Visualising LinuxKit builds with Python and GraphViz

For the first time in a while I found myself still working at 5AM; by choice!

Why? LinuxKit! as you may have guessed from previous posts, i’m a fan.

Why LinuxKit?

For me, as a low level OS/Ops backgrounded geek, it’s like a 2017 version of discovering  “Linux From Scratch”, or even the first time pre-compiled binary packages appeared in Gentoo and saved you HOURS!

Exactly the bits of an OS you need for your solution, with community re-use of components, without re-inventing the wheel!

With higher order orchestrators such as Kubernetes needing less and less moving parts under them; The world of a more secure, more observable infrastructure, right down the stack is more within reach than ever!

Linuxkit is the perfect toolkit to build these lower level pieces.

The user or the builder?

I 100% believe that tooling such as LinuxKit will help millions run simpler infrastructure, potentially without knowing about it…

Like docker images on the hub now, the majority of users will benefit through re-use of the communities’ LinuxKit images.

I’d expect to even see whole open-source *Products* being LinuxKit based before the next DockerCon! If it’s an embedded system, or productized install. The user may never know the reason for the improved experience.

But what about the builders, the people working with the early LinuxKit code to build these images, to make these systems simpler, ephemeral and more composable…

It’s those people i’d like to ask; Do you struggle to debug complex linuxkit manifests? Do you spend time digging back and forth between namespace looking at where your mounts are? Which Image got a directory from where? Or why new mounts aren’t showing up in other places you expect them?

It’s 100% possible it’s just me; but I really found visualising the build (and the mounts) helped me develop much quicker.

So, back to the 5AM… I hacked something together using Python and GraphViz to take in a LinuxKit mainifest (yaml), read the metadata labels from each of the docker images within and plot all of the mounts (along with image data) onto a GraphViz diagram.

Output from LinuxKitVis
Output from LinuxKitVis

I’ve put the code on github here, and would love to get your feedback!

Find me on twitter as @mattdashj or in the DockerCommunity #Linuxkit room on slack! (TrXuk).

PS. To all those in Europe for DockerCon… have a WHALE of a time! (sorry).


Mac OSX El Capitan Secure Erase

So, it’s time to give my old corporate Macbook Pro 15″ back to who knows where.

Time to move my data to my new (much the same) Macbook Pro 15″ and secure erase my old SSD.. Right?

Wrong! Seems the recovery partition on El Capitan (Hold down CMD + R on boot) completley prevents any of the ‘secure erase’ options; the button for security options just isn’t there!

Anyway, the disk utility is just a pretty GUI on the ‘diskutil’ command line.

So, to run a very secure (and lengthy) 35-pass wipe on your main disk…

once you have the “OSX Utilities” window showing, goto Utilities > Terminal from the menu bar, then on the terminal type the following command:

 diskutil secureErase 3 disk0 

For a quicker, US DoD 7-pass secure erase, run:

 diskutil secureErase 2 disk0 

Or an even quicker, US DoE 3-pass secure erase, run:

 diskutil secureErase 4 disk0

If the command errors with “device in use” you’ll need to unmount your MacOSX partition first with the following command:

 diskutil unmountDisk disk0 

WARNING: Any of these options will permanently, irreversibly destroy ALL data on your disk. Please make sure you have no external storage directly attached, or you may just wipe that instead.

The secureErase commands will then show a progress bar and estimated time to completion. The 34 Pass wipe on a mid-2012 256GB SSD estimates 8 hours.

Yes, you’re going to need a charger 😉