Raspberry Pi 5 Storage Performance

Raspberry Pi 5 8 GB in Argon Neo 5 M.2 NVMe case

  • Micro SD card: SanDisk Ultra 32 GB Class 10
  • USB drive: Samsung T7 Shield 1 TB
  • NVMe drive: Kioxia EXCERIA 500GB M.2
roy@pifive:~ $ sudo hdparm --direct -t /dev/mmcblk0 /dev/sda /dev/nvme0n1

/dev/mmcblk0:
 Timing O_DIRECT disk reads: 262 MB in  3.01 seconds =  87.15 MB/sec

/dev/sda:
 Timing O_DIRECT disk reads: 1016 MB in  3.00 seconds = 338.46 MB/sec

/dev/nvme0n1:
 Timing O_DIRECT disk reads: 2338 MB in  3.00 seconds = 779.02 MB/sec
Posted in Raspberry Pi, Technical | Leave a comment

Empowering Self-Managed Kubernetes with Kubernetes Crossplane

In the ever-evolving landscape of cloud-native technologies, Kubernetes has emerged as the de facto standard for container orchestration. Its robust features and vibrant ecosystem have propelled it into the mainstream, enabling organizations to streamline their deployment processes and scale applications with ease. However, managing Kubernetes clusters efficiently, especially in self-managed environments, comes with its own set of challenges. Enter Kubernetes Crossplane, a game-changing tool that revolutionizes the way we manage Kubernetes infrastructure.

Understanding Kubernetes Crossplane

Kubernetes Crossplane extends the power of Kubernetes beyond container orchestration, offering a unified control plane to manage cloud infrastructure, services, and applications. At its core, Crossplane introduces the concept of “Infrastructure as Code (IaC)” to Kubernetes, allowing users to define and provision infrastructure resources using familiar Kubernetes APIs and declarative YAML manifests.

Simplifying Infrastructure Management

One of the primary benefits of Kubernetes Crossplane is its ability to simplify infrastructure management. By abstracting away the complexities of provisioning and managing cloud resources, Crossplane enables developers and operators to focus on building and deploying applications without worrying about the underlying infrastructure. With Crossplane, infrastructure becomes just another Kubernetes resource, seamlessly integrated into the existing workflow.

Streamlining Workflows with Composition

Crossplane’s composition capabilities further enhance its flexibility and extensibility. Leveraging the power of Kubernetes’ custom resources and controllers, Crossplane enables users to define complex infrastructure stacks composed of multiple resources, such as virtual machines, databases, and storage volumes. This approach allows for the creation of reusable infrastructure components, streamlining deployment workflows and promoting code reuse across teams.

Enhancing Observability and Governance

In addition to simplifying infrastructure management, Kubernetes Crossplane enhances observability and governance within self-managed Kubernetes environments. By centralizing infrastructure configuration and management within Kubernetes, Crossplane provides a single source of truth for all infrastructure-related operations. This not only improves visibility into resource utilization and performance but also facilitates compliance auditing and policy enforcement across the entire infrastructure stack.

Unlocking Multi-Cloud Capabilities

Another compelling feature of Kubernetes Crossplane is its support for multi-cloud deployments. With Crossplane, organizations can leverage a consistent API and control plane to provision and manage resources across different cloud providers, eliminating vendor lock-in and increasing deployment flexibility. Whether it’s deploying applications across hybrid cloud environments or implementing disaster recovery strategies across multiple regions, Crossplane empowers organizations to embrace a multi-cloud approach with confidence.

Conclusion

In conclusion, Kubernetes Crossplane represents a significant advancement in the realm of self-managed Kubernetes infrastructure. By extending Kubernetes’ capabilities to encompass infrastructure provisioning and management, Crossplane offers a unified control plane for deploying and managing cloud resources with ease. Whether you’re looking to streamline your deployment workflows, enhance observability and governance, or embrace a multi-cloud strategy, Kubernetes Crossplane provides the tools and flexibility you need to succeed in today’s cloud-native landscape.

Posted in Platform Engineering, Technical | Leave a comment

The Importance of ISO 27701 for European SaaS Companies

This post discusses the importance of adding ISO 27701 to ISO 27001 certification for European SaaS companies. ISO 27701 is a privacy extension that provides guidelines for implementing a Privacy Information Management System (PIMS) to manage privacy risks and comply with privacy regulations such as the GDPR. Obtaining ISO 27701 certification can help companies demonstrate their commitment to protecting customer privacy, meet regulatory requirements, and reduce the risk of fines and legal action.

Introduction

As the world becomes increasingly digital, the management and protection of sensitive data becomes more critical. Data breaches and cyber attacks are becoming more prevalent, and companies must take appropriate measures to ensure the privacy and security of their customers’ data. The International Organization for Standardization (ISO) has developed a series of standards to help organizations manage information security. One of these standards is ISO 27001, which outlines best practices for information security management. However, for European SaaS companies, adding ISO 27701 to their ISO 27001 certification is becoming increasingly important.

What is ISO 27701?

ISO 27701 is a privacy extension to ISO 27001. It provides guidelines for implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). The PIMS is designed to help organizations manage their privacy risks and meet the requirements of privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe.

Why is ISO 27701 important for European SaaS companies?

SaaS companies often handle large amounts of personal data, such as customer names, addresses, and payment information. With the GDPR in effect, it is crucial for companies to protect this data and comply with the regulation’s requirements. Failure to do so can result in significant fines and damage to a company’s reputation.

By implementing ISO 27701, SaaS companies can demonstrate their commitment to protecting their customers’ privacy and complying with privacy regulations. The standard provides a framework for managing privacy risks and ensuring that personal data is processed in a secure and compliant manner.

Benefits of ISO 27701 certification

There are several benefits to obtaining ISO 27701 certification. Firstly, it demonstrates that a company takes privacy seriously and is committed to protecting its customers’ data. This can help build trust and confidence with customers, which can lead to increased business and revenue. Secondly, the certification can help companies meet the requirements of privacy regulations, such as the GDPR. This can help mitigate the risk of fines and legal action. Finally, implementing ISO 27701 can help streamline privacy management processes and reduce the risk of data breaches.

Conclusion

In today’s digital age, protecting personal data is more critical than ever. For European SaaS companies, adding ISO 27701 to their ISO 27001 certification is becoming increasingly important. The standard provides guidelines for managing privacy risks and complying with privacy regulations such as the GDPR. By obtaining ISO 27701 certification, companies can demonstrate their commitment to protecting customers’ privacy, build trust and confidence, and mitigate the risk of fines and legal action.

Posted in General | Leave a comment

Docker and Kubernetes on MacOS in 2023

Prerequisite: install brew

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”

Docker with brew

brew install docker docker-compose colima
colima start
docker ps

Kubernetes too?

brew install k3d kubectl
k3d cluster create default –servers 1 –agents 3 –image rancher/k3s:latest
kubectl get nodes

PS. Works on Intel based MacBook Pro

Posted in Mac OS X, Technical | Leave a comment

Initial Nvidia Jetson Nano performance numbers

Here are some numbers illustrating the performance I have seen for the Nvidia Jetson Nano so far.

Deep learning 

Training this PyTorch Image Classifier with the flower data set, took just under 10 hours for the full 30 epochs.  Not at all bad, and really quite nice if you consider the average power consumption of less than 8 watts.

Numbers from two different workstations have been included for comparison, of course, these spent more than 500 watts on average.

Nvidia Jetson Nano:
– GPU (Nvidia Maxwell): < 10 hours

Dell Precision T7500 Workstation:
– CPU (Dual Intel Xeon E5620): < 30 hours
– GPU (Nvidia GeForce GTX 1060): < 40 minutes

Dell Precision 7920 Rack Workstation:
– CPU (Dual Intel Xeon Silver 4112): <  9 hours
– GPU (Nvidia Quadro RTX 5000): < 17 minutes

Network performance 

The Jetson Nano clocked in at 857 Mbps as measured with iperf to a Dell Precision T7500 workstation, interconnected with a Netgear ProSAFE GS108T switch. I believe the workstation would do close to 950 Mbps when connected to a proper Cisco Catalyst like the 2960-X.

As one might expect, compared to a Raspberry Pi the Jetson Nano did absolutely beautifully.

Nvidia Jetson Nano: 857 Mbps
Raspberry Pi 3 B+: 292 Mbps
Broadcom NetXtreme BCM5761: 878 Mbps (between two T7500 workstations)

Posted in Technical | Tagged | Leave a comment

Tips and tricks for the Nvidia Jetson Nano

I have just received my Nvidia Jetson Nano development kit, and over time this post should turn into a collection of tips and tricks for this very interesting almost single-board-computer.

1. Getting started

There is a pretty good tutorial available on pyimagesearch.com covering base installation as well as how to configure your Python environment and get Keras and TensorFlow going.

If you want PyTorch there is something about it on the Nvidia developer forums, although I have not tried it out yet.

Of course, there is also the official documentation, a user guide, a wiki and support forums on the Jetson Nano’s official site.

2. Undo embedded system minimization

The provided OS has been minimized to save disk space, meaning that things like man pages and documentation files have been removed. If you intend to use the board for development or as a general desktop this may not be what you want. To undo the minimization you may use the following pre-installed script:

sudo /usr/local/sbin/unminimize

Note that you may want to do this immediately after installation, as there could be issues with any non-default software packages you may have installed.

3. Add more power by using the 4 amp barrel power plug

If you want to run the board at full speed and power (10 watts) with peripheral devices attached the micro USB power will not be enough. You can either switch to 5 watt mode or use the 4 amp barrel plug for 20 watts of power. The first results in reduced performance while the latter involves  adding a power selection jumper to the Jetson Nano and connecting a 5 volt 4 amp power supply.

There is a wonderful video by JetsonHacks on YouTube. They have other Jetson Nano goodies too, might want to check out their channel or website.

 4. You can  run PyCharm on your Jetson Nano!

PyCharm is a wonderful IDE for all your Python development, but at first glance there is no arm64 package available. The good news is that it does not matter, as it runs on Java. Just install the Java 8 Development Kit, download and unpack the latest PyCharm for Linux and run it like you would on any other Linux distribution:

sudo apt-get install openjdk-8-jdk
wget https://download.jetbrains.com/python/pycharm-community-2019.1.2.tar.gz
tar xvzf pycharm-community-2019.1.2.tar.gz
pycharm-community-2019.1.2/bin/pycharm.sh

PyCharm runs fairly well on the Jetson Nano, however, you may not want to try running it alongside the memory hungry Chromium web browser.

Posted in Technical | Tagged , | 1 Comment

Workaround: Mac OS X High Sierra 10.13.2 – SSH tries to connect via HTTP proxy

With Mac OS X release 10.13.2 Apple introduced a new bug where OpenSSH will attempt to use any web proxy configured from a DAC file.

As SSH is not HTTP this will typically not work, resulting in connection timeouts or other connection errors.

You are likely to encounter this problem if you are using a VPN solution such as Cisco AnyConnect with a web proxy in the group policy.

Thankfully, netcat (nc) is not affected by the bug, so until Apple comes with a fix you can work around the issue by telling SSH to use netcat as a proxy channel.

This alias will take care of it:

alias ssh="ssh -o ProxyCommand=\"nc %h %p\""

Alternatively you can add the option to your ssh config file, for a more permanent effect:

echo "ProxyCommand nc %h %p" >> ~/.ssh/config

 

 

Posted in Mac OS X | Tagged , , , , | Leave a comment

Fast track: Installing Ansible 2.1 stable on Oracle Linux 6.7

Ansible can certainly be installed using prebuilt packages from the EPEL repository, but while convenient, their offering is limited to Ansible 1.9.x – that is to say only versions prior to the major 2.0 release that includes a number of significant improvements, that were seen further polished in 2.1.

You will, more than likely, want to run 2.1.2, the latest stable release, for any production use, or perhaps the penultimate 2.0.1 release, if you are of a slightly more conservative origin.

That being said, I’ve always been told that DBAs like myself are about as conservative as they come, and I surprisingly experience no additional anxiety doing mission critical work with Ansible 2.1.2, which in truth, appear to be a solid release of the project’s most mature code yet. I should say these feelings are in strong contrast to those that come attached with Enterprise Linux 7 and Oracle Database 12c, products which are still years away from prime time in my twisted paradigm of the world.

These few commands should take care of dependencies required to build an RPM, pull Ansible code from their official repository on GitHub and do a checkout of the 2.1 stable release before building an RPM package on and for your system – which you can then install locally on your machine or distribute in your environment as you see fit. On a side note, I like to maintain local/internal repositories with custom built packages and approved updates, which lets me stay in control while keeping yum in position to deal with the tedious bits.

I’m using Oracle Linux 6.7 and have not tested this elsewhere, but the commands and package names should be identical on any 6 or 7 release of Oracle Linux, CentOS or RHEL and you should consequently be able to install without any modifications other than variations to the name of the generated RPM file.

sudo yum -y install git python2-devel rpm-build asciidoc
cd /usr/src ; sudo git clone git://github.com/ansible/ansible.git -b stable-2.1 --recursive
cd ansible ; sudo make rpm

You should now be presented with the name of the ready to install RPM package, you do need to grab said name and customize the final yum command:

#############################################
Ansible RPM is built:
 rpm-build/ansible-2.1.2.0-100.git201608311757.e83840c.HEAD.el6.noarch.rpm
#############################################
[roy@kayna ansible]$ sudo yum -y install rpm-build/ansible-2.1.2.0-100.git201608311757.e83840c.HEAD.el6.noarch.rpm
Loaded plugins: fastestmirror, refresh-packagekit, rhnplugin, security, ulninfo
This system is receiving updates from ULN.
Setting up Install Process
....
....

In my case I had the Ansible 1.9.4-1 package from EPEL already installed on my system, yum smoothly replaced the existing RPM installation and upgraded to Ansible 2.1.2 without any fuzz.

[roy@kayna ansible]$ ansible --version
ansible 2.1.2.0
 config file = /etc/ansible/ansible.cfg
 configured module search path = Default w/o overrides
Posted in Ansible, CentOS, Enterprise Linux, Oracle Linux, Red Hat Enterprise Linux, Technical | Tagged , , , , | 2 Comments

Adding Oracle Database Appliance to ULN

At some point you may want to register an Oracle Database Appliance with the Oracle Unbreakable Linux Network so you can get a critical security update, without running a complete ODA update bundle.

However, if you happen to be running ODA Virtual Platform (that supports running virtual machines), rather than the bare metal version (that does not) – you may be up for a surprise.

“This system profile has already been registered”

Your ODA appears to already exist on ULN!
But wait, no, there is no sign of it on your account. What is going on here?

At least in the early versions of the ODA software, Oracle forgot to update the UUID for registration on the ODA_BASE image after installation. This means that ALL database appliances (with virtual support, anyway) would try to register with the same UUID.

Well, now that we know what the fuzz is all about, it’s easy enough to fix:

First generate a new UUID

[root@oda1-base ~]# uuidgen -t
abf436a8-0b33-11e6-9210-00163e76eec2

Then edit /etc/sysconfig/rhn/up2date-uuid and change the entry for rhnuuid to the freshly generated value

uuid[comment]=Universally Unique ID for this server
rhnuuid=abf436a8-0b33-11e6-9210-00163e76eec2

All set, just run rhn_register (or up2date-nox –register) and complete the registration.

Posted in ODA, Oracle, Technical | Leave a comment

Make Oracle VM 3.2.x console work on OL6

How to make Oracle VM 3.2.x RAS proxy work on OL6

1) Install Iced Tea
sudo yum install icedtea-web
2) locate java.security
sudo vi /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.95.x86_64/jre/lib/security/java.security
3) comment out the line starting with:
jdk.tls.disabledAlgorithms=

Additional tip:

If the browser can’t connect to Oracle VM Manager due to obsolete protocol stack, use Firefox 44 or newer, and make your way through the obsolete protocol warnings and queries.
Posted in Oracle, Oracle VM | Leave a comment