Since then I’ve done a proper pass on it. The project is now called hollerback, it’s on PyPI, and it’s meaningfully more capable than what I described two days ago. Here’s what changed and why.

Why “hollerback”

The original name reflected the implementation: a gateway between Signal and Goose. As I kept building it became clear the thing wasn’t really a Goose-specific gateway. It was a Signal number that any AI agent could use. Goose is still the primary target but a rename felt right.

Two use cases, one phone

The clearest way I’ve found to describe hollerback is a dedicated Signal number to share with your agents. There are two primary use cases today.

Use case 1: Goose is live and waiting. Someone messages the number, Goose picks up and replies: unattended, session-aware, in real time. This is the use case from the April 18 post.

Use case 2: An authorized agent can use the number to send messages. Any MCP client (Claude CLI, Goose Desktop, Cursor, Claude Desktop) connects to hollerback’s MCP endpoint via a standard HTTP Bearer token and gets tools to send Signal messages, list paired contacts, and read inbound traffic. If you’re in a Claude session and want to send someone a Signal message, you can. If you want Goose to notify you on Signal when a long task finishes, it can.

They share one process, one contact list, one phone number. You can run either use case alone or both together.

What’s working today

• Signal to Goose: inbound messages create or resume goosed sessions, Goose replies stream back to Signal
• Typing indicators while Goose is processing; read receipts on delivery
• Pairing flow for unknown senders: an unknown number gets a code; you approve it via CLI before the bot responds
• MCP server on port 7322 with four tools: get_signal_identity, list_signal_contacts, send_signal_message, get_messages
• Per-agent Bearer auth: multiple agents can share one Signal number, each with its own key
• Graceful operation without Goose Desktop: messages buffer when goosed is unreachable, auto-replies resume on reconnect
• systemd user service, hollerback.service
• Running on Fedora, smoke-tested in production

Install

uv tool install hollerback
hollerback setup
hollerback start --detach

Or from source at github.com/theronconrey/hollerback. Full setup instructions in the README.

The project is really early. I’m settling in where I can help, and I’m looking forward to engaging with the Goose team!

hollerback on GitHub | hollerback on PyPI | Goose on GitHub

Today I put together a small proof-of-concept that answers that — goose-signal-gateway, a Python service that bridges Signal Messenger to a running Goose instance. You send a text, Goose replies.

How it works

The gateway sits between two daemons that were already running on my home server:

• signal-cli — handles Signal protocol and exposes an HTTP API
• goosed — the Goose agent server that powers the Desktop client

Signal (phone) → signal-cli → gateway → goosed → Mistral → Signal reply

When a message comes in over Signal, the gateway creates a Goose session (or reuses the existing one for that sender), forwards the text, streams the reply back, and sends it as a Signal message. Each Signal conversation gets its own persistent Goose session, so context carries across messages.

The interesting part technically was figuring out goosed’s actual API. It’s not documented publicly — I had to probe it against a live instance to map out the endpoints, auth scheme, and how the SSE streaming works. That’s all captured in docs/acp-findings.md in the repo if you’re curious.

Still early

This is genuinely a rough proof of concept. A few things that work:

• Send a Signal message, get a Goose reply
• Session context is maintained within a conversation
• Runs against whatever provider Goose Desktop is configured for (Mistral in my case)

A few things that don’t yet:

• Sessions don’t show up in the Goose Desktop sidebar — the Desktop doesn’t poll for externally-created sessions, it only knows about ones it started itself. Worth filing upstream.
• No message dedup — if Signal delivers a message twice, Goose replies twice
• Sessions reset on gateway restart
• Linux only (uses /proc to discover goosed’s dynamic port)

Where I’d like to take it

Goose itself is moving fast. Once the agent API stabilizes and there’s a cleaner way to integrate with it — rather than poking at an undocumented internal HTTP server — I’d like to revisit this properly. The goal would be something robust enough to leave running: a persistent bridge so you can have a real conversation with your local agent from your phone, with full Desktop visibility on the same session.

For now it’s a fun thing that works well enough to be useful. If you’re running Goose Desktop and signal-cli and want to try it:

• github.com/theronconrey/goose-signal-gateway

goose-signal-gateway on GitHub | Goose on GitHub

Sync engine

The biggest category of bugs. File sync sounds simple until you actually implement it, and then it turns out there are a lot of ways to get it wrong.

Efficient renames and moves. When a folder gets reorganized - files renamed, moved into subdirectories, whatever - peerdup would previously just re-transfer everything. That’s wasteful and slow. The fix: when a peer receives a new torrent layout, peerdup now moves existing files into place before libtorrent checks pieces. If the data is already there under a different path, it gets repositioned, not re-downloaded. This works by matching files by name and size against the incoming layout and pre-positioning any matches. Stale files and empty directories from the prior layout get cleaned up automatically in the same pass.

Ping-pong. This one took a while to diagnose. Two peers would sync, both see the resulting filesystem changes, both react, and the two daemons would end up in an endless loop of overwriting each other. The fix was to pause the filesystem watcher during the SYNCING state so the daemon doesn’t react to its own incoming changes. Queued events are drained cleanly when the transition to SEEDING completes.

Bidirectional sync. An earlier version had “owner immunity” - the share owner’s version always won. That sounds reasonable until you think about what it means in practice: if the non-owner machine changed a file, that change could silently disappear. Reverted that. Both sides now accept remote changes, with sequence numbers on the LAN wire format determining which version wins when there’s a genuine conflict.

Bootstrap on empty shares. Joining a share that had no files yet crashed the daemon. Fixed.

Stale torrent cache. If you deleted files from a share and then rebuilt it, the old .torrent cache could cause the deleted files to reappear like ghosts. The fix is simple: delete the cache before rebuilding.

LAN discovery

The LAN multicast wire format went through three revisions this weekend.

v2 added peer names to multicast packets, so you can actually tell which machine is which when you run peerdup share peers. v3 added per-share info_hash to the packets - the daemon now detects when it’s looking at a stale hash and automatically switches to the remote torrent. v4 added per-share sequence numbers, which is what makes conflict resolution work without a registry.

One subtle fix: the daemon was only sending multicast to the multicast group address, which works fine between devices on the same WiFi AP, but doesn’t reach wired machines when the AP doesn’t forward multicast. Added a subnet broadcast fallback to 255.255.255.255 so wired and wireless peers can find each other reliably.

Interface auto-detection also landed. Previously you had to know which network interface to use. Now the daemon picks the interface associated with the default gateway and peerdup-setup asks you to confirm it.

Security

this is still a work in progress. not for prod use. yada yada yada.

Announce rate limiting. Each (peer_id, share_id) pair gets a token bucket. If a peer announces too aggressively, it gets a RESOURCE_EXHAUSTED response with a Retry-After header. The limit is configurable in config.toml.

Audit logging. Every authenticated RPC is now written to a structured JSON log via a rotating file handler (10 MB × 5 files). If something goes wrong, there’s a record.

TLS defaults. Registry tls.enabled now defaults to true on new installs. Previously it defaulted to off, which was the wrong default.

Observability

peerdup status now shows real health information: whether the database is reachable, whether the TTL sweep is running, an overall ok/degraded/error status, and peer and share counts. Previously it returned basically nothing useful.

peerdup registry health and peerdup registry status were added to let you inspect the registry connection directly - version, uptime, TLS config, token validity.

For those running their own infrastructure, there’s also an optional Prometheus endpoint now. Counters for RPCs, announces, and peers online; histograms for latency and TTL sweep duration. Disabled by default, configurable in config.toml.

Bandwidth policies

Share owners can now publish advisory rate limits from the registry. All members receive the policy via the live peer event stream and apply it to their libtorrent handle immediately. Local per-share caps always win - if you’ve set a local limit, the registry can’t override it. 0 means unlimited.

Operator tooling

peerdup-registry-admin is a new standalone CLI that connects directly to the registry gRPC without needing the daemon to be running. Useful for server-side administration: health checks, listing and removing peers, listing and purging shares, tailing the audit log.

peerdup-setup now walks through mTLS configuration if you’re connecting to a registry that requires it - prompts for CA cert, client cert, and key, and writes them to config.toml.

GNOME extension

A few quality-of-life improvements on the desktop side. The top bar now shows live upload/download rates inline while a share is actively syncing (↑ 1.2M ↓ 4.8M). The popup menu gained a colored registry health dot - green when connected and healthy, yellow when degraded, red when unreachable.

New share and join share dialogs are available via the popup menu when zenity is installed. Nothing fancy, just enough to avoid needing a terminal for common operations.

Fixed a PATH issue that caused the extension to fail to find the peerdup binary on some systems, since GNOME Shell’s subprocess environment doesn’t include ~/.local/bin. Added GNOME Shell 49 to the supported versions list. The extension is now pre-enabled via gsettings during install so it activates on next login without a manual gnome-extensions enable step.

Refactor

The sync coordinator had grown into a single file that was doing too many things. Split it into three focused modules: announce.py for registry heartbeats, torrent_mgr.py for the libtorrent handle lifecycle, and peer_handler.py for registry stream events, LAN peer handling, conflict dispatch, and policy application. Same behavior, easier to reason about.

Tech debt

There was a gnarly registry.proto descriptor pool clash that was causing the integration test suite to fail intermittently. The daemon’s registry stubs were replaced with static shim files that re-export from the registry package, and the registry’s own registry_pb2_grpc.py was fixed to use an explicit relative import. The Makefile was updated to apply the fix automatically on make proto. All 21 integration tests pass now.

There’s still a lot left to do. The Docker deployment path needs work - I mentioned that in the first post and it’s still true. Broader platform testing. Documentation could go deeper. But the sync engine is noticeably more solid than it was Friday, and the observability and bits means it’s something I can actually run on real machines with a better understanding of what is going on.

If you’re using peerdup or just curious about any of this, feel free to open an issue or reach out directly.

View on GitHub

The problem it solves

What I wanted was cli driven, scriptable, and open source for bare metal servers. Get the files back to a NAS, and then let it handle backups, snapshots or whatever via BTRFS or ZFS. For my desktop, I wanted something I can bake into GNOME natively to sync directories with ease. For servers, I wanted something I could push with ansible.

I wanted something that keeps files in sync across my machines — fast, encrypted, and without routing everything through someone else’s servers. Every major solution I looked at either required a cloud account, imposed storage limits, or made me nervous about what was happening to my data in transit. So I built one.

It’s called peerdup. It’s open source, self-hosted, and built around a simple idea: your files should travel directly between your devices whereever they are. It shouldn’t be difficult.

How it works

The architecture has three components: a registry, a relay, and a daemon that runs on each of your machines.

┌─────────────────┐
│    Registry     │  gRPC / TLS — peer discovery, ACL, presence
└────────┬────────┘
         │
  ┌──────┴──────┐
  │             │
┌─┴──────┐  ┌──┴─────┐
│Daemon A│◄─►Daemon B│  direct P2P via libtorrent
└────────┘  └────────┘
               ╲
            ┌───┴───┐
            │ Relay │   NAT fallback (optional)
            └───────┘

The registry is a lightweight service you run once on an always-on machine (or a small VPS). It handles peer discovery and access control — it knows which machines exist and who is allowed to sync what — but it never sees the actual file contents. When two daemons need to talk, the registry introduces them and steps aside.

The relay is there for the hard cases: when one of your devices is behind a symmetric NAT that prevents a direct connection. The daemon tries both a direct path and a relay-bridged path simultaneously and uses whichever connects first. Most of the time, you won’t even notice it’s there.

Two sync modes

peerdup ships with two modes, depending on your setup:

The local mode is great if all your devices are on the same network and you want zero infrastructure. Just start the daemon, create a share with --local, share the share ID with another machine on the same LAN, and you’re syncing.

Key features

Transfer — Direct P2P via libtorrent. All file data moves device to device. No relay unless NAT requires it.

Security — TLS on all registry communication. libtorrent encryption on transfers.

Access — Per-share ACL. Grant and revoke peers per share. Registry enforces it at the discovery layer.

Conflicts — Three resolution strategies: last-write-wins, rename-on-conflict, or manual review — configurable per share.

Limits — Bandwidth throttling. Set per-share upload and download limits so peerdup doesn’t saturate your connection.

Ops — Docker + Caddy stack. One script gets the registry and relay running with automatic Let’s Encrypt TLS.

Getting started

Installation is a single curl command on each machine:

curl -fsSL https://raw.githubusercontent.com/theronconrey/peerdup/main/install.sh | sh

The installer walks you through whether to also set up a registry on that machine (say yes on your server, no on laptops). From there, peerdup-setup handles daemon configuration, and you’re ready to create your first share.

For those who prefer containers, the Docker Compose stack brings up the registry, relay, and Caddy reverse proxy with automatic TLS, you just need a domain and a public-facing host. Run ./start.sh and it handles the rest. Transparently, this is not working without some level of tinkering. This is where I’m currently focused on making the installation smoother.

View on GitHub

Where it stands today

peerdup is a pet project in active development. The core sync loop works, the CLI is functional, and the Docker deployment path is solid. There’s still a lot of surface area to improve — better observability, broader platform testing, documentation depth. If this is something that is interesting to you, reach out and say hello!

The repository

Resilio publishes an official RPM repository. Drop a repo file into /etc/yum.repos.d/ — the standard location for third-party repos on Fedora — and import the GPG key:

sudo tee /etc/yum.repos.d/resilio-sync.repo << 'EOF'
[resilio-sync]
name=Resilio Sync
baseurl=https://linux-packages.resilio.com/resilio-sync/rpm/$basearch
enabled=1
gpgcheck=1
EOF

sudo rpm --import https://linux-packages.resilio.com/resilio-sync/key.asc

The GPG key step isn’t optional — dnf will refuse the install without it.

Installation

sudo dnf install resilio-sync

The package puts the binary at /usr/bin/rslsync, a default config at /etc/rslsync.conf, and registers systemd unit files. Nothing lands in your home or downloads directory.

Running it as your own user

For a desktop, I tend to run Sync under my own account. It feels more integrated for personal files and keeps permissions simple.

The upstream unit file is written for system mode, so you need to fix the WantedBy target before enabling the user service — otherwise it won’t start correctly in a user session:

sudo systemctl disable --now resilio-sync

sudo sed -i 's/WantedBy=multi-user.target/WantedBy=default.target/' \
  /usr/lib/systemd/user/resilio-sync.service

systemctl --user enable --now resilio-sync

If this is a machine you SSH into rather than log into interactively, enable lingering so the service survives outside of active login sessions:

loginctl enable-linger $USER

Server or NAS? Skip all of the above and run sudo systemctl enable --now resilio-sync instead. That runs Sync as the dedicated rslsync system user, starting at boot. If it needs access to files owned by your account, add the users to each other’s groups and set group-write permissions on your sync folders.

The firewall

Fedora uses firewalld. If you need the WebUI from another machine or sync traffic across subnets:

sudo firewall-cmd --permanent --add-port=8888/tcp
sudo firewall-cmd --permanent --add-port=55555/tcp
sudo firewall-cmd --permanent --add-port=55555/udp
sudo firewall-cmd --reload

First run

Verify the service is up and open http://localhost:8888:

systemctl --user status resilio-sync

From here, you’ll see a link to Resilio’s site to get a key. It’s free for non-commercial use and the signup remains straightforward. After applying the license, you’ll be prompted to set a username and password and name the device. From there you can add folders, generate share keys, and connect other machines.

Updates

Because it’s in a proper dnf repo, Resilio updates with everything else:

sudo dnf upgrade

No manual downloads, no version-checking scripts. The package manager owns it from here.

The array

Six 5TB Seagate HDDs in a btrfs RAID10 configuration, mounted at /mnt/data. RAID10 means the array can tolerate losing one drive without data loss, which is the scenario we’re dealing with.

Check array health with:

sudo btrfs device stats /mnt/data

When you start seeing non-zero read_io_errs or corruption_errs on a device, it’s time to monitor. When the count increases dramatically, it’s time to do something.

The fstab trap

Before touching anything, there’s something worth understanding about btrfs RAID arrays and fstab.

By default, btrfs won’t mount a RAID array in degraded mode, meaning if a drive is missing at boot, the mount fails. On Fedora (and most systemd distros), a failed mount during boot drops you into emergency mode. No warning, no helpful message, just a root shell and a bad morning.

The fix is to add degraded to the mount options in /etc/fstab before you pull any hardware:

UUID=your-uuid  /mnt/data  btrfs  defaults,degraded,nofail  0  0

The nofail option is worth adding too. It tells systemd to keep booting even if the mount fails entirely, rather than halting for manual intervention. On a headless machine, this is the difference between a degraded array and a box you can’t reach.

Verify fstab is valid before rebooting:

sudo mount -a

Live drive replacement with btrfs replace

With fstab sorted, the actual drive replacement is straightforward. btrfs has a first-class replace command that handles the swap while the array stays mounted and in use.

Identify the device to replace and the new drive:

sudo btrfs filesystem show /mnt/data

This lists all devices in the array with their paths. Note the path of the failing drive.

Start the replacement, which runs in the background:

sudo btrfs replace start /dev/sdg /dev/sdnew /mnt/data

Where /dev/sdg is the drive being replaced and /dev/sdnew is the freshly installed drive. The array stays fully operational during this process.

Monitoring the replacement

On a large array with spinning rust this takes several hours. Rather than babysitting it, I set up a cron job to check hourly and log the status:

crontab -e

Add the following line:

0 * * * * btrfs replace status /mnt/data >> /var/log/btrfs-replace.log 2>&1

The output from btrfs replace status looks like this while running:

Started on 14.Mar 09:15:32, position 24.34%, speed 142.3 MiB/s

And when complete:

Started on 14.Mar 09:15:32, finished on 14.Mar 14:22:10, 0 write errs,
0 uncorr. read errs

Once you see the finished line, the cron job can be removed.

After the replacement

Verify the array is healthy:

sudo btrfs device stats /mnt/data
sudo btrfs filesystem show /mnt/data

All error counters should be zero on the new device. A scrub is worth running afterward to verify data integrity across all devices:

sudo btrfs scrub start /mnt/data
sudo btrfs scrub status /mnt/data

The short version

• Add degraded,nofail to your btrfs fstab entry before you ever need it
• btrfs replace handles live drive swaps cleanly with no downtime
• Monitor with a cron job logging btrfs replace status
• Verify with btrfs device stats and follow up with a scrub

What is BitTorrent Sync?

The concept is simple: using a local client on your desktop or laptop, Sync will synchronize the contents of a selected folder to other remote Sync clients sharing the same key. Synchronization is done securely via an encrypted (AES) bittorrent session. This ends up being effective for moving a lot of data across multiple devices and while I think it was initially designed for secure private Dropbox-style replication, I’ve been testing it as an alternative method of geo-replication between GlusterFS clusters on Fedora.

Right off the bat there were a few things that got my gears turning:

• a known and proven P2P protocol (monthly BitTorrent users are estimated at something insane like a quarter of a billion)
• encrypted transfers
• multi-platform
• KISS-oriented configuration

What is GlusterFS?

GlusterFS is an open source project leveraging commodity hardware and the network to create scale-out, fault tolerant, distributed and replicated NAS solutions that are flexible and highly available. It supports native clients, NFS, CIFS, HTTP, FTP, WebDAV and other protocols.

GlusterFS has native Geo Replication. Why not use it?

Leveraging native GlusterFS geo-replication for a single volume is a one-way street. A replicated volume is configured in a traditional master/slave configuration.

It can also be configured for cascading setups that allow for more interesting archival configurations.

Or even:

While I’m sure this works for replication and certain DR scenarios, I’m looking at multi-master configurations with multiple datacenters all “hot”, possibly removing the need for a centralized repository. I’d also like a scenario where all sites serve as DR locations for any other participant while leveraging the closest cluster as a data endpoint for writes. Something like this:

This type of configuration also allows for a more easily grown environment and a quick way to bring another site online.

One of the more interesting BT Sync features is the optional use of a tracker service. This helps with peer discovery, letting the tracker announce SHA2(secret):IP:port to help peers connect directly. The tracker also acts as a STUN server, helping with NAT traversal for peers that can’t directly see each other behind firewalls. Worth noting: even with the tracker service in use, all data transmission is encrypted in flight.

Getting Started

For quick testing, find a couple of boxes to get replication moving between. These could be minimal install Linux boxes, Samba servers, web servers (backup replication?), or in my case, a single node of a Gluster cluster. If you’re interested in getting started with Gluster, here’s a good place to start.

A quick note if you’re using Gluster: On one of the nodes, make sure the GlusterFS client is installed. Create a directory and mount the volume you want replicated using the GlusterFS client. There are more complicated ways to do this, but for testing, this will work fine.

Download the Client

Identify the directory you want to replicate and download the client from BitTorrent Labs. For me it was the x64 Linux client.

Configuration

First, untar the download and get some config files ready. We’ll also build an init.d script to ensure the client runs on startup.

tar -xf btsync.tar.gz
sudo mv btsync /usr/bin
sudo mkdir /etc/btsync
sudo mkdir /replication

Generate the initial config file:

sudo btsync --dump-sample-config > /etc/btsync/btsync.conf

Edit the following values in the config. Change the device name:

"device name": "My Sync Device",

to:

"device name": "whateveryourhostnameis",

Change the storage path:

"storage path" : "/home/user/.sync",

to:

"storage path" : "/etc/btsync",

Uncomment and set the pid file:

"pid_file" : "/var/run/btsync.pid",

Since we’re identifying replicated folders via the config file, the web UI normally available in the Linux client will be disabled. Generate a secret for your share:

sudo btsync --generate-secret

I find it easier to dump the secret directly to the bottom of the config file:

sudo btsync --generate-secret >> /etc/btsync.conf

In the shared folders section, replace MY_SECRET_1 with the secret you generated:

"secret" : "GYX6MWA67INIBN5XRHBQZRTGYX6MWA67XRHPJOO6ZINIBN5OQA", // * required field

Update the directory:

"dir" : "/replication", // * required field

In the shared folders section, comment out the example known hosts:

// "192.168.1.2:44444",
// "myhost.com:6881"

Important: You’ll need to remove the leading /* and trailing */ from the shared folders section.

Start bittorrent sync with the config:

btsync --config /etc/btsync.conf

Sync Init Script

Not claiming this is a work of art, but it gets the job done. Create /etc/init.d/btsync with the following:

#!/bin/sh
#
# chkconfig: - 27 73
# description: Starts and stops the btsync Bittorrent sync client
#
# pidfile: /var/run/btsync.pid
# config: /etc/btsync.conf

# Source function library.
. /etc/rc.d/init.d/functions

# Avoid using root's TMPDIR
unset TMPDIR

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1

# Check that btsync.conf exists.
[ -f /etc/btsync.conf ] || exit 6

RETVAL=0
BTSYNCOPTIONS="--config /etc/btsync.conf"

start() {
    KIND="Bittorrentsync"
    echo -n $"Starting $KIND services: "
    daemon btsync "$BTSYNCOPTIONS"
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/btsync || RETVAL=1
    return $RETVAL
}

stop() {
    echo
    KIND="Bittorrentsync"
    echo -n $"Shutting down $KIND services: "
    killproc btsync
    RETVAL=$?
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/btsync
    echo ""
    return $RETVAL
}

restart() {
    stop
    start
}

rhstatus() {
    status btsync
    return $?
}

# Allow status as non-root.
if [ "$1" = status ]; then
    rhstatus
    exit $?
fi

case "$1" in
    start)        start ;;
    stop)         stop ;;
    restart)      restart ;;
    reload)       reload ;;
    status)       rhstatus ;;
    condrestart)  [ -f /var/lock/subsys/btsync ] && restart || : ;;
    *)
        echo $"Usage: $0 {start|stop|restart|reload|status|condrestart}"
        exit 2
esac

exit $?

Testing the Sync Service

Set the init script to executable and enable it at startup:

chmod 755 /etc/init.d/btsync
chkconfig --add btsync
chkconfig btsync on

Other Nodes and Additional Thoughts

With the above in place, configure additional btsync clients on Gluster nodes (or whatever test system you’re using) at your remote locations using the same secret. The mount point / local folder can be different, but the secret must be the same. This will allow replication to start among the identified folders. Thanks for reading and check out other cool use cases for BitTorrent Sync on the BitTorrent Sync forums.

During the presentation I demo’d out the new QEMU/GlusterFS native integration leveraging libgfapi. For those wondering what that means: there’s no need for FUSE anymore and QEMU leverages GlusterFS natively on the back end. Awesome.

For my demo I needed two boxes running QEMU/KVM/GlusterFS to provide the compute and storage hypervisor layers. As I only had a single laptop to tour Europe with, I needed a nested KVM environment.

If you’ve got enough hardware feel free to skip the Enable Nested Virtualization section and jump ahead to Base OS Installation.

This wasn’t an easy environment to get up and running. This is alpha code, so expect to roll your sleeves up. These instructions assume you have Fedora 18 installed and updated with virt-manager and KVM installed.

Enable Nested Virtualization

Since we’re going to install an OS on a VM running on the Gluster/QEMU cluster we’re building, we’ll need nested virtualization. Check if it’s already enabled:

cat /sys/module/kvm_intel/parameters/nested

If it returns N, load the KVM module with the nested option via modprobe config:

echo "options kvm-intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf

Reboot and verify:

cat /sys/module/kvm_intel/parameters/nested

Should return Y. Host prep is done.

Install VMs OS

Starting with the base Fedora laptop, I used virt-manager for VM management. I wanted to use Boxes, but it’s not designed for this type of configuration.

Create a new VM and select the Fedora HTTP install option. I didn’t have an ISO around, and HTTP install is great anyway.

Select the HTTP install option and enter the nearest available mirror.

For me this was Masaryk University, Brno (where I happened to be sitting during Dev Days 2013):

http://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/18/Fedora/x86_64/os/

I went with an 8GB base disk, 1GB RAM, and a default vCPU. Start the VM build and install.

The install takes a bit longer since it downloads files during the initial boot.

Select your language and continue to the installation summary screen. Change the software selection option.

Select minimal install:

During installation, set the root password:

Once installation is complete, the VM will reboot. Power it down. We need to pass the CPU flags to the VM before proceeding.

In virt-manager, right-click the VM and select open. In the VM window, select View > Details. Rather than guessing the CPU architecture, select “Copy from host” and click OK.

While you’re here, add an additional 20GB virtual drive. Make sure you select virtio for the drive type.

Boot the VM and let’s get started.

Base Installation Components

Install some base components before getting started with GlusterFS or QEMU. After logging in as root:

yum update
yum install nettools wget xfsprogs binutils

Create the mount point and format the additional drive:

mkdir -p /export/brick1
mkfs.xfs -i size=512 /dev/vdb

Add it to fstab so it persists across reboots:

/dev/vdb /export/brick1 xfs defaults 1 2

Mount it:

mount -a && mount

Firewalls. YMMV

It may be just me, but I struggled getting Gluster to work with firewalld on Fedora 18. Not recommended in production, but for an all-in VM on a laptop deployment, I just disabled and removed it:

yum remove firewalld

Gluster 3.4.0 Alpha Installation

Configure and enable the Gluster repo on the VM:

wget http://download.gluster.org/pub/gluster/glusterfs/qa-releases/3.4.0alpha/Fedora/glusterfs-alpha-fedora.repo
mv glusterfs-alpha-fedora.repo /etc/yum.repos.d/

Update and install:

yum update
yum install glusterfs-server glusterfs-devel

The glusterfs-devel package is required for the QEMU integration we’ll be testing.

Break: Build a Second VM

If you’ve made it here, get a coffee and do the install again on a second VM. You’ll need a second replication target before proceeding.

</end coffee break>

Network Prep: Both VMs

We’re on the private NAT’d network that virt-manager is managing, so we’ll need static addresses on both VMs and updated /etc/hosts entries. Not proud here – this is a test environment.

1. Assign static addresses to both VMs in the NAT range
2. Set hostnames on both VMs
3. Update /etc/hosts on both nodes to include both servers

Back to Gluster

Start and verify the Gluster service on both VMs:

service glusterd start
service glusterd status

On either host, create the Gluster volume and configure it for replication:

gluster volume create vmstor replica 2 ci01.local:/export/brick1 ci02.local:/export/brick1

Start the volume:

gluster volume start vmstor

Verify:

gluster volume info

If this returns cleanly, you’re up and running with GlusterFS.

Building QEMU Dependencies

Install prerequisites:

yum install lvm2-devel git gcc-c++ make glib2-devel pixman-devel

Clone QEMU:

git clone git://git.qemu-project.org/qemu.git

Configure the build. I trimmed the target list to save time since I knew I wouldn’t need most QEMU-supported architectures:

./configure --enable-glusterfs --target-list=i386-softmmu,x86_64-softmmu,x86_64-linux-user,i386-linux-user

With that done, everything on this host is ready. We can start building VMs using GlusterFS natively, bypassing FUSE and leveraging thin provisioning.

Creating Virtual Disks on GlusterFS

qemu-img create gluster://ci01:0/vmstor/test01?transport=socket 5G

This uses qemu-img to create a 5GB disk image natively on GlusterFS. The transport socket parameter controls the communication method between QEMU and GlusterFS.

Build a VM and Install onto the GlusterFS Disk Image

You’ll want something to actually install on the image. I went with TinyCore because I was already pushing up against the limits of this laptop with nested virtualization. Download TinyCore Linux here.

qemu-system-x86_64 --enable-kvm -m 1024 -smp 4 \
  -drive file=gluster://ci01/vmstor/test01,if=virtio \
  -vnc 192.168.122.209:1 \
  --cdrom /home/theron/CorePlus-current.iso

I skipped using Virsh for the demo and assigned the VNC IP and port manually. Once the VM starts up you can connect to it from your external host and start the install.

Select the hard drive built with qemu-img and follow the OS install procedure.

Finished

At this point you’re done and can start testing and submitting bugs. I’d expect to see some interesting things with OpenStack in this space as well as tighter oVirt integration moving forward. Let me know if this guide was useful.

Side Note

Something completely related: I’m pleased to announce that I’ve joined the Open Source and Standards team at Red Hat, working to promote and assist in making upstream projects wildly successful. If you’re unsure what that means or why Red Hat cares about upstream projects, please reach out and say hello.

References

• Nested KVM
• KVM VNC
• Using QEMU to boot VM on GlusterFS
• QEMU downloads
• QEMU GlusterFS native integration

Ingredients

• 31 lbs Maris Otter Pale
• 2 oz Warrior pellets (16.3% AA), 60 min
• 2 oz Amarillo pellets (9% AA), 60 min
• Yeast: White Labs WLP099 Super High Gravity Ale (ferments to 25% ABV)

Note: the recipe itself is not special. The procedure is what gets you to 21%.

Procedure

This process is all about keeping the yeast alive well past where it would normally quit.

Starter and mash:

1. Build a 1-gallon starter at 1.066 gravity in a 6.5-gallon carboy using WLP099. Track volume and gravity carefully since it factors into your final OG calculation.
2. Mash 31 lbs Maris Otter at 146°F overnight or until conversion is complete.
3. Sparge slowly until all sugar is extracted. Expect around 18 gallons across two kettles.
4. Boil down to 4 gallons. Boil slow to reduce caramelization. A clip-on fan blowing across the surface of each pot prevents boilovers and speeds evaporation significantly by blowing steam away. Highly recommended.
5. Add hops at 60 minutes remaining.

Final wort OG: 1.246. Combined with starter: calculated OG of 1.212.

Fermentation:

1. Add 1 gallon of wort to the 2-gallon starter.
2. Oxygenate for at least 15 minutes with O2 (or 40+ minutes if using air). Affix airlock.
3. Can the remaining 3 gallons of wort in 1-quart mason jars: siphon wort into jars, set lids loosely, water bath boil for 15 minutes, then tighten.
4. Ferment until activity slows.
5. Add one quart of canned wort per day and oxygenate 3-5 minutes with O2 (or 9-15 min with air). Oxygenation is essential to keep yeast viable past 20% ABV.
6. Ferment out.

Pushing past 20%:

When fermentation stalls (and it will), add 8 crushed Beano tablets to convert non-fermentable sugars into fermentable ones. If activity slows again, add 5 more. Next time I’d add Beano sooner, probably one day after the last quart of wort goes in.

IBUs: 184 according to Beertools. With that much alcohol and residual sweetness, it doesn’t taste nearly as bitter as that number suggests. Age helps a lot.

What I’d Do Differently

• Add Beano earlier in the process
• Use some roastier grains for more flavor depth

I’m going to brew it again shortly, quite possibly for teach-a-friend-to-homebrew day down at Raccoon River.

Grain Bill

Hops

Yeast and Extras

• Wyeast 1187 Ringwood Ale (or White Labs WLP007 Dry English Ale)
• 0.1 oz Irish Moss at 15 min

Mash

Single step. Saccharification at 155°F for 60 minutes, mash-out at 167°F for 5 minutes, sparge at 170°F.

Fermentation

• Primary: 1 week at 65-70°F
• Secondary: 1 week at 65°F
• Lager: 2 weeks at 55°F with 0.5 oz Cascade dry hop

This one I’ll keep brewing.