Posted on 14th of February 2021
| 939 wordsA few years ago, I had a habit of semi-regularly writing about various
exciting topics. Unfortunately, time passed, and I began to write less
and less, and recently I’ve gotten out of the habit altogether. This
is a shame in many ways since I’ve always felt writing to be immensely
therapeutic.
At the time of writing, this world is also in a very odd place. Most
countries are quarantined due to COVID-19, and people stay in their
homes. Yours truly included! So to pass the time during these times,
I’m trying to reawaken this habit.
Habitual writing has been on my mind for a long time, especially since
it has been so present in my life. I’ve also somehow lost a few other
healthy habits lately, which have made me think about how I can
reawaken them in my daily life. Healthy practices that come to mind
that I’ve lost would definitely be workouts and meditation. Although
you could argue that the lost habit of working out is mainly related
to the current difficult times, I’m not too worried. I believe that
eventually when the world calms down in terms of this pandemic, I can
relearn that habit quite quickly. But losing the regular meditation
practice is really a shame, in my opinion. Like working out,
meditation has played a big part in my life for years.
Even though my meditation practices have been irregular lately, the
earlier “hard work” has helped me in my everyday life. But recently,
I’ve started thinking about how I could relearn this habit. I’ve
learned that, at least in my own case, the best way to learn habits
has definitely been to do something often but not in an excessive
amount. So in meditation, this was easy. Start for 5 or 10 minutes
(which is nothing, everyone can find time for this) and just do
it. Current times support relearning this since people are primarily
working remotely. Hence, it is easy to start your day with this
practice. With these simple steps, I feel like I’ve been able to
reawaken this practice that was once very present in my life.
This got me thinking about utilizing a similar approach in other
habits I’ve forgotten. The habits that came to mind were music and
writing. Although some could argue that these are more or less the
same thing. For some reason, I’ve struggled to pick up my instruments
and write some new music during the pandemic. Many others have the
same feelings in their own area of interest. I don’t know the cause
for this; maybe the constant staring at the same four walls for over a
year is the culprit. Who knows? A similar thing has also happened in
my writing.
What really got me wanting to reawaken these habits was when I
stumbled upon Richard
P. Gabriel’s
poetry. Gabriel is
a legendary Lisp programmer. As a Lisp programmer myself, I’m always
interested in what other like-minded people are up to. Gabriel started
a project of writing one poem a day on March 18,
2000
to end a lengthy
poetry-writing slump. Gabriel agrees that he is not necessarily a
great poet, even though many could argue otherwise, but I think that
is non-essential. While forming this habit, you don’t necessarily need
to be the new Robert Frost. But since writing poetry (or anything) is
a technical skill, constant practice is bound to help you in your
journey. I stumbled upon a similar approach while reading Pat
Pattison’s Writing Better
Lyrics
,
where he talked about “daily object writing” in terms of getting
better at writing. Pattison also noted that forming a habit is the big
thing in this, which will eventually improve writing.
This approach is more or less similar to how I learned the healthy
habit of regular meditation. How could I apply a similar approach to
my composing and writing? Knowing myself, I cannot do this kind of
creative work sporadically (or wait for the creative slump to end), or
I’ll never do it. If I tried to write one piece and post every day, I
feel that doing both daily would be slightly excessive (mainly
timewise). So I need to find a healthy balance in practice and not be
over-encumbered.
In my case, I believe that some time-boxed, very focused practice on
something works the best. So what I intend to do is I’ll focus on a
period (half an hour, an hour or so) on the given task, whether it is
composing, writing, or programming (another healthy habit that I
practice, which thankfully hasn’t been lost, but I always feel I could
do more of it). I’ll set a healthy goal for this time box, so I don’t
expect to write some new groundbreaking sonata, earth-shattering blog
post, or the next big open-source project. Instead, I want to do
something in these fields regularly to hone my skills in the given
area. Since I’m trying to work on multiple habits, I also understand
that I might not always have time to do everything. That’s okay. I can
most likely squeeze in a smaller session to have at least some
practice. Or if I just simply cannot do anything, that’s fine too. I
just don’t want to see myself doing something excessively one day and
then slacking off the next day since “I did so much yesterday.”
(learned from Pattison).
Productivity has been really close to my heart, even though I
occasionally lack significantly in that area. But maybe with small
steps, everyone can benefit from a slight boost in their productivity.
Or just procrastinate… As long as you’re happy.
Posted on 16th of November 2020
| 799 wordsDocker
has recently stormed into software
development. While its concepts are powerful and valuable, similar
tools have been used in systems for decades. FreeBSD’s
jails
in one of
those tools which build upon even older
chroot(2).
To put it shortly, with these tools, you can make a safe environment
separated from the rest of the system.
Jails in FreeBSD are by no means a new tool (introduced in 4.x), but
for one reason or another, I haven’t used them that often, which is a
shame since they are so powerful. So I wanted to explore this concept
in a concise and summarized manner.
Templates
ZFS datasets are a great way of creating templates for jails since,
after the template creation, you can easily create new jails with zfs clone or zfs send/receive. Typically, people divide jails to
complete and service jails, where the former resembles a real FreeBSD
system, and the latter is often dedicated to
applications/services. I’ll cover complete jails for now.
Creating templates starts with creating a dataset for your jail and
template. Here I’ll make a new dataset for the base installation of
FreeBSD 12.2.
$ sudo zfs create -o mountpoint=/vm zroot/vm
$ sudo zfs create zroot/vm/tmpl
$ sudo zfs create zroot/vm/tmpl/12.2
After that, fetch the base installation itself:
$ fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.2-RELEASE/base.txz
# Fetch all the necessary stuff for your template, e.g. lib32 if needed
$ sudo tar -xJvpf base.txz -C /vm/tmpl/12.2
After that, you should write a minimum viable /etc/rc.conf for the
template:
$ sudo emacs /vm/tmpl/12.2/etc/rc.conf
# Start or stop services
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
syslogd_flags="-ss"
cron_flags="-J 60"
You can also disable some unnecessary jobs for jails:
$ sudo emacs /vm/tmpl/12.2/etc/periodic.conf
# No output for successful script runs.
daily_show_success="NO"
weekly_show_success="NO"
monthly_show_success="NO"
security_show_success="NO"
# Output to log files which are rotated by default.
daily_output="/var/log/daily.log"
daily_status_security_output="/var/log/daily.log"
weekly_output="/var/log/weekly.log"
weekly_status_security_output="/var/log/weekly.log"
monthly_output="/var/log/monthly.log"
monthly_status_security_output="/var/log/monthly.log"
# No need for those without sendmail
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_mailq_enable="NO"
daily_queuerun_enable="NO"
# Host does those
daily_status_disks_enable="NO"
daily_status_zfs_zpool_list_enable="NO"
daily_status_network_enable="NO"
daily_status_uptime_enable="NO"
daily_ntpd_leapfile_enable="NO"
weekly_locate_enable="NO"
weekly_whatis_enable="NO"
security_status_chksetuid_enable="NO"
security_status_neggrpperm_enable="NO"
security_status_chkuid0_enable="NO"
security_status_ipfwdenied_enable="NO"
security_status_ipfdenied_enable="NO"
security_status_ipfwlimit_enable="NO"
security_status_ipf6denied_enable="NO"
security_status_tcpwrap_enable="NO"
You also might want to enable ports in your jail:
$ sudo mkdir /vm/tmpl/12.2/usr/ports
$ sudo mkdir -p /vm/tmpl/12.2/var/ports/{distfiles,packages}
$ sudo emacs /vm/tmpl/12.2/etc/make.confWRKDIRPREFIX = /var/ports
DISTDIR = /var/ports/distfiles
PACKAGES = /var/ports/packages
Apply system updates to the template:
$ sudo freebsd-update -b /vm/tmpl/12.2 fetch install
Lastly, take a snapshot:
Strictly speaking, a template is a snapshot, not a
dataset. The snapshot can be cloned or sent/received to generate
new datasets for production jails.
$ sudo zfs snapshot zroot/vm/tmpl/12.2@complete
This creates a snapshot of zroot/vm/tmpl/12.2 named complete. You
can then check your current snapshots with the following:
$ sudo zfs list -t snapshot
Creating jails from the template
Now you should create a new jail based on that snapshot. You can do it
either with zfs clone or zfs send/receive:
Difference Between the Two
“A clone is a writable volume or file system whose initial contents
are the same as the dataset from which it was created. As with
snapshots, creating a clone is nearly instantaneous and initially
consumes no additional disk space. In addition, you can snapshot a
clone.” [1]
“The zfs send command creates a stream representation of a snapshot
that is written to standard output. By default, a full stream is
generated. You can redirect the output to a file or to a different
system. The zfs receive command creates a snapshot whose contents
are specified in the stream that is provided on standard input. If a
full stream is received, a new file system is created as well. You
can send ZFS snapshot data and receive ZFS snapshot data and file
systems with these commands. See the examples in the next section.”
[2]
$ sudo zfs clone zroot/vm/tmpl/12.2@complete zroot/vm/jail1
# OR
$ sudo sh -c "zfs send zroot/vm/tmpl/12.2@complete | zfs receive zroot/vm/jail1"
Jail configurations
# /etc/rc.conf
cloned_interfaces="lo0"
# PF is used for NAT and port forwarding.
pf_enable="YES"
pflog_enable="YES"
jail_enable="YES"
jail_list="jail1"
### /etc/jail.conf
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
host.hostname = $name;
path = "/vm/$name";
exec.consolelog = "/var/log/jail_${name}_console.log";
exec.prestart = "cp /etc/resolv.conf $path/etc";
exec.poststop = "rm $path/etc/resolv.conf";
jail1 {
ip4.addr = "lo0|127.1.1.1/32";
ip6.addr = "lo0|fd00:1:1:1::1/64";
allow.chflags;
allow.raw_sockets;
}# /etc/hosts
...
127.1.1.1 jail1
fd00:1:1:1::1 jail1
Jail management
FreeBSD provides nifty built-in tools for jail management:
Start all jails.
$ sudo service jail start
Start a specific jail(s).
$ sudo service jail start jail1
Log in to jail.
$ sudo jexec jail1
Run a command on a jail.
$ sudo jexec jail1 ifconfig
List running jails.
$ jls
$ jls -v
$ jls -s
So that’s how you can spin up a simple restricted environment on your
FreeBSD system. Of course, this topic still has many things to cover,
e.g., in-depth networking and configurations.
Notes
References