Author Archives: Loic Dachary

Removing potential backdoors from Tails 3.0

The default Tails 3.0 bootable ISO includes proprietary binary blobs running on network hardware. They may contain backdoors and are silently loaded when Tails boots. There is no known exploit at this date but it may take years before they … Continue reading

Posted in tails | Leave a comment

Run SecureDrop tests without Vagrant

Assuming a virgin installation of Ubuntu 14.04, the SecureDrop repository and its dependencies can be installed with the following: sudo apt-get update sudo apt-get install -y python-virtualenv git sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev virtualenv /tmp/v source /tmp/v/bin/activate … Continue reading

Posted in SecureDrop | Leave a comment

Shrink an OpenStack image

After a while openstack image create creates increasingly large files because the blocks used and freed are not trimmed and it is not uncommon for hypervisors to not support fstrim. The image can be shrinked and the virtual machine recreated … Continue reading

Posted in openstack | Leave a comment

installing tails with kvm

For test purposes it is useful to bootstrap tails using virtual machines and files. Here is how it can be done with KVM. $ wget ‘https://tails-dl.urown.net/tails/stable/tails-amd64-3.0/tails-amd64-3.0.iso’ $ qemu-img create -f raw tails-installed.img 4G $ kvm -m 4096 -cdrom tails-amd64-3.0.iso -device … Continue reading

Posted in tails | Leave a comment

Installing python-crush on CentOS 7 without network

To install python-crush on a CentOS 7 that does not have access to internet, the necessary files must be downloaded via an USB drive. The python34-pip package must be installed from the EPEL repository the machine uses for maintenance purposes. … Continue reading

Posted in crush | Leave a comment

A tool to rebalance uneven Ceph pools

The algorithm to fix uneven CRUSH distributions in Ceph was implemented as the crush optimize subcommand. Given the output of ceph report, crush analyze can show buckets that are over/under filled: $ ceph report > ceph_report.json $ crush analyze –crushmap … Continue reading

Posted in ceph, crush | Leave a comment

An algorithm to fix uneven CRUSH distributions in Ceph

The current CRUSH implementation in Ceph does not always provide an even distribution. The most common cause of unevenness is when only a few thousands PGs, or less, are mapped. This is not enough samples and the variations can be … Continue reading

Posted in ceph, crush, libcrush | Leave a comment

Ceph space lost due to overweight CRUSH items

When a CRUSH bucket contains five Ceph OSDs with the following weights: weight osd.0 5 osd.1 1 osd.2 1 osd.3 1 osd.4 1 20% of the space in osd.0 will never be used by a pool with two replicas. The … Continue reading

Posted in ceph, crush | Leave a comment

Comprendre la démocratie liquide

J’ai beaucoup de mal à expliquer l’idée de démocratie liquide et ce n’est pas faute d’avoir essayé. Peut-être que le coté récursif de la délégation de vote n’est pas naturel pour les non-informaticiens. A l’occasion de l’entre deux tour des … Continue reading

Posted in Liquid Democracy | Leave a comment

Ceph full ratio and uneven CRUSH distributions

A common CRUSH rule in Ceph is step chooseleaf firstn 0 type host meaning Placement Groups (PGs) will place replicas on different hosts so the cluster can sustain the failure of any host without losing data. The missing replicas are … Continue reading

Posted in ceph, crush, libcrush | Leave a comment