Archive for the ‘Linux’ Category

« Older Entries

Expanding software raid and lvm physical volume (pv)

Saturday, June 6th, 2009

I added a hard drive (well, reappropriated it from a less active server) and put it in the open bay in my file server/NAS.
First I had to find what letter the new drive got:
[root@lumpy ~]# fdisk -l

They used to be sda, sdb and sdc but one of those moved to sdd. Fortunately Linux software raid is smart and used the metadata so everything “just worked.” Next I removed the old partitions and made a new partition that took up the whole drive of type “fd”. Then I added the partition to the existing raid array.
[root@lumpy ~]# fdisk /dev/sdc
[root@lumpy ~]# mdadm --add /dev/md0 /dev/sdc1

I cat’d the /proc/mdstat and the new drive is a “S” spare. Now we tell it the md0 (zero) has four devices (3 previous plus the new one).
[root@lumpy ~]# cat /proc/mdstat
[root@lumpy ~]# mdadm --grow /dev/md0 --raid-devices=4

14 hours later…

Now that the drive is bigger, we need to resize the physical volume (pv) to include the new space.
[root@lumpy ~]# pvresize /dev/md0
Physical volume "/dev/md0" changed
1 physical volume(s) resized / 0 physical volume(s) not resized

I then used the OpenFiler web interface to expand the volume group/logical volume. If you had to do it be hand, you could look here http://tldp.org/HOWTO/LVM-HOWTO/commontask.html

Posted in Linux, Software RAID | No Comments »

Debian and MythTV to MythDora

Tuesday, May 26th, 2009

Since about 2003 I have used Debian for my MythTV box. We affectionately refer to it as the freevo, a pun on TiVo. Originally when I evaluated the deployment software, I used FreeVo for a brief period of time.

The hardware I have used was my desktop until I upgraded in 2003, with a few minor changes over time that were mostly due to failures. Power supply, video card, added a hard drive, etc. When we moved at the end of April 2009 I decided it was time to re-engineer my solution. I love Debian, it is lean and you can make it do exactly what you want and only that. The ability to limit ancillarary functions was great since it is only a single core 1.3GHz CPU and at one time it was encoding XVID on a single tuner Hauppauge card (about $40). Slow enough that you could not watch live tv.

The new deployment runs MythDora, a distribution tuned for MythTV and has several wizards to assist in easy setup. I am using a split backend/frontend design now with only a UPnP setup on the frontend in my livingroom. The backend was a budget off-lease system that has a dual core 3GHz CPU, a 750GB hard drive and a 1.5TB hard drive. With LVM that gives me a 10GB OS partition and almost 2.2TB of video storage. I have a Hauppauge PVR-500 dual analog tuner with MPEG2 hardware encoder and HDHomerun dual digital HD tuner with MPEG2 hardware encoder. The installs were very easy, and by selecting backend AND frontend on the server, and frontend on the client stations it went very smoothly through setup.

I have run in to a couple of minor problems. The most recent first then working backwards. I use schedulesdirect for the TV listings, and after two weeks I did not have my guide anymore. I checked, and there was not a cronjob to run mythfilldatabase. Since MythTV is running as the mythtv user, I edited /etc/crontab and added a line to run it once a day:
32 2 * * * mythtv /usr/bin/mythfilldatabase &
That means to run it every day at 2:32am (arbitrary time when I wasn’t likely to be using the system) as the mythtv user (so permissions definately will not be messed up and to maintain security). I provided the full path, and used the ampersand to tell it to run in the background.

The second problem was more insideous. MythDora uses Network Manager for the network configuration. Since this is supposed to be an appliance, and I want the backend (required) and frontend (optional) to have static IPs. To facilitate this, I modified /etc/sysconfig/network-scripts/ifcfg-eth0 and setup the IP, subnet, etc
DEVICE=eth0
HWADDR=00:17:a4:42:82:93
ONBOOT=yes
IPADDR=192.168.0.80
GATEWAY=192.168.0.1
Normally I would put GATEWAY in /etc/sysconfig/network but I opted to place it in the interface configuration since it only has one interface and I was feeling lazy. After I did this, and possibly restarted, NetworkManager emptied the /etc/resolv.conf and so dns lookups failed. Stupid NetworkManager, we will fix its wagon:
chkconfig NetworkManager off
service NetworkManager stop
And then put something useful in /etc/resolv.conf:
nameserver 192.168.0.1

Since the new house is not cabled for ethernet and MPEG2 is bandwidth intensive I bought a pair of NETGEAR Powerline A/V Ethernet Adapters, model XAVB101-100NAS. I had a pair of the 85Mb adapters and the video would stutter occasionally. The higher speed 200Mb adapters do not suffer from this problem at all. They are still limited to 100Mb on the interface, but have 200Mb on the shared network domain.

Now everything works.

I discovered on June 6 that the tv listings were empty again. I checked, and anacron isn’t running and doesn’t start on boot :P
service anacron start
chkconfig anacron on

Tags:
Posted in Debian, Linux, MythTV | No Comments »

embedded Debian – adding busybox

Monday, February 2nd, 2009

I decided to migrate to busybox on my embedded Debian to save a some space. You can either do this on the running system or you can do it while building it in the chroot environment.

apt-get install busybox
cd ~/
vi setuplinks.sh

#!/bin/bash
which busybox &>/dev/null
if [ $? != 0 ]
then

echo "Busybox is not present in the working path."
exit 1
fi
oIFS=$IFS
IFS=" ,
"
export BB=`which busybox`
for i in `cat busycmds`
do
if [ $i == "busybox" ]
then
continue
fi
which $i &>/dev/null
if [ $? == 0 ]
then
ln -f $BB `which $i`
ls -i `which $i`
else
ln $BB /usr/bin/$i
echo make $i
fi
done
IFS=$oIFS

vi busycmds

[, [[, adjtimex, ar, arping, ash, awk, basename, bunzip2,
bzcat, cal, cat, chgrp, chmod, chown, chroot, chvt, clear, cmp,
cp, cpio, cut, date, dc, dd, deallocvt, df, dirname, dmesg, dos2unix,
du, dumpkmap, dumpleases, echo, egrep, env, expr, false, fgrep,
find, fold, free, ftpget, ftpput, getopt, grep, gunzip, gzip,
head, hexdump, hostid, hostname, httpd, id, ifconfig, ip, ipaddr,
ipcalc, iplink, iproute, iptunnel, kill, killall, klogd, last,
length, ln, loadfont, loadkmap, logger, login, logname, logread,
losetup, ls, md5sum, mkdir, mkfifo, mknod, mktemp, more, mount,
mt, mv, nameif, nc, netstat, nslookup, od, openvt, patch, pidof,
ping, ping6, printf, ps, pwd, rdate, readlink, realpath, renice,
reset, rm, rmdir, route, rpm, rpm2cpio, run-parts, sed, setkeycodes,
sh, sha1sum, sleep, sort, start-stop-daemon, strings, stty, swapoff,
swapon, sync, syslogd, tail, tar, tee, telnet, telnetd, test,
tftp, time, top, touch, tr, traceroute, true, tty, udhcpc, udhcpd,
umount, uname, uncompress, uniq, unix2dos, unzip, uptime, usleep,
uudecode, uuencode, vi, watch, watchdog, wc, wget, which, who,
whoami, xargs, yes, zcat

Then:
sh ~/setuplinks.sh

Posted in Debian, Linux, Technology, Uncategorized | No Comments »

embedded Debian

Sunday, May 11th, 2008

I found a good document at http://kristof.vanhertum.be/?p=3 and used it as a base for building up my Linux Router. I bought a CompactFlash to IDE adapter several years ago from http://cfd.linnix.com and a 4 port 10/100 network interface on ebay.

Build the distribution

I will walk through the steps I used, and they do deviate from the original author on some points. Because of the limited write cycles on flash memory, it is important to limit paging, journaling and files that are constantly updated. I used a Debian virtual machine that I had handy to build up the filesystem.

mkdir /cf
apt-get install debootstrap
debootstrap –arch i386 etch /cf http://ftp.debian.org

Now that the base OS is present we can chroot.

mount -t proc none /cf/proc
mount –bind /dev /cf/dev
LC_ALL=C chroot /cf /bin/bash

I’m not sure what the LC_ALL=… is for because you can “chroot /cf” and it will work too. I needed a kernel, bootloader, udev and ssh. I chose dropbear for ssh because it is a little more compact.

apt-get install dropbear linux-kernel grub udev

Since this will be my gateway router I chose to put a few network utilities on it so they would be available to track, and provide additional functionality.

apt-get install dhcpd ntop iptraf ngrep tshark dnsmasq screen less dnsutils ethtool

Now it is clean-up time. mtab gets written to frequently, and the proc filesystem reports the same information. resolve.conf needs to be writeable and our filesystem will be read-only most of the time so we will move it and create a link.

rm /etc/mtab
ln -s /proc/mounts /etc/mtab
mv /etc/resolv.conf /var/log/
ln -s /var/log/resolv.conf /etc/

We need to create some config files. From the link at the top, with a modification to fstab to use labels instead.

  • /etc/fstab

    LABEL=/root / ext2 defaults,noatime 0 0
    proc /proc proc defaults 0 0
    tmpfs /var/run tmpfs defaults 0 0
    tmpfs /var/lock tmpfs defaults 0 0
    tmpfs /var/log tmpfs defaults 0 0
    tmpfs /tmp tmpfs defaults 0 0
    tmpfs /var/lib/dhcp3/ tmpfs defaults 0 0
  • /sbin/dhclient-script
    Set new_resolv_conf to “/tmp/resolv.conf.dhclient-new”.
    Change “mv -f $new_resolv_conf /etc/resolv.conf” to “cat $new_resolv_conf > /etc/resolv.conf”
  • /etc/network/interfaces

    auto lo eth0
    allow-hotplug eth0
    iface eth0 inet dhcp
    iface lo inet loopback
  • /etc/hosts

    127.0.0.1 localhost.localdomain localhost your_hostname
  • /etc/syslog.conf
    Comment the lines where /dev/xconsole is mentioned
  • /etc/init.d/checkroot.sh
    Change ROOTMODE to ro
  • /etc/init.d/bootlcean.sh
    Add the following lines before the line stateing [ -f /tmp/.clean ] && … (located at the end of the file)

    touch /var/log/resolv.conf
    touch /var/log/dmesg

A lot of the more active directories for writes are created in a ram disk. This will prevent errors.

Kristof suggests a couple of aliases to make changing read-only to read-write and back easier. Edit /root/.bashrc and at the end add:

alias ro=”/sbin/cleanup all;mount -o remount,ro /”
alias rw=”mount -o remountrw /”

The cleanup file is available on the link at the top of this post. It removes man pages, doc files and cleans up Debian cached packages so your filesystem will stay compact. I’ve quoted it below.

#!/bin/bash

function doc() {
	echo "Removing documentation ..."
	find / -type d -regex '.*\(/doc/\|/info/\).*' -exec rm -r {} \; 2>/dev/null
}

function man() {
	echo "Removing man pages ..."
	find / -type d -regex '.*\(/man/\).*' -exec rm -r {} \; 2>/dev/null
}

function deb() {
	echo "Removing Debian packages and cleaning apt-cache ..."
	find / -type f -regex '.*\(\.deb$\).*' -exec rm -r {} \; 2>/dev/null
	rm /var/cache/apt/*.bin
	rm /var/lib/apt/lists/*dists*
}

if [ $# -ne 1 ]; then
	echo "Usage: $0 doc|man|deb|all"
	exit 1
fi

if [ $1  == "all" ]; then
	echo "remove all"
	doc
	man
	deb
else

	eval \$1
fi

When you have finished building the installation, exit the chroot (type “exit” and hit enter). Unmount the dev and proc in /cf and this is a good time to tar a backup copy. Then use fdisk to remove existing partitions and make a single partition (default is type “Linux” which is correct).

umount /cf/dev
umount /cf/proc
tar czvf ~/cf.tar.gz /cf
fdisk /dev/sda
(d for delete, n for new, primary partition 1)
mkdir /mnt/cf
mount /dev/sda1 /mnt/cf
cp -aR /cf/* /mnt/cf
mount -t proc none /cf/proc
mount –bind /dev /cf/dev

After you have finished copying, cd /mnt/cf and create a chroot. Then we will install grub on the MBR and configure the bootloader.

cd /mnt/cf
chroot ./
grub-install /dev/sda
update-grub

When it offers, create a new config file. Because we are using labels instead of dev nodes, we will edit /boot/grub/menu.lst

Make sure that hdd(0,0) and not 1,0. Find the kernel lines and locate the section (your device name may vary):
root=/dev/sda1
Change it to:
root=LABEL=/root

You should now be able to boot to the new flash memory OS.

A little more configuration

# vi /etc/hostname
router
# vi /etc/resolv.conf
nameserver 192.168.0.36
# vi /etc/network/interfaces

auto lo eth0 eth1 eth2 eth3
#allow-hotplug eth0
#iface eth0 inet dhcp
iface lo inet loopback
# outside
iface eth0 inet static
        address 151.x.y.z
        netmask 255.255.255.252
        gateway 151.x.y.z
#       dns-search somedomain.org
        dns-nameservers 192.168.0.36
# dmz
iface eth1 inet static
        address 64.x.y.z
        netmask 255.255.255.0
# inside (lan)
iface eth2 inet static
        address 192.168.0.1
        netmask 255.255.255.0

I used firewall builder from fwbuilder.org to build an iptables script. With my complex internal network it was fairly easy to create objects for each network segment and host, then build rules to allow limited network access in and out. I put the script in /etc/firewall/router.fw, used chmod to make it 500 (executable, read-only for root) and then added it to rc.local. I have the default behavior setup to not forward packets so until the firewall is active there is limited exposure – incoming ssh from the outside for a period of 30 seconds on a reboot.

resolv.conf is not persistent. I will revisit this later if it starts to matter. There would be negative effects on dnsmasq I believe, but I’m not using it at this time. It is also required for apt-get to work. As a side note, once cleanup runs you will need to run “apt-get update” again to download the package database.

Ringing in my ears?! Turn off the bell!

I had to turn off the bell before it drove me nuts. I used the blacklist method, but here are several that all work.

xset -b
in ~/.bashrc

Most easier is to set in ~/.inputrc
set bell-style none

sudo modprobe -r pcspkr
vi /etc/modprobe.d/blacklist
blacklist pcspkr

Posted in Debian, Linux | 1 Comment »

OpenFiler project – one server

Thursday, February 7th, 2008

This article details how to setup a free standing OpenFiler SAN that will authenticate from the built-in LDAP server. This is a great approach if you only need file storage with no network authentication. While you could authenticate other systems from the LDAP in OpenFiler, I would advise you to look at the OpenFiler project – 2 servers article.

OpenFiler Server
OpenFiler 2.2
2G system
2G data raid 5 member
2G data raid 5 member
2G data raid 5 member
256M

(more…)

Posted in Article, Linux | 1 Comment »

OpenFiler project – 2 servers

Thursday, February 7th, 2008

This article details how to setup a free standing LDAP server for authentication, and setup an OpenFiler SAN that will authenticate from the LDAP server.

LDAP Server
CentOS 5.1
2G hdd
256M RAM

OpenFiler Server
OpenFiler 2.2
2G system
2G data raid 5 member
2G data raid 5 member
2G data raid 5 member
256M

(more…)

Posted in Article, Linux | 1 Comment »

Securing the irked shell

Wednesday, January 23rd, 2008

I setup some user permission controls on irked…

First, I created a separate home and tmp so I could setup quotas:

lvcreate -L1G -n irked-home VolGroup00
lvcreate -L512M -n irked-tmp VolGroup00
mkfs -t ext3 /dev/VolGroup00/irked-home
mkfs -t ext3 /dev/VolGroup00/irked-tmp

Updated the irked config:

, 'phy:VolGroup00/irked-home,sda5,w'
, 'phy:VolGroup00/irked-tmp,sda6,w'

I used the flip script to rotate the filesystem to the new partitions.

Added the new filesystems to /etc/fstab

/dev/sda5       /home   ext3    usrquota                0       0
/dev/sda6       /tmp    ext3    usrquota                0       0

Remounted to get the usrquota option

mount -o remount /home
mount -o remount /tmp

Touched the quota files and installed the quota packages

touch /home/aquota.user
touch /tmp/aquota.user
apt-get install quota quotatool
# edquota charles
Filesystem                   blocks       soft       hard     inodes     soft     hard
/dev/sda5                       160      40000      50000         10        0        0
/dev/sda6                         0      20000      25000          0        0        0
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
charles   2031  0.0  2.5   7712  1688 ?        S    13:47   0:00 sshd: charles@pts/2,pts/3
charles   2032  0.0  2.6   3216  1760 pts/2    Ss   13:47   0:00 -sh
charles   2033  0.0  2.6   3212  1752 pts/3    Ss+  13:48   0:00 -sh
charles   2054  0.0  1.8   2288  1224 pts/2    S+   13:49   0:00 nano test

That is an RSS of 6424. RSS is resident memory or something close to that.

Added users to the users group so the limits.conf will apply. The group restrictions in /etc/security/limits.conf apply if you are a member of a group even if it is not your primary group.

@users          soft    maxlogins       1
@users          hard    maxlogins       2
@users          soft    nproc           3
@users          hard    nproc           4
@users          soft    rss             8000
@users          hard    rss             10000
apt-get install libpam-umask

# nano /etc/pam.d/common-session
session optional pam_umask.so umask=077
session required        pam_unix.so

Setting libpam-umask did not work so I changed /etc/skel/.bash_profile, root and my user to umask=077 just for good measure.

Posted in Debian, Linux | No Comments »

CUPS going offline when it runs out of paper

Wednesday, January 16th, 2008

In several distros the default behavior when a printer is not available is to shutdown the printer queue for that printer. You can turn it back on with:

# cupsenable <printername>

But a better fix, especially if you have many printers is to change the default behavior by editing /etc/cups/printers.conf. Find the string ErrorPolicy and change the line:

ErrorPolicy stop-printer

To read:

ErrorPolicy retry-job

If the printer has a problem it will not print of course, but if it is only paper it will continue later.

Posted in Linux | No Comments »

Basic screen commands

Thursday, January 3rd, 2008

I will fix this migrated post at a later time.

The screen command lets you have multiple panes and screen workspaces with multiple shells. You can also detach screen so that it will continue in the background or you can move to a different machine and reattach. Once you have loaded screen by typing screen at the command line, you can issue commands with Ctrl+a then a key. Common keys are listed below.

To detach screen from the current shell, use Ctrl+a d
To reattach to the screen, run screen -r

Ctrl+A to start command mode

Shift+S    split screen
n    next window
Tab    next pane
backspace, h, p    previous window
c    create shell
Ctrl+\    Kill all windows and terminate screen (quit)
[,Esc    Enter copy/scrollback mode

Tags:
Posted in Linux | No Comments »

My .screenrc

Thursday, January 3rd, 2008

My new ~/.screenrc

hardstatus alwayslastline
hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{=kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B}%Y-%m-%d %{W}%c:%s %{g}]'

screen -t shell1        0
screen -t shell2        1
#screen -t shell3       2
#screen -t shell4       3       ssh hostname.domain.com

Tags:
Posted in Linux | No Comments »

« Older Entries