You don’t get to explicitly use Linux namespaces very often; one usually gets to make use of them when setting up containers or some sort of smart web hosting platform that allows hard resource limits to be put in place for customers, but even then the actual setup is hidden somewhere in the back. There are scenarios when containers simply require too much work for the particular task; I, at one time, faced the need of ensuring some network communication between 2 instances of the same service.
Communication? Same service? Have them listen on different addresses or on different ports and you’re done, you might say – but it’s not always that simple. If you have no control over the code but just want to replicate a certain behavior, there may simply not be an option to have instances listen on different ports. If the protocol also involves broadcasting, things become really complicated, as you don’t always have 2 IP addresses, on different interfaces, connected to the same network. Such scenario is easy to solve with virtualization or containers, but for this particular problem they’re overkill. The lightweight solution comes from manipulating Linux network namespaces.
Some intense months later, here I am with fresh ideas and happenings. Secrets follow. Well no, not really, but I’ll put everything in a list to make things easier to digest.
1. Getting in is hard, staying in seems even harder
When the commercials go out, the movie starts: the interview and then the orientation do not prepare you for the environment you’ll be swimming in, once you start your daily work. On my path to illumination I have realized that kitchen personnel, the people that cook that good food for you 3 times a day, are likely to be evaluated on par with the people they are feeding. At the end of the day nobody is getting any free meal.
I’ve also found out that the photos floating around the interwebs with colorful interiors, pool tables, arcades or pinball machines straight from the ’80s are true. What I have also learned is that an unhealthy balance between productivity and time spent having fun in the games room or sleeping in the library will lead to a PIP (performance improvement plan) before your 1st anniversary. Failing that is obviously your ticket out, but some people also choose to leave on their own terms. For the company the outcome is the same, though: a lifetime (maybe) “no rehire” stuck in your file.
While a public yum repository is easy to set up with S3, going private is more difficult. The privacy must be enforced by some plugin that can retrieve files from the S3 bucket using the API with stored credentials (maybe). Storing credentials can be avoided on EC2 machines that are assigned a proper role, but this is not possible in any other scenario.
Nevertheless, the first steps are common for both public and private setups:
1. Create the proper directory structure
This is achievable with the “createrepo” binary that can be installed on both RedHat and Debian-based systems (e.g. Fedora/Centos or Ubuntu). Running this program results in a “repodata” sub-directory being created with a couple of files that store parsed rpm information.