haproxy + CARP on FreeBSD

So you’ve decided you want a high availability cluster running on FreeBSD?

A common setup is to run haproxy + CARP together. The main drawback to this method that that it isn’t truly high availability. Here are some of the shortcomings of this approach:

  • You will need to upgrade the haproxy binary an awful lot, if your are doing SSL termination. You will need to fail-over the carp master when preforming maintenance on the host
    • What happens to existing in-flight requests?
    • Do you always have a service window?
  • If the haproxy process on the MASTER dies (or say isn’t accepting requests on a reload), those requests aren’t serviced
    • Additionally how does CARP know the status of the haproxy process? It doesn’t.
  • Only one haproxy instance is serving all of the requests at a time, so you aren’t really load balancing the requests

All of this stems from the fact that we are missing a layer of redundancy. We have redundancy at the physical layer with CARP. We have redundancy at the application (or transport) layer with haproxy.

What we need is redundancy at the network layer to complete the stack.

I am told you can solve this in linux with LVS, but currently (as far as I’m aware) there is no mechanism for this in the BSD world. Continue reading haproxy + CARP on FreeBSD

zfs send remote encrypted backup

I’ve been trying to finally move some of my file storage off site. Here’s a little script I wrote to help facilitate that.

zfs-backup:

#!/bin/sh

usage() {
        echo "Usage: "`basename $0`" snapshot-name";
        exit 1;
}

if [ "x$1" = "x" ]; then
        usage;
fi

if zfs list -t snapshot $1 > /dev/null 2>&1; then
        SNAP=$1
        SAN=`echo $1 | sed 's/[^A-Za-z0-9]/-/g'`
else
        echo "Invalid snapshot given.  Try zfs list -t snapshot for ideas.";
        usage;
fi

BASE=`basename $0`
FIFODIR=$(mktemp -d $BASE-tmp-XXXXXXXX) || exit 2
FIFO=$FIFODIR/$SAN
CHK=$FIFODIR/sha256

CONTAINER=$SAN.gz.sc

mkfifo $FIFO;

echo "Sending snapshot "$SNAP;

sha256 < $FIFO > $CHK &
zfs send "$SNAP" | pigz | scrypt enc /dev/stdin | tee $FIFO | ssh -c arcfour256 X_HOSTSPEC_X "umask 0077 && cat > .zfs-backup/$CONTAINER"

SHA256=`cat $CHK`
printf "%s  %s\n" $SHA256 $CONTAINER | ssh X_HOSTSPEC_X "umask 0077 && cat > .zfs-backup/$CONTAINER.sha256sum"

echo "Tranfered snapshot with checksum: "$SHA256;

rm $CHK;
rm $FIFO;
rmdir $FIFODIR;

Some notes about choices of utilities:

  • pigz could easily be replaced with gzip or lzma, or whatever.
  • I’m debating switching scrypt out for something like openssl or gpg with an actual random key, or possibly a curve25519 chacha20 poly1305 container, I haven’t done the research to see how smart/easy this is.  I understand what scrypt is doing, it’s installed on my machine, and It’s a Good Thing.
  • I’m using arcfour256 for the bulk transfer, because the security of the stream isn’t important.  It’s already protected by scrypt/AES256.
  • I tee to a fifo so that I can check that the transfer wasn’t corrupted on the remote end without typing my pass phrase into the untrusted machine.  The tee/fifo feels hackish to me, but I don’t have another idea.
    • I investigated the scrypt format, and there is no length in the file header, nor any tailing magic bytes, so it’s impossible to tell if the file is truncated without trying to decrypt the file.  Based on the code, adding a length header, or tailing magic would break the current on-disk format.
    • This checksum won’t help if, say, the scrypt process is interrupted – I’m guessing you will get a partial transfer, and matching checksums.
  • I copy the checksum to the remote machine also, in a format that can be parsed by sha256sum
  • I run this in a screen session

Blackberry Torch 9800 Headphone Jack Repair

I use the headphone jack multiple times a day, connecting my torch 9800 to the car stereo.  Over the past year, the connection has gotten flaky, eventually past the point of frustration.

It seems like a loose connection (when I fiddle with the cable, I sometimes get right and left audio), and I assumed it was the connection of the jack to the PCB inside the phone.  I was anxious to get my soldering iron hot, and void my (nonexistent) warranty.

Continue reading Blackberry Torch 9800 Headphone Jack Repair

FreeDOS 1.1 USB Boot Image

I’ve updated the FreeDOS USB boot image to now include the official FreeDOS 1.1 kernel, and command interpreter, now that it has been officially released.

FreeDOS USB Image: FreeDOS-1.1-USB-Boot.img.bz2

Size: 117652 bytes
SHA1: 7d8a3c73f9cfdc71611e3f7a5b7b134529179821

If you are looking for a FreeDOS 1.0 USB Boot Image, see my earlier post of the same title.

If you run in to trouble, take a look at the comments for 1.0 first, many will apply.  If that doesn’t solve your issue, leave a comment.

Cellpipe 7130 Line Stats

Ahhh... Much Better!

I created a quick greasemonkey script to enable viewing the stats on the Bell Canada branded Cellpipe 7130 modem:

Cellpipe 7130 VDSL Stats Display Greasemonkey Script

Also, I didn’t really like Bell’s logo all over the gear:

Replace Bell’s logo with TekSavvy’s on Cellpipe 7130 Greasemonkey Script

Zip.Ca average DVD rental cost

I signed up with Zip.Ca last July, and was able to rent 36 DVDs within the year.  I’ve been on the 1 DVD Unlimited plan for the whole time, and returned DVDs fairly quickly.  My total cost (taxes in) was $148.44, with an average DVD rental of $4.12.  This is actually more expensive than the 1 DVD plan (2/month), with an average DVD rental of $3.36.  I’ve averaged 3 DVDs/month, so it would still work out cheaper if I took the 1 DVD plan, and paid the extra $2.49+tx/DVD.

I didn’t find out about ZipRefill until the end of July, and I’ve now started using it.  I’m interested to see how this affects my average rentals this year.  I think I would need to average 3.7 DVDs/month or 44 DVDs/year to have this plan make sense.

.flac to .mp3 parallel conversion script

I’ve been using FLAC to backup my CDs for some time, but due to the ubiquity of MP3, I frequently found myself transcoding a large number of these files for various devices.

I found a good number of scripts[1] for doing the conversion, and it seems to be  a bike shed everyone wants to chime in on.  What I found didn’t really handle modern multi-core processors, so I made some quick tweaks and thought I’d post my results.  There are two scripts:

mp3xcode:

#!/bin/bash

mkdir mp3
parallel mp3xcode_sub — *.flac

mp3xcode_sub:

#!/bin/bash

[ -r “$1″ ] || { echo can not read file \”$1\” >&1 ; exit 1 ; } ;

FLAC=$1
MP3=”mp3/${FLAC%.flac}.mp3″

eval `metaflac –export-tags-to=- “$FLAC” | sed ‘s/=\(.*\)/=”\1″/’`

flac -dc “$FLAC” | lame –replaygain-accurate -v -V 2 –tt “$TITLE” \
–tn “$TRACKNUMBER” \
–tg “$GENRE” \
–ty “$DATE” \
–ta “$ARTIST” \
–tl “$ALBUM” \
–add-id3v2 \
– “$MP3”

This script seems to be a good way to do it. I’ve only tested this on linux.

On FreeBSD, there may be some tweaks required to not depend on bash.  Also, you’ll need to install the GNU parallel program (sysutils/parallel).

Tweaking ZFS on FreeBSD 8.2-RELEASE on i386

Having followed the http://wiki.freebsd.org/ZFSTuningGuide, when configuring ZFS, I was aware of the delicate nature of the kernel settings for ZFS on i386.  I recently upgraded my server to 4GB ECC from 2GB non-ECC and thought I’d like to take advantage of the extra ram, so I thought I’d play around with these options.

My current kernel config could not be simpler, ZFS-GENERIC:

include    GENERIC
ident    ZFS-GENERIC
options    KVA_PAGES=512

For this configuration I successfully used in /boot/loader.conf:

#Working options for ZFS-GENERIC 2GB RAM, KVA_PAGES=512
vm.kmem_size=”1536M”
vm.kmem_size_max=”1536M”
vfs.zfs.arc_max=”786M”

I thought it would be as simple as:

#Trial options for ZFS-GENERIC 4GB RAM, KVA_PAGES=512
vm.kmem_size=”2G”
vm.kmem_size_max=”2G”
vfs.zfs.arc_max=”1792M”

But, but to my chagrin, my system responded on boot up with a:

panic: kmem_suballoc: bad status return of 3

Continue reading Tweaking ZFS on FreeBSD 8.2-RELEASE on i386

A New Year for Wings – The Patty Shack Oshawa

The Patty Shack Oshawa

Good news for the New Year!  I’ve heard from Dave Hannah from the old Wing Shack in Whitby.

He’s launching a new venture, in Oshawa this time, called The Patty Shack.  Dave has combined the Wing Shack Wings with a burger that, in his words, is equally as good. Continue reading A New Year for Wings – The Patty Shack Oshawa

310 numbers on voip.ms

Over the weekend, I tried to order a pizza from Pizza Nova, using their 905-310-3300 number, but I consistently got a fast beep.  I re-dialed using their 416-439-0000 number, and was able to order my pizza fine. Whew!

I put a ticket in to voip.ms, and this is what they said:

It seems that the numbers with 310 exchange are special numbers and they are not reachable outside from the area they are linked, the test we have made indicates that the numbers are not reachable from our network.

We apologize for this inconvenience.

So, quick heads up: you can’t dial 310 numbers on voip.ms!

UPDATE (2011-04-12): 310 numbers seem to be working, see comments below.