After upgrading the punknix.com to Debian Lenny, the next major task is upgrading the Xen kernel in Dom0 host and the kernels in all DomU guests. Thanks to this link, it provides useful information on upgrading Debian Lenny Xen 3.2.

Upgrade the Xen kernel and hypervisor by:

# apt-get install \
    xen-hypervisor-3.2-1-i386 \
    xen-linux-system-2.6.26-2-xen-686 \
    xen-utils-3.2-1 \
    xenstore-utils xenwatch \
    xen-shell xen-tools

Edit all /etc/xen/*.cfg to change the Xen DomU guest kernels:

kernel      = '/boot/vmlinuz-2.6.26-2-xen-686'
ramdisk     = '/boot/initrd.img-2.6.26-2-xen-686'
extra       = "console=hvc0 xencons=tty"

The last "extra" line is needed for 2.6.26 DomU guest. Then reboot the machines and then restart all DomU guests, that is!

After reboot, new Xen hypervisor is run, Dom0 host shows:

punknix:~# uname -a
Linux punknix 2.6.26-2-xen-686 #1 SMP Mon May 11 21:51:55 UTC 2009 i686 GNU/Linux
punknix:~# 

Restart Xen DomU guests, and one of my DomU guest shows new kernel is run:

punknix-uml:~# uname -a
Linux punknix-uml 2.6.26-2-xen-686 #1 SMP Mon May 11 21:51:55 UTC 2009 i686 GNU/Linux

I have been using viewcvs to provide source browser to Voyage Linux source codes for a few years. After Debian upgrade, viewcvs is now (seemlessly) replaced by viewvc. The upgrade is not the trouble although there are some re-configurable issue I had to deal with. The most painful part is that the original /cgi-bin/viewcvs.cgi/ URL no longer available and has changed to /cgi-bin/viewvc.cgi/ that makes all the reference link broken.

In order to provide backward compatibility to the original URL so that I have no need to modify all the cvs URL in Voyage Linux web site, I decided to use modrewrite to rewrite /cgi-bin/viewcvs.cgi/ to /cgi-bin/viewvc.cgi/. So I edit my virutal host configuration file to add:

RewriteEngine On
RewriteRule ^/cgi-bin/viewcvs.cgi(.*) /cgi-bin/viewvc.cgi$1 [R]

I tried without the "redirect" [R] option, but won't work. It works only if I set it as redirection rather than rewrite. So when you test http://cvs.voyage.hk/cgi-bin/viewcvs.cgi/, it is now being redirected to http://cvs.voyage.hk/cgi-bin/viewvc.cgi/ now.

There is a side issue in the upgrade. After upgrade, the viewvc image files are not accessible and return 404. For example if I access http://cvs.voyage.hk//cgi-bin/viewvc.cgi/*docroot*/images/logo.png", I got the following:

An Exception Has Occurred

Static file "images/logo.png" not available
([Errno 2] No such file or directory: '/usr/lib/templates/docroot/images/logo.png')

HTTP Response Status

404 Not Found

Python Traceback

Traceback (most recent call last):
  File "/usr/lib/viewvc/viewvc.py", line 3766, in main
    request.run_viewvc()
  File "/usr/lib/viewvc/viewvc.py", line 183, in run_viewvc
    return view_doc(self)
  File "/usr/lib/viewvc/viewvc.py", line 2342, in view_doc
    % (document, str(v)), '404 Not Found')
ViewVCException: 404 Not Found: Static file "images/logo.png" not available
([Errno 2] No such file or directory: '/usr/lib/templates/docroot/images/logo.png')

After searching, I found this debian bug report very useful. The key is to give the template dir an absolute path:

#self.options.template_dir = "templates"
self.options.template_dir = "/etc/viewvc/templates"

And this solve the final issue I have with viewvc.

Around mid-May I have upgraded punknix.com server which is a P1-AH2 barebone with the new AMD Athlon 64 X2 5050e. Not only this CPU has a low 45W TDP (review can be find here: [newegg] and [tomshardware]), but also clocked at 2.6GHz. Hence, I expected this CPU can run faster and with cooler temperature than the replaced Athlon 64 X2 4400 2.3GHz. This CPU is the most best suited for my tiny punknix.com server with also runs 3 Xen DomU guests.

the 'cat /proc/cpuinfo' gives me this information:

processor       : 1
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 107
model name      : AMD Processor model unknown
stepping        : 2
cpu MHz         : 2612.100
cache size      : 512 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu de tsc msr pae cx8 apic mtrr cmov pat clflush mmx fxsr sse
 sse2 ht nx mmxext fxsr_opt 3dnowext 3dnow pni cmp_legacy extapic cr8_legacy 
 3dnowprefetch
bogomips        : 5225.80
clflush size    : 64
power management: ts fid vid ttp tm stc 100mhzsteps

The most disappointed thing after the upgrade is that I cannot find any update of the BIOS of P1-AH2 (M2N8L motherboard ) to recognize the newest CPUs. So /proc/cpuinfo reports "AMD Processor model unknown". Indeed, the CPU flags returns no "svm" flag. I doubted that would 5050e support hardware virtualization as I thought that all latest AMD CPUs after Pacifica should support SVM. This may be due to "unknown AMD processor" gives wrong report in cpu flags. But when I run a voyage kernel compilation test on DomU guest, it reports:

real	12m24.383s
user	17m2.576s
sys	1m56.547s

which is similar to my expectation. Or, may be SVM does not affect Xen paravirtualzation at all, but only affects kvm.

The sensors programs proved the new chip is COOLER!

k8temp-pci-00c3
Adapter: PCI adapter
Core0 Temp:  +25.0 C
Core0 Temp:  +22.0 C
Core1 Temp:  +27.0 C
Core1 Temp:  +29.0 C

dme1737-i2c-0-2e
Adapter: SMBus nForce2 adapter at 4c00
V5stby:      +0.00 V  (min =  +0.00 V, max =  +6.64 V)   ALARM
Vccp:        +1.18 V  (min =  +0.00 V, max =  +2.99 V)
V3.3:        +3.29 V  (min =  +0.00 V, max =  +4.38 V)
V5:          +4.99 V  (min =  +0.00 V, max =  +6.64 V)
V12:        +11.83 V  (min =  +0.00 V, max = +15.94 V)
V3.3stby:    +3.27 V  (min =  +0.00 V, max =  +4.38 V)
Vbat:        +3.00 V  (min =  +0.00 V, max =  +4.38 V)
CPU_Fan:    2020 RPM  (min =    0 RPM)
Fan2:          0 RPM  (min =    0 RPM)
Fan4:          0 RPM  (min =    0 RPM)
RD1 Temp:      FAULT  (low  = -127.0 C, high = +127.0 C)  ALARM
Int Temp:    +50.7 C  (low  = -127.0 C, high = +127.0 C)
CPU Temp:    +45.0 C  (low  = -127.0 C, high = +127.0 C)
cpu0_vid:   +1.550 V

The fan is running steady 2,000 RPMs at idle and 3,000 RPMs at load. When compare to 3000/5000 RPMs I saw with the old 4400, I am much satisfied. Temperature figures also showed 5050e is 5-10 C degress cooler.

I have been a big fan of Debian for 7 year, from Woody to now Lenny. All of my Linux servers and projects (Voyage Linux) are all Debian-based. Although once upon a time I have used some bits from Ubuntu, but I totally abandon it now as twice-a-year upgrade would probably drive me crazy for server-oriented environment where stability and reliability are the keys.

Debian community released the "Valentine" Lenny release on 14 Feb 2009. Two of my Xen guests facilitated my Voyage Linux environment has already been upgraded to Lenny as soon as it is released. But for punkn!x.com I only have time to upgrade it until now as I foresee some complexity during upgrade. The complexity comes from a large amount of production services has been running. punkn!x.com is also a Xen Dom0 host for my 3 Xen DomU guests. It also runs mailing list, exim4 smtp server, web servers, mysql backend, etc. So upgrade must take special care.

Following the conventional upgrade procedure, upate /etc/apt/sources.list to point to lenny repository:

deb http://ftp.tw.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.tw.debian.org/debian/ lenny main contrib non-free
deb http://security.debian.org/ lenny/updates main contrib non-free

then runs apt-get:

# apt-get update
# apt-get dist-upgrade

The upgrade runs smooth, especially mysql server I didn't need to take care of it. At the end, it is expected it would ask you to update some configuration files. So my choice is to leave the original settings, and re-visit the configuration after the upgrade. In the following sections, I jotted down some notes when upgrading particular services.

I was ask to create a x86_64 bit port (aka amd64) of Voyage Linux long time ago. There are two parts for the work. 1) x86_64 port of kernel ; and 2) amd64 port of Voyage Linux. Since I only have i386 (i.e 32-bit) port of Debian build server, I will try building the kernel on my 32 bit environment first.

After a bit of research, I found this link. What I need to do is to put amd64-linux-gcc to /usr/local/bin. When building with make-kpkg, I need to supply make-kpkg --arch amd64 and it will build voyage kernel in amd64 arch.

But for Voyage Linux in amd64 port is another story. I need to setup a full 64-bit development environment to do so. VMWare is the quickest way to achieve that. Since my development server is running Xen Dom0 for 3 DomU guests, I cannot run VMWare on it, but only on my Windows desktop. Right now, I used the slowest option: qemu. But qemu does not always work on my Debian etch server. Somehow, when installing lenny using business card ISO, qemu failed to recongnize the IDE disk. So my way in getting a permanent amd64 environment on qemu is quite indirect, but finally it works.

1. Install lenny amd64 over VMWare
2. Build Voyage Linux under lenny amd64 - this will get us a Voyage Linux Live CD in amd64 arch!
3. Start Voyage Linux amd64 Live CD under qemu. It can recongize the IDE disk under qemu but not using lenny business card CD

# qemu-system-x86_64 \
    --hda ./disk.img \
    --cdrom ./voyage-current-amd64.iso \
    -m 256 -boot d -net nic \
    -net tap,script=/etc/kvm/kvm-ifup -curses

4. Install Voyage Linux amd64 Live CD to disk image under qemu.

# autoinstall.sh genericpc <= this will install Voyage Linux from live cd to /dev/hda!

5. Reboot to run Voyage Linux amd64 on disk image

# qemu-system-x86_64 \
    --hda ./disk.img \
    -m 512 -boot c -net nic \
    -net tap,script=/etc/kvm/kvm-ifup -curses

With amd64 Voyage Linux run under qemu, I install all required build tools for building Voyage Linux in amd64 arch:

# apt-get install build-essential kernel-package subversion live-helper devscripts

Now you know what!? Building a Voyage Linux Live CD now takes 110 mins under qemu vs. 6 mins under VMWare!

After adsense, Google offers a news feed integration service to your web site. Below demonstrates how easy to display google news in punknix.com. Next question is, will Google offers revenue sharing (like adsense) to webmasters for clicking the news links?

I have included ocf patch to 2.6.26 voyage kernel and rebuild libssl and openssh package. Voyage Lenny now includes ocf enabled kernel and libssl.

To test, you need to install ocf-enabled openssl, which could be found in here.

Before you test, you need to enable cryptodev, geode_aes and cryptosoft modules.

# modprobe cryptodev
# modprobe geode-aes
# modprobe cryptosoft

Here are the test result on ALIX1C.

voyage:~# openssl speed -evp aes-128-cbc -engine cryptodev
engine "cryptodev" set.
Doing aes-128-cbc for 3s on 16 size blocks: 171575 aes-128-cbc's in 0.10s
Doing aes-128-cbc for 3s on 64 size blocks: 161556 aes-128-cbc's in 0.18s
Doing aes-128-cbc for 3s on 256 size blocks: 133868 aes-128-cbc's in 0.11s
Doing aes-128-cbc for 3s on 1024 size blocks: 78685 aes-128-cbc's in 0.07s
Doing aes-128-cbc for 3s on 2048 size blocks: 50938 aes-128-cbc's in 0.05s
OpenSSL 0.9.8g 19 Oct 2007
built on: Thu Nov 27 01:34:17 HKT 2008
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blo
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   2048 bytes
aes-128-cbc      27452.00k    57442.13k   311547.35k  1151049.14k  2086420.48k

However, I cannot get the same result in ALIX3C.

An interesting keynote in Linux Plumber Conference 2008 by Greg Kroah-Hartman about Canonical's (the company behind Ubuntu) contribution in Linux kernel. Here is the numbers :

• Canonical has had 100 patches in the Linux kernel,
• which is 0.1% of all of the kernel development in the past 3 years, from the 2.6.15 kernel to 2.6.27-rc6.
• ranked 79th of all companies doing kernel development
• ranked 195th as an individual contributor to the kernel

It may be a surprise to everyone that a leading Linux distribution provider Cannoical did not involve much in kernel development. To me, it is not a surprise, and I fully understand this as a consequence. Debian had long been complaining Ubuntu did not contribute back to Debian, although Ubuntu takes everything from Debian, and create its own distribution by their own. Ubuntu has the same ecosystem as in Voyage Linux as well. I build Voyage Linux based on Debian packages and customize the kernel using Debian's and patches from other sources (e.g. openwrt, layer 7, -mm patches). Voyage Linux never had contributed a single line of code since all of the work in Voyage Linux is integration - incorporate open source software into a workable product.

Recent days I have been developing the next Voyage Linux release which based on upcoming Debian Lenny. In my experience, the most consuming part in my development activities is testing for the distribution and Live CD. Previously, I tested the Live CD using VMWare on my Windows desktop. These days, I have migrated my testing activities to qemu instead. I write up this article to document what I have done for my later reference.

All of the commands I used here are similar when using kvm. You can read to my KVM Virtualization article for further details. In my development environment, I can't use kvm because I run Xen Dom0 kernel that would experience a hang with kvm when running both Dom0 and kvm modules together, qemu is my best option.

I will soon moving home so that the new ISP may not allow me to send SMTP traffic without using the authorized SMTP gateway. Luckily that I use smarthost which located in offshore location to replay SMTP traffic and I have root access to the box running smarthost.

There are two steps to setup in smarthost and my local SMTP gateway:

• 1. Send up smarthost to listen to both SMTP and port 465
• 2. Set up iptable DNAT in local box to map SMTP port to 465