Fun with ZFS, part 2: Creating Debian ZFS Rescue USB Image

While ZFS is supposedly very stable and reliable it’s not an integral part of Linux and likely never will be (due to licensing issues). Because of that, upgrading kernel or the operating system may go wrong. Well, so far in my case of Debian Jessie it was very smooth, but you never know. I have heard of people whose experience was not that great.

Since I plan to do an OS upgrade, I want to be ready for the case the upgrade go wrong and I won’t be able to boot the OS stored on ZFS filesystem. In that case, one needs a a bootable live system with ZFS ready-to-use. Ideally the same version you’re already running (or planning to run) on the system one wants to upgrade.

In case of Debian, creating such an image turned out to be very very simple…

Creating Debian Live Rescue Image with ZFS

Debian have tool named live-build 1. The easies way to get is just

sudo apt-get install live-build

Once installed:

  1. Create a (temporary) working directory where it all happens:

    mkdir /tmp/debian-streatch-live+zfs
    cd /tmp/debian-streatch-live+zfs
  2. Generate initial configuration:

    lb config \
      --distribution stretch \
      --architectures=amd64 \
      --binary-images iso-hybrid \
      --iso-volume "Debian Stretch ZFS Rescue Live" \
     	   --archive-areas "main contrib" \
     	   --linux-packages "linux-image linux-headers"

    We should include contrib in archives since that’s where ZFS packages are. You may want to pass --backports if you want to include backports repositories. The --linux-packages is to include kernel headers necessary to compile ZFS kernel modules.

  3. Configure additional packages to be installed, most importantly the ZFS packages:

    echo "
    " >> config/package-lists/my.list.chroot
  4. Build the live root filesystem:

    sudo lb bootstrap
    sudo lb chroot
  5. Build the hybrid ISO binary:

    sudo lb binary

    After this step, you should find the resulting ISO image in live-image-amd64.hybrid.iso.

  6. Profit!

Using the Rescue Image

By default, ZFS kernel module is not loaded, so:

sudo modprobe zfs

Then you need to import pools:

sudo zpool import

It may happen that pools were not cleanly exported. Then you’d have to import them with -f flag (a.k.a. force):

sudo zpoool import -f tank

You may check status of pools by:

sudo zpool status

Only do so if you’re absolutely sure no other system is accessing the pool at the time. But if you run ZFS normal PC with couple SATA disks attached like me and the PC is currently running the live rescue image than you should be fine.

Mount host’s root filesystem to /tmp/host:

mkdir /tmp/host
mount -t zfs tank/host/root /dev/host

Now you can chroot /dev/host /bin/bash and do what you want to create ZFS snapshot, whatever you wish. Just make sure that once you’re done you export pools so they can be cleanly imported by the host.

sudo zpool export tank

Some Comments

  1. The configuration for lb command is stored in config directory. The lb config with various parameters just modifies (or creates if it does not exit) contents of the config. It may be a good idea to put the config into under version control such as Mercurial or git.

  2. The live image produced as above is really minimal, there’s not even a man. You may want to add more packages. To do so, simply add them to the config/package-lists/my.list.chroot. You may pull in a whole GNOME by adding gnome-desktop package (though I have not tried).

To wrap it up, the process of building live Debian image is surprisingly easy. Kudos to Debian people!

How to generate TSL/SSL certificate and get it signed


I recently had a need to provide an access to my private OpenVPN server to couple of friends / colleagues. I ran my very own CA for the purpose of issuing certificates for OpenVPN clients. Usually I generate a key and (signed) certificate and give it to the client in a secure-enough way, e.g on my own USB stick.

In this case these guys live far, far away, so far that it’s impractical to meet them face-to-face. Indeed I can generate key and certificate as usual, send them these over an email (or a Jabber, Slack channel, you name it). I’d rather not to do so, these channels are unsafe so someone may intercept and steal both the key and the certificate. Let’s do it properly, after all the whole point of VPN is to have a secure access and if the process of exchanging credentials is insecure, it somewhat spoils the idea.

How to issue them a working signed certificate in a secure way? That’s the question…I hope this would shed some light on this.

STX:LIBJAVA used for real

Unmanaged delegates in CLR

As we progressed with CLR interop for Bee Smalltalk, a need to create a delegate for an unmanaged code arose. By “a delegate for an unmanaged code” I mean an instance of a delegate object that can be passed to CLR code which, when called, would execute an unmanaged code. In our case a Smalltalk code.

This can be handy, maybe necessary, if we want write a code that handles events. And we may well would like to do so, writing some UI code using .NET classes without use of event handlers seems to be impossible. Moreover, there are other interesting events we may want to handle, such as AppDomain.FirstChanceException.

Looking at the .NET documentation. this seem to be an easy task. Just use Marshal.GetDelegateForFunctionPointer() to create a delegate object for an arbitrary function pointer. Looks easy but it turned out to be a little more tricky. And not very well documented. The following text describes my findings and my solution so far. Mainly for my (our) own record but someone else may find useful too.

Debugging mixed native-CLR application in WinDBG

While working on CLR interop for Bee Smalltalk, things go wrong every now and again. This is tricky to debug, at least for me, as there is Smalltalk code, then some native C++ code (CLR’s CCW and all this stuff) and finally managed CLR code.

Obviously, Smalltalk debugger is kind of useless here as one would not see native nor managed stack there. Managed debugger is can be useful to see what’s happening in managed code, but quite often it got confused because we’re calling CLR from native application so more often than not all it tells you is that something went wrong - in case you don’t know that yet.

A taste of .NET in Bee Smalltalk

Couple days ago, I finally managed to get .NET to do a job for me. Not much but still .NET did its job and did it well. The following text shows how to call .NET code from Bee Smalltalk and retrieve results. I won’t go into technical details on how it’s done internally, rather show the usage from user point of view. The goal is to give you an idea how it might feel to call .NET code from Bee Smalltalk.

Fun with ZFS, part 1: Installing Debian Jessie on ZFS Root


Couple weeks ago I decided to make myself a small home server. Home sever, sounds weird, doesn’t it? Home’s not work place, no?

Well, it is, in my case. I have no need for media center, downloading and streaming movies or even playing on TV, nothing like this. But I need a storage for backups and host to run virtual machines on.

First Post

I’m interested in many things. I have many ideas, all of them seem cool initially but as soon as I try to explain them, most of them turn out to be rubbish.

There is no programming language that rules them all.

I'm interested in programming languages, compilers and virtual machines, in particular in multi-language programming environments.

I love Smalltalk. But I'm critical about it, all the same.