Thanks to Senior Lecturer and Programme Coordinator, Aditya Santokhee, at the Middlesex University Mauritius, my colleague Chittesh & I got to deliver guest talks at the university today.

Chittesh, also our local Mozillian, spoke about the Internet Health Report and raised privacy concerns surrounding major online platforms. He mentioned the Cambridge Analytica scandal in particular, especially how that raised public awareness about digital privacy. He added that following the enforcement of the European Union's General Data Protection Regulations (EU GDPR), tens of thousands of violation complaints have been filed. Google was fined €50 million for GDPR violations in France.

His talk was more a message to the young students for them to review their online habits and take a moment to think about digital privacy.

On the other hand I had a semi-technical talk about Pods & Containers. Although we had a lecture theatre fully packed with Computer Science students, I was told they were mostly in second year, I realise that not everyone would be acquainted to Linux containers, or yet Linux itself.

Therefore, I started with a gentle introduction about operating systems and where Linux stands. I asked the students whether they are familiar with virtualization and part of the room answered yes. It made it easier to compare between having an "architecture emulator" to run a virtual machine and a simple isolated environment comprising of a bunch of files. That's the simplest explanation I could give to make the students comfortable with the idea of containers.

Then, I moved to the topic of Podman, while doing some demos and helping the students learn how podman run ... could make things easier for them. I asked them a few questions about university assignments such as developing an application and the need of having an "environment" to build or test the application. Instead of having a full Linux environment with a bunch of packages installed & configured simply to serve a web application, a single-line of podman could serve those files in an Nginx container. Especially, doing this without a big-fat-daemon, pun intended! 🤓

I briefly talked about Skopeo and I invited the more adventurous students to peek inside of containers and get a better understanding of what they are made of. The key lesson being, magic is for the users not for the engineer.

I ended the talk with this nice slide copied from my openSUSE MicroOS workshop deck from the openSUSE Asia Summit 2019. 😊

Slides available at speakerdeck.com/ishwon/podman-101.

Introduction

It’s time for another YaST team report! Let’s see what’s on the menu today.

• More news and improvements in the storage area, specially regarding encryption support.
• Some polishing of the behavior of YaST Network.
• New widgets in libYUI.
• A look into systemd timers and how we are using them to replace cron.
• And a new cool tool for developers who have to deal with complex object-oriented code!

So let’s go for it all.

Performance Improvements in Encrypted Devices

As you may know, we have recently extended YaST to support additional encryption mechanisms like volatile encryption for swap devices or pervasive encryption for data volumes. You can find more details in our blog post titled "Advanced Encryption Options Land in the YaST Partitioner".

Those encryption mechanisms offer the possibility of adjusting the sector size of the encryption layer according to the sector size of the disk. That can result in a performance boost with storage devices based on 4k blocks. To get the best of your systems, we have instructed YaST to set the sector size to 4096 bytes whenever is possible, which should improve the performance of the encrypted devices created with the recently implemented methods.

Additionally, we took the time to improve the codebase related to encryption, based on the lessons we learned while implementing volatile and pervasive encryption. We also performed some additional tests and we found a problem that we are already fixing in the sprint that has just started.

Other improvements related to encryption

One of those lessons we have learnt recently is that resizing a device encrypted with a LUKS2 encryption layer works slightly different to the traditional LUKS1 case. With LUKS2 the password must be provided in the moment of resizing, even if the device is already open and active. So we changed how libstorage-ng handles the passwords provided by the user to make it possible to resize LUKS2 devices in several situations, although there are still some cases in which it will not be possible to use the YaST Partitioner to resize a LUKS2 device.

As a side effect of the new passwords management, now the process that analyzes the storage devices at the beginning of the installation should be more pleasant in scenarios like the one described in the report of bug#1129496, where there are many encrypted devices but the user doesn’t want to activate them all.

And talking about improvements based on our users’ feedback, we have also adapted the names of the new methods for encrypting swap with volatile keys, as suggested in the comments of our already mentioned previous blog post. We also took the opportunity to improve the corresponding warning messages and help texts.

Network and Dependencies Between Devices

Similar to encryption, the network backend is another area that needed some final adjustments after the big implementation done in the previous sprints. In particular, we wanted to improve the management of devices that depend on other network devices, like VLANs (virtual LANs) or bridges.

Historically, YaST has simply kept the name of the device as a dependency, even if such device does not exist any longer. That leaded to inconsistent states. Now the dependencies are updated dynamically. If the user renames a device, then it’s automatically renamed in all its dependencies. If the user deletes a device that is needed by any other one, YaST will immediately ask the user whether to modify (in the case of bonding and bridges) or to remove (in the case of VLANs) those dependent devices.

New libYUI Widget: ItemSelector

Now that we mention the user experience, it’s fair to note that it has been quite a while since we created the last new widget for libYUI, our YaST UI toolkit. But we identified a need for a widget that lets the user select one or many from a number of items with not only a short title, but also a descriptive text for each one (and optionally an icon), and that can scroll if there are more items than fit on the screen.

So say hello to the new SingleItemSelector.

As you would expect from any libYUI widget, there is also a text-based (ncurses) alternative.

Please, note the screenshots above are just short usage examples. We are NOT planning to bring back the desktop selection screen. On the other hand, now we have the opportunity to make a prettier screen to select the computer role. Stay tuned for more news about that.

There is also an alternative version of the new widget that allows to select several items. The unsurprisingly named MultiItemSelector.

Which, of course, also comes with an ncurses version.

In the near future, we are planning to use that for selecting products and add-on modules. But this kind of widgets will find other uses as well.

Fun with Systemd Timers

And talking about the close future, many of you may know there is a plan coming together to replace the usage of cron with systemd timers as the default mechanism for (open)SUSE packages to execute periodic tasks.

In our case, we decided to start the change with yast2-ntp-client, which offers the possibility to synchronize the system time once in a while. So let’s take a look to how systemd timers work and how we used them to replace cron.

When defining a service in systemd it is possible to specify a type for that service to define how it behaves. When started, a service of type oneshot will simply execute some action and then finish. Those services can be combined with the timers, which invoke any service according to monotonous clock with a given cadence. To make that cadence configurable by the user, the YaST module overrides the default timer with another one located at /etc/systemd/system.

As a note for anyone else migrating to systemd timers, our first though was to use the EnvironmentFile directive instead of overriding the timer. But that seems to not be possible for timers.

One clear advantage of using a systemd service to implement this is the possibility of specifying dependencies and relations with other services. In our case, that allows us to specify that one time synchronization cannot be used if the chrony daemon is running, since they would both conflict. So the new system is slightly more complex than a one-liner cron script, but it’s also more descriptive and solid.

And another tip for anyone dealing with one-shot services and systemd timers, you can use systemd-cat to catch the output of any script and redirect it to the systemd journal.

Everybody Loves Diagrams

But apart from tips for sysadmins and packagers, we also have some content for our fellow developers. You know YaST is a huge project that tries to manage all kind of inter-related pieces. Often, the average YaST developer needs to jump into some complex module. Code documentation can help to know your way around YaST internals that you don’t work with every day. To generate such documentation, we use the YARD tool, and its output is for example here, for yast-network. Still, for large modules with many small classes, this is not enough to get a good overview.

Enter yard-medoosa, a plugin for YARD that automatically creates UML class diagrams, clickable to get you to the classes textual documentation.

It is still a prototype but it has proven useful for navigating a certain large pull request. We hope to soon tell you about an improved version.

More Solid Device Names in fstab and crypttab

Back to topics related to storage management, you surely know there are several ways to specify a device to be mounted in the /etc/fstab file or a device to be activated in the /etc/crypttab. Apart from using directly the name of the device (like /dev/sda1) or any of its alternative names based on udev, you can also use the UUID or the label of the file-system or of the LUKS device.

By default, YaST will use the udev path in s390 systems and the UUID in any other architecture. Although that’s something that can be configured modifying the /etc/sysconfig/storage file or simply using this screen of the Partitioner, which makes possible to change how the installation (both the Guided Setup and the Expert Partitioner) writes the resulting fstab and crypttab files.

But, what happens when the default option (like the udev path) is not a valid option for some particular device? So far, YaST simply used the device name (e.g. /dev/sda1) as an immediate fallback. That happened at the very end of the process, when already writing the changes to disk.

We have improved that for Tumbleweed, for SLE-15-SP1 (which implies Leap 15.1) and for the upcoming versions of (open)SUSE. Now, if the default value is not suitable for a particular device because the corresponding udev path does not exists, because using a given name is incompatible with the chosen encryption method, or for any other reason, YaST will fall back to the most reasonable and stable alternative. And it will do it from the very beginning of the process, being immediately visible in the Partitioner.

Stay Tuned for More… and Stay Communicative

As usual, when we publish our sprint report we are already working on the next development sprint. So in approximately two weeks you will have more news about our work, this time likely with a strong focus in AutoYaST.

Don’t forget to keep providing us feedback. As commented above, it’s very valuable for us and we really use it as an input to plan subsequent development sprints.

The openSUSE project informed it's members by mail to vote for a potential name change. The vote ends on 07.11.2019 at 23:59 UTC. In a Wiki article the openSUSE Board and Election Committee have gathered the most important arguments for and against a name change for all members.

The background

In an article the media platform Heise already reported on 12.06.2019 that the openSUSE project is going to build a foundation and might also consider a name and logo change in the process.

T...

Intro

Our Container Host OS openSUSE MicroOS and our Kubernetes platform openSUSE Kubic are both using transactional-update to apply patches to the system. This implies that a read-only root filesystem is used. While this has big advantages, like it allows to update a cluster automatically in a safe way, this has one drawback: you need to reboot to activate new installed packages. But what if you want to debug a problem and the utility you need is not installed? Who says, that the problem is still debuggable after a reboot?

For this, we introduced now the toolbox utilitiy with a toolbox container.

toolbox - bring your own tools with you

toolbox is a small script that launches a privileged container to let you bring in your favorite debugging or admin tools in such a system. If the container does not contain the utility you need, you can install whatever you want with zypper. toolbox is stateful, if you quit the script and start it later again, the environment is in the exactly same state as when you left it. To reset it, the container image needs to be deleted: podman rm toolbox-<user>. The root filesystem can be found at /media/root.

Usage

$ /usr/bin/toolbox
Spawning a container 'toolbox-root' with image 'registry.opensuse.org/opensuse/toolbox'
51e475f05d8bb8a5bf110bbecd960383bf8cfade1569587edef92076215f0eba
toolbox-root
Container started successfully. To exit, type 'exit'.
toolbox:/ # ls -alF /media/root
...
toolbox:/ # tcpdump -i ens3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 65535 bytes
...
toolbox:/ # zypper in vim
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 5 NEW packages are going to be installed:
  libgdbm6 libgdbm_compat4 perl vim vim-data-common

5 new packages to install.
Overall download size: 9.0 MiB. Already cached: 0 B. After the operation,
additional 49.4 MiB will be used.
Continue? [y/n/v/...? shows all options] (y):
...
toolbox:/ # vi /media/root/etc/passwd

Advanced Usage

Use a custom image

toolbox uses an openSUSE-based userspace environment called opensuse/toolbox by default, but this can be changed to any container image. Simply override environment variables in $HOME/.toolboxrc, where every entry is optional:

toolbox configuration file

# cat ~/.toolboxrc
REGISTRY=registry.opensuse.org
IMAGE=opensuse/toolbox:latest
TOOLBOX_NAME=special-debug-container
TOOLBOX_SHELL="/bin/bash"

Root container as normal user

toolbox called by a normal user will start the toolbox container, too, but the root filesystem cannot be modified. Running toolbox with sudo has the disadvantage, that the .toolboxrc from root and not the user is used. To run the toolbox container with root rights, toolbox --root has to be used.

Automatically enter toolbox on login

Set an /etc/passwd entry for one of the users to /usr/bin/toolbox:

useradd bob -m -s /usr/bin/toolbox

Now when SSHing into the system as that user, toolbox will automatically be started:

# ssh bob@hostname.example.com
Last login: Thu Oct  3 16:52:16 2019 from 192.168.107.1
.toolboxrc file detected, overriding defaults...
Container 'toolbox-bob' already exists. Trying to start...
(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-bob')
toolbox-bob
Container started successfully. To exit, type 'exit'.
toolbox:/ #

I’ve created an appimage here for the various admin tools modules I’ve been working on. I wrote a previous blog article about this, but I lost some history when I borked my wordpress database and didn’t have a backup.

Actually, this journey begins in 2015. I attending Indonesia Linux Conference, that’s the first time I meet people from openSUSE Indonesia. Mr. Edwin Zakaria. I remember, he gave me Alex the Gecko T-Shirt from Babacucu.com. My first openSUSE T-shirt.

After attending the conference. I also invited to KPLI (Kelompok Pengguna Linux Indonesia: it’s like Indonesian Linux Users) meeting at Gucci, Tegal with my boss, Pak Vavai. It’s an honor for me. Because I remember, I was a kid who never knew about a community before.

I talk with strangers I’ve never met before. Also, a person who I only knew from the internet (facebook groups). In fact, they are so kind, they are free to ask and answer my question.

So, i decided to join the community. Trying to contribute more to the openSUSE Indonesia forum, cause I’m an openSUSE user. Until 2016 openSUSE Asia Summit 2016 was announced that will be held in Yogyakarta. I proposed to be a Volunteer. Cause i think if you only use Linux it’s not enough. You have to give back to Open Source Project. If i can’t give a code. At least i have to try to help openSUSE Indonesia to make this event have a lot of fun.

And until now, i still active in the community. This year, i got a responsibility being a local team in openSUSE Asia Summit 2019, Bali. This is my story about how i and the team (openSUSE Indonesia) manage the conference remotely. hope you enjoy to read!

One Year Preparation

After openSUSE Asia Summit 2018. Indonesia was chosen as a host for openSUSE Asia Summit 2019, Bali. It’s an honor to being a landlord for this event, again. So, we from openSUSE Asia and Indonesia did a meeting, online or offline.

For Local Teams, we usually talk online using Telegram Group and meet each other every month in Depok. But, near the event. We meet every week in Blok M Jakarta.

openSUSE Asia Summit 2019 Local team has a different location around the “Nusantara”.

And for Asian Team, we talk to each other using Slack monthly. We usually make an appointment on Tuesday night. We talk about the progress of sponsorship, CFP, Logo competition, and many others.

Excellent Proudly Become a Sponsor for openSUSE Asia Summit 2019

My Company that i working on (PT Excellent Infotama Kreasindo) also become a sponsor for this event. My boss is a former of openSUSE Indonesia Chairman (2007). Which is Mr. Masim Vavai Sugianto. Actually, he wants to come to the event, but suddenly, his mom passed away ahead of the summit.

It’s really sad. I have to go to a summit with some of the tears. Because i have a good relationship with my boss and his family.

My company quite often to sponsoring for Open Source events such as openSUSE Asia Summit 2016, LibreOffice Conference Indonesia in 2017. And this year, Excellent become a custom sponsor for openSUSE Asia Summit 2019.(https://events.opensuse.org/conferences/summitasia19).

Thanks for the help, boss!

If you want to know further about our company, feel free to visit: https://www.excellent.co.id.

D-day openSUSE Asia Summit 2019

I arrived in Bali on Wednesday, Oct 3th. D-3 at the conference. I meet the volunteer on Thursday, we introduce each other. But, they already know because came from the same organization at the University. Seriously, they are really nice and humble. And the best volunteer I’ve ever met.

I met Adji M Nur, he is the coordinator for the University

Before this event, we only talk to each other using Telegram Group, but they have a fast response and willingly to help us even we never meet face to face.

We have many uncompleted tasks, such as preparing for the venue, goody bag, gate, and many more. So, we have to maximize the time to make this event running well.

Seriously, this is the superb volunteer. They already have many experiences handling similar events. So, they know what to do. I just said, “i need this, can you provide?”. They always answer. “Sure, we can“.

And I also really appreciated the volunteer. Some of them want to attend Hindunese Ceremony. The name is “Tooth Filling”. It’s their friend’s ceremony. But they canceled that because they said they have a responsibility to make this event successful. It’s awesome!

I can remember all the names of Volunteers also the face. They have a big soul for helping people. Really, I’m grateful and very nice to meet them.

So, after preparing the venue. We are ready to rock on the summit…

Actually, i have a long story for this summit. I will write it soon. See you in the next article!

The post openSUSE Asia Summit 2019: Summit Preparation appeared first on dhenandi.com.

I met Edwin and Ary earlier this year at the openSUSE Conference in Nuremberg. They invited me to come to the openSUSE Asia Summit happening in Bali. I wasn't sure that I would be able to attend it. But then, around June I saw a tweet reminding about the deadline for the Call for Proposal for the openSUSE Asia Summit and I thought maybe I should give it a try.

I submitted a workshop proposal on MicroOS and a lightning talk proposal to the openSUSE Asia CFP team. Both were accepted and I couldn't be happier. It gave me the chance to meet friends from the openSUSE community again, learn and share more.

We do not have direct flights to Indonesia. I traveled through Air Mauritius to Kuala Lumpur and then Malaysia Arlines to Denpasar, Bali. I spent almost 24 hours traveling before reaching my hotel in Jimbaran. I was totally knackered when I arrived but the enthusiasm of being there for the summit was stronger than anything.

I booked a taxi through Traveloka ahead of my arrival in Bali. It was recommended by Edwin. When I compared other taxi fares I felt glad I booked it online. I also bought a SIM card on my way to the hotel with a 6GB data package. I knew we'd all communicate mostly on Telegram, just as we did for oSC 2019. My hotel WiFi connection wasn't great but I was impressed by the 4G coverage of my mobile Internet provider, XL Axiata. Mobile connectivity was extremely helpful as I would rely on GoJek car-hailing for the next few days.

Food?

The only thing bugging me was about finding vegetarian food. McDonald's, Pizza Hut and KFC were just a few minutes walk from my hotel and along the way there were a few restaurants as well. But those were Seafood restaurants and I felt weird to go there and ask for veggies.

Unlike in Mauritius and Germany, McDonald's and KFC do not offer the vegetarian or vegan burger. I only found two vegetarian pizza options at Pizza Hut, the Veggie Garden and Cheese Deluxe. There might have been some veggie options in the Chinese restaurants but I didn't venture. I visited a supermarket and found that they were selling stuffed croissant. However, there was no clear indication whether they contain tuna, chicken or simply cheese.

Finally, I was saved from the food dilemma by the folks from the openSUSE Asia community. Estu & Ary made sure that there was a vegetarian option during the summit or whenever we went out along with the speakers. I got to eat things other than pizza :) like tofu, tempe, vegetable chop suoy etc.

The summit kicked-off on Saturday 5 October at the Information Technology Department, Faculty of Engineering, Udayana University. There were around 40 or so students who volunteered to help run the summit. Some of the volunteers were from other institutions.

Two students hosted the event with information provided in Indonesian and English. They greeted the attendees and requested everyone to stand for a prayer. Then there was a traditional Balinese dance performance.

After the dance performance attendees were once again requested to stand up and this time for the Indonesian national anthem.

Om Swastiastu

A representative of the university read the keynote speech. He greeted the room by saying "Om Swasti Astu" and then greeted in Arabic, followed by his speech in English.

Indonesia is a Muslim majority country with the Bali province being the only exception whereby Hindus are majority. However, there reigns a peaceful harmony between the two, as far as I could see. There is a mutual respect towards each others rituals and practices.

After the keynote speech, openSUSE Board member Axel Braun did a presentation on the project stats and updates. He then invited the new openSUSE Board Chairman, Gerald Pfeifer on stage.

Gerald impressed the room with his down to earth style as he stressed on the importance of good communication. He also played a video message of the SUSE CEO, Melissa Di Donato who re-affirmed SUSE's commitment to the openSUSE Project.

Then, openSUSE Board member Simon Lees spoke about the future legal structure of the project and the motivation behind. He mentioned the current proposal of registering the project as a foundation and the project name change vote that should run from 10 - 31 Oct 2019.

We had a group photo and then the tea/coffee/snacks break.

Outside the room there were sponsors stands and the conference information desk. But most people gathered to take pictures at the openSUSE backdrop. I took a picture with the Geeko & Gerald.

The organizers conducted some interviews which they showed in a video compilation at the end of the day. Presentations and workshops were happening simultaneously and one could easily find the room numbers from events.o.o and then follow instructions provided by the summit volunteers.

I attended the Kubic presentation by Max Huang in the main hall. In fact, I got the chance to comment on the difference between Tumbleweed & Kubic during the Q&A session.

I even attended some presentations that were in Indonesian, like the Aksara Hanacaraka Bali and Ceph presentations.

Day 1 Highlight

openSUSE MicroOS Workshop

My workshop on Managing Pods & Containers was scheduled for the second day of the summit in the afternoon. I spoke about containers obviously but unlike the usual workshops teaching how to spin containers we peeked inside of containers instead to see what they are made of. The aim of the workshop was to educate attendees on Linux namespaces and how they create the isolated environment that enable us to have a distinct Linux instance within another. Then we could delve further into the topic of containers and understand how resources are shared within a pod. That would help a newbie to containers fast-track into the world of Kubernetes. The latter can be intimidating to people new to the idea of containerization with abstractions such as pod, service and deployment.

openSUSE MicroOS is perfect to start experimenting with containers and pods, then exporting those pods to Kubic (the Kubernetes distribution of openSUSE).

On the second day of the summit I also attended several other presentations, like the talk on the future of the desktop by Neil McGovern, Executive Director of the GNOME foundation, the auto-deployment of Ceph with Rook on Kubic by Saputro Aryulianto and openSUSE deployment on Linode using Terraform by Muhammad Dhenandi Putra.

The last item on day 2 was lightning talks. I had five minutes max to talk about the subject that I had submitted. I wanted to explain the election process within the openSUSE community, like the software used, planning by the Election Committee etc. Then, I also highlighted that for one to be able to vote in any openSUSE election or run as candidate for the board, the person needs to be an openSUSE member.

Becoming an openSUSE member requires a few steps, three to be precise. That's it, I completed the talk within the five minutes and invited the forty or so summit volunteers to apply for openSUSE membership.

Venue for openSUSE Asia Summit 2020?

openSUSE Asia Summit 2020 will be held at the Manav Rachna Institute of Research & Studies, Faridabab, Haryana, India. I'm looking forward to that and hopefully if all is good perhaps I will attend with more friends from Mauritius.

Day 2 Highlight

After the summit, the next day, the organizers planned a Bali tour which was awesome. I will blog about the places we visited in separate posts.