosis, I would have surely investiaged this first.

Etckeeper:
If you haven’t yet used this tool, then go have a look. It can be quite useful, and I only have one addition to propose. It should keep a configurable mapping (as an etckeeper config file) with commands to run based on what gets updated. For example, if I update /etc/apache2/httpd.conf, then run /etc/init.d/apache2 reload.

Happy hacking!