Dariush Debian Diary

mdadm --add /dev/md2 /dev/sda6 mdadm: /dev/sda6 reports being an active member for /dev/md2, but a --re-add fails. mdadm: not performing --add as that would convert /dev/sda6 in to a spare. mdadm: To make this a spare, use "mdadm --zero-superblock /dev/sda6" first. pokurcz:/home/eyck# mdadm --zero-superblock /dev/sda6 pokurcz:/home/eyck# mdadm --add /dev/md2 /dev/sda6 mdadm: added /dev/sda6 pokurcz:/home/eyck# cat /proc/mdstat Personalities : [raid1] md2 : active raid1 sda6[2] sdd6[3] 1851851521 blocks super 1.2 [2/1] [U_] [>....................] recovery = 0.0% (57792/1851851521) finish=1601.6min speed=19264K/sec

| | | 2012.02.08-16:09.00

btrfs vs filesystem problems/recovery tool

mount -o recovery /dev/btrfs /btrfs



device fsid b45b8c51-33eb-4ab0-9a33-4741cf8c6a6a devid 1 transid 18732 /dev/ubf6
btrfs: enabling auto recoveryparent transid verify failed on 57569280 wanted 18732 found 18734
parent transid verify failed on 57569280 wanted 18732 found 18734
parent transid verify failed on 57569280 wanted 18732 found 18734
parent transid verify failed on 57569280 wanted 18732 found 18734
parent transid verify failed on 57569280 wanted 18732 found 18734
parent transid verify failed on 57569280 wanted 18732 found 18734
parent transid verify failed on 9799873626169147392 wanted 9799873626169212927 found 0
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:2860!
invalid opcode: 0000 [#1] SMP
CPU 1
Modules linked in: ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 veth ftdi_sio usbserial ext3 jbd isofs loop nls_iso8859_1 nls_cp437 vfat fat sg intel_agp intel_gtt radeon ttm drm_kms_helper drm i2c_algo_bit iptable_filter ip_tables ebtable_nat ebtables x_tables acpi_cpufreq mperf cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table parport_pc ppdev lp parport bnep rfcomm binfmt_misc fuse tun nfs lockd fscache auth_rpcgss nfs_acl sunrpc bridge ipheth 8021q garp stp ext4 mbcache jbd2 zram(C) kvm_intel kvm snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec btusb snd_pcm_oss snd_mixer_oss snd_pcm bluetooth psmouse rfkill snd_timer i2c_i801 i7core_edac pcspkr i2c_core button snd edac_core processor soundcore rtc_cmos snd_page_alloc crc16 serio_raw evdev thermal_sys xfs btrfs zlib_deflate crc32c libcrc32c dm_mod raid1 md_mod sd_mod crc_t10dif usb_storage uas ub usbhid hid r8169 mii ahci libahci firewire_ohci libata firewire_core crc_itu_t scsi_mod ehci_hcd usbcore usb_common [last unloaded: scsi_wait_scan]

Pid: 18418, comm: mount Tainted: G         C   3.2.1 #1 Hewlett-Packard HP Elite 7000 Microtower PC/2A90h
RIP: 0010:[<ffffffffa0197fa7>]  [<ffffffffa0197fa7>] btrfs_num_copies+0x37/0x82 [btrfs]
RSP: 0018:ffff88006a2c3ac8  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8800ab266108 RCX: ffffffffffffffff
RDX: 00000078c9e30000 RSI: 880025241b880000 RDI: ffff88019742e1b8
RBP: ffff88006a2c3ae8 R08: 880025241b88ffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 880025241b880000
R13: 0000000000000000 R14: ffff88005d2b8a00 R15: 0000000000000000
FS:  00007f55305927e0(0000) GS:ffff88022fc40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002b0d47c59000 CR3: 00000001f0ab6000 CR4: 00000000000026e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process mount (pid: 18418, threadinfo ffff88006a2c2000, task ffff8802221cdbe0)
Stack:
 ffff880047a2e400 0000000000001000 ffff88005d2b89d8 ffff880047a2e400
 ffff88006a2c3b48 ffffffffa0175b2b 00000000000000ff 880025241b88ffff
 ffff88004e58e570 00000000ab266000 ffff880047a2e400 ffff88005d2b89d8
Call Trace:
 [<ffffffffa0175b2b>] btree_read_extent_buffer_pages+0x9d/0xbc [btrfs]
 [<ffffffffa01767b0>] read_tree_block+0x30/0x43 [btrfs]
 [<ffffffffa017a992>] open_ctree+0xf12/0x154c [btrfs]
 [<ffffffffa0160145>] btrfs_mount+0x3aa/0x565 [btrfs]
 [<ffffffff810cc527>] ? __free_pages+0x1b/0x24
 [<ffffffff810cc56f>] ? free_pages+0x3f/0x46
 [<ffffffff811853b4>] ? smack_sb_copy_data+0xf6/0x107
 [<ffffffff81112d8f>] mount_fs+0x6b/0x14f
 [<ffffffff810e1474>] ? __alloc_percpu+0xb/0xd
 [<ffffffff81127e21>] vfs_kern_mount+0x60/0x98
 [<ffffffff811291cd>] do_kern_mount+0x48/0xd8
 [<ffffffff81129940>] do_mount+0x6e3/0x746
 [<ffffffff810f6c25>] ? alloc_pages_current+0xaa/0xcd
 [<ffffffff81129a26>] sys_mount+0x83/0xbd
 [<ffffffff81337492>] system_call_fastpath+0x16/0x1b
Code: fb 48 83 ec 10 48 8d 7f 08 48 89 55 e8 e8 56 ea 19 e1 48 8b 55 e8 4c 89 e6 48 89 df e8 83 30 ff ff f0 48 ff 43 08 48 85 c0 75 04 <0f> 0b eb fe 48 8b 50 18 4c 39 e2 77 09 48 03 50 20 4c 39 e2 73
RIP  [<ffffffffa0197fa7>] btrfs_num_copies+0x37/0x82 [btrfs]
 RSP <ffff88006a2c3ac8>
---[ end trace ea074e24971fab1f ]---


./btrfsck  /dev/ubf6
parent transid verify failed on 58155008 wanted 18733 found 18661
parent transid verify failed on 58155008 wanted 18733 found 18661
parent transid verify failed on 58155008 wanted 18733 found 18661
parent transid verify failed on 58155008 wanted 18733 found 18661
Ignoring transid failure
leaf 58155008 items 6 free space 169 generation 18661 owner 7
fs uuid b45b8c51-33eb-4ab0-9a33-4741cf8c6a6a
chunk uuid ab8e0c05-f526-4614-a74e-59d6260a7a26
        item 0 key (EXTENT_CSUM EXTENT_CSUM 390792507392) itemoff 3839 itemsize 156
                extent csum item
        item 1 key (EXTENT_CSUM EXTENT_CSUM 390792667136) itemoff 3167 itemsize 672
                extent csum item
        item 2 key (EXTENT_CSUM EXTENT_CSUM 390793355264) itemoff 2431 itemsize 736
                extent csum item
        item 3 key (EXTENT_CSUM EXTENT_CSUM 390794108928) itemoff 1631 itemsize 800
                extent csum item
        item 4 key (EXTENT_CSUM EXTENT_CSUM 390794928128) itemoff 959 itemsize 672
                extent csum item
        item 5 key (EXTENT_CSUM EXTENT_CSUM 390795616256) itemoff 319 itemsize 640
                extent csum item
failed to find block number 74158080
Aborted

pokurcz:git/btrfs-recvo/recovery-beta# ./find-root  /dev/ubf6
Super think's the tree root is at 53374976, chunk root 20975616
Well block 4194304 seems great, but generation doesn't match, have=3, want=18734
Well block 4206592 seems great, but generation doesn't match, have=4, want=18734
Found tree root at 53374976


./btrfs-debug-tree -R /dev/ubf6
root tree: 53374976 level 0
chunk tree: 20975616 level 1
extent tree key (EXTENT_TREE ROOT_ITEM 0) 53465088 level 2
device tree key (DEV_TREE ROOT_ITEM 0) 26942234624 level 1
fs tree key (FS_TREE ROOT_ITEM 0) 74158080 level 2
checksum tree key (CSUM_TREE ROOT_ITEM 0) 447963000832 level 3
data reloc tree key (DATA_RELOC_TREE ROOT_ITEM 0) 29380608 level 0
btrfs root backup slot 0
        tree root gen 18732 block 57569280
                extent root gen 18732 block 74190848
                chunk root gen 8588 block 20975616
                device root gen 8588 block 26942234624
                csum root gen 18728 block 447963000832
                fs root gen 18732 block 74158080
                360809558016 used 520133771264 total 1 devices
btrfs root backup slot 1
        tree root gen 18733 block 57999360
                extent root gen 18733 block 58003456
                chunk root gen 8588 block 20975616
                device root gen 8588 block 26942234624
                csum root gen 18728 block 447963000832
                fs root gen 18732 block 74158080
                360809553920 used 520133771264 total 1 devices
btrfs root backup slot 2
        tree root gen 18734 block 53374976
                extent root gen 18734 block 53465088
                chunk root gen 8588 block 20975616
                device root gen 8588 block 26942234624
                csum root gen 18728 block 447963000832
                fs root gen 18732 block 74158080
                360809553920 used 520133771264 total 1 devices
btrfs root backup slot 3
        tree root gen 9799873626169212927 block 9799873626169147392
                extent root gen 0 block 0
                chunk root gen 65535 block 9800301589670461439
                device root gen 0 block 0
                csum root gen 0 block 0
                fs root gen 0 block 0
                9800432325723422720 used 0 total 9800432325698322431 devices
total bytes 520133771264
bytes used 360809553920
uuid b45b8c51-33eb-4ab0-9a33-4741cf8c6a6a
Btrfs Btrfs v0.19

Read-only recovery works (as of 2012.02):

time nice ionice -c 3 ./restore -v /dev/btrfs /fs/recovery
Root objectid is 5
Restoring /fs/recovery/home.2011.01.19.tar.lzma
Restoring /fs/recovery/venom
Restoring /fs/recovery/venom/fs.tar.lzop
We seem to be looping a lot on /fs/recovery/venom/fs.tar.lzop, do you want to keep going on ? (y/N): y
We seem to be looping a lot on /fs/recovery/venom/fs.tar.lzop, do you want to keep going on ? (y/N):
Done searching /fs/recovery/venom
Restoring /fs/recovery/out
Restoring /fs/recovery/out/copy
Done searching /fs/recovery/out/copy
Restoring /fs/recovery/out/pdf

...



real    647m2.091s
user    0m0.800s
sys     30m3.790s

( 309G of data recovered from failed btrfs in 10 hours )

| btrfs vs filesystem problems/recovery tool | | 2012.02.08-10:23.00

Improving update performance of munin with rrdcached: munin 1.4

• apt-get install rrdcched
• modify /etc/default/rrdcached

  #OPTS=""
  OPTS="-s munin -l unix:/var/run/rrdcached.sock -j /var/lib/rrdcached/journal/ -F -b /var/lib/munin/ -B"
  

• chown -R munin.munin /var/lib/rrdcached
• add

  export RRDCACHED_ADDRESS=/var/run/rrdcached.sock
  

  to /usr/bin/munin-cron

| Improving update performance of munin with rrdcached: munin 1.4 | | 2011.09.16-12:56.00

Restoring iPhone 3G bricked by 'Erase all data and settings' command

Symptoms: Gray apple.

* Press Home and Power simultanously
* keep on holding then both until reboot, and then until iTunes logo appears
* when iTunes logo appears, you can restore using iTunes

| Restoring iPhone 3G bricked by 'Erase all data and settings' command | | 2011.05.04-09:38.00

ADWS 9389 perl

ADWS 9389 perl

| ADWS 9389 perl | | 2009.12.16-11:38.00

iP4600 on 64-bit debian with duplex printing

go to http://software.canon-europe.com/products/0010649.asp download debian .tar, unpack and:

dpkg -i --force-architecture cnijfilter-common_3.00-1_i386.deb        cnijfilter-ip4600series_3.00-1_i386.deb

| iP4600 on 64-bit debian with duplex printing | | 2009.09.13-16:01.00

Moving Roles in Postgresql ( with passwords )

pg_dumpall -g

| Moving Roles in Postgresql ( with passwords ) | | 2009.08.22-22:41.00

Upgrading Postgresql from 8.1 to 8.3 (debian lenny transition)

apt-get install postgresql ( this install postgresql-8.3 ) pg_dropcluster --stop 8.3 main kakofonix:/var/backups/pg# pg_upgradecluster -v 8.3 8.1 main Creating new cluster (configuration: /etc/postgresql/8.3/main, data: /var/lib/postgresql/8.3/main)... Moving configuration file /var/lib/postgresql/8.3/main/postgresql.conf to /etc/postgresql/8.3/main... Moving configuration file /var/lib/postgresql/8.3/main/pg_hba.conf to /etc/postgresql/8.3/main... Moving configuration file /var/lib/postgresql/8.3/main/pg_ident.conf to /etc/postgresql/8.3/main... Configuring postgresql.conf to use port 5433... Disabling connections to the old cluster during upgrade... Disabling connections to the new cluster during upgrade... Re-enabling connections to the old cluster... Re-enabling connections to the new cluster... Creating globals... Fixing hardcoded library paths for stored procedures... Upgrading database agenericdatabase... Analyzing database agenericdatabase... Fixing hardcoded library paths for stored procedures... Upgrading database anotherdb... Analyzing database anotherdb... Fixing hardcoded library paths for stored procedures... Upgrading database postgres... Analyzing database postgres... Fixing hardcoded library paths for stored procedures... Upgrading database template1... pg_restore: [archiver (db)] Error while PROCESSING TOC: pg_restore: [archiver (db)] Error from TOC entry 1502; 1262 1 DATABASE template1 postgres pg_restore: [archiver (db)] could not execute query: ERROR: database "template1" already exists Command was: CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'SQL_ASCII'; WARNING: errors ignored on restore: 1 Analyzing database template1... Copying old configuration files... Copying old start.conf... Stopping target cluster... Stopping old cluster... Disabling automatic startup of old cluster... Configuring old cluster to use a different port (5433)... Starting target cluster on the original port... Success. Please check that the upgraded cluster works. If it does, you can remove the old cluster with pg_dropcluster 8.1 main

| Upgrading Postgresql from 8.1 to 8.3 (debian lenny transition) | | 2008.11.05-21:08.00

Create Degraded Raid1

Sep  5  2007
gnoll2:~# mdadm --create /dev/md1 --level 1 --raid-devices=2 missing /dev/hdh5
mdadm: array /dev/md1 started.
gnoll2:~# cat /proc/mdstat 
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md1 : active raid1 hdh5[1]
      77152064 blocks [2/1] [_U]
            
unused devices: <none>

gnoll2:/fs/tmp# mdadm --add /dev/md1 /dev/hde5 
mdadm: added /dev/hde5
gnoll2:/fs/tmp# cat /proc/mdstat 
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md1 : active raid1 hde5[2] hdh5[1]
      77152064 blocks [2/1] [_U]
            [>....................]  recovery =  0.0% (18560/77152064) finish=414.6min speed=3093K/sec
	          
unused devices: <none>
gnoll2:/fs/tmp# 

pokurcz:/home/eyck# mdadm  --create /dev/md1 -a yes --level 1 --raid-devices=2 missing /dev/sdb5
mdadm: array /dev/md1 started.

pokurcz:/home/eyck# cat /proc/mdstat 
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md1 : active raid1 sdb5[1]
      50002176 blocks [2/1] [_U]
            
unused devices: <none>
pokurcz:/home/eyck# 

pokurcz:/home/eyck# mdadm --add /dev/md1 /dev/sda5
mdadm: added /dev/sda5
pokurcz:/home/eyck# cat /proc/mdstat 
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md1 : active raid1 sda5[2] sdb5[1]
      50002176 blocks [2/1] [_U]
      [>....................]  recovery =  0.2% (139392/50002176) finish=11.9min speed=69696K/sec
	          
unused devices: <none>

| Create Degraded Raid1 | | 2008.03.13-13:32.00

VMWare Server on debian etch requirements

ii libx11-6 1.0.3-7 X11 client-side library ii libx11-data 1.0.3-7 X11 client-side library ii libxau6 1.0.1-2 X11 authorisation library ii libxcomposite1 0.3-3 X11 Composite extension library ii libxdmcp6 1.0.1-2 X11 Display Manager Control Protocol library ii libxext6 1.0.1-2 X11 miscellaneous extension library ii libxfixes3 4.0.1-5 X11 miscellaneous 'fixes' extension library ii libxi6 1.0.1-4 X11 Input extension library ii libxrender1 0.9.1-3 X Rendering Extension client library ii libxt6 1.0.2-2 X11 toolkit intrinsics library ii libxtst6 1.0.1-5 X11 Testing -- Resource extension library

| VMWare Server on debian etch requirements | | 2008.03.12-17:27.00

Installing fairly featurefull perl on win32

1) get openssl-win32 2) install strawberry perl 3) (if your openssl include Crypt::SSLeay with correct perl version, go for it, if not - perl -MCPAN -e shell install Crypt::SSLeay - fails. go to cpan build dir, perl Makefile.PL;dmake => works. dmake install Next, Net::SSLeay - repeat, it fails, because it forgets about ssleay.a files.. copy their paths from Makefile for Crypt::SSLeay (EXTRALIBS vs LDLOADLIBS) install Tk, Net::SSLeay::Handle, Win32::Process... and voilea..

| Installing fairly featurefull perl on win32 | | 2008.02.15-01:30.00

Upgrading postgres from 8.1 to 8.3 on debian etch:

root@test64:/var/backups/pg# pg_upgradecluster 8.1 main
Creating new cluster (configuration: /etc/postgresql/8.3/main, data: /var/lib/postgresql/8.3/main)...
Moving configuration file /var/lib/postgresql/8.3/main/postgresql.conf to /etc/postgresql/8.3/main...
Moving configuration file /var/lib/postgresql/8.3/main/pg_hba.conf to /etc/postgresql/8.3/main...
Moving configuration file /var/lib/postgresql/8.3/main/pg_ident.conf to /etc/postgresql/8.3/main...
Configuring postgresql.conf to use port 5433...
Disabling connections to the old cluster during upgrade...
Disabling connections to the new cluster during upgrade...
Re-enabling connections to the old cluster...
Re-enabling connections to the new cluster...
Creating globals...
Fixing hardcoded library paths for stored procedures...
Upgrading database bazkadb-user07...
Analyzing database bazkadb-user07...
Fixing hardcoded library paths for stored procedures...
Upgrading database bazkadbep...
pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 1617; 2606 562236 FK CONSTRAINT fkad166f893bd6f4d7 bazka
pg_restore: [archiver (db)] could not execute query: ERROR:  foreign key constraint "fkad166f893bd6f4d7" cannot be implemented
DETAIL:  Key columns "id_endpoint" and "id_endpoint" are of incompatible types: character varying and integer.
    Command was: ALTER TABLE ONLY user_endpoint
    ADD CONSTRAINT fkad166f893bd6f4d7 FOREIGN KEY (id_endpoint) REFERENCES endpoint(id_endpoi...
WARNING: errors ignored on restore: 1
Analyzing database bazkadbep...
Fixing hardcoded library paths for stored procedures...
Upgrading database postgres...
Analyzing database postgres...
Fixing hardcoded library paths for stored procedures...
Upgrading database bazkadbep2...
Analyzing database bazkadbep2...
Fixing hardcoded library paths for stored procedures...
Upgrading database bazkadb...
Analyzing database bazkadb...
Fixing hardcoded library paths for stored procedures...
Upgrading database xwiki...
Analyzing database xwiki...
Fixing hardcoded library paths for stored procedures...
Upgrading database scheduler...
Analyzing database scheduler...
Fixing hardcoded library paths for stored procedures...
Upgrading database template1...
Analyzing database template1...
Copying old configuration files...
Copying old start.conf...
Stopping target cluster...
Stopping old cluster...
Disabling automatic startup of old cluster...
Configuring old cluster to use a different port (5433)...
Starting target cluster on the original port...
Success. Please check that the upgraded cluster works. If it does,
you can remove the old cluster with

  pg_dropcluster 8.1 main

root@test64:/var/backups/pg# pg_dropcluster 8.1 main

| Upgrading postgres from 8.1 to 8.3 on debian etch: | | 2008.02.11-12:48.00

Backups with snapshots

pokurcz:/home/ftp# xfs_freeze -f /fs/tmpptc/     
pokurcz:/home/ftp# lvcreate -l 500 -s -n tsnap /dev/dat/tmpptc 
  Logical volume "tsnap" created
pokurcz:/home/ftp# mkdir /fs/snapt
pokurcz:/home/ftp# mount -o nouuid,ro /dev/dat/tmp
tmpf    tmpptc  
pokurcz:/home/ftp# mount -o nouuid,ro /dev/dat/tmp
tmpf    tmpptc  
pokurcz:/home/ftp# mount -o nouuid,ro /dev/dat/   
bck      devetch  fs       ftp      tmpf     tmpptc   tsnap    
pokurcz:/home/ftp# mount -o nouuid,ro /dev/dat/tsnap /fs/snapt/
pokurcz:/home/ftp# xfs_freeze -u /fs/tmpptc
pokurcz:/home/ftp# 



pokurcz:/home/ftp# cd /fs/tmpptc/
pokurcz:/fs/tmpptc# ls
TL1_6-install.pdf                        
VMware-VMvisor-InstallerCD-3.5.0-67921.i386.iso  conieface.xfsdump.gz  hypervisor_performance_comparison_1_0_5_with_esx-data.pdf  ldap.pem         q                     testy
pokurcz:/fs/tmpptc# touch HELLO.WORLD
pokurcz:/fs/tmpptc# ls /fs/snapt/
VMware-VMvisor-InstallerCD-3.5.0-67921.i386.iso  conieface.xfsdump.gz  hypervisor_performance_comparison_1_0_5_with_esx-data.pdf  ldap.pem         q                     testy
pokurcz:/fs/tmpptc# 


Clean up:

pokurcz:/fs/tmpptc# umount /fs/snapt/
pokurcz:/fs/tmpptc# lvremove -f /dev/dat/   
      tmpf     tmpptc   tsnap    
pokurcz:/fs/tmpptc# lvremove -f /dev/dat/tsnap 
  Logical volume "tsnap" successfully removed

| Backups with snapshots | | 2008.01.25-19:33.00

Remove disks from lvm

HN:/home/eyck# pvscan 
  PV /dev/dm-10          VG systems   lvm2 [65.00 GB / 5.93 GB free]
  PV /dev/dm-9           VG cdb       lvm2 [70.00 GB / 1.89 GB free]
  PV /dev/dm-8           VG spool     lvm2 [797.47 GB / 81.70 GB free]
  PV /dev/cciss/c0d0p5                lvm2 [32.98 GB]
  PV /dev/cciss/c1d0p5                lvm2 [67.83 GB]
  PV /dev/cciss/c1d1p5                lvm2 [67.83 GB]
  PV /dev/cciss/c1d2p5                lvm2 [273.45 GB]
  PV /dev/cciss/c1d3p1                lvm2 [279.39 GB]
  Total: 8 [1.62 TB] / in use: 3 [932.46 GB] / in no VG: 5 [721.49 GB]
HN:/home/eyck# pvremove  /dev/cciss/c1d3p1
  Labels on physical volume "/dev/cciss/c1d3p1" successfully wiped
HN:/home/eyck# pvremove  /dev/cciss/c1d2p5
  Labels on physical volume "/dev/cciss/c1d2p5" successfully wiped
HN:/home/eyck# pvremove  /dev/cciss/c1d1p5
  Labels on physical volume "/dev/cciss/c1d1p5" successfully wiped
HN:/home/eyck# pvremove  /dev/cciss/c0d0p5
  Labels on physical volume "/dev/cciss/c0d0p5" successfully wiped
HN:/home/eyck# pvremove  /dev/cciss/c1d0p5
  Labels on physical volume "/dev/cciss/c1d0p5" successfully wiped
HN:/home/eyck# 

HN:/home/eyck# pvscan 
  PV /dev/dm-10   VG systems   lvm2 [65.00 GB / 5.93 GB free]
  PV /dev/dm-9    VG cdb       lvm2 [70.00 GB / 1.89 GB free]
  PV /dev/dm-8    VG spool     lvm2 [797.47 GB / 81.70 GB free]
Total: 3 [932.46 GB] / in use: 3 [932.46 GB] / in no VG: 0 [0   ]

| Remove disks from lvm | | 2008.01.22-12:28.00

Kerberos and k5start

kadmin -k -p eyck@DOMAIN

| Kerberos and k5start | | 2008.01.22-11:03.00

PowerDNS on PostgreSQL

CREATE TABLE domains (
    id serial NOT NULL,
    name character varying(255) NOT NULL,
    master character varying(20),
    last_check integer,
    "type" character varying(6) NOT NULL,
    notified_serial integer,
    account character varying(40)
);


CREATE TABLE records (
    id serial NOT NULL,
    domain_id integer,
    name character varying(255),
    "type" character varying(6),
    content character varying(255),
    ttl integer,
    prio integer,
    change_date integer
);

CREATE TABLE supermasters (
    ip character varying(25) NOT NULL,
    nameserver character varying(255) NOT NULL,
    account character varying(40)
);



COPY domains (id, name, master, last_check, "type", notified_serial, account) FROM stdin;
1       kuszelas.eu    \N      \N      NATIVE  \N      \N
\.


--
-- Data for TOC entry 22 (OID 17153)
-- Name: records; Type: TABLE DATA; Schema: public; Owner: postgres
--

COPY records (id, domain_id, name, "type", content, ttl, prio, change_date) FROM stdin;
2       1       localhost.kuszelas.eu  A       127.0.0.1       120     \N      \N
20      1       kuszelas.eu    MX      mail2.kuszelas.eu      300     10      \N
21      1       mail2.kuszelas.eu      A       212.182.115.24  120     \N      \N
1       1       kuszelas.eu    SOA     localhost user.kuszelas.eu 1   86400   \N      \N
17      1       kuszelas.eu    NS      ns.kuszelas.eu 300     \N      \N
18      1       kuszelas.eu    MX      mail.kuszelas.eu       300     5       \N
12      1       _jabber._tcp.jabber.kuszelas.eu        SRV     0 5269 kuszelas.eu     300     10      \N
13      1       _xmpp-server._tcp.jabber.kuszelas.eu   SRV     0 5269 kuszelas.eu     300     10      \N
14      1       _xmpp-client._tcp.jabber.kuszelas.eu   SRV     0 5222 kuszelas.eu     300     10      \N
16      1       kuszelas.eu    TXT     Serwer  300     \N      \N
3       1       www.kuszelas.eu        A       195.242.124.71  120     \N      \N
5       1       dns.kuszelas.eu        A       195.242.124.71  120     \N      \N
6       1       ftp.kuszelas.eu        A       195.242.124.71  120     \N      \N
7       1       poczta.kuszelas.eu     A       195.242.124.71  120     \N      \N
8       1       pop3.kuszelas.eu       A       195.242.124.71  120     \N      \N
9       1       smtp.kuszelas.eu       A       195.242.124.71  120     \N      \N
10      1       ssh.kuszelas.eu        A       195.242.124.71  120     \N      \N
11      1       jabber.kuszelas.eu     A       195.242.124.71  120     \N      \N
4       1       mail.kuszelas.eu       A       195.242.124.71  120     \N      \N
\.

Audit trail:

CREATE TABLE audit_domains (
    operation         char(1)   NOT NULL,
    stamp             timestamp NOT NULL,
    userid            text      NOT NULL,
    id serial NOT NULL,
    name character varying(255) NOT NULL,
    master character varying(20),
    last_check integer,
    "type" character varying(6) NOT NULL,
    notified_serial integer,
    account character varying(40)
);


CREATE TABLE audit_records (
    operation         char(1)   NOT NULL,
    stamp             timestamp NOT NULL,
    userid            text      NOT NULL,
    id serial NOT NULL,
    domain_id integer,
    name character varying(255),
    "type" character varying(6),
    content character varying(255),
    ttl integer,
    prio integer,
    change_date integer
);

CREATE OR REPLACE FUNCTION process_audit_domains() RETURNS TRIGGER AS $audit_domains$
    BEGIN
        --
        -- Create a row in audit_domains to reflect the operation performed on domains,
        -- make use of the special variable TG_OP to work out the operation.
        --
        IF (TG_OP = 'DELETE') THEN
            INSERT INTO audit_domains SELECT 'D', now(), user, OLD.*;
            RETURN OLD;
        ELSIF (TG_OP = 'UPDATE') THEN
            INSERT INTO audit_domains SELECT 'U', now(), user, NEW.*;
            RETURN NEW;
        ELSIF (TG_OP = 'INSERT') THEN
            INSERT INTO audit_domains SELECT 'I', now(), user, NEW.*;
            RETURN NEW;
        END IF;
        RETURN NULL; -- result is ignored since this is an AFTER trigger
    END;
$audit_domains$ LANGUAGE plpgsql;

CREATE TRIGGER audit_domains
AFTER INSERT OR UPDATE OR DELETE ON domains
    FOR EACH ROW EXECUTE PROCEDURE process_audit_domains();

--

CREATE OR REPLACE FUNCTION process_audit_records() RETURNS TRIGGER AS $audit_records$
    BEGIN
        --
        -- Create a row in audit_records to reflect the operation performed on records,
        -- make use of the special variable TG_OP to work out the operation.
        --
        IF (TG_OP = 'DELETE') THEN
            INSERT INTO audit_records SELECT 'D', now(), user, OLD.*;
            RETURN OLD;
        ELSIF (TG_OP = 'UPDATE') THEN
            INSERT INTO audit_records SELECT 'U', now(), user, NEW.*;
            RETURN NEW;
        ELSIF (TG_OP = 'INSERT') THEN
            INSERT INTO audit_records SELECT 'I', now(), user, NEW.*;
            RETURN NEW;
        END IF;
        RETURN NULL; -- result is ignored since this is an AFTER trigger
    END;
$audit_records$ LANGUAGE plpgsql;

CREATE TRIGGER audit_records
AFTER INSERT OR UPDATE OR DELETE ON records
    FOR EACH ROW EXECUTE PROCEDURE process_audit_records();

| PowerDNS on PostgreSQL | | 2007.12.14-17:28.00

Compaq 6910p on debian lenny

• kernel >=2.6.22 (for sound, intel x3100 graphics)
• xorg >=7.2
• alsaconfig -> snd_hda_intel
• iwlwifi-4965-ucode -> /lib/firmware/
• iwlwifi 1.2.22 (1.2.20 doesn't work)
• s2ram -f --vbe_save --vbe_post --vbe_mode

  Upgrade to LVM2 from LVM1 on running system

  Problem:

  homenode:/home/eyck# pvcreate /dev/cciss/c0d2p5
    Physical volume "/dev/cciss/c0d2p5" successfully created
  homenode:/home/eyck# vgscan
    Reading all physical volumes.  This may take a while...
    Found volume group "sys" using metadata type lvm1
  homenode:/home/eyck# vgextend sys /dev/cciss/c0d2p5
    Physical volume /dev/cciss/c0d2p5 is of different format type (lvm2)
    Unable to add physical volume '/dev/cciss/c0d2p5' to volume group 'sys'.
  homenode:/home/eyck# pvscan
    PV /dev/cciss/c0d0p3   VG sys   lvm1 [66.34 GB / 0    free]
    PV /dev/cciss/c0d1p5   VG sys   lvm1 [130.34 GB / 6.19 GB free]
    PV /dev/cciss/c0d2p5            lvm2 [33.91 GB]
    Total: 3 [230.60 GB] / in use: 2 [196.69 GB] / in no VG: 1 [33.91 GB]
  
  

  Solution:

  
  homenode:/home/eyck# vgconvert -M2 sys
    Volume group sys successfully converted
  homenode:/home/eyck# pvscan 
    PV /dev/cciss/c0d0p3   VG sys   lvm2 [66.34 GB / 0    free]
    PV /dev/cciss/c0d1p5   VG sys   lvm2 [130.34 GB / 6.19 GB free]
    PV /dev/cciss/c0d2p5            lvm2 [33.91 GB]
    Total: 3 [230.60 GB] / in use: 2 [196.69 GB] / in no VG: 1 [33.91 GB]
  homenode:/home/eyck# vgextend sys /dev/cciss/c0d2p5
    Volume group "sys" successfully extended
  homenode:/home/eyck# pvscan 
    PV /dev/cciss/c0d0p3   VG sys   lvm2 [66.34 GB / 0    free]
    PV /dev/cciss/c0d1p5   VG sys   lvm2 [130.34 GB / 6.19 GB free]
    PV /dev/cciss/c0d2p5   VG sys   lvm2 [33.91 GB / 33.91 GB free]
    Total: 3 [230.59 GB] / in use: 3 [230.59 GB] / in no VG: 0 [0   ]
  
  homenode:/home/eyck# lvextend -L+5G /dev/sys/v
    Extending logical volume v to 194.50 GB
    Logical volume v successfully resized
  homenode:/home/eyck# xfs_growfs /fs/v/
  meta-data=/dev/sys/v             isize=256    agcount=61, agsize=819200 blks
           =                       sectsz=512   attr=1
  data     =                       bsize=4096   blocks=49676288, imaxpct=25
           =                       sunit=0      swidth=0 blks, unwritten=1
  naming   =version 2              bsize=4096  
  log      =internal               bsize=4096   blocks=6400, version=1
           =                       sectsz=512   sunit=0 blks
  realtime =none                   extsz=65536  blocks=0, rtextents=0
  data blocks changed from 49676288 to 50987008
  
  

  | Upgrade to LVM2 from LVM1 on running system | | 2007.09.06-12:48.00

  naviinittoolcli

  ./naviinittoolcli
  
  ...
  Navisphere Array Initialization Tool Version 6.24.0.6.7
  
  
   # 17:10:54.728973 IP 10.11.12.231.35294 > 255.255.255.255.2162: UDP, length 71
   #
   # 17:14:28.211377 IP 10.11.12.231.35294 > 255.255.255.255.2162: UDP, length 71
   #        0x0000:  4500 0063 0000 4000 4011 bafa c0a8 bee7  E..c..@.@.......
   #        0x0010:  ffff ffff 89de 0872 004f f516 3c54 3120  .......r.O..<T1.
   #        0x0020:  5433 3d22 5434 2220 5432 3d22 4154 4154  T3="T4".T2="ATAT
   #        0x0030:  5544 4522 2054 373d 2231 3237 2e30 2e30  UDE".T7="127.0.0
   #        0x0040:  2e31 2220 5433 343d 2236 2e32 342e 3022  .1".T34="6.24.0"
   #        0x0050:  203e                                     .>
  
  No storage systems discovered. Please verify the following items and try again.
  1. The storage systems are powered up.
  2. The storage systems are plugged in to the network.
  3. This wizard is run on a client machine that is in the same physical subnet as the storage systems.
  
  

  | naviinittoolcli | | 2007.08.27-14:41.00

  Setting up Linux *SWAN Ipsec for nokia e61

  Cached from: http://www.thorsten-knabe.de/linux/e61.jsp

  Connecting the Nokia E61 Mobile VPN client to a Linux OpenSwan IPSEC gateway

  This page describes how to configure and setup the Nokia E61 Mobile VPN client and Linux Openswan IPSEC gateway to establish an encrypted IPSEC tunnel between the two devices. The procedure described herein should work for other mobile devices equipped with a Nokia Mobile VPN Client as well, especially Symbian S60 3rd edition based mobile phones, but has not been tested.

  Legal advice: This page contains links to external internet sites containing additional information, that might be helpful in the course of setting up the IPSEC tunnel. I have no influence on the content and disclaim any responsibilty for the content provided by those external internet sites.
  All information on this page is provided as is without any warranty. I am not responsible or liable for any damage caused by following the steps described below. If you damage your phone, it is your fault not mine!

  Prerequisites

  Linux prerequisites

  For my setup I chose a vanilla Linux 2.6.19.1 with IPSEC support and OpenSwan 2.4.6 from Debian testing. Other kernels, distributions and OpenSwan versions could work as well but have not been tested.

  E61 prerequisites

  In oder to establish a VPN connection from the Nokia Mobile VPN client, a policy file has to be uploaded to the phone. For some reason, such a policy file cannot be uploaded directly to the phone, but has to be packed into a signed SIS file first. To create such a signed SIS file, you need a developer certificate and two Windows executables from the S60 Platform SDK for Symbian OS for C++ 3rd edition. Luckily those two Windows executables and the Windows executable to create the developer certificate run happily using Wine under Linux.

  The S60 Platform SDK for Symbian OS for C++ 3rd edition is available from http://www.forum.nokia.com -> Tools & SDKs -> C++ for Symbian OS Tools and SDKs -> S60 Platform for Symbian OS -> 3rd Edition. To unpack the SDK under Linux follow the instructions on Rudolf Königs page.

  A free developer cetificate and the Windows executable to create such a certificate is available from https://www.symbiansigned.com. Follow the steps on this site to obtain a valid developer certificate. Afterwards you should have a .key and a corresponding .cer file which are later required to sign the SIS file containing the VPN policy file.

  Configuration

  Before you start configuration, you should collect the following information, which are required during the configuration process. The actual values are replaced by the following placeholders in the example configuration files below:

  <group name>: Group name for IKE phase 1. This value is ignored by the current OpenSwan configuration.

  <group password>: Group password for IKE phase 1. Choose a good password for this parameter and keep it secret as it is the only thing needed to know to get access to your internal network if you do not use XAUTH authentication.

  <strlen(group password)>: Length of group password

  <external gateway>: External static IP address of the OpenSwan gateway. This address is used for authentication and encrypted data exchange.

  <internal gateway>: Internal IP address of the OpenSwan gateway. This address is used when sending packets from the VPN gateway through the VPN tunnel to the client.

  <internal client>: Internal IP address assigned to the VPN client. This address is used by the client when sending packets through the VPN tunnel.

  <key password>: The password of your developer key from www.symbiansigned.com.

  OpenSwan configuration

  On Debian there are 3 files that have to be edited or created in order to configure OpenSwan as a VPN gateway for the Nokia Mobile VPN client.

  /etc/ipsec.secrets

  Add a wildcard PSK (Pre-Shared Key) entry to your ipsec.secrets file. Afterwards your ipsec.secrets file should look like this:

  : PSK "<group password>"
  

  /etc/ipsec.conf

  Add an include directive to the ipsec.conf configuration file. The included file contains the actual configuration for the newly created connection to the Mobile VPN client. Afterwards your ipsec.conf should look like this:

  version 2.0
  
  config setup
          nat_traversal=yes
          nhelpers=0
          #plutodebug=all
  
  # Add connections here
  #Disable Opportunistic Encryption
  include /etc/ipsec.d/examples/no_oe.conf
  include /etc/ipsec.d/examples/e61.conf
  

  /etc/ipsec.d/examples/e61.conf

  Create a file named e61.conf for the connection parameters with the following contents:

  conn E61
          # Key exchange
          ike=aes256-sha1-modp1536
          # Data exchange
          esp=aes256-sha1
          # Authentication method PSK
          authby=secret
          auto=add
          keyingtries=3
          rekey=no
          pfs=no
          # Modeconfig setting
          modecfgpull=yes
          # local endpoint
          left=<external gateway>
          leftxauthserver=yes
          leftmodecfgserver=yes
          leftsourceip=<internal gateway>
          leftsubnet=0.0.0.0/0
          # remote endpoint
          right=%any
          rightxauthclient=yes
          rightmodecfgclient=yes
          rightsourceip=<internal client>
          rightsubnet=<internal client>/32
  

  If you set leftxauthserver and rightxauthclient to no, XAUTH authentication will be disabled. Disabling XAUTH authentication might be helpful, if you experience problems during VPN setup, but should not be disabled in production use for security reasons.

  Creating a signed SIS file containing the VPN policy

  The Nokia Mobile VPN client is configured by the policy file VPN.pol shown below, that has to be uploaded to the phone in a signed SIS file.

  In order to create a signed SIS file, two additional files are required. The VPN.pin file contains some (useless) meta information about the policy file, but is required and the VPN.pkg file, which describes the contents of the SIS file. Important: All 3 files have to be created with DOS line delimiters (in vi use: set ff=dos), otherwise the tools or the VPN will not work correctly.

  VPN.pol

  SECURITY_FILE_VERSION: 3
  [INFO]
  VPN
  [POLICY]
  sa ipsec_1 = {
   esp
   encrypt_alg 12
   max_encrypt_bits 256
   auth_alg 3
   identity_remote 0.0.0.0/0
   src_specific
   hard_lifetime_bytes 0
   hard_lifetime_addtime 3600
   hard_lifetime_usetime 3600
   soft_lifetime_bytes 0
   soft_lifetime_addtime 3600
   soft_lifetime_usetime 3600
  }
  remote 0.0.0.0 0.0.0.0 = { ipsec_1(<external gateway>) }
  inbound = { }
  outbound = { }
  [IKE]
  ADDR: <external gateway> 255.255.255.255
  MODE: MAIN
  SEND_NOTIFICATION: TRUE
  ID_TYPE: 11
  FQDN: <group name>
  GROUP_DESCRIPTION_II: MODP_1536
  USE_COMMIT: FALSE
  IPSEC_EXPIRE: FALSE
  SEND_CERT: FALSE
  INITIAL_CONTACT: FALSE
  RESPONDER_LIFETIME: TRUE
  REPLAY_STATUS: TRUE
  USE_INTERNAL_ADDR: FALSE
  USE_NAT_PROBE: FALSE
  ESP_UDP_PORT: 0
  NAT_KEEPALIVE: 60
  USE_XAUTH: TRUE
  USE_MODE_CFG: TRUE
  REKEYING_THRESHOLD: 90
  PROPOSALS: 1
  ENC_ALG: AES256-CBC
  AUTH_METHOD: PRE-SHARED
  HASH_ALG: SHA1
  GROUP_DESCRIPTION: MODP_1536
  GROUP_TYPE: DEFAULT
  LIFETIME_KBYTES: 0
  LIFETIME_SECONDS: 28800
  PRF: NONE
  PRESHARED_KEYS:
  FORMAT: STRING_FORMAT
  KEY: <strlen(group password)> <group password>
  

  If you want to disable XAUTH authentication set USE_XAUTH to FALSE and modify the e61.conf file on the VPN gateway accordingly.

  VPN.pin

  [POLICYNAME]
  VPN
  [POLICYDESCRIPTION]
  VPN
  [POLICYVERSION]
  1.1
  [ISSUERNAME]
  Do not edit
  [CONTACTINFO]
  Do not edit
  

  VPN.pkg

  ;
  ; A VPN POLICY PACKAGE
  ;
  %{"VPN"}
  :"VPN"
  &EN
  ; - None (English only by default)
  ; INSTALLATION HEADER
  ; - Only one component name is needed to support English only
  ; - UID is the UID of the VPN Policy Installer application
  #{"VPN"},(0x3D08B4F7),1,0,0,TYPE = SA
  ; LIST OF FILES
  ; Policy file
  "VPN.pol"-"C:\System\Data\Security\Install\VPN.pol"
  ; Policy-information file
  ; - NOTE: The policy-information file MUST be the last file in this
  ; list!
  ; - FM (FILEMIME) passes the file to the respective MIME handler
  ; (in this case, the VPN Policy Installer
      ; application).
  "VPN.pin"-"C:\System\Data\Security\Install\VPN.pin",
  FM, "application/x-ipsec-policy-info"
  ; REQUIRED FILES
  ; - The VPN Policy Installer application
  (0x3D08B4F7), 1, 0, 0, {"VPN Policy Installer"}
  

  Note: The two absolute paths are paths on the phone and must not be modified.

  Create an unsigned SIS file

  The unsigned SIS file is created by the makesis.exe utility. With the VPN.pol, VPN.pin and VPN.pkg file in the current working directory the makesis utility must be invoked as follows:

  makesis.exe VPN.pkg VPN.sis

  Afterwards you should have a VPN.sis file in your current working directory.

  Create a signed SIS file

  The SIS file created in the last step is still unsigned and has to be signed to be accepted by the phone. The SIS file is signed using the signsis.exe utility. It is invoked as follows, assuming the previously created SIS file and the VPN.key and VPN.cer file from www.symbiansigned.com are all located in the current working directory:

  signsis.exe VPN.sis VPN.sisx VPN.cer VPN.key <key password>

  Afterwards you should have a signed SIS file called VPN.sisx in your current working directory, which can be uploaded to your phone.

  Mobile phone configuration

  Before you start configuring the Nokia Mobile VPN client, you have to upload the signed SIS file created in the previous step to the phone. This can be done using an USB cable, infrared or Bluetooth or you can download the file from a web site. During installation of the policy file, you might get several warnings regarding the developer cerificate and phone incompatibilities, ignore and confirm all of them. After the installation completes the policy should be listed under VPN policies in the phone.

  To create a new VPN connection configuration navigate to Menu -> Tools -> Settings -> Connection -> VPN -> VPN management -> VPN policies, highlight a policy and select Options -> Define VPN access point. Configure the connection by specifiying a name, a policy and an internet access point.

  You should now be able to use the VPN connection like any other connection. If you have not disabled XAUTH authentication, you are asked for a username and password on connection setup. Enter a valid system user and password of the VPN gateway. That's it! You should now be connected to your VPN.

  Caveats & Solutions

  DNS servers

  During connection setup the VPN client obtains IP address, netmask and DNS settings from the VPN gateway, there is no way to modify those parameters on the phone.
  In OpenSwan 2.4.6 there is no (easy) way to configure the DNS servers to be used by the VPN client. DNS servers can only be set using PAM environment variables, which are only available when XAUTH is enabled.

  To circumvent this shortcoming I have created a small patch against OpenSwan 2.4.6, which allows setting DNS servers using ordinary environment variables. If you set the environment variables DNS1 and DNS2 before you start OpenSwan, those parameters are transmitted to the VPN client as the primary and secondary DNS server. The patch is available here: openswan-2.4.6.diff

  | Setting up Linux *SWAN Ipsec for nokia e61 | | 2007.06.27-09:21.00

  Connecting the Nokia E61 Mobile VPN client to a Linux OpenSwan IPSEC gateway This page describes how to configure and setup the Nokia E61 Mobile VPN client and Linux Openswan IPSEC gateway to establish an encrypted IPSEC tunnel between the two devices. The procedure described herein should work for other mobile devices equipped with a Nokia Mobile VPN Client as well, especially Symbian S60 3rd edition based mobile phones, but has not been tested. Legal advice: This page contains links to external internet sites containing additional information, that might be helpful in the course of setting up the IPSEC tunnel. I have no influence on the content and disclaim any responsibilty for the content provided by those external internet sites. All information on this page is provided as is without any warranty. I am not responsible or liable for any damage caused by following the steps described below. If you damage your phone, it is your fault not mine! Prerequisites Linux prerequisites For my setup I chose a vanilla Linux 2.6.19.1 with IPSEC support and OpenSwan 2.4.6 from Debian testing. Other kernels, distributions and OpenSwan versions could work as well but have not been tested. E61 prerequisites In oder to establish a VPN connection from the Nokia Mobile VPN client, a policy file has to be uploaded to the phone. For some reason, such a policy file cannot be uploaded directly to the phone, but has to be packed into a signed SIS file first. To create such a signed SIS file, you need a developer certificate and two Windows executables from the S60 Platform SDK for Symbian OS for C++ 3rd edition. Luckily those two Windows executables and the Windows executable to create the developer certificate run happily using Wine under Linux. The S60 Platform SDK for Symbian OS for C++ 3rd edition is available from http://www.forum.nokia.com -> Tools & SDKs -> C++ for Symbian OS Tools and SDKs -> S60 Platform for Symbian OS -> 3rd Edition. To unpack the SDK under Linux follow the instructions on Rudolf Königs page. A free developer cetificate and the Windows executable to create such a certificate is available from https://www.symbiansigned.com. Follow the steps on this site to obtain a valid developer certificate. Afterwards you should have a .key and a corresponding .cer file which are later required to sign the SIS file containing the VPN policy file. Configuration Before you start configuration, you should collect the following information, which are required during the configuration process. The actual values are replaced by the following placeholders in the example configuration files below: : Group name for IKE phase 1. This value is ignored by the current OpenSwan configuration. : Group password for IKE phase 1. Choose a good password for this parameter and keep it secret as it is the only thing needed to know to get access to your internal network if you do not use XAUTH authentication. : Length of group password : External static IP address of the OpenSwan gateway. This address is used for authentication and encrypted data exchange. : Internal IP address of the OpenSwan gateway. This address is used when sending packets from the VPN gateway through the VPN tunnel to the client. : Internal IP address assigned to the VPN client. This address is used by the client when sending packets through the VPN tunnel. : The password of your developer key from www.symbiansigned.com. OpenSwan configuration On Debian there are 3 files that have to be edited or created in order to configure OpenSwan as a VPN gateway for the Nokia Mobile VPN client. /etc/ipsec.secrets Add a wildcard PSK (Pre-Shared Key) entry to your ipsec.secrets file. Afterwards your ipsec.secrets file should look like this: : PSK "" /etc/ipsec.conf Add an include directive to the ipsec.conf configuration file. The included file contains the actual configuration for the newly created connection to the Mobile VPN client. Afterwards your ipsec.conf should look like this: version 2.0 config setup nat_traversal=yes nhelpers=0 #plutodebug=all # Add connections here #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf include /etc/ipsec.d/examples/e61.conf /etc/ipsec.d/examples/e61.conf Create a file named e61.conf for the connection parameters with the following contents: conn E61 # Key exchange ike=aes256-sha1-modp1536 # Data exchange esp=aes256-sha1 # Authentication method PSK authby=secret auto=add keyingtries=3 rekey=no pfs=no # Modeconfig setting modecfgpull=yes # local endpoint left= leftxauthserver=yes leftmodecfgserver=yes leftsourceip= leftsubnet=0.0.0.0/0 # remote endpoint right=%any rightxauthclient=yes rightmodecfgclient=yes rightsourceip= rightsubnet=/32 If you set leftxauthserver and rightxauthclient to no, XAUTH authentication will be disabled. Disabling XAUTH authentication might be helpful, if you experience problems during VPN setup, but should not be disabled in production use for security reasons. Creating a signed SIS file containing the VPN policy The Nokia Mobile VPN client is configured by the policy file VPN.pol shown below, that has to be uploaded to the phone in a signed SIS file. In order to create a signed SIS file, two additional files are required. The VPN.pin file contains some (useless) meta information about the policy file, but is required and the VPN.pkg file, which describes the contents of the SIS file. Important: All 3 files have to be created with DOS line delimiters (in vi use: set ff=dos), otherwise the tools or the VPN will not work correctly. VPN.pol SECURITY_FILE_VERSION: 3 [INFO] VPN [POLICY] sa ipsec_1 = { esp encrypt_alg 12 max_encrypt_bits 256 auth_alg 3 identity_remote 0.0.0.0/0 src_specific hard_lifetime_bytes 0 hard_lifetime_addtime 3600 hard_lifetime_usetime 3600 soft_lifetime_bytes 0 soft_lifetime_addtime 3600 soft_lifetime_usetime 3600 } remote 0.0.0.0 0.0.0.0 = { ipsec_1() } inbound = { } outbound = { } [IKE] ADDR: 255.255.255.255 MODE: MAIN SEND_NOTIFICATION: TRUE ID_TYPE: 11 FQDN: GROUP_DESCRIPTION_II: MODP_1536 USE_COMMIT: FALSE IPSEC_EXPIRE: FALSE SEND_CERT: FALSE INITIAL_CONTACT: FALSE RESPONDER_LIFETIME: TRUE REPLAY_STATUS: TRUE USE_INTERNAL_ADDR: FALSE USE_NAT_PROBE: FALSE ESP_UDP_PORT: 0 NAT_KEEPALIVE: 60 USE_XAUTH: TRUE USE_MODE_CFG: TRUE REKEYING_THRESHOLD: 90 PROPOSALS: 1 ENC_ALG: AES256-CBC AUTH_METHOD: PRE-SHARED HASH_ALG: SHA1 GROUP_DESCRIPTION: MODP_1536 GROUP_TYPE: DEFAULT LIFETIME_KBYTES: 0 LIFETIME_SECONDS: 28800 PRF: NONE PRESHARED_KEYS: FORMAT: STRING_FORMAT KEY: If you want to disable XAUTH authentication set USE_XAUTH to FALSE and modify the e61.conf file on the VPN gateway accordingly. VPN.pin [POLICYNAME] VPN [POLICYDESCRIPTION] VPN [POLICYVERSION] 1.1 [ISSUERNAME] Do not edit [CONTACTINFO] Do not edit VPN.pkg ; ; A VPN POLICY PACKAGE ; %{"VPN"} :"VPN" &EN ; - None (English only by default) ; INSTALLATION HEADER ; - Only one component name is needed to support English only ; - UID is the UID of the VPN Policy Installer application #{"VPN"},(0x3D08B4F7),1,0,0,TYPE = SA ; LIST OF FILES ; Policy file "VPN.pol"-"C:\System\Data\Security\Install\VPN.pol" ; Policy-information file ; - NOTE: The policy-information file MUST be the last file in this ; list! ; - FM (FILEMIME) passes the file to the respective MIME handler ; (in this case, the VPN Policy Installer ; application). "VPN.pin"-"C:\System\Data\Security\Install\VPN.pin", FM, "application/x-ipsec-policy-info" ; REQUIRED FILES ; - The VPN Policy Installer application (0x3D08B4F7), 1, 0, 0, {"VPN Policy Installer"} Note: The two absolute paths are paths on the phone and must not be modified. Create an unsigned SIS file The unsigned SIS file is created by the makesis.exe utility. With the VPN.pol, VPN.pin and VPN.pkg file in the current working directory the makesis utility must be invoked as follows: makesis.exe VPN.pkg VPN.sis Afterwards you should have a VPN.sis file in your current working directory. Create a signed SIS file The SIS file created in the last step is still unsigned and has to be signed to be accepted by the phone. The SIS file is signed using the signsis.exe utility. It is invoked as follows, assuming the previously created SIS file and the VPN.key and VPN.cer file from www.symbiansigned.com are all located in the current working directory: signsis.exe VPN.sis VPN.sisx VPN.cer VPN.key Afterwards you should have a signed SIS file called VPN.sisx in your current working directory, which can be uploaded to your phone. Mobile phone configuration Before you start configuring the Nokia Mobile VPN client, you have to upload the signed SIS file created in the previous step to the phone. This can be done using an USB cable, infrared or Bluetooth or you can download the file from a web site. During installation of the policy file, you might get several warnings regarding the developer cerificate and phone incompatibilities, ignore and confirm all of them. After the installation completes the policy should be listed under VPN policies in the phone. To create a new VPN connection configuration navigate to Menu -> Tools -> Settings -> Connection -> VPN -> VPN management -> VPN policies, highlight a policy and select Options -> Define VPN access point. Configure the connection by specifiying a name, a policy and an internet access point. You should now be able to use the VPN connection like any other connection. If you have not disabled XAUTH authentication, you are asked for a username and password on connection setup. Enter a valid system user and password of the VPN gateway. That's it! You should now be connected to your VPN. Caveats & Solutions DNS servers During connection setup the VPN client obtains IP address, netmask and DNS settings from the VPN gateway, there is no way to modify those parameters on the phone. In OpenSwan 2.4.6 there is no (easy) way to configure the DNS servers to be used by the VPN client. DNS servers can only be set using PAM environment variables, which are only available when XAUTH is enabled. To circumvent this shortcoming I have created a small patch against OpenSwan 2.4.6, which allows setting DNS servers using ordinary environment variables. If you set the environment variables DNS1 and DNS2 before you start OpenSwan, those parameters are transmitted to the VPN client as the primary and secondary DNS server. The patch is available here: openswan-2.4.6.diff _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ Back 2356 visitors Imprint

  | | | 2007.06.27-09:19.00

  Traffic shaping - tc filter.. divisor

  divisor is a number of entries in given table,
for (h = 0; h <= ht->divisor; h++) {
where h is 'unsigned', this suggests 65535 max, but it seems that in reality it's limited to 255 Apparently, it must be in form of 2^x (1,2,4,8,16...256), otherwise you get:

  host:~# tc filter add dev eth1 parent 1: prio 0 handle 1: protocol ip u32 divisor 17
  Illegal "divisor"
  

  | Traffic shaping - tc filter.. divisor | | 2006.10.15-00:20.00

  [Xen-devel] Debian Sarge Root Raid + LVM + XEN install guide (LONG)

  From: "Tom Hibbert"

  Hello fellow xenophiles and happy new year!
  
  I've documented the install procedure for a prototype server here since
  I found no similar document
  Anywhere on the net. It's a Sarge-based Domain0 on linux root raid from
  scratch, using LVM to store
  the data for the domU mail server and its mailstore. I humbly submit my
  notes in the hope that they are useful to some weary traveller.
  
  Have fun!
  
  
  
  Debian Sarge XEN dom0 with Linux Root Raid and LVM
  
  Hardware: P4 3.2ghz LG775
  	    Asus P5GD1-VM
  	    1gb DDR400 DRAM
  	    2x80gb Seagate SATA disks
  
  Reasons for using software raid (over Intel ICH raid or more expensive
  SCSI raid)
  	1. Speed
  	   Bonnie++ shows Linux Software Raid is MUCH faster than ICH5
  (at least under Linux)
  	2. Reliability
  	   I have observed that frequent disk access with small files
  has destroyed ICH5 raid arrays in 	   the past (at least under
  Linux)
  	3. Recovery
  	   I had a bad experience with the death of an Adaptec 3200S
  controller not long ago. The array
  	   was nonrecoverable because a replacement card could not be
  sourced in time. Additionally the
  	   firmware revision for the 3200s was unknown. (Recovery from
  controller death if even 	   possible requires the same firmware
  revision as the original card, since that was not known
  we would have had to guess which takes time and time is money when you
  have a dead server)
  	4. Price
  	   Reduce cost of hardware to the client because we arent using
  expensive raid controllers
  	5. Prevalence
  	   It is much easier to source standard disks than it is to
  source SCSI disks (in the case
  	   of using SCSI raid controllers). It is also much easier to
  source a standard SATA controller 	   than it is to source a RAID
  controller 
  
  Reasons for using XEN
  	1. Recovery
  	   Putting all network services inside XEN virtual machines that
  can be backed up makes       	   disaster recovery a non-brainer
  	2. Better utilisation of hardware
  	   Stacking virtual machines allows more efficient use of
  hardware (cost effectiveness)
  	3. It's just cooler :)
  
  Methodology
  	1. Setting up the hardware - setting SATA to compatible mode
  	2. Boot off Feather Linux USB key
  	3. Partition primary drive
  	4. Install base system
  	5. Chroot into base system
  	6. Install C/C++ development packages
  	7. Install XEN packages
  	8. Configure/build/install XEN Dom0 kernel
  	9. Install GRUB
  	10. Reboot to base system and set SATA to enhanced mode
  	11. Migrate system into RAID1 and test
  	12. Configure/build/install XEN DomU kernel
  	13. Configure LVM
  	14. Create DomU environment
        * 15. Install services into DomU
  	16. Configure XEN to boot DomU automatically
        * 17. Testing
        * 18. Deployment
  
  * Not covered by this document
  
  
  1. Setting up the hardware
     -----------------------
  
  Standard stuff here. Set the mode for SATA to Compatible so that
  Feather's kernel was able to access the hard disks.
  
  2. Boot off Feather Linux USB key
     ------------------------------
  
  Feather is fantastic because it allows one to setup a Debian system
  without having to boot from the now heavily outdated Woody install CD.
  It supports more hardware and  also allows easy installation to a system
  without a CDRom drive in a build network without an 'evil' segment (PXE
  boot). It also makes a convenient rescue platform.
  http://featherlinux.berlios.de
  
  3. Partition primary drive
     -----------------------
  
  Feather Linux does not properly support the ICHx and it doesnt have the
  administration tools for making raid arrays. Therefore the setup method
  we will use is to build the base system on a single disk and then
  migrate it into RAID1. Trust me, this is much easier than it sounds!
  
  I partitioned the primary drive as follows
  
     Device Boot      Start         End      Blocks   Id  System
  /dev/hda1               1           3       24066   fd  Linux raid
  autodetect
  /dev/hda2               4         501     4000185   fd  Linux raid
  autodetect
  /dev/hda3             502        9605    73127880   fd  Linux raid
  autodetect
  /dev/hda4            9606        9729      996030   fd  Linux raid
  autodetect
  
  using hda2 for root and hda1 for boot with swap on hda4. hda3 is not
  used yet.
  
  Format and mount up the drive to /target:
  
  # mkdir /target
  # mkfs.ext3 /dev/hda1
  # mkfs.ext3 /dev/hda2
  # mount /dev/hda2 /target
  # mkdir /target/boot
  # mount /dev/hda1 /target/boot
  
  
  4. Install the base system
     ----------------------
  
  Set up Feather with APT and debootstrap:
  
  # dpkg-get
  # apt-get install debootstrap
  
  Install the base system
  
  # debootstrap sarge /target
  
  Perform basic configuration
  
  # vi /target/etc/fstab
  
  /dev/sda2        /       ext3    defaults        0       1
  /dev/sda1        /boot   ext3    defaults        0       2
  proc             /proc   proc    defaults        0       0
  
  You may be asking why am I putting sda here? The reason is because once
  I set the ICH6 to use Enhanced Mode and reboot into the fresh 2.6.9 xen0
  kernel with SATA support compiled the drives appear as SCSI devices. hda
  will be enumerated as /dev/sda.
  
  5. Chroot into base system
     -----------------------
  
  # umount /dev/hda1
  # cd /target
  # chroot .
  # su -
  # mount /dev/hda1 /boot
  
  Unmounting and remounting boot is important for configuring GRUB later.
  
  Some more configuration needs to be done at this point:
  
  # rm /etc/resolv.conf
  # rm /etc/hostname
  # echo xen0-test > /etc/hostname
  # echo nameserver 210.55.13.3 > /etc/resolv.conf
  
  6. Install C/C++ packages
     ----------------------
  
  # apt-setup
  # apt-get update
  # dselect update
  # tasksel
  (Select C/C++ development packages)
  
  7. Install XEN packages
     --------------------
    
  Until Adam's packages get released I am using some homebrew packages
  descended from Brian's original 
  work.
  
  # mkdir xen
  # cd xen
  # apt-get install wget
  # wget -r http://cryptocracy.hn.org/xen/
  # cd cryptocracy.hn.org/xen
  # dpkg -i *.deb
  # apt-get -f install
  
  8. Configure/build/install XEN dom0 kernel
     ---------------------------------------
  
  Since this is the first time configuring XEN on this hardware I am
  building the kernel from scratch.
  When we get more of these servers I will install a prebuilt debianised
  kernel on them.
  
  # cd /usr/src/
  # tar -jxvf ./kernel-source-2.6.9_2.6.9-3_all.deb
  # cd kernel-source-2.6.9
  # export ARCH=xen
  # cp ~/xen/cryptocracy.hn.org/xen/config.xen0 .config
  # make menuconfig
  (Make changes as appropriate for this hardware)
  # make
  # make modules_install
  # cp vmlinuz /boot/vmlinuz-2.6.9-dom0
  
  9. Configure GRUB
     --------------
  
  # apt-get install grub
  # grub-install
  # update-grub
  
  Now edit the grub menu.lst file and modify the kernel definition so it
  looks like this:
  
  title Xen 2.0.1 / Xenolinux 2.6.9
  root (hd0,0)
  kernel /xen.gz dom0_mem=131072
  module /269-xen0 root=/dev/sda2 ro console=tty0
  
  10. Reboot to base system and revert SATA configuration to Enhanced mode
      --------------------------------------------------------------------
  
  # reboot
  
  Set the relevant option in the BIOS and we're good to go.
  
  11. Migrate to RAID1 and test
      -------------------------
  
  We've just built a complete Dom0 base system on the first disk. In order
  to migrate this into RAID1,
  we will create a RAID array using the second disk only, duplicate the
  data onto the second drive, reboot into it and then readd the first
  drive to the array. Sounds complex, but it isnt. This is another
  advantage of Linux RAID over conventional RAID: it is easy to migrate
  from a single disk to a RAID configuration.
  
  
  First we need to partition the second disk exactly like the first:
  
  # sfdisk -d /dev/sda > ~/partitions.sda
  
  Having this data backed up is an incredibly good idea. I experienced a
  catastrophic faliure on
  one server once by enabling DMA with a buggy OSB4 driver. The partition
  table was destroyed. Using
  the partition data backed up in the manner above i was able to restore
  the partition to find
  that my data (an important IMAP store) was still intact.
  
  Duplicating the partition table (or restoring from backup) is simple:
  
  # sfdisk /dev/sdb < ~/partitions.sda
  
  That's it. The two drives are now identically partitioned.
  
  Now we need to initialise the RAID on the second disk without destroying
  the data on the first.
  
  # apt-get install mdadm raidtools2
  
  Begin by creating the raidtab. My one looks like this:
  
  raiddev /dev/md0
          raid-level 1
          nr-raid-disks 2
          persistent-superblock 1
          chunk-size 8
          
          device  /dev/sda1
          failed-disk 0
          device /dev/sdb1
          raid-disk 1
  
  ... repeated for each partition. Marking the partitions on sda - our
  source drive - as failed BEFORE
  creating the raid array is very important as it prevents them from being
  overwritten by mkraid.
  
  Create the RAID disks now.
  
  # for i in 'seq 0 3'; do mkraid /dev/md$i; done
  
  Format and mount the root and boot partitions and initialise swap:
  
  # mkfs.ext3 /dev/md0
  # mkfs.ext3 /dev/md1
  # mkswap /dev/md2
  # mkdir /target
  # mount /dev/md1 /target
  # mkdir /target/boot
  # mount /dev/md0 /target/boot
  
  Copy the contents of our base system into the RAID we've just created:
  
  # ls -1 / | grep -v proc | while read line ; do cp -afx /$line /target;
  done
  # cp -afx /boot/* /target/boot
  
  Modify the target's fstab and grub configuration as follows:
  
  /target/etc/fstab now looks like this:
  
  /dev/md1        /       ext3    defaults        0       1
  /dev/md0        /boot   ext3    defaults        0       2
  proc            /proc   proc    defaults        0       0
  /dev/md2        none    swap    sw              0       0
  
  And change the kernel definition in /target/boot/menu.lst slightly:
  
  module /269-xen0 root=/dev/md1 ro console=tty0
  
  Umount /target/boot:
  
  # umount /target/boot
  
  Chroot into the target:
  
  # cd /target
  # chroot .
  # su -
  
  Remount boot and install grub:
  
  # mount -a
  # grub-install
  # update-grub
  # exit
  # logout
  
  We're now ready to reboot into our new RAID! 
  
  # reboot
  
  Most modern boards these days (at least the ASUS ones which is all I
  use) have an option to select
  the boot device. On the P4 and P5 series mainboards this is accessed
  through F8. As your system is
  booting hit F8 and choose the second drive. If your system does not
  support this you can change the
  boot order in the bios or if you prefer you can edit the GRUB options by
  pressing 'e' at the prompt.
  
  Once the system has rebooted you should now be inside your RAID setup.
  It's time to import the first
  drive into the array.
  
  First edit the raidtab and mark sda as usable:
  
  raiddev /dev/md0
          raid-level 1
          nr-raid-disks 2
          persistent-superblock 1
          chunk-size 8
          
          device  /dev/sda1
          raid-disk 0
          device /dev/sdb1
          raid-disk 1
  
  ... etc. Now add the partitions on sda as members using raidhotadd:
  
  # raidhotadd /dev/md0 /dev/sda1
  
  Rinse and repeat for each partition, or use a tricky bash one liner :)
  
  The mirror is now syncing each partition in sequence. You can check the
  status of this process 
  by periodically cating /proc/mdstat.
  
  Once each partition is synced your mirror is complete and you can
  reboot, remove and shuffle drives
  about to your hearts content, or at least until you're satisfied that
  the root raid is working
  correctly.
  
  12. Configure/build/install XEN domU kernel
  
  There's no point in building the domU kernel until you're ready to use
  it. If I was using a prebuilt
  kernel package I would have included the domU kernel so this step would
  be avoided.
  
  # cd /usr/src/kernel-source-2.6.9
  # make clean
  # export ARCH=xen
  # cp ~/xen/cryptocracy.hn.org/xen/config.xenU .config
  # make menuconfig
  (Make changes as appropriate)
  # make
  # make modules_install
  # cp vmlinuz /boot/vmlinuz-2.6.9-domU
  
  13. Configure LVM
  
  I use LVM (or devmapper) to store the domU VBDs, including their data.
  This allows for easy resizing of 
  partitions/images as required by services.
  
  # apt-get install lvm10 lvm2
  
  Initialise the partition as a physical volume:
  
  # pvcreate /dev/md3
  
  Create a volume group for xen:
  
  # vgcreate xen /dev/md3
  
  14. Create domU environment
      -----------------------
  
  Create logical volumes for the service domU and its mailstore:
  
  # lvcreate -L4096M -n mail xen
  # lvcreate -L65000M -n store xen
  
  Format and mount the domU VBD:
  
  # mount.ext3 /dev/xen/mail
  # mount /dev/xen/mail /target
  
  Install the base system on the domU:
  
  # export ARCH=i386
  # apt-get install debootstrap
  # debootstrap /target
  
  Configure the target:
  
  # cd /target
  # chroot .
  # su -
  # rm /etc/hostname
  # rm /etc/resolv.conf
  # echo mail > /etc/hostname
  # echo nameserver 210.55.13.3 > /etc/resolv.conf
  # apt-setup
  
  Edit /etc/fstab:
  
  /dev/hda1       /       ext3    errors=remount-ro       0       1
  /dev/hdb1       /store  reiserfs defaults               0       2
  proc            /proc   proc    defaults                0       0
  
  Edit /etc/network/interfaces:
  
  auto lo
  iface lo inet loopback
  
  auto eth0
  iface eth0 inet dhcp
  
  # exit
  # logout
  
  Create the config file for the new domain
  
  # cp /etc/xen/xmexample1 /etc/xen/mail
  
  Edit the file and change the name and disk parameters:
  
  name = mail
  disk = [ 'phy:xen/mail,hda1,w', 'phy:xen/store,hdb1,w']
  
  Unmount the target and format the store partition:
  
  # umount /target
  # apt-get install reiserfsprogs
  # mkfs.reiserfs /dev/xen/store
  
  Fire up your new xenU domain!
  
  # /etc/init.d/xend start
  # xm create -f /etc/xen/mail
  # xm console mail
  
  Have a play and to return to the xen0 hit ctrl-].
  
  16. Configure xen to start up the domain automatically
      --------------------------------------------------
  
  # ln -s /etc/init.d/xend /etc/rc2.d/S20xen
  # ln -s /etc/init.d/xendomains /etc/rc2.d/S21xendomains
  # mv /etc/xen/main /etc/xen/auto
  
  That's it! :) Enjoy your fresh new server.
  
  
  -------------------------------------------------------
  The SF.Net email is sponsored by: Beat the post-holiday blues
  Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
  It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
  _______________________________________________
  Xen-devel mailing list
  Xen-devel@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/xen-devel
  
  

  | [Xen-devel] Debian Sarge Root Raid + LVM + XEN install guide (LONG) | | 2005.01.13-08:00.00

  Using svk

  pokurcz eyck 13:53 ~/shared/projects/tftp/svk > svk mirror //project/cpan https://smaug.forumakad.pl/esvn/cpan/
  Committed revision 1.
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk 
  cache  config  local
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk/local 
  README.txt  conf  dav  db  format  hooks  locks
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk/cache 
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > svk sync //project/cpan                                  
  Syncing https://smaug.forumakad.pl/esvn/cpan
  Retrieving log information from 1 to 7
  Committed revision 2 from revision 6.
  Committed revision 3 from revision 7.
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk 
  cache  config  local
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
  pokurcz eyck 13:54 ~/shared/projects/tftp/svk > # svk sync //project/trunk
  pokurcz eyck 13:55 ~/shared/projects/tftp/svk >  svk sync //project/trunk
  no source specificed at /usr/share/perl5/SVN/Mirror.pm line 52.
  pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
  pokurcz eyck 13:55 ~/shared/projects/tftp/svk > scp checkout //project/cpan cpan
  cp: cannot stat `checkout': No such file or directory
  cp: cannot stat `//project/cpan': No such file or directory
  zsh: exit 1     scp checkout //project/cpan cpan
  pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
  pokurcz eyck 13:55 ~/shared/projects/tftp/svk > svk checkout //project/cpan cpan
  Syncing //project/cpan(/project/cpan) in /home/eyck/shared/projects/tftp/svk/cpan to 3.
  A   cpan/Net-Lite-FTP
  A   cpan/Net-Lite-FTP/L8R.txt
  A   cpan/Net-Lite-FTP/t
  A   cpan/Net-Lite-FTP/t/Net-Lite-FTP.t
  A   cpan/Net-Lite-FTP/Meta.yml
  A   cpan/Net-Lite-FTP/MANIFEST
  A   cpan/Net-Lite-FTP/lib
  A   cpan/Net-Lite-FTP/lib/Net
  A   cpan/Net-Lite-FTP/lib/Net/Lite
  A   cpan/Net-Lite-FTP/lib/Net/Lite/FTP.pm
  A   cpan/Net-Lite-FTP/Makefile.PL
  A   cpan/Net-Lite-FTP/Changes
  A   cpan/Net-Lite-FTP/client.pl
  A   cpan/Net-Lite-FTP/Makefile.old
  A   cpan/Net-Lite-FTP/README
  pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
  
  cd cpan/Net-Lite-FTP
  play...
  
  pokurcz eyck 13:57 ..ftp/svk/cpan/Net-Lite-FTP > svk diff
  === L8R.txt
  ==================================================================
  --- L8R.txt  (revision 3)
  +++ L8R.txt  (local)
  @@ -1,3 +1,4 @@
  +#
   sub list {
        my ($self)=@_;
        my $sock=$self->{'Sock'};
  
  
  pokurcz eyck 13:57 ..ftp/svk/cpan/Net-Lite-FTP > svk ci
  Merging back to SVN::Mirror source https://smaug.forumakad.pl/esvn/cpan.
  Merge back committed as revision 8.
  Syncing https://smaug.forumakad.pl/esvn/cpan
  Retrieving log information from 8 to 8
  Committed revision 4 from revision 8.
  
  

  | Using svk | | 2005.01.07-13:59.00

  Subversion upgrade 0.33 -> 1.0.1

  ( error message : "

   (20014)Error string not specified yet: Expected version '3' of repository; found version '2'
  Could not fetch resource information.  [500, #0]
  Could not open the requested SVN filesystem  [500, #165005]
  (84)Invalid or incomplete multibyte or wide character: Could not open the requested SVN filesystem  [500, #165005]
  

  " )

  svnadmin-0.33.0-0.backports.org.1 dump /var/lib/svn/  > svn.0.33.dump
  

  Now it's ideal time for:

  cat svn.0.33.dump | svndumpfilter exclude diskspace.hogging.test.repository  |gzip -1 >  svn.0.33.dump.without.sht.gz
  

  And now, for the grand finale:

  
  svnadmin create /var/lib/svn
  cat svn.0.33.dump | svnadmin load /var/lib/svn/
  

  | Subversion upgrade 0.33 -> 1.0.1 | | 2004.03.17-12:17.00

  Running Amavis on woody with exim3 and clamav/clamscan

  deb http://www.backports.org/debian woody amavis-ng deb http://www.backports.org/debian woody clamav #clamav: deb http://people.debian.org/~aurel32/BACKPORTS stable main

  apt-get install amavisd-new clamavis-daemon
  

  For exim.conf: trusted_users = mail:amavis . . . . amavis_smtp: driver = smtp hosts = localhost port = 10024 allow_localhost hosts_override end ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### amavis_director: condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" driver = smartuser transport = amavis_smtp verify = false . . . . ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### amavis_router: condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" driver = domainlist transport = amavis_smtp verify = false route_list = * localhost byname self = send uncomment exim3 settings from amavisd-new, restart it.. optionally comment out spamassassin-disabling line..

  | Running Amavis on woody with exim3 and clamav/clamscan | | 2004.03.04-13:33.00

  Using LVM

  ALWAYS create your VGs with -i 32 ( 32M physical extents ), this allows for 2TB size arrays, with default you get only 256G.

  | Using LVM | | 2004.02.26-10:11.00

  Wonderfull world of redhats: apt-rpm

  lftp apt-rpm.tuxfamily.org:~/apt/redhat/9/en/i386/RPMS.extra> ls
  -rw-r--r--   1 nobody   nogroup    873124 Apr 16  2003 apt-0.5.5cnc5-fr2.i386.rpm
  -rw-r--r--   1 nobody   nogroup    527526 Apr 16  2003 apt-devel-0.5.5cnc5-fr2.i386.rpm
  

  | Wonderfull world of redhats: apt-rpm | | 2004.02.23-10:23.00

  Installing Oracle Xi/10g on Woody

  1. Get Oracle10g ;)
  2. get some diskspace, get some ram, get some swap, create users and groups for oracle ( oracle user is enough, you can go with group dba, user oracle, orainstall etc etc.. though.. )
  3. 
apt-get install make rpm binutils gcc
ln -s /usr/bin/awk /bin/awk
ln -s /usr/bin/rpm /bin/rpm
It's also nice to go and tasksel -> c/c++ development
  4. Pretend you're a redhat:
root@ox $cat > /etc/redhat-release
Red Hat Linux release 2.1 (drupal)
^D

  5. uncompress your install and run installation script: /opt/oracle/Disk1/runInstall
  6. Make some choice, push some buttons, run some runme.sh scripts, ignore two compilation errors and voile'a:
eyck@ox $ sqlplus

Enter user-name: eyck@OX
Enter password:
Connected to:
Oracle Database 10g Release 10.1.0.2.0 - Production

  ox.1.png ox.2.png

  | Installing Oracle Xi/10g on Woody | | 2004.02.12-21:19.00

  Installing oracle 9i on woody,

  I. DEBIAN GNU/LINUX ENVIRONMENT SETUP Steps to perform as root for setting up Oracle installation environment: a. Create oracle group, user and home directory.
addgroup dba
adduser --home /ora --no-create-home --ingroup dba oracle
chown oracle.dba /ora
mkdir /ora/9iR2
chown oracle.dba /ora/9iR2
b. Create links needed by Oracle installer.
ln -s /usr/bin/awk /bin/awk
ln -s /usr/bin/sort /bin/sort
ln -s /usr/bin/basename /bin/basename
c. Install mandatory packages.
apt-get install make binutils gcc libstdc++2.10-glibc2.2 libstdc++2.10-dev libstdc++2.9-glibc2.1


  See more ...

  | Installing oracle 9i on woody, | | 2004.02.12-20:54.00

  Installing grub on software raid disks...

  Look:

  topik:/home/eyck# grub-install /dev/sda
  Installation finished. No error reported.
  This is the contents of the device map /boot/grub/device.map.
  Check if this is correct or not. If any of the lines is incorrect,
  fix it and re-run the script `grub-install'.
  
  (fd0)   /dev/fd0
  (hd0)   /dev/hda
  (hd1)   /dev/sda
  (hd2)   /dev/sdb
  (hd3)   /dev/sdc
  (hd4)   /dev/sdd
  topik:/home/eyck# grub-install /dev/sdc
  Installation finished. No error reported.
  This is the contents of the device map /boot/grub/device.map.
  Check if this is correct or not. If any of the lines is incorrect,
  fix it and re-run the script `grub-install'.
  
  (fd0)   /dev/fd0
  (hd0)   /dev/hda
  (hd1)   /dev/sda
  (hd2)   /dev/sdb
  (hd3)   /dev/sdc
  (hd4)   /dev/sdd
  

  but:

  topik:/home/eyck# grub-install /dev/sdc
  /dev/md1 does not have any corresponding BIOS drive.
  

  ( you need to edit your /etc/mtab and replace md1(root) with hmmm.. with anything - for examples sda1 )

  | Installing grub on software raid disks... | | 2004.01.09-11:07.00

  Extending your filesystem

  1. create partition on new disk with type 8e
  2. goliat:/fs/samba# pvcreate /dev/hdd2 pvcreate -- physical volume "/dev/hdd2" successfully created

  goliat:/fs/samba# vgextend share_vg /dev/hdd2
  vgextend -- INFO: maximum logical volume size is 255.99 Gigabyte
  vgextend -- doing automatic backup of volume group "share_vg"
  vgextend -- volume group "share_vg" successfully extended
  
  goliat:/fs/samba# lvextend /dev/share_vg/share_lv 
  lvextend -- please enter l or L option
  
  goliat:/fs/samba# pvscan 
  pvscan -- reading all physical volumes (this may take a while...)
  pvscan -- ACTIVE   PV "/dev/hdc3" of VG "share_vg" [70.37 GB / 416 MB free]
  pvscan -- ACTIVE   PV "/dev/hdd2" of VG "share_vg" [74.41 GB / 74.41 GB free]
  pvscan -- ACTIVE   PV "/dev/hda2" of VG "home_vg"  [992 MB / 0 free]
  pvscan -- ACTIVE   PV "/dev/hda3" of VG "share_vg" [69.64 GB / 0 free]
  pvscan -- total: 4 [215.41 GB] / in use: 4 [215.41 GB] / in no VG: 0 [0]
  
  goliat:/fs/samba# lvextend -L+74G /dev/share_vg/share_lv 
  lvextend -- extending logical volume "/dev/share_vg/share_lv" to 213.60 GB
  lvextend -- doing automatic backup of volume group "share_vg"
  lvextend -- logical volume "/dev/share_vg/share_lv" successfully extended
  
  goliat:/fs/samba# lvextend -L+1G /dev/share_vg/share_lv 
  lvextend -- only 208 free physical extents in volume group "share_vg"
  
  goliat:/fs/samba# lvextend -L+500M /dev/share_vg/share_lv 
  lvextend -- extending logical volume "/dev/share_vg/share_lv" to 214.09 GB
  lvextend -- doing automatic backup of volume group "share_vg"
  lvextend -- logical volume "/dev/share_vg/share_lv" successfully extended
  
  goliat:/fs/samba# lvextend -L+500M /dev/share_vg/share_lv 
  lvextend -- only 83 free physical extents in volume group "share_vg"
  
  goliat:/fs/samba# lvextend -L+50M /dev/share_vg/share_lv 
  lvextend -- rounding relative size up to physical extent boundary
  lvextend -- extending logical volume "/dev/share_vg/share_lv" to 214.14 GB
  lvextend -- doing automatic backup of volume group "share_vg"
  lvextend -- logical volume "/dev/share_vg/share_lv" successfully extended
  
  goliat:/fs/samba# xfs   
  xfs_admin     xfs_check     xfs_estimate  xfs_fsr       xfs_info      xfs_mkfile    xfs_repair    xfsdq         xfsinvutil    xfsrq         
  xfs_bmap      xfs_db        xfs_freeze    xfs_growfs    xfs_logprint  xfs_ncheck    xfs_rtcp      xfsdump       xfsrestore    
  goliat:/fs/samba# xfs_growfs /dev/share_vg/share_lv 
  xfs_growfs: /dev/share_vg/share_lv is not a filesystem mount point, according to /etc/mtab
  goliat:/fs/samba# xfs_growfs /fs/s                  
  s2     samba  
  goliat:/fs/samba# xfs_growfs /fs/samba/Inne/
  meta-data=/fs/samba/Inne         isize=256    agcount=35, agsize=1048576 blks
  data     =                       bsize=4096   blocks=36595712, imaxpct=25
           =                       sunit=0      swidth=0 blks, unwritten=0
  naming   =version 2              bsize=4096  
  log      =internal               bsize=4096   blocks=2227
  realtime =none                   extsz=65536  blocks=0, rtextents=0
  data blocks changed from 36595712 to 56135680
  goliat:/fs/samba# df -h
  Filesystem            Size  Used Avail Use% Mounted on
  /dev/hde1             3.9G  919M  3.0G  23% /
  /dev/home_vg/home_lv  987M  699M  289M  71% /home
  /dev/share_vg/share_lv
                        214G  139G   75G  65% /fs/samba/Inne
  goliat:/fs/samba# 
  
  
  

  | Extending your filesystem | | 2004.01.09-11:06.00

  Requesting new package from debian

  http://www.debian.org/devel/wnpp

  apt-get install reportbug
  

  reportbug wnpp

  then enter: RFP then: packagename

  | Requesting new package from debian | | 2003.12.04-09:46.00

  Exim4 tls

  sid:/etc/exim4# /usr/share/doc/exim4-base/examples/exim-gencert 
  [*] Creating a self signed SSL certificate for Exim!
      This may be sufficient to establish encrypted connections but for
      secure identification you need to buy a real certificate!
      
      Please enter the hostname of your MTA at the Common Name (CN) prompt!
      
  Generating a 1024 bit RSA private key
  ...................................................................++++++
  .......++++++
  unable to write 'random state'
  writing new private key to '/etc/exim4/exim.key'
  -----
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Code (2 letters) [US]:PL
  State or Province Name (full name) [Some-State]:Lubelskie
  Locality Name (eg, city) []:Lublin
  Organization Name (eg, company; recommended) []:G
  Organizational Unit Name (eg, section) []:unSecurity
  Server name (eg. ssl.domain.tld; required!!!) []:grendel.ar.lublin.pl
  Email Address []:eyck at grendel.ar.lublin.pl
  [*] Done generating self signed certificates for exim!
      Refer to the documentation and example configuration files
      over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS
      support in your mail transfer agent.
  
  
  

  | Exim4 tls | | 2003.11.30-20:40.00

  Creating Mailing List with Ecartis

  sid:/etc/exim4#  /usr/lib/ecartis/ecartis  -newlist llug
  
  Creating new list 'llug'...
  List admin e-mail: eyck@grendel.ar.lublin.pl
   Writing config file...done.
    Creating default user file...done.
    Sending aliases for sendmail/Exim/Postfix/Zmailer to stdout.
  
    # Aliases for 'llug' mailing list.
    llug: "|/usr/lib/ecartis/ecartis -s llug"
    llug-request: "|/usr/lib/ecartis/ecartis -r llug"
    llug-repost: "|/usr/lib/ecartis/ecartis -a llug"
    llug-admins: "|/usr/lib/ecartis/ecartis -admins llug"
    llug-moderators: "|/usr/lib/ecartis/ecartis -moderators llug"
    llug-bounce: "|/usr/lib/ecartis/ecartis -bounce llug"
  

  sid:/etc/exim4#  cat >> /etc/aliases
    # Aliases for 'llug' mailing list.
    llug: "|/usr/lib/ecartis/ecartis -s llug"
    llug-request: "|/usr/lib/ecartis/ecartis -r llug"
    llug-repost: "|/usr/lib/ecartis/ecartis -a llug"
    llug-admins: "|/usr/lib/ecartis/ecartis -admins llug"
    llug-moderators: "|/usr/lib/ecartis/ecartis -moderators llug"
    llug-bounce: "|/usr/lib/ecartis/ecartis -bounce llug"
  

  sid:/etc/exim4#  sync

  sid:/etc/exim4#  cd /var/lib/ecarts/lists/llug && perl -p -i.b -e 's/\@sid/\@host.name.tld/' config
  

  | Creating Mailing List with Ecartis | | 2003.11.30-20:34.00

  Moving undo/temporary tablespace to another location

  CREATE UNDO TABLESPACE undotbs02
  DATAFILE '/opt/oracle/oradata1/sbrd/undotbs02.dbf' SIZE 3000M REUSE   
  AUTOEXTEND ON;
  
  ALTER SYSTEM SET UNDO_TABLESPACE = undotbs02;
  
  DROP TABLESPACE undotbs01;
  

  | Moving undo/temporary tablespace to another location | | 2003.11.26-11:25.00

  Running proftpd with tls

  Under woody:

  $ openssl req -new -x509 -days 365 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem

  With sid/sarge you also need those in proftpd.conf:

  #TLSCACertificateFile /etc/proftpd/ftpd-rsa.pem
  TLSRSACertificateFile /etc/proftpd/ftpd-rsa.pem
  TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem
  TLSLog /var/log/proftpd/tls.log
  TLSRequired     on
  TLSEngine       on
  

  | Running proftpd with tls | | 2003.11.24-19:19.00

  Making linux reboot on panic

  Suppose you're running some unsafe kernel in remote location, you wouldn't like your machine to freeze waiting for you to power it down in case of panic. So what do you do?

  echo "69" > /proc/sys/kernel/panic
  

  this will make it wait 69 seconds and then reboot in case of panic ( unless of course, like with my problem with audio half of panics loop infinitely )

  | Making linux reboot on panic | | 2003.11.24-11:06.00

  Copying Filesystems...

  # xfsdump -J - / | xfsrestore -J - /new

  ghost:/fs/new# xfsdump  -J - /usr | xfsrestore -J - 2/
  xfsdump: using file dump (drive_simple) strategy
  xfsdump: version 3.0 - Running single-threaded
  xfsdump: level 0 dump of ghost:/usr
  xfsdump: dump date: Thu Oct  9 20:06:40 2003
  xfsdump: session id: 3ae3f0fd-42f1-4058-a7d8-16f9244e0c7a
  xfsdump: session label: ""
  xfsdump: ino map phase 1: skipping (no subtrees specified)
  xfsdump: ino map phase 2: constructing initial dump list
  xfsrestore: using file dump (drive_simple) strategy
  xfsrestore: version 3.0 - Running single-threaded
  xfsrestore: searching media for dump
  xfsdump: ino map phase 3: skipping (no pruning necessary)
  xfsdump: ino map phase 4: skipping (size estimated in phase 2)
  xfsdump: ino map phase 5: skipping (only one dump stream)
  xfsdump: ino map construction complete
  xfsdump: estimated dump size: 2717644928 bytes
  xfsdump: creating dump session media file 0 (media 0, file 0)
  xfsdump: dumping ino map
  xfsdump: dumping directories
  xfsrestore: examining media file 0
  xfsrestore: dump description: 
  xfsrestore: hostname: ghost
  xfsrestore: mount point: /usr
  xfsrestore: volume: /dev/hda2
  xfsrestore: session time: Thu Oct  9 20:06:40 2003
  xfsrestore: level: 0
  xfsrestore: session label: ""
  xfsrestore: media label: ""
  xfsrestore: file system id: 16f58678-aa1c-4fb3-8ebb-2b4f396e6d51
  xfsrestore: session id: 3ae3f0fd-42f1-4058-a7d8-16f9244e0c7a
  xfsrestore: media id: 72be49e3-c012-49b8-ae7c-d50c135f6f1c
  xfsrestore: searching media for directory dump
  xfsrestore: reading directories
  xfsdump: dumping non-directory files
  xfsrestore: 2834 directories and 47251 entries processed
  xfsrestore: directory post-processing
  xfsrestore: restoring non-directory files
  xfsdump: ending media file
  xfsdump: media file size 2636356224 bytes
  xfsdump: dump size (non-dir files) : 2621231040 bytes
  xfsdump: dump complete: 227 seconds elapsed
  xfsdump: Dump Status: SUCCESS
  xfsrestore: restore complete: 227 seconds elapsed
  xfsrestore: Restore Status: SUCCESS
  ghost:/fs/new# 
  
  
  

  
  ghost:/fs/new# mkfs.xfs -f -L Var /dev/hdd5
  meta-data=/dev/hdd5              isize=256    agcount=8, agsize=93628 blks
  data     =                       bsize=4096   blocks=749022, imaxpct=25
           =                       sunit=0      swidth=0 blks, unwritten=0
  naming   =version 2              bsize=4096  
  log      =internal log           bsize=4096   blocks=1200
  realtime =none                   extsz=65536  blocks=0, rtextents=0
  ghost:/fs/new# mkfs.xfs -f -L Home /dev/hdd6
  meta-data=/dev/hdd6              isize=256    agcount=8, agsize=156131 blks
  data     =                       bsize=4096   blocks=1249045, imaxpct=25
           =                       sunit=0      swidth=0 blks, unwritten=0
  naming   =version 2              bsize=4096  
  log      =internal log           bsize=4096   blocks=1200
  realtime =none                   extsz=65536  blocks=0, rtextents=0
  ghost:/fs/new# mkfs.xfs -f -L Dat /dev/hdd7
  meta-data=/dev/hdd7              isize=256    agcount=17, agsize=1048576 blks
  data     =                       bsize=4096   blocks=17500801, imaxpct=25
           =                       sunit=0      swidth=0 blks, unwritten=0
  naming   =version 2              bsize=4096  
  log      =internal log           bsize=4096   blocks=2136
  realtime =none                   extsz=65536  blocks=0, rtextents=0
  ghost:/fs/new# mount /dev/hdd5 5
  ghost:/fs/new# mount /dev/hdd6 6
  ghost:/fs/new# mount /dev/hdd7 7
  ghost:/fs/new# time nice xfsdump  -J - /var | xfsrestore -J - 5/; time nice xfsdump -J - /home | xfsrestore -J - 6/;time nice xfsdump -J - /fs/dat | xfsrestore -J - 7/
  
  

  | Copying Filesystems... | | 2003.10.12-19:15.00

  How to change linux keyboard repeat rate...

  /sbin/kbdrate -r 30 -d 250 is supposed to be the fastest setting for i386.

  | How to change linux keyboard repeat rate... | | 2003.10.03-10:45.00