tag:blogger.com,1999:blog-22889763848346467632024-03-14T06:10:42.282+00:00High-Availability ObsessionUnknownnoreply@blogger.comBlogger37125tag:blogger.com,1999:blog-2288976384834646763.post-86242526645448401182019-04-11T09:24:00.020+00:002021-05-10T13:14:03.673+00:00How to stream encrypted data into amazon glacier deep archive<span face=""arial" , "helvetica" , sans-serif">This will be very short tutorial. Imagine you want to archive your old raw files (.nef) from directory 2013 into amazon glacier deep archive using amazon s3 official linux client and use also openssl encryption. You need working aws cli. I used expected size of archive as 1TB. Change text in <span style="color: red;">red</span> to applicable to your environment. All this was tested on fully updated debian 9 and fedora 29.</span><br />
<br />
<br />
archive:<br />
<br />
<pre>find "<span style="color: red;">2013</span>" -type f -regextype posix-egrep -regex ".*\.(<span style="color: red;">NEF|nef</span>)$" -print0|tar -cvf - --null -T - |openssl aes-256-cbc -a -salt -pass pass:<span style="color: red;">password</span> | aws s3 cp - s3://<span style="color: red;">yours3backupbucket/2013.archive</span> --storage-class DEEP_ARCHIVE --expected-size 1000000000000
</pre><br />
restore:<br />
<br />
<pre>you need to inicialize restore of your archive and wait about 48hours, then issue command:</pre><pre>aws s3 cp s3://<span style="color: red;">yours3backupbucket/2013.archive</span> - | openssl enc -aes-256-cbc -a -d|tar xvf -
</pre><br />
only list restore:<br />
<br />
<pre>aws s3 cp s3://<span style="color: red;">yours3backupbucket/2013.archive</span> - | openssl enc -aes-256-cbc -a -d|tar tvf -
</pre><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br />
</span> <span style="font-family: "courier new" , "courier" , monospace;"><br />
</span> <span style="font-family: "courier new" , "courier" , monospace;"><br />
</span> <span face=""arial" , "helvetica" , sans-serif">Tips:</span><br />
<span face=""arial" , "helvetica" , sans-serif">- use --expected-size parameter (bytes) of aws s3 cp command, if you need larger archive to put into glacier (bigger than 5GB). glacier supports archive up to 40TB</span><br />
<span face=""arial" , "helvetica" , sans-serif">- you can change s3 storage class, but if you want to keep costs to minimum, you should use DEEP_ARCHIVE option. Choices: STANDARD | REDUCED_REDUNDANCY (dont use, its expensive) | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE.</span><div><span face=""arial" , "helvetica" , sans-serif"><br /></span></div><div><span face=""arial" , "helvetica" , sans-serif"><br /></span></div><div><span face=""arial" , "helvetica" , sans-serif"><br /></span></div><div><span face=""arial" , "helvetica" , sans-serif">EDIT 2021:</span></div><div><span face=""arial" , "helvetica" , sans-serif"><br /></span></div><div><span face=""arial" , "helvetica" , sans-serif"><br /></span></div><div><span face=""arial" , "helvetica" , sans-serif"><div>I would now add compression to tar and iter+pbkdf2 parameters to openssl and differenct parameters for openssl restore. Will not work with openssl-1.0.2, but with openssl-1.1.1</div><div><br /></div><div>archive:</div><pre>find "2021" -type f -regextype posix-egrep -regex ".*\.(NEF|nef)$" -print0|tar -cvz --null -T - |openssl aes-256-cbc -a -salt -pbkdf2 -iter 100000 -pass pass:password | aws s3 cp - s3://yours3backupbucket/2021.archive --storage-class DEEP_ARCHIVE --expected-size 1000000000000</pre><div><br /></div><div><div>restore:</div><div><br /></div><div>you need to inicialize restore of your archive and wait about 48hours, then issue command:</div><pre>aws s3 cp s3://yours3backupbucket/2021.archive - | openssl aes-256-cbc -a -salt -pbkdf2 -iter 100000 -pass pass:password -d|tar -xvzf - --null</pre></div><div><br /></div><div>list:</div><div><pre>aws s3 cp s3://yours3backupbucket/2021.archive - | openssl aes-256-cbc -a -salt -pbkdf2 -iter 100000 -pass pass:password -d|tar -tvzf - --null</pre></div><div><br /></div><div><br /></div></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-21909325648492277812017-05-05T23:22:00.000+00:002017-05-05T23:24:43.796+00:00U2F + sudo + Fedora 25This article is for owners of U2F security keys (<a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor" target="_blank">Universal 2nd Factor</a>), which would like to harden their sudo command. We will setup Fedora 25 system, so every sudo command will require 2nd factor authentication via usage of U2F security token.<br />
<br />
<div>
<br /></div>
<div>
Heavy lifting for implementing pam-u2f protocol was done by Yubico, you can see details on webpage <a href="https://developers.yubico.com/pam-u2f/">https://developers.yubico.com/pam-u2f/</a></div>
<div>
<br /></div>
<div>
Fortunately for us, major linux distributions are including necessary libraries already, we will show setup on Fedora 25.<br />
<br />
WARNING: during setup, be sure to have opened also terminal with root privileges, otherwise you can lock yourself out</div>
<div>
<br /></div>
<h3>
1. Instalation of packages</h3>
<br />
<pre># dnf install pamu2fcfg pam-u2f
</pre>
<br />
<br />
<div>
<h3>
<b>2. Setup of /etc/u2f_mappings</b></h3>
</div>
<div>
<b><br />
</b></div>
<div>
We will use mapping between u2f tokens and users configured in file /etc/u2f_mappings</div>
<br />
<div>
<br />
Login as user under which should you use your token</div>
<div>
<br />
<pre>$ pamu2fcfg -u `whoami` -opam://`hostname` -ipam://`hostname`
user:kiVO09_6EBL02yl9G49jWvSDd0tFztiYm8Zd5SDtXXb7jVgCwdl6J3MnWRfikn3tuUc09_hExyKF18TEQsciMw,040bf66f859a707cd98fcd11db63b7f35c7dd05cc6b1f1e85aff22bf198687a2f091b8cf9bb10bc350881ee450bafef4c8f43611642c4ce05a6d6bbbd1e466fe89</pre>
<br />
Repeat of every U2F token you own. You will be combining these lines into one line in next step.<br />
<br />
Now in separate window login as root and create file /etc/u2f_mappings with this format<br />
<br />
username1:keyhandle1,key1:keyhandle2:key2:...<br />
username2:keyhandle1,key1:keyhandle2:key2:...</div>
<div>
<br />
Example for username "user" with two U2F keys:<br />
<br />
<pre># cat /etc/u2f_mappings
user:kiVO09_6EBL02yl9G49jWvSDd0tFztiYm8Zd5SDtXXb7jVgCwdl6J3MnWRfikn3tuUc09_hExyKF18TEQsciMw,040bf66f859a707cd98fcd11db63b7f35c7dd05cc6b1f1e85aff22bf198687a2f091b8cf9bb10bc350881ee450bafef4c8f43611642c4ce05a6d6bbbd1e466fe89:piV_Zds60NmPnvNVstleTpCVfQ_sMYFANzCGBe_QrPw3XndNRmtOXkYxVQe71bugqU7fieenZ78QKckiRI3QEQ,0482f11f3e1ebedd059c8e3972b5f7b53942d1f54956770d7e08c889a37a6f24a8462a01eca6ccec6f1ccbd059acdbc377eed62a8c7024a9cdf6b948b1c2a1988f
</pre>
<br />
Make no mistake, for one username everything should be on ONE line<br />
<br />
<br />
<h3>
3. Setup /etc/sudoers</h3>
<br />
Important thing here is to set "timestamp_timeout=0" as default, so each subsequent sudo command still asks for authentication. You should edit this file via "visudo" command.<br />
<br />
<br />
<div>
<pre># egrep -v '^#|^$' /etc/sudoers
Defaults !visiblepw
Defaults env_reset,timestamp_timeout=0
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_C
HARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
</pre>
Dont forget to setup desired user as part of "wheel" system group (in /etc/group or via command usermod).</div>
<div>
<br />
<br />
<h3>
4. Setup /etc/pam.d/sudo</h3>
<div>
<br /></div>
<div>
In configs below replace $HOSTNAME with output of command `hostname`<br />
<br /></div>
<div>
We will setup system, so each sudo command will require U2F authentication (for example via touch method).<br />
<br />
<span style="color: red;">WARNING! WARNING! WARNING!</span> </div>
<div>
<br /></div>
<div>
If you setup pam_u2f module only as "<b>sufficient</b>" for authentication, you will be still able to execute sudo commands with user password only! I dont recommend this as you will have <b>same situation as without U2F security token</b>, for example if somebody will obtain your password (phising?), he can remotely execute commands as root via sudo.</div>
<div>
<br /></div>
<div>
Much better is to force every sudo command to require U2F authentication (via touch for example).</div>
<div>
<br /></div>
<div>
Entering sudo password could be optional, because you are already logged in as user (which uses same password as sudo command).</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
So here are 2 scenarios for finishing your work:</div>
<div>
<br /></div>
<div>
<b>4.a) If you WANT to have U2F confirmation AND also want to enter SUDO password</b>, then</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<pre># setup these auth lines in /etc/pam.d/sudo
auth required pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/u2f_mappings cue
auth include system-auth
</pre>
<br />
This is <b>recommended method</b> and true two factor authentication.<br />
<br />
Result will looks like this:<br />
<br />
<pre>[host ~]$ sudo -i
Please touch the device.
[sudo] password for user:
[host ~]#
</pre>
<br />
<br />
<b>4.b) If you WANT to have only U2F confirmation before executing sudo command, </b>then<br />
<br />
<br />
<div>
<pre># setup these auth lines in /etc/pam.d/sudo
auth [success=done new_authtok_reqd=done default=die] pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/u2f_mappings cue
auth include system-auth
</pre>
</div>
<br />
<br />
This method is weaker than first one (=not true 2nd factor, as you only input user password during login) but still safe from attacks on root with phished user password. It all depends on your threat model. One could argue that user data are more important than root data, but that is only true on workstation with one user. In multi-user environment, this could be damage-limiting lifesaver, as it prevents malware/attacker running random root commands via sudo.<br />
<br />
Result will looks like this:<br />
<br />
<pre>[host ~]$ sudo -i
Please touch the device.
[host ~]#
</pre>
<br />
<br />
PS: if you have strange problems with pam auth, add "debug" parameter after pam_u2f.so in /etc/pam.d/sudo, it will help you identifying cause.<br />
<br /></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-40860381992193860292016-11-14T14:53:00.000+00:002016-11-14T15:23:55.870+00:00Serial console in RHEL 7This was tested on RHEL7.3<br />
<br />
<br />
<b>If you DONT WANT to make serial console as default console:</b><br />
<br />
<br />
Enable getty on your serial port<br />
<br />
<pre># <b>systemctl enable getty@ttyS0</b>
Created symlink from /etc/systemd/system/getty.target.wants/getty@ttyS0.service to /usr/lib/systemd/system/getty@.service.
</pre><br />
And reboot (or use systemctl start for same service)<br />
<br />
<br />
<b>If you WANT to make serial console as default console</b><br />
<b><br />
</b> Dont enable getty like in previous step! (you will have duplicate gettys running on serial port, and they will collide).<br />
<br />
Modify /etc/sysconfig/grub to contain entries for your serial port (ttyS0 for in this example)<br />
<br />
<pre>GRUB_TERMINAL_INPUT="serial console"
GRUB_TERMINAL_OUTPUT="serial console"
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rhgb quiet console=tty0 console=ttyS0,9600"
</pre><br />
<br />
Recreate grub file:<br />
<br />
<br />
<pre># <b>grub2-mkconfig -o /boot/grub2/grub.cfg</b>
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-514.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-514.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-5aa1bafc68ad4d229e06111f3ad495b3
Found initrd image: /boot/initramfs-0-rescue-5aa1bafc68ad4d229e06111f3ad495b3.img
done
</pre><br />
After reboot, you can see getty running on serial port<br />
<br />
<pre># systemctl |grep ttyS0
sys-devices-pnp0-00:04-tty-ttyS0.device loaded active plugged /sys/devices/pnp0/00:04/tty/ttyS0
<b>serial-getty@ttyS0.service</b> loaded active running Serial Getty on ttyS0
</pre><br />
<br />
BTW, I recommend to delete words "rhgb quiet" from GRUB_CMDLINE_LINUX line in /etc/sysconfig/grub. It helps in various debugging sessions, but can sometimes create problem, if there is a LOT of output (in which case just leave it enabled - default).Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-65898802122973736422016-04-25T14:36:00.001+00:002016-04-25T14:45:36.694+00:00Fedora 23 (KDE): Using GPG + YubiKey4 + PCSCDFor those who have problems with integration of gpg and yubikey 4, this post is for you. Most problems come from idea, that gpg agent runs scdaemon, which prevents other processes to read yubikey usb device. Solution is to run pcscd and let only that handle all communication to yubikey. Now gpg commands like "gpg2 --card-status" can be run right after yubioath tool exited and there is no need to manually cleaning of scdaemon processes.<br />
<br />
Here are configs, which are needed to run:<br />
<br />
<br />
Modify file /etc/X11/xinit/xinitrc-common to contain last 2 lines:<br />
<pre>$ tail /etc/X11/xinit/xinitrc-common
if [ "x$TMPDIR" != "x" ]; then
SSH_AGENT="/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR"
else
SSH_AGENT="/usr/bin/ssh-agent"
fi
fi
SSH_AGENT="/usr/bin/gpg-agent --daemon --enable-ssh-support --homedir $HOME/.gnupg"; export SSH_AGENT;
SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
</pre>
<br />
Make sure file $HOME/.gnupg/gpg.conf contains line use-agent:<br />
<pre>$ tail -5 $HOME/.gnupg/gpg.conf
with-fingerprint
keyid-format 0xlong
use-agent
</pre>
<br />
Create file .gnupg/scdaemon.conf (I have 2 readers in notebook):<br />
<pre>$ cat $HOME/.gnupg/scdaemon.conf
reader-port "Yubico Yubikey 4 OTP+U2F+CCID 00 00"
reader-port "Yubico Yubikey 4 OTP+U2F+CCID 01 00"
pcsc-driver /usr/lib64/libpcsclite.so.1
card-timeout 5
disable-ccid
</pre>
<br />
Create file .gnupg/scd-event and make it <b>executable</b>. This will trigger when yubikey is removed from computer.<br />
<pre>$ cat $HOME/.gnupg/scd-event
#!/bin/sh
state=$8
if [ "$state" = "NOCARD" ]; then
pkill -9 scdaemon
fi
</pre>
<br />
Modify .gnupg/gpg-agent.conf to include ssh-support:<br />
<pre>$ cat .gnupg/gpg-agent.conf
###+++--- GPGConf ---+++###
###+++--- GPGConf ---+++### Thu Mar 12 10:53:37 2015 CET
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
default-cache-ttl-ssh 1209600
default-cache-ttl 1209600
max-cache-ttl 1209600
enable-ssh-support
pinentry-program /usr/bin/pinentry-qt
</pre>
<br />
Now udev rules for local users access are defined in 2 files:<br />
<pre>$ cat /etc/udev/rules.d/69-yubikey.rules
ACTION!="add|change", GOTO="yubico_end"
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
ENV{ID_SECURITY_TOKEN}="1"
LABEL="yubico_end"
$ cat /etc/udev/rules.d/70-u2f.rules
ACTION!="add|change", GOTO="u2f_end"
# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"
# Alcor Micro Corp. AU9540 Smartcard Reader
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058f", ATTRS{idProduct}=="9540", TAG+="uaccess"
# Happlink (formerly Plug-Up) Security KEY
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"
# Neowave Keydo and Keydo AES
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"
# HyperSecu HyperFIDO
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"
LABEL="u2f_end"
</pre>
<br />
Create file /etc/polkit-1/rules.d/99-smartcard.rules and <b>substitute username</b> with loginname of desired user:<br />
<pre># cat /etc/polkit-1/rules.d/99-smartcard.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
subject.user == "username") {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_card" &&
action.lookup("reader") == 'Yubico Yubikey 4 OTP+U2F+CCID 00 00' &&
subject.user == "username") {
return polkit.Result.YES; }
});
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_card" &&
action.lookup("reader") == 'Yubico Yubikey 4 OTP+U2F+CCID 01 00' &&
subject.user == "username") {
return polkit.Result.YES; }
});
</pre>
<br />
Make sure environment variables are set correctly for local user (in .bashrc)<br />
<pre>export GPG_SOCKET_FILE=$HOME/.gnupg/S.gpg-agent
export GPG_TTY=$(tty)
export SSH_AUTH_SOCK="$HOME/.gnupg/S.gpg-agent.ssh"
</pre>
<br />
<br />
Enable pcscd:<br />
<pre>systemctl enable pcscd.socket
systemctl enable pcscd.service
</pre>
<br />
And reboot. Now you should have in KDE everything ready to run oathtool and gpg agent with yubikey 4 smartcard support. If there is error that yubikey is already in use, just reinsert it.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-7262627635746033782015-01-27T15:15:00.005+00:002015-01-27T15:26:14.788+00:00RHEL 6: Using linux cgroups as universal start/stop scriptHave you ever had to deal with programs, which dont have correct start/stop scripts written and they are spawning many processes?<br />
<br />
Maybe this universal start/stop script will help you. First enable cgroups support in OS, this is example for RHEL 6:<br />
<br />
<pre>chkconfig cgconfig on
chkconfig cgred on
</pre><br />
and reboot.<br />
<br />
Now comes script.<br />
<br />
What you have to specify is STARTFILE - name of program, which doesnt have correct start/stop script and does spawn many other programs as children. Next specify unique name for CGROUP, under which we will track PIDs of spawned children. It can be any name. (#exec line I use for debugging, is not really needed).<br />
<br />
In start part, I send pid of current (this) script running to prepared cgroup, which does tracking of pids for us. Then I run script STARTFILE as user "username".<br />
<br />
In stop part script first send kill to all pids in CGROUP, after 1 second checks if there are any pids still running and if yes, after 10 seconds it sends kill -9. You can increase this delay, or even make a loop to periodicaly check for pids existence, its up to you.<br />
<br />
<br />
<pre># <b>cat /etc/init.d/impex-onl</b>
#!/bin/bash
#exec >> /tmp/testing 2>&1
STARTFILE=/opt/cdaenvs/suprod/work/impex-onl/bin/impex-start.sh
CGROUP=impexonl
#### dont edit after this line #####
PIDFILE=/cgroup/cpu/$CGROUP/tasks
existing_pids () {
( ps --no-header -e -o pid | tr -d ' ' ; cat $PIDFILE ) | sort | uniq -d
}
cgcreate -g cpu:$CGROUP
start() {
echo "echo $$ > $PIDFILE"
echo $$ > $PIDFILE
echo "starting $STARTFILE" >> /dev/stderr
su -l -c "$STARTFILE" username
}
stop() {
existing_pids | while read i; do
kill $i
done
sleep 1
lines=`existing_pids|wc -l`
if test "$lines" -gt 0; then
sleep 10;
existing_pids | while read i; do
kill -9 $i
done
fi
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
echo -n "Pids of running $CGROUP processes: " >> /dev/stderr
existing_pids | xargs echo >> /dev/stderr
lines=`existing_pids|wc -l`
if test "$lines" -gt 0; then
exit 0
else
exit 3
fi
;;
restart|reload|force-reload)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload}"
exit 1
esac
exit 0
</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-29889762898549584302014-11-10T09:33:00.000+00:002015-04-23T08:41:55.193+00:00RHEL 7 + selinux + sendmail greylistingIf you have combination RHEL 7 + selinux + sendmail greylisting (smf-grey), maybe this will help you resolve problems.<br />
<br />
First identify from /var/log/audit/audit.log lines, which are related to your case, for example:<br />
<br />
<pre>type=AVC msg=audit(1415573843.208:2609): avc: denied { getattr } for pid=12969 comm="sendmail" path="/run/smfs/smf-grey.sock" dev="tmpfs" ino=65392 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1415575051.524:3068): avc: denied { write } for pid=13609 comm="sendmail" name="smf-grey.sock" dev="tmpfs" ino=65392 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1415575527.915:3082): avc: denied { connectto } for pid=13759 comm="sendmail" path="/run/smfs/smf-grey.sock" scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
</pre><div><br />
</div><div>Install packages policycoreutils, policycoreutils-python, checkpolicy and setroubleshoot. Now execute:</div><div></div><pre>cat file_with_needed_audit_lines |audit2allow -m greylist > greylist.te
checkmodule -M -m -o greylist.mod greylist.te
semodule_package -m greylist.mod -o greylist.pp
semodule -i greylist.pp
</pre><div><br />
</div><div>Oh, and if you need to enable other ports to some services, use semanage, example:<br />
<br />
<pre>semanage port -l | grep smtp
semanage port -a -t smtp_port_t -p tcp 2525
</pre><br />
</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-77451309652557387092012-09-05T13:34:00.000+00:002012-09-10T13:28:44.426+00:00Identify WWN of FC card interface in RHEL6If you have many FC cards in your server like in this example, how to identify what are WWNs of dual FC interface i<span style="font-family: inherit;">n first ISP2532 card on bus?</span><br />
<br />
<br />
<pre><span style="font-size: x-small;"># lspci |grep Fibre
<b>05:00.0</b> Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)
<b>05:00.1</b> Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)
08:00.0 Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)
08:00.1 Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)
0b:00.6 Fibre Channel: QLogic Corp. 8200 Series 10GbE Converged Network Adapter (FCoE) (rev 54)
0b:00.7 Fibre Channel: QLogic Corp. 8200 Series 10GbE Converged Network Adapter (FCoE) (rev 54)
11:00.6 Fibre Channel: QLogic Corp. 8200 Series 10GbE Converged Network Adapter (FCoE) (rev 54)
11:00.7 Fibre Channel: QLogic Corp. 8200 Series 10GbE Converged Network Adapter (FCoE) (rev 54)
</span></pre>
<br />
<div>
<span style="font-family: inherit;">You can run something like this:</span></div>
<br />
<pre><span style="font-size: x-small;"><b># for i in /sys/class/fc_host/host*; do (cd $i; pwd -P; cat port_name) ; done
</b>/sys/devices/pci0000:00/0000:00:05.0/0000:11:00.6/host2/fc_host/host2
0x21002c27d754443b
/sys/devices/pci0000:00/0000:00:05.0/0000:11:00.7/host3/fc_host/host3
0x21002c27d754443f
/sys/devices/pci0000:00/0000:00:07.0/0000:0b:00.6/host4/fc_host/host4
0x21002c27d7544493
/sys/devices/pci0000:00/0000:00:07.0/0000:0b:00.7/host5/fc_host/host5
0x21002c27d7544497
/sys/devices/pci0000:00/0000:00:09.0/0000:08:00.0/host6/fc_host/host6
0x5001438021e03ecc
/sys/devices/pci0000:00/0000:00:09.0/0000:08:00.1/host7/fc_host/host7
0x5001438021e03ece
/sys/devices/pci0000:00/0000:00:0a.0/0000:<b><span style="color: red;">05:00.0</span></b>/host8/fc_host/host8
<b><span style="color: red;">0x5001438021e04024</span></b>
/sys/devices/pci0000:00/0000:00:0a.0/0000:<b><span style="color: red;">05:00.1</span></b>/host9/fc_host/host9
<b><span style="color: red;">0x5001438021e04026</span></b></span></pre>
<div>
<br />
Now you see pairs of WWN and location on bus.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-7225313660459870362012-08-28T17:20:00.000+00:002012-08-28T17:31:49.057+00:00Online resize of multipath device in RHEL 6<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:RelyOnVML/>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment-->
<br />
<div class="MsoNormal">
Task: On RHEL 6 64-bit, perform online resize of filesystem /journal<b> </b>from 50GB to 100GB. That filesystem is part of multipath device <b>brc001_journal_pv.</b><br />
<b><br /></b>
<b></b><br />
<a name='more'></a><b><br /></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
HOWTO:</div>
<div class="MsoNormal">
In this post we are going to resize multipath device <b>brc001_journal_pv</b> with running IO operations. OS used is RHEL 6.2 64-bit. Remember, if you want to actually decrease size of volume, you cannot do that online, you have to unmount relevant filesystem, resize filesystem, resize lv/vg/pv and finally resize disk on array. But today we are going to increase size, so its easier.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
What are relevant paths of device? </div>
<div class="MsoNormal">
<br /></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># multipath -ll<o:p></o:p></span></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><b>brc001_journal_pv</b>
(36000d310003582000000000000000026) dm-1 COMPELNT,Compellent Vol<o:p></o:p></span></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">size=<b>50G</b> features='1
queue_if_no_path' hwhandler='0' wp=rw<o:p></o:p></span></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">`-+- policy='round-robin 0' prio=1 status=active<o:p></o:p></span></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |- 2:0:5:2 <b>sdh</b> 8:112 active ready running<o:p></o:p></span></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> `- 1:0:7:2 <b>sdp</b> 8:240 active ready running<o:p></o:p></span></div>
<div class="MsoNormal">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">.</span></span></div>
<div class="MsoNormal">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">.</span></span></div>
<div class="MsoNormal">
<span lang="SK"><br /></span></div>
<div class="MsoNormal">
<span lang="SK">Multipath
device brc001_journal_pv has paths <b>sdh</b> a <b>sdp</b>.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="SK">1.<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><!--[endif]--><span lang="SK">First we increase size of LUN on disk array. Every disk array has different guide, so please refer to documentation of your disk array.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="SK">2.<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><!--[endif]--><span lang="SK">Second we will rescan relevant paths and multipath device<o:p></o:p></span></div>
<div class="prepre">
<br /></div>
<div class="prepre">
<b><span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">echo 1 > /sys/block/sdh/device/rescan<o:p></o:p></span></span></b></div>
<div class="prepre">
<b><span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">echo 1 > /sys/block/sdp/device/rescan<o:p></o:p></span></span></b></div>
<div class="prepre">
<b><span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">multipathd -k"resize map
brc001_journal_pv"<o:p></o:p></span></span></b></div>
<div class="MsoNormal">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># <b>multipath -ll</b><o:p></o:p></span></span></div>
<div class="prepre">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><b><span lang="SK">brc001_journal_pv</span></b><span lang="SK"> (36000d310003582000000000000000026) dm-1
COMPELNT,Compellent Vol<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">size=<b>100G</b> features='1 queue_if_no_path'
hwhandler='0' wp=rw<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">`-+-
policy='round-robin 0' prio=1 status=active<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |- 2:0:5:2 <b>sdh</b> 8:112 active ready running<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> `- 1:0:7:2 <b>sdp</b> 8:240 active ready running<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="SK">3.<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><!--[endif]--><span lang="SK">Resize physical volume<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># <b>pvresize /dev/mapper/brc001_journal_pv</b><o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Physical volume
"/dev/mapper/brc001_journal_pv" changed<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 1 physical volume(s) resized / 0 physical
volume(s) not resized<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># pvs
/dev/mapper/brc001_journal_pv<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> PV VG Fmt Attr PSize
PFree<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> /dev/mapper/brc001_journal_pv
brc001_journal_vg lvm2 a-- 100.00g 0<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="SK">4.<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><!--[endif]--><span lang="SK">Resize logical volume<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># <b>lvresize</b> <b>-l 100%VG /dev/mapper/brc001_journal_vg-journal_lv</b><o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Extending
logical volume journal_lv to 100.00 GiB <o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Logical volume journal_lv successfully
resized<o:p></o:p></span></span></div>
<div class="prepre">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># lvs
brc001_journal_vg<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> LV
VG Attr LSize
Origin Snap% Move Log Copy% Convert<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> journal_lv brc001_journal_vg -wi-ao 100.00g<o:p></o:p></span></span></div>
<div class="prepre">
<br /></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="SK">5.<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><!--[endif]--><span lang="SK">Resize filesystem and we are done!<o:p></o:p></span></div>
<div class="prepre">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># <b>resize2fs
/dev/mapper/brc001_journal_vg-journal_lv</b><o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">resize2fs 1.41.12
(17-May-2010)<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Filesystem at
/dev/mapper/brc001_journal_vg-journal_lv is mounted on /journal; on-line
resizing required<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">old desc_blocks = 4,
new_desc_blocks = 7<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Performing an
on-line resize of /dev/mapper/brc001_journal_vg-journal_lv to 26213376 (4k)
blocks.<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">The filesystem on
/dev/mapper/brc001_journal_vg-journal_lv is now 26213376 blocks long.<o:p></o:p></span></span></div>
<div class="prepre">
<br /></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># df
-h /journal/<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Filesystem Size Used Avail Use% Mounted on<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">/dev/mapper/brc001_journal_vg-journal_lv<o:p></o:p></span></span></div>
<div class="prepre">
<span lang="SK"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 99G 18G
82G 18% /journal<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<!--EndFragment-->Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-2288976384834646763.post-42563127621878853082012-08-28T15:24:00.002+00:002012-11-27T12:55:21.339+00:00Serial console in RHEL 6There are changes between RHEL5 and RHEL6 about how to setup serial console. In RHEL 6 you no longer specify it in /etc/inittab, but leave it on upstart daemon work.<br />
<br />
<br />
<h3>
1. If you <b>DONT WANT</b> to have serial console as your default console:</h3>
<br />
<pre># <b>cat /boot/grub/menu.lst</b>
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
<b>serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
</b>hiddenmenu
title Red Hat Enterprise Linux (2.6.32-131.0.15.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-131.0.15.el6.x86_64 ro root=/dev/mapper/rootvg-rootvol rd_LVM_LV=rootvg/rootvol rd_LVM_LV=rootvg/swapvol rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto quiet <b>console=ttyS0,9600n8 console=tty0</b>
initrd /initramfs-2.6.32-131.0.15.el6.x86_64.img
# <b>grep ttyS0 /etc/securetty</b>
ttyS0
# <b>cat /etc/init/ttyS0.conf</b>
start on runlevel [345]
stop on runlevel [S016]
respawn
instance /dev/ttyS0
exec /sbin/agetty ttyS0 9600 vt100-nav
</pre>
<h3>
</h3>
<br />
And initialize console with:<br />
<br />
<b># initctl start ttyS0</b><br />
<br />
<h3>
2. If you <b>DO WANT to</b> have serial console as default console:</h3>
<br />
Add <b>serial</b> and <b>terminal</b> lines to menu.lst as above plus a<span style="font-family: Times, Times New Roman, serif;">ppend</span><span style="font-family: Arial, Helvetica, sans-serif;"> "</span><span class="parameter" style="border: 0px; line-height: 18px; margin: 0px; orphans: 4; padding: 0px; vertical-align: baseline; white-space: pre-wrap; widows: 4;"><code style="border: 0px; display: inline; font-style: italic; font-weight: bold; margin: 0px; padding: 0px; vertical-align: baseline; word-wrap: break-word;"><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">console=tty0 console=ttyS0,9600</span></code><code style="border: 0px; display: inline; font-family: Arial, Helvetica, sans-serif; font-style: italic; font-weight: bold; margin: 0px; padding: 0px; vertical-align: baseline; word-wrap: break-word;">" </code><code style="border: 0px; display: inline; margin: 0px; padding: 0px; vertical-align: baseline; word-wrap: break-word;"><span style="font-family: Times, Times New Roman, serif;">to kernel line in /boot/grub/menu.lst</span></code></span><br />
<div style="orphans: 4; widows: 4;">
<span style="line-height: 18px; white-space: pre-wrap;"><span style="font-family: inherit;"><br /></span></span></div>
<div style="orphans: 4; widows: 4;">
<span style="line-height: 18px; white-space: pre-wrap;"><span style="font-family: inherit;">Thats all, as upstart will automatically start serial login process on <b>last specified</b> console parameter extracted from kernel line (in this case ttyS0).</span></span></div>
<div style="orphans: 4; widows: 4;">
<br /></div>
<div style="orphans: 4; widows: 4;">
<span style="line-height: 18px; white-space: pre-wrap;"><span style="font-family: inherit;"><br /></span></span>
<span style="line-height: 18px; white-space: pre-wrap;"><span style="font-family: inherit;"><br /></span></span></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-2288976384834646763.post-78486805656499911442012-07-30T10:23:00.003+00:002012-07-30T10:32:49.714+00:00How to create ultra small Linux machine on Amazon EC2If you are using amazon aws services, you know that by default Amazon will let you use virtual machine with 8GB root filesystem. But sometimes you are using under 2GB of actual space, so why not to shrink this machine and pay only for 2GB instead of 8GB? This mini-tutorial is for that.<br />
<br />
<br />
<a name='more'></a>1. Using EC2 console (<a href="https://console.aws.amazon.com/ec2/">https://console.aws.amazon.com/ec2/</a>) create new volume (Elastic block storage->Volumes) with size of 2GB and attach it to your running machine. Dont forget to use same availability zone as current root volume is running.<br />
<br />
2. New disk should be seen by OS:<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 /]# <b>fdisk -l /dev/xvdf</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;"><b><br /></b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Disk /dev/xvdf: 2147 MB, 2147483648 bytes</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">255 heads, 63 sectors/track, 261 cylinders</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Units = cylinders of 16065 * 512 = 8225280 bytes</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Sector size (logical/physical): 512 bytes / 512 bytes</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">I/O size (minimum/optimal): 512 bytes / 512 bytes</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Disk identifier: 0x00000000</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;"><br /></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Disk /dev/xvdf doesn't contain a valid partition table</span><br />
<br />
3. Check LABEL and UUID of your current root FS.<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 ~]# <b>blkid</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">/dev/xvda1: LABEL="/" UUID="f0b0a1ec-20ae-4ee1-8e11-5fc79aa08f44" TYPE="ext4"</span><br />
<br />
4. Create ext4 filesystem on your new disk with same parameters<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 ~]# <b>mkfs.ext4 -L / -U f0b0a1ec-20ae-4ee1-8e11-5fc79aa08f44 /dev/xvdf</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">mke2fs 1.42 (29-Nov-2011)</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Filesystem label=/</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">OS type: Linux</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Block size=4096 (log=2)</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">.</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">.</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Writing superblocks and filesystem accounting information: done</span><br />
<br />
5. Mount disk and copy OS directories to that disk:<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 ~]# <b>mkdir /tmp/1</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 ~]# <b>mount /dev/xvdf /tmp/1</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 /]# <b>cd /</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 /]# <b>ls</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">bin boot cgroup dev etc home lib lib64 local lost+found media mnt opt proc root sbin selinux srv sys tmp usr var</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 /]# <b>tar cf - bin boot etc home lib lib64 local media mnt opt root sbin usr var | (cd /tmp/1; tar xf -)</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">tar: var/run/dbus/system_bus_socket: socket ignored</span><br />
<b><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;"><br /></span></b><br />
<span style="font-family: inherit;">Ignore that warning :)</span><br />
<br />
6. Create missing directories, on tmp dir set sticky bit<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 /]# <b>cd /tmp/1</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 1]# <b>ls</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">bin boot etc home lib lib64 local lost+found media mnt opt root sbin usr var</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 1]# <b>mkdir cgroup dev proc selinux srv sys tmp</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 1]# <b>chmod 1777 tmp</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 1]# <b>pwd</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">/tmp/1</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 1]# <b>ls</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">bin boot cgroup dev etc home lib lib64 local lost+found media mnt opt proc root sbin selinux srv sys tmp usr var</span><br />
<br />
7. Turn off virtual machine and detach both old 8GB root volume and 2GB volume. Attach 2GB volume again, but now with path <b>/dev/sda1</b>. Turn on machine and check if is everything ok (it should be seen as /dev/xvda1 now). You can now freely delete old 8GB volume. You are done :)<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">[root@ip-10-202-45-149-vpn1 ~]# <b>df -h</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">Filesystem Size Used Avail Use% Mounted on</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">/dev/xvda1 <b>2.0G</b> 1007M 935M 52% /</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">tmpfs 298M 0 298M 0% /dev/shm</span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;"><br /></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-79527862148658748402011-06-22T12:08:00.001+00:002019-04-11T09:57:24.340+00:00Set outgoing IP address in Solaris 10root@sol3 # route get default<br />
route to: default<br />
destination: default<br />
mask: default<br />
gateway: 192.168.168.2<br />
interface: e1000g0:1<br />
flags: <up done="" gateway="" static=""></up><br />
recvpipe sendpipe ssthresh rtt,ms rttvar,ms hopcount mtu expire<br />
0 0 0 0 0 0 1500 0<br />
<br />
<br />
<br />
root@sol3 # ifconfig -a<br />
lo0: flags=2001000849<up ipv4="" loopback="" multicast="" running="" virtual=""> mtu 8232 index 1</up><br />
inet 127.0.0.1 netmask ff000000<br />
e1000g0: flags=9040843<up broadcast="" deprecated="" ipv4="" multicast="" nofailover="" running=""> mtu 1500 index 2</up><br />
inet 192.168.168.31 netmask ffffff00 broadcast 192.168.168.255<br />
groupname prodgr<br />
ether 0:c:29:20:e6:9<br />
e1000g0:1: flags=1000843<up broadcast="" ipv4="" multicast="" running=""> mtu 1500 index 2</up><br />
inet 192.168.168.41 netmask ffffff00 broadcast 192.168.168.255<br />
e1000g0:2: flags=1000843<up broadcast="" ipv4="" multicast="" running=""> mtu 1500 index 2</up><br />
inet 192.168.168.51 netmask ffffff00 broadcast 192.168.168.255<br />
e1000g1: flags=69040843<up broadcast="" deprecated="" inactive="" ipv4="" multicast="" nofailover="" running="" standby=""> mtu 1500 index 3</up><br />
inet 192.168.168.32 netmask ffffff00 broadcast 192.168.168.255<br />
groupname prodgr<br />
ether 0:c:29:20:e6:13<br />
<br />
<br />
<br />
root@sol3 # route delete default 192.168.168.2<br />
delete net default: gateway 192.168.168.2<br />
root@sol3 #<br />
root@sol3 # route add default 192.168.168.2 -setsrc 192.168.168.51<br />
add net default: gateway 192.168.168.2<br />
<br />
<br />
root@sol3 # route get default<br />
route to: default<br />
destination: default<br />
mask: default<br />
gateway: 192.168.168.2<br />
setsrc: 192.168.168.51<br />
interface: e1000g0:1<br />
flags: <up done="" gateway="" setsrc="" static=""></up><br />
recvpipe sendpipe ssthresh rtt,ms rttvar,ms hopcount mtu expire<br />
0 0 0 0 0 0 1500 0Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-23493404760430021332010-02-10T17:22:00.005+00:002011-03-04T08:25:07.196+00:00rTorrent patch - almost linear downloadingAre you rTorrent user? Want to play .avi files as soon as possible, while downloading? Then maybe this patch will you find handy. Info: tested on rtorrent/libtorrent 0.8.5/0.12.5 All changes are affecting only one file: libtorrent-0.12.5/src/download/chunk_selector.cc<br />
<br />
Update, May 2010: Patch applicable to rtorrent 0.8.6/0.12.6<br />
<br />
<a name='more'></a>Normally rtorrent randomize start of next chunks download position every 64 downloaded chunks (randomize routine). Simply alter this random distribution to be less random. I don't recommend to fix this start position to value 0, as it has negative effects. Avi file has some important data at the end of file, so video player will complain that file is corrupted and you will not be able to seek in this file (while downloading). Also if you have more peers, you will waste bandwidth by downloading same chunk from them.<br />
<br />
First, in case ready to download chunk has invalid position (this is default from start), modify this position to be random, but close to position 0. Next, after each randomize routine, this patch will modify download position to value 0 in five from seven times. One times from seven, it will start from the almost end of file (to download avi index). And one times from seven it will start download from random position. From my observations it seems, that its enough to not download same chunk from peers.<br />
<div align="left" class="separator" style="clear: both; text-align: left;"><br />
</div><div align="left" class="separator" style="clear: both; text-align: left;">Patch is here:</div><pre>--- libtorrent-0.12.5/src/download/chunk_selector.cc 2009-05-13 15:10:13.000000000 +0200
+++ libtorrent-0.12.5.new/src/download/chunk_selector.cc 2009-12-22 16:38:50.000000000 +0100
@@ -79,13 +79,14 @@
m_sharedQueue.clear();
if (m_position == invalid_chunk)
- m_position = random() % size();
+ m_position = (random() % size()) / 10;
advance_position();
}
uint32_t
ChunkSelector::find(PeerChunks* pc, __UNUSED bool highPriority) {
+ int tmp;
// This needs to be re-enabled.
if (m_position == invalid_chunk)
return invalid_chunk;
@@ -100,8 +101,28 @@
// Randomize position on average every 16 chunks to prevent
// inefficient distribution with a slow seed and fast peers
// all arriving at the same position.
- if ((random() & 63) == 0) {
- m_position = random() % size();
+
+ if ((random() & 31) == 0) {
+
+ tmp = random();
+ switch( tmp % 7 ) {
+ case 0:
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ m_position = 0;
+ break;
+ case 6:
+ m_position = size() - 20;
+ if (m_position > 0) {
+ break;
+ }
+ default:
+ m_position = tmp % size();
+ break;
+ }
+
queue->clear();
}
</pre>Result (there are still some chunks, which are not dowloaded as soon as possible - red arrows, deeper investigastion needed). They are downloaded few minutes later (after few randomize routines). But hey ItWorksForMe(tm):<br />
<br />
<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_0Vv_xRBbHdE/S3LetcHu_BI/AAAAAAAAAwA/z2kDddWT9M0/s1600-h/skynet_~+%E2%80%94+ssh+%E2%80%94+148%C3%9740-3-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="337" src="http://4.bp.blogspot.com/_0Vv_xRBbHdE/S3LetcHu_BI/AAAAAAAAAwA/z2kDddWT9M0/s640/skynet_~+%E2%80%94+ssh+%E2%80%94+148%C3%9740-3-1.png" width="640" /></a></div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-2288976384834646763.post-49286358451491176902009-11-23T16:53:00.002+00:002009-11-23T16:53:48.482+00:00IP multipathing with RHEL 5In this page you can find sample working configs, which do following:<br />
<br />
- setup two bond interfaces (bond0, bond1) with 802.3ad support<br />
- setup two aliases for bond0<br />
- setup two VLANs on bond1<br />
- setup custom routes for these VLANs<br />
- setup default gw trought bond0<br />
<br />
All this we make on RedHat Linux 5.4, server is SunFire x4150 with 4x onboard ethernet devices.<br />
<br />
<a name='more'></a>Basic config:<br />
<pre>[root@dtgs1 network-scripts]# cat /etc/modprobe.conf
alias eth0 e1000e
alias eth1 e1000e
alias eth2 e1000e
alias eth3 e1000e
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptsas
alias scsi_hostadapter2 ata_piix
alias scsi_hostadapter3 ahci
alias scsi_hostadapter4 usb-storage
alias bond0 bonding
alias bond1 bonding
options bond0 mode=4 miimon=100
options bond1 mode=4 miimon=100
[root@dtgs1 network-scripts]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=dtgs1
GATEWAYDEV=bond0
[root@dtgs1 network-scripts]# cat ifcfg-eth0
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth0
HWADDR=00:1e:68:2f:04:dc
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
MASTER=bond0
SLAVE=yes
[root@dtgs1 network-scripts]# cat ifcfg-eth1
# Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper)
DEVICE=eth1
HWADDR=00:1e:68:2f:04:dd
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
MASTER=bond0
SLAVE=yes
[root@dtgs1 network-scripts]# cat ifcfg-eth2
# Intel Corporation 82571EB Gigabit Ethernet Controller
DEVICE=eth2
HWADDR=00:1e:68:2f:04:de
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
MASTER=bond1
SLAVE=yes
[root@dtgs1 network-scripts]# cat ifcfg-eth3
# Intel Corporation 82571EB Gigabit Ethernet Controller
DEVICE=eth3
HWADDR=00:1e:68:2f:04:df
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
MASTER=bond1
SLAVE=yes
[root@dtgs1 network-scripts]# cat ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.128.50.11
NETMASK=255.255.255.0
GATEWAY=10.128.50.1
USERCTL=no
[root@dtgs1 network-scripts]# cat ifcfg-bond0\:0
DEVICE=bond0:0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.128.50.12
NETMASK=255.255.255.0
GATEWAY=10.128.50.1
USERCTL=no
[root@dtgs1 network-scripts]# cat ifcfg-bond0\:1
DEVICE=bond0:1
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.128.50.13
NETMASK=255.255.255.0
GATEWAY=10.128.50.1
USERCTL=no
[root@dtgs1 network-scripts]# cat ifcfg-bond1
DEVICE=bond1
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
[root@dtgs1 network-scripts]# cat ifcfg-bond1.100
DEVICE=bond1.100
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.128.100.11
NETMASK=255.255.255.0
GATEWAY=10.128.100.1
USERCTL=no
VLAN=yes
[root@dtgs1 network-scripts]# cat ifcfg-bond1.106
DEVICE=bond1.106
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.128.106.11
NETMASK=255.255.255.0
GATEWAY=10.128.106.1
USERCTL=no
VLAN=yes
[root@dtgs1 network-scripts]# cat route-bond1.100
ADDRESS0=10.128.120.0
NETMASK0=255.255.255.0
GATEWAY0=10.128.100.1
ADDRESS1=10.128.180.0
NETMASK1=255.255.255.0
GATEWAY1=10.128.100.1
[root@dtgs1 network-scripts]# cat route-bond1.106
ADDRESS0=10.128.240.0
NETMASK0=255.255.240.0
GATEWAY0=10.128.106.1
</pre><br />
<br />
A result of this configuration:<br />
<pre>[root@dtgs1 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 qlen 1000
link/ether 00:1e:68:2f:04:dc brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 qlen 1000
link/ether 00:1e:68:2f:04:dc brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond1 qlen 1000
link/ether 00:1e:68:2f:04:de brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond1 qlen 1000
link/ether 00:1e:68:2f:04:de brd ff:ff:ff:ff:ff:ff
6: sit0: <noarp> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1e:68:2f:04:dc brd ff:ff:ff:ff:ff:ff
inet 10.128.50.11/24 brd 10.128.50.255 scope global bond0
inet 10.128.50.12/24 brd 10.128.50.255 scope global secondary bond0:0
inet 10.128.50.13/24 brd 10.128.50.255 scope global secondary bond0:1
inet6 fe80::21e:68ff:fe2f:4dc/64 scope link
valid_lft forever preferred_lft forever
8: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1e:68:2f:04:de brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fe2f:4de/64 scope link
valid_lft forever preferred_lft forever
9: bond1.100@bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1e:68:2f:04:de brd ff:ff:ff:ff:ff:ff
inet 10.128.100.11/24 brd 10.128.100.255 scope global bond1.100
inet6 fe80::21e:68ff:fe2f:4de/64 scope link
valid_lft forever preferred_lft forever
10: bond1.106@bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1e:68:2f:04:de brd ff:ff:ff:ff:ff:ff
inet 10.128.106.11/24 brd 10.128.106.255 scope global bond1.106
inet6 fe80::21e:68ff:fe2f:4de/64 scope link
valid_lft forever preferred_lft forever
[root@dtgs1 network-scripts]# ip r
10.128.100.0/24 dev bond1.100 proto kernel scope link src 10.128.100.11
10.128.180.0/24 via 10.128.100.1 dev bond1.100
10.128.50.0/24 dev bond0 proto kernel scope link src 10.128.50.11
10.128.106.0/24 dev bond1.106 proto kernel scope link src 10.128.106.11
10.128.120.0/24 via 10.128.100.1 dev bond1.100
10.128.240.0/20 via 10.128.106.1 dev bond1.106
169.254.0.0/16 dev bond1.106 scope link
default via 10.128.50.1 dev bond0
</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-66241355606245051142009-11-23T16:26:00.002+00:002009-11-23T16:26:36.835+00:00IO multipathing with RHEL 5In this post, we describe working IO multipathing configuration. Used technologies: RedHat Linux 5.4 64bit, 2x SunFire x4150, Sun StorageTek 2540, 2x Qlogic FC HBA.<br />
<a name='more'></a><br />
1. Multipath.conf is shortened (only few devices are showed). Internal disks are ignored (vendor "Sun"). Also note, that changes to uid or more on multipath devices are visible only after reboot (bug?).<br />
<pre># cat /etc/multipath.conf
blacklist {
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^hd[a-z][[0-9]*]"
device {
vendor Sun
}
}
devices {
device {
vendor "SUN"
product "LCSM100_F"
getuid_callout "/sbin/scsi_id -g -u -s /block/%n"
prio_callout "/sbin/mpath_prio_rdac /dev/%n"
features "0"
hardware_handler "1 rdac"
path_grouping_policy group_by_prio
failback immediate
rr_weight uniform
no_path_retry queue
rr_min_io 1000
path_checker rdac
}
}
multipaths {
multipath {
wwid 3600a0b80005b0a760000042b4ad4bf74
alias s2-dbdata1
mode 660
uid 500
gid 500
}
multipath {
wwid 3600a0b80005b15e3000004594ad4bf47
alias s2-dbredo1
mode 660
uid 500
gid 500
}
}
</pre><br />
2. In lvm.conf, it is good to modify two lines, to reduce LVM discovery time.<br />
<pre>/etc/lvm/lvm.conf:
filter = [ "a/dev/mpath/.*/", "a/dev/sda.*/", "a/dev/sdb.*/", "a/dev/md.*/", "r/.*/" ]
types = [ "device-mapper", 1]
</pre><br />
3. Modify also udev rules, to shorten bootup time:<br />
<pre>/etc/udev/rules.d/05-udev-early.rules:
##ACTION=="add", DEVPATH=="/devices/*", ENV{PHYSDEVBUS}=="?*", WAIT_FOR_SYSFS="bus"
</pre><br />
4. Modprobe.conf:<br />
<pre>/etc/modprobe.conf:
alias eth0 e1000e
alias eth1 e1000e
alias eth2 e1000e
alias eth3 e1000e
alias scsi_hostadapter aacraid
alias scsi_hostadapter1 ata_piix
alias scsi_hostadapter2 ahci
alias scsi_hostadapter3 usb-storage
alias scsi_hostadapter4 qla2xxx
alias scsi_hostadapter5 dm_multipath
alias scsi_hostadapter6 scsi_dh_rdac
</pre><br />
5. Last step is critical, recreate initrd so scsi_dh_rdac is loaded first (otherwise, there will be tons of errors during boot). Also please note, that you need at least update 3 of RHEL 5.<br />
<pre>[root@db2 boot]# mkinitrd -v -f initrd-2.6.18-164.2.1.el5.img 2.6.18-164.2.1.el5 --preload scsi_dh_rdac
</pre>Unknownnoreply@blogger.com28tag:blogger.com,1999:blog-2288976384834646763.post-27630795176369476532009-11-22T19:13:00.004+00:002010-02-15T15:27:10.225+00:00Turn on word wrapping in "pre" tagOn Blogger, you need to edit template to turn on wrapping of tag "pre", otherwise long lines are not showing correctly. So paste this to your template:<br />
<pre>pre {
white-space: -moz-pre-wrap; /* Mozilla, supported since 1999 */
white-space: -pre-wrap; /* Opera 4 - 6 */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: pre-wrap; /* CSS3 */
word-wrap: break-word; /* IE 5.5+ */
background: #dddddd;
display: block;
padding: 0.5em 1em;
border: 1px solid #bebab0;
}
</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-10003452133542699752009-11-04T13:05:00.018+00:002010-04-29T08:52:28.357+00:00Redhat 5 + serial console setup<span style="font-family: arial;">Here is quick setup of serial console for RedHat 5. It works for other linux distros too.</span><br />
<pre><b># grep agetty /etc/inittab</b>
S0:12345:respawn:/sbin/agetty ttyS0 9600 vt100-nav
<b># grep SAFE /etc/sysconfig/kudzu</b>
SAFE=yes
<b># grep ttyS0 /etc/securetty</b>
ttyS0
<b># cat /boot/grub/menu.lst</b>
default=0
timeout=5
hiddenmenu
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
title Red Hat Enterprise Linux Server (2.6.18-164.2.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.2.1.el5 ro root=/dev/VolGroup00/rootvol console=tty0 console=ttyS0,9600n8 quiet
initrd /initrd-2.6.18-164.2.1.el5.img
</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-44158717657336276842008-08-22T08:20:00.000+00:002009-07-27T22:58:46.833+00:00Installing geoip netfilter module under fedora 9Just few tips, after you have patched current kernel sources and iptables, you want now compile geoip module (not whole kernel).<br/><br/>So in kernel sources dir, where is also Makefile, execute this commands:<br/><pre>make modules_prepare<br/>make -C $(pwd) M=net/netfilter/ modules<br/>cp net/netfilter/xt_geoip.ko /lib/modules/`uname -r`/extra/<br/>depmod -a<br/>modprobe xt_geoip</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-87935080972127944992008-04-29T02:19:00.000+00:002009-07-27T22:58:46.833+00:00Using .htaccess files easy wayIf you have configured .htaccess file in your public_html like this...<br/><pre><strong>cat ~/public_html/private/.htaccess</strong><br/>AuthType Basic<br/>AuthUserFile /path/to/homedir/public_html/private/.htpasswd<br/>AuthGroupFile /dev/null<br/>AuthName AnyNameYouLike<br/>require valid-user</pre><br/>... you will have problem to allow guest to read subdir without entering password. Thats why this .htaccess file will help you:<br/><pre><strong>cat ~/public_html/private/guestok/.htaccess</strong><br/>AuthName AnyNameYouLike<br/>Allow from all<br/>Satisfy any</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-21456916975334785432008-04-06T13:17:00.004+00:002009-11-06T16:29:01.873+00:00Setup Debian Etch on NSLU2 for torrent downloadingHi, if you don't already have cheap, small, power efficient and silent file server at home, meet <a href="http://en.wikipedia.org/wiki/NSLU2">NSLU2</a>. This is way of setting up Debian after its <a href="http://www.cyrius.com/debian/nslu2/install.html">installing</a> for more or less torrent downloading.<br /><a name='more'></a><br /><p><br /></p>As external USB harddisk, I use Toshiba 120GB. Linux identifies it pretty anonymously:<br /><pre>SCSI device sda: 234389464 512-byte hdwr sectors (120007 MB)<br />sda: Write Protect is off<br />sda: Mode Sense: 0b 00 00 08<br />sda: assuming drive cache: write through<br />sda: sda1 sda2 sda3<br />sd 0:0:0:1: Attached scsi disk sda</pre><br />First to tell, I used firmware <a href="http://www.slug-firmware.net/">Debian/NSLU2 Stable 4.0r3</a>. Follow the <a href="http://www.cyrius.com/debian/nslu2/install.html">guide</a>. Second, you NEED to choose 3 modules to load during install process:<br /><pre>partman-auto<br />partman-ext3<br />usb-storage-modules</pre><br />In my setup, I have 3 partitions:<br /><pre>/dev/sda1 (bootable) 4GB /<br />/dev/sda2 1 GB swap<br />/dev/sda3 106 GB /data</pre><br />So, after installing debian (please make your swap partition at least 256 MB big) on your SLUG, I recommend to make these steps:<br /><br />- setup static ip<br /><pre># cat /etc/network/interfaces<br />auto lo<br />iface lo inet loopback<br />allow-hotplug eth0<br />iface eth0 inet static<br /> address 192.168.1.77<br /> netmask 255.255.255.0<br /> gateway 192.168.1.254</pre><br />- clean up services<br /><pre>update-rc.d -f nfs-common remove<br />update-rc.d -f portmap remove<br />update-rc.d -f atd remove<br />update-rc.d -f exim4 remove</pre><br />- comment all services in file /etc/inetd.conf<br /><br />- modify /etc/default/rcS and enable FSCKFIX<br /><pre># grep FSCKFIX /etc/default/rcS<br />FSCKFIX=yes</pre><br />- make /dev/urandom same as /dev/random by creating file /etc/udev/chaos.rules and symlink to this file<br /><pre># cat /etc/udev/chaos.rules<br />KERNEL=="random", NAME="chaos"<br />KERNEL=="urandom", NAME="random"<br /># ls -la /etc/udev/rules.d/z80_chaos.rules<br />lrwxrwxrwx 1 root root 21 Apr 2 21:17 /etc/udev/rules.d/z80_chaos.rules -> /etc/udev/chaos.rules</pre><br />- install dropbear (set it on port 2222), enable it, ensure it works after reboot, then disable ssh<br /><pre>apt-get install dropbear<br />update-rc.d -f ssh remove</pre><br />- modify sysctl<br /><pre># cat /etc/sysctl.conf<br />net.ipv4.conf.default.forwarding=1<br />net.ipv4.ip_forward=1<br />vm.overcommit_memory=1<br />kernel.panic=10</pre><br />- install usefull stuff<br /><pre>apt-get install psmisc screen openvpn rtorrent dtach samba dash ntpdate sudo beep htop sysstat</pre><br />- I have simple samba rw access for everyone in my private network (/data/share permisions 777)<br /><pre># cat /etc/samba/smb.conf<br />[global]<br />server string = nslu2<br />netbios name = nslu2<br />security = share<br />guest ok = yes<br />[data]<br />path = /data/share<br />read only = no</pre><br />- setup hostname and /etc/hosts<br /><pre># cat /etc/hostname<br />nslu2<br /># cat /etc/hosts<br />127.0.0.1 localhost<br />192.168.1.77 nslu2</pre><br />- change line in /etc/inittab:<br /><pre>ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now</pre><br />to<br /><pre>ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -h now</pre><br />- also you can comment out getty line for serial line, if you dont have HW modified NSLU2.<br /><pre>#T0:23:respawn:/sbin/getty -L ttyS0 115200 linux</pre><br />- if you will be using openvpn, modify /etc/modules<br /><pre># cat /etc/modules<br />tun</pre><br />- disable ipv6 in /etc/modprobe.d/aliases, change line<br /><pre>alias net-pf-10 ipv6</pre><br />to<br /><pre>alias net-pf-10 off</pre><br />- shedule periodic time synchronizing (permissions of ntp.sh: 755)<br /><pre># cat /etc/cron.daily/ntp.sh<br />#!/bin/sh<br />ntpdate tak.cesnet.cz > /dev/null 2> /dev/null</pre><br />- make dash symlink to /bin/sh to save memory and time<br /><pre>dpkg-reconfigure dash</pre><br />- disable loading of device mapper modules by modifying start script (just insert "exit 0" as second line)<br /><pre># head /etc/init.d/libdevmapper1.02<br />#!/bin/sh<br />exit 0<br />PATH=/sbin:/bin:/usr/sbin:/usr/bin<br />NAME=libdevmapper1.02</pre><br />- modify /etc/rc.local<br /><pre># cat /etc/rc.local<br />#!/bin/sh -e<br />/usr/bin/beep -l 45 -f 15 -d 150<br />modprobe -r sr_mod<br />modprobe -r cdrom<br />exit 0</pre><br />- modify /etc/fstab and add noatime option to ext3 filesystems<br /><pre># grep ext3 /etc/fstab<br />/dev/sda1 / ext3 defaults,noatime,errors=remount-ro 0 1<br />/dev/sda3 /data ext3 defaults,noatime 0 2</pre><br />- Just to be complete, this is list of all programs I am running in parallel on my SLUG:<br /><pre>noip.org client (compiled program name: noip2)<br />dtach + rtorrent 0.7.9 - custom compiled for Xscale processor<br />samba<br />dropbear<br />openvpn<br />syslog<br />cron</pre><br />More specific:<br /><pre># uname -a<br />Linux nslu2 2.6.18-6-ixp4xx #1 Tue Feb 12 00:57:53 UTC 2008 armv5tel GNU/Linux<br /># uptime<br />00:43:41 up 3 days, 6:08, 1 user, load average: 0.28, 0.30, 0.27<br /># pstree<br />init-+-cron<br />|-dropbear---dropbear---dash---pstree<br />|-dtach---rtorrent<br />|-events/0<br />|-khelper<br />|-klogd<br />|-ksoftirqd/0<br />|-kthread-+-aio/0<br />| |-kblockd/0<br />| |-khubd<br />| |-2*[kjournald]<br />| |-kpsmoused<br />| |-kseriod<br />| |-kswapd0<br />| |-2*[pdflush]<br />| |-scsi_eh_0<br />| `-usb-storage<br />|-mtdblockd<br />|-nmbd<br />|-noip2<br />|-openvpn<br />|-smbd---2*[smbd]<br />|-syslogd<br />`-udevd<br /># free<br /> total used free shared buffers cached<br />Mem: 29988 29108 880 0 312 19916<br />-/+ buffers/cache: 8880 21108<br />Swap: 979956 6756 973200<br /># cat /proc/cpuinfo<br />Processor : XScale-IXP42x Family rev 2 (v5l)<br />BogoMIPS : 266.24<br />Features : swp half fastmult edsp<br />CPU implementer : 0x69<br />CPU architecture: 5TE<br />CPU variant : 0x0<br />CPU part : 0x41f<br />CPU revision : 2<br />Cache type : undefined 5<br />Cache clean : undefined 5<br />Cache lockdown : undefined 5<br />Cache format : Harvard<br />I size : 32768<br />I assoc : 32<br />I line length : 32<br />I sets : 32<br />D size : 32768<br />D assoc : 32<br />D line length : 32<br />D sets : 32<br /><br />Hardware : Linksys NSLU2<br />Revision : 0000<br />Serial : 0000000000000000</pre><br />As you can see, my NSLU2 is mainly for torrent downloading + file sharing. Few recommendations for rtorrent:<br />- run rtorrent as user, not root!<br />- renice rtorrent to +19, system will be more responsive, if you are downloading many torrents<br /><br />- custom working .rtorrent.rc:<br /><pre>$ cat .rtorrent.rc<br />min_peers = 1<br />max_peers = 12<br />min_peers_seed = 1<br />max_peers_seed = 5<br />max_uploads = 5<br />max_uploads_global = 20<br />max_downloads_global = 30<br />upload_rate = 20<br />download_rate = 200<br />directory = ./tor/leech<br />session = ./tor/.session<br />schedule = watch_directory,10,10,load_start=./tor/watch/*.torrent<br />#*/<br />schedule = tied_directory,10,10,start_tied=<br />schedule = untied_directory,10,10,stop_untied=<br />schedule = ratio,60,60,"stop_on_ratio=100,200M,1000"<br />on_start = link2,"create_link=base_path,,.started"<br />on_stop = link2,"delete_link=base_path,,.started"<br />on_finished = link2,"create_link=base_path,,.finished"<br />on_erase = link2,"delete_link=base_path,,.finished"<br />port_range = 45551-45551<br />port_random = no<br />check_hash = no<br />use_udp_trackers = yes<br />send_buffer_size = 4096<br />receive_buffer_size = 4096<br />encryption=allow_incoming,try_outgoing,enable_retry</pre><br />Thats all folks, enjoy!Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-49694509273310218202008-03-06T02:16:00.000+00:002009-07-27T22:58:46.834+00:00Shape application easy wayWant to limit bandwidth for some specific program in userspace? Use <a href="http://monkey.org/%7Emarius/pages/?page=trickle">trickle</a>!<br/><br/>Example for shaping scp download to 100KB/s:<br/><pre>trickle -d 100 scp remote.host.ip:big_file.iso .</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-5358607383047466822008-02-15T11:14:00.000+00:002009-07-27T22:58:46.834+00:00Make kernel module 2.6To make kernel module under kernel 2.6, just rename module and execute make.<br/><pre># cat Makefile <br/>obj-m := ptpatch2008.o<br/><br/>KDIR := /lib/modules/`uname -r`/build<br/>PWD := `pwd`<br/><br/>default:<br/> $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-1694768168653788522008-02-07T02:12:00.001+00:002009-11-06T16:30:21.780+00:00Useful Mac OS X 10.4 programsThis is my personal list of useful software for Mac OS X.<a name='more'></a><br /><br /><strong>All these programs I run on Mac OS X Tiger (10.4.11):</strong><br /><br />LXVII, HP-67 calculator simulator:<br /><a href="http://www.tamburri.net/lxvii">http://www.tamburri.net/lxvii</a><br /><br />Tunnelblick, OpenVPN + GUI:<br /><a href="http://www.tunnelblick.net/">http://www.tunnelblick.net/</a><br /><br />Chicken of the VNC, VNC client:<br /><a href="http://sourceforge.net/projects/cotvnc/">http://sourceforge.net/projects/cotvnc/</a><br /><br />CoRD, Remote Desktop:<br /><a href="http://cord.sourceforge.net/">http://cord.sourceforge.net/</a><br /><br />iTerm, enhanced terminal emulator:<br /><a href="http://cord.sourceforge.net/">http://cord.sourceforge.net/</a><br /><br />VLC media player:<br /><a href="http://www.videolan.org/vlc/">www.videolan.org/vlc/</a><br /><br />VMware Fusion:<br /><a href="http://www.vmware.com/products/fusion/">http://www.vmware.com/products/fusion/</a><br /><br />Camino, web browser optimized for Intel Core 2 Duo:<br /><a href="http://caminobrowser.org/">http://caminobrowser.org/</a><br /><br />Thunderbird:<br /><a href="http://www.mozilla.com/en-US/thunderbird/">http://www.mozilla.com/en-US/thunderbird/</a><br /><br />PL2303 USB to Serial Driver:<br /><a href="http://sourceforge.net/projects/osx-pl2303/">http://sourceforge.net/projects/osx-pl2303/</a><br /><br />Fink, <strong>many</strong> applications (minicom, mc, imagemagic,...):<br /><a href="http://www.finkproject.org/">http://www.finkproject.org/</a><br /><br />Transmission, BitTorrent client:<br /><a href="http://www.transmissionbt.com/">http://www.transmissionbt.com/</a><br /><br />Unrar:<br /><a href="http://www.unrarx.com/">http://www.unrarx.com/</a><br /><br />P7zip + EZ 7z, 7zip archive utilities:<br /><a href="http://homepage.mac.com/krmathis/">http://homepage.mac.com/krmathis/</a><br /><a href="http://leifh.up.md/apps/ez7z.html">http://leifh.up.md/apps/ez7z.html</a><br /><br />Chmox, CHM viewer:<br /><a href="http://chmox.sourceforge.net/">http://chmox.sourceforge.net/</a><br /><br />TeamSpeex, TeamSpeak client:<br /><a href="http://www.savvy.nl/blog/download/">http://www.savvy.nl/blog/download/</a><br /><br />Plot, scientific 2D plotting program:<br /><a href="http://plot.micw.eu/">http://plot.micw.eu/</a><br /><br />Audio Hijack Pro, audio grabber:<br /><a href="http://www.rogueamoeba.com/audiohijackpro/">http://www.rogueamoeba.com/audiohijackpro/</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-29580934997331651072008-01-20T15:11:00.008+00:002009-11-22T19:05:02.206+00:00Simple config for rTorrent<div style="font-family: inherit;">This is basic config file for rTorrent (0.7.8/0.11.8) I use. Just first make sure referenced dirs exist. Note: rates are in KB/s.<br />
</div><a name='more'></a><pre><b>$ mkdir -p ~/tor/seed ~/tor/session ~/tor/watch ~/tor/leech</b>
<b>$ egrep -v "^#|^$" ~/.rtorrent.rc</b>
encryption=allow_incoming,try_outgoing,enable_retry
min_peers = 20
max_peers = 100
min_peers_seed = 10
max_peers_seed = 50
max_uploads = 5
download_rate = 200
upload_rate = 20
directory = ./tor/leech
session = ./tor/session
schedule = watch_directory,5,5,load_start=./tor/watch/*.torrent
schedule = tied_directory,5,5,start_tied=
schedule = untied_directory,5,5,stop_untied=
on_finished = move_complete,"execute=mv,-u,$d.get_base_path=,./tor/seed/;d.set_directory=./tor/seed/"
port_range = 16881-16881
port_random = no
check_hash = yes
use_udp_trackers = yes
</pre>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-41187235688838539142007-12-10T09:02:00.001+00:002011-02-23T11:52:51.881+00:00Fast remote dir copy using netcatHey, this tip I used so many times! For situations, where network is not a bottleneck, I like using netcat for remote dir copy. For example, I want to fast copy dir <strong>/opt/sybase</strong> (which has 50GB) from one machine to another. I will tell netcat to listen on port 2000 on destination host and wait for data. Then from source host I will connect to destination host and pump data in.<br />
<br />
On <strong>destination</strong> host type:<br />
<pre>cd /opt
nc -l -p 2000 | tar -xf -</pre>edit: Newer netcat, command will looks like "nc -l 2000 | tar -xf -"<br />
Next on <strong>source</strong> host type:<br />
<pre>cd /opt
tar -cf - <strong>sybase</strong> | nc destination.host.ip 2000</pre><br />
Enjoy!Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2288976384834646763.post-1342552200637947422007-11-01T10:01:00.001+00:002009-11-06T16:30:49.739+00:00Simple linux firewall for dedicated company networkHi, we will setup basic firewall for small dedicated company network. Situation: all services for LAN users (email, proxy, dns, ntp) are situated in main company network, to which we connect using OpenVPN. So router acts as OpenVPN client, enabling tunneled incoming connections to this LAN from main company network. Created for Slackware. Take all this as fun example.<a name='more'></a><br/><br/>You just need to know about router interfaces and LAN IP range. I assume eth0 is LAN and eth1 is INTERNET interface, tun0 is interface made by OpenVPN. There are few hints.. as you can see, pings are enabled, also at bottom you will find lines, which uncommenting will result in enabling various connections from LAN to INTERNET.<br/><pre><strong># cat /etc/rc.d/rc.firewall</strong><br/>#!/bin/sh<br/><br/>IPTABLES="/sbin/iptables"<br/>ETH_LAN="eth0"<br/>ETH_INET="eth1"<br/>ETH_VPN0="tun0"<br/>LAN="194.44.44.0/26"<br/><br/>modprobe ip_conntrack_ftp<br/>echo 1 > /proc/sys/net/ipv4/ip_forward<br/><br/>$IPTABLES -F<br/>$IPTABLES -X<br/><br/>$IPTABLES -P INPUT DROP<br/>$IPTABLES -P FORWARD DROP<br/>$IPTABLES -P OUTPUT DROP<br/><br/>$IPTABLES -N icmp_packets<br/>$IPTABLES -A icmp_packets -p ICMP --icmp-type 0 -j ACCEPT<br/>$IPTABLES -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT<br/>$IPTABLES -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT<br/>$IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT<br/>$IPTABLES -A icmp_packets -p ICMP -j DROP<br/><br/># INPUT, pings, ssh connections from LAN<br/>$IPTABLES -A INPUT -i lo -j ACCEPT<br/>$IPTABLES -A INPUT -p ICMP -j icmp_packets<br/>$IPTABLES -A INPUT -i ${ETH_LAN} -s ${LAN} -p TCP --dport 22 -j ACCEPT<br/><br/># OUTPUT, pings, web updates, dns queries, openvpn client<br/>$IPTABLES -A OUTPUT -o lo -j ACCEPT<br/>$IPTABLES -A OUTPUT -p ICMP -j icmp_packets<br/>$IPTABLES -A OUTPUT -p TCP --dport 80 -j ACCEPT<br/>$IPTABLES -A OUTPUT -p UDP --dport 53 -j ACCEPT<br/>$IPTABLES -A OUTPUT -p UDP --dport 1194 -j ACCEPT<br/><br/># LAN->INTERNET, pings, wanna enable direct ftp ssh http https for LAN users?<br/>$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT<br/>$IPTABLES -A FORWARD -o ${ETH_INET} -s ${LAN} -p ICMP -j icmp_packets<br/><strong>#</strong>$IPTABLES -A FORWARD -o ${ETH_INET} -s ${LAN} -p TCP --dport 21 -j ACCEPT<br/><strong>#</strong>$IPTABLES -A FORWARD -o ${ETH_INET} -s ${LAN} -p TCP --dport 22 -j ACCEPT<br/><strong>#</strong>$IPTABLES -A FORWARD -o ${ETH_INET} -s ${LAN} -p TCP --dport 80 -j ACCEPT<br/><strong>#</strong>$IPTABLES -A FORWARD -o ${ETH_INET} -s ${LAN} -p TCP --dport 443 -j ACCEPT<br/># LAN<->VPN, connections to and from LAN<br/>${IPTABLES} -A FORWARD -o ${ETH_VPN0} -i ${ETH_LAN} -j ACCEPT<br/>${IPTABLES} -A FORWARD -i ${ETH_VPN0} -o ${ETH_LAN} -j ACCEPT<br/><br/>echo "Firewall updated: `date`"</pre>Unknownnoreply@blogger.com0