Dariush Debian Diary

Problem:

homenode:/home/eyck# pvcreate /dev/cciss/c0d2p5
  Physical volume "/dev/cciss/c0d2p5" successfully created
homenode:/home/eyck# vgscan
  Reading all physical volumes.  This may take a while...
  Found volume group "sys" using metadata type lvm1
homenode:/home/eyck# vgextend sys /dev/cciss/c0d2p5
  Physical volume /dev/cciss/c0d2p5 is of different format type (lvm2)
  Unable to add physical volume '/dev/cciss/c0d2p5' to volume group 'sys'.
homenode:/home/eyck# pvscan
  PV /dev/cciss/c0d0p3   VG sys   lvm1 [66.34 GB / 0    free]
  PV /dev/cciss/c0d1p5   VG sys   lvm1 [130.34 GB / 6.19 GB free]
  PV /dev/cciss/c0d2p5            lvm2 [33.91 GB]
  Total: 3 [230.60 GB] / in use: 2 [196.69 GB] / in no VG: 1 [33.91 GB]

Solution:

homenode:/home/eyck# vgconvert -M2 sys
  Volume group sys successfully converted
homenode:/home/eyck# pvscan 
  PV /dev/cciss/c0d0p3   VG sys   lvm2 [66.34 GB / 0    free]
  PV /dev/cciss/c0d1p5   VG sys   lvm2 [130.34 GB / 6.19 GB free]
  PV /dev/cciss/c0d2p5            lvm2 [33.91 GB]
  Total: 3 [230.60 GB] / in use: 2 [196.69 GB] / in no VG: 1 [33.91 GB]
homenode:/home/eyck# vgextend sys /dev/cciss/c0d2p5
  Volume group "sys" successfully extended
homenode:/home/eyck# pvscan 
  PV /dev/cciss/c0d0p3   VG sys   lvm2 [66.34 GB / 0    free]
  PV /dev/cciss/c0d1p5   VG sys   lvm2 [130.34 GB / 6.19 GB free]
  PV /dev/cciss/c0d2p5   VG sys   lvm2 [33.91 GB / 33.91 GB free]
  Total: 3 [230.59 GB] / in use: 3 [230.59 GB] / in no VG: 0 [0   ]

homenode:/home/eyck# lvextend -L+5G /dev/sys/v
  Extending logical volume v to 194.50 GB
  Logical volume v successfully resized
homenode:/home/eyck# xfs_growfs /fs/v/
meta-data=/dev/sys/v             isize=256    agcount=61, agsize=819200 blks
         =                       sectsz=512   attr=1
data     =                       bsize=4096   blocks=49676288, imaxpct=25
         =                       sunit=0      swidth=0 blks, unwritten=1
naming   =version 2              bsize=4096  
log      =internal               bsize=4096   blocks=6400, version=1
         =                       sectsz=512   sunit=0 blks
realtime =none                   extsz=65536  blocks=0, rtextents=0
data blocks changed from 49676288 to 50987008

./naviinittoolcli

...
Navisphere Array Initialization Tool Version 6.24.0.6.7


 # 17:10:54.728973 IP 10.11.12.231.35294 > 255.255.255.255.2162: UDP, length 71
 #
 # 17:14:28.211377 IP 10.11.12.231.35294 > 255.255.255.255.2162: UDP, length 71
 #        0x0000:  4500 0063 0000 4000 4011 bafa c0a8 bee7  E..c..@.@.......
 #        0x0010:  ffff ffff 89de 0872 004f f516 3c54 3120  .......r.O..<T1.
 #        0x0020:  5433 3d22 5434 2220 5432 3d22 4154 4154  T3="T4".T2="ATAT
 #        0x0030:  5544 4522 2054 373d 2231 3237 2e30 2e30  UDE".T7="127.0.0
 #        0x0040:  2e31 2220 5433 343d 2236 2e32 342e 3022  .1".T34="6.24.0"
 #        0x0050:  203e                                     .>

No storage systems discovered. Please verify the following items and try again.
1. The storage systems are powered up.
2. The storage systems are plugged in to the network.
3. This wizard is run on a client machine that is in the same physical subnet as the storage systems.

Cached from: http://www.thorsten-knabe.de/linux/e61.jsp

Connecting the Nokia E61 Mobile VPN client to a Linux OpenSwan IPSEC gateway

This page describes how to configure and setup the Nokia E61 Mobile VPN client and Linux Openswan IPSEC gateway to establish an encrypted IPSEC tunnel between the two devices. The procedure described herein should work for other mobile devices equipped with a Nokia Mobile VPN Client as well, especially Symbian S60 3rd edition based mobile phones, but has not been tested.

Legal advice: This page contains links to external internet sites containing additional information, that might be helpful in the course of setting up the IPSEC tunnel. I have no influence on the content and disclaim any responsibilty for the content provided by those external internet sites.
All information on this page is provided as is without any warranty. I am not responsible or liable for any damage caused by following the steps described below. If you damage your phone, it is your fault not mine!

Prerequisites

Linux prerequisites

For my setup I chose a vanilla Linux 2.6.19.1 with IPSEC support and OpenSwan 2.4.6 from Debian testing. Other kernels, distributions and OpenSwan versions could work as well but have not been tested.

E61 prerequisites

In oder to establish a VPN connection from the Nokia Mobile VPN client, a policy file has to be uploaded to the phone. For some reason, such a policy file cannot be uploaded directly to the phone, but has to be packed into a signed SIS file first. To create such a signed SIS file, you need a developer certificate and two Windows executables from the S60 Platform SDK for Symbian OS for C++ 3rd edition. Luckily those two Windows executables and the Windows executable to create the developer certificate run happily using Wine under Linux.

The S60 Platform SDK for Symbian OS for C++ 3rd edition is available from http://www.forum.nokia.com -> Tools & SDKs -> C++ for Symbian OS Tools and SDKs -> S60 Platform for Symbian OS -> 3rd Edition. To unpack the SDK under Linux follow the instructions on Rudolf Königs page.

A free developer cetificate and the Windows executable to create such a certificate is available from https://www.symbiansigned.com. Follow the steps on this site to obtain a valid developer certificate. Afterwards you should have a .key and a corresponding .cer file which are later required to sign the SIS file containing the VPN policy file.

Configuration

Before you start configuration, you should collect the following information, which are required during the configuration process. The actual values are replaced by the following placeholders in the example configuration files below:

<group name>: Group name for IKE phase 1. This value is ignored by the current OpenSwan configuration.

<group password>: Group password for IKE phase 1. Choose a good password for this parameter and keep it secret as it is the only thing needed to know to get access to your internal network if you do not use XAUTH authentication.

<strlen(group password)>: Length of group password

<external gateway>: External static IP address of the OpenSwan gateway. This address is used for authentication and encrypted data exchange.

<internal gateway>: Internal IP address of the OpenSwan gateway. This address is used when sending packets from the VPN gateway through the VPN tunnel to the client.

<internal client>: Internal IP address assigned to the VPN client. This address is used by the client when sending packets through the VPN tunnel.

<key password>: The password of your developer key from www.symbiansigned.com.

OpenSwan configuration

On Debian there are 3 files that have to be edited or created in order to configure OpenSwan as a VPN gateway for the Nokia Mobile VPN client.

/etc/ipsec.secrets

Add a wildcard PSK (Pre-Shared Key) entry to your ipsec.secrets file. Afterwards your ipsec.secrets file should look like this:

: PSK "<group password>"

/etc/ipsec.conf

Add an include directive to the ipsec.conf configuration file. The included file contains the actual configuration for the newly created connection to the Mobile VPN client. Afterwards your ipsec.conf should look like this:

version 2.0

config setup
        nat_traversal=yes
        nhelpers=0
        #plutodebug=all

# Add connections here
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
include /etc/ipsec.d/examples/e61.conf

/etc/ipsec.d/examples/e61.conf

Create a file named e61.conf for the connection parameters with the following contents:

conn E61
        # Key exchange
        ike=aes256-sha1-modp1536
        # Data exchange
        esp=aes256-sha1
        # Authentication method PSK
        authby=secret
        auto=add
        keyingtries=3
        rekey=no
        pfs=no
        # Modeconfig setting
        modecfgpull=yes
        # local endpoint
        left=<external gateway>
        leftxauthserver=yes
        leftmodecfgserver=yes
        leftsourceip=<internal gateway>
        leftsubnet=0.0.0.0/0
        # remote endpoint
        right=%any
        rightxauthclient=yes
        rightmodecfgclient=yes
        rightsourceip=<internal client>
        rightsubnet=<internal client>/32

If you set leftxauthserver and rightxauthclient to no, XAUTH authentication will be disabled. Disabling XAUTH authentication might be helpful, if you experience problems during VPN setup, but should not be disabled in production use for security reasons.

Creating a signed SIS file containing the VPN policy

The Nokia Mobile VPN client is configured by the policy file VPN.pol shown below, that has to be uploaded to the phone in a signed SIS file.

In order to create a signed SIS file, two additional files are required. The VPN.pin file contains some (useless) meta information about the policy file, but is required and the VPN.pkg file, which describes the contents of the SIS file. Important: All 3 files have to be created with DOS line delimiters (in vi use: set ff=dos), otherwise the tools or the VPN will not work correctly.

VPN.pol

SECURITY_FILE_VERSION: 3
[INFO]
VPN
[POLICY]
sa ipsec_1 = {
 esp
 encrypt_alg 12
 max_encrypt_bits 256
 auth_alg 3
 identity_remote 0.0.0.0/0
 src_specific
 hard_lifetime_bytes 0
 hard_lifetime_addtime 3600
 hard_lifetime_usetime 3600
 soft_lifetime_bytes 0
 soft_lifetime_addtime 3600
 soft_lifetime_usetime 3600
}
remote 0.0.0.0 0.0.0.0 = { ipsec_1(<external gateway>) }
inbound = { }
outbound = { }
[IKE]
ADDR: <external gateway> 255.255.255.255
MODE: MAIN
SEND_NOTIFICATION: TRUE
ID_TYPE: 11
FQDN: <group name>
GROUP_DESCRIPTION_II: MODP_1536
USE_COMMIT: FALSE
IPSEC_EXPIRE: FALSE
SEND_CERT: FALSE
INITIAL_CONTACT: FALSE
RESPONDER_LIFETIME: TRUE
REPLAY_STATUS: TRUE
USE_INTERNAL_ADDR: FALSE
USE_NAT_PROBE: FALSE
ESP_UDP_PORT: 0
NAT_KEEPALIVE: 60
USE_XAUTH: TRUE
USE_MODE_CFG: TRUE
REKEYING_THRESHOLD: 90
PROPOSALS: 1
ENC_ALG: AES256-CBC
AUTH_METHOD: PRE-SHARED
HASH_ALG: SHA1
GROUP_DESCRIPTION: MODP_1536
GROUP_TYPE: DEFAULT
LIFETIME_KBYTES: 0
LIFETIME_SECONDS: 28800
PRF: NONE
PRESHARED_KEYS:
FORMAT: STRING_FORMAT
KEY: <strlen(group password)> <group password>

If you want to disable XAUTH authentication set USE_XAUTH to FALSE and modify the e61.conf file on the VPN gateway accordingly.

VPN.pin

[POLICYNAME]
VPN
[POLICYDESCRIPTION]
VPN
[POLICYVERSION]
1.1
[ISSUERNAME]
Do not edit
[CONTACTINFO]
Do not edit

VPN.pkg

;
; A VPN POLICY PACKAGE
;
%{"VPN"}
:"VPN"
&EN
; - None (English only by default)
; INSTALLATION HEADER
; - Only one component name is needed to support English only
; - UID is the UID of the VPN Policy Installer application
#{"VPN"},(0x3D08B4F7),1,0,0,TYPE = SA
; LIST OF FILES
; Policy file
"VPN.pol"-"C:\System\Data\Security\Install\VPN.pol"
; Policy-information file
; - NOTE: The policy-information file MUST be the last file in this
; list!
; - FM (FILEMIME) passes the file to the respective MIME handler
; (in this case, the VPN Policy Installer
    ; application).
"VPN.pin"-"C:\System\Data\Security\Install\VPN.pin",
FM, "application/x-ipsec-policy-info"
; REQUIRED FILES
; - The VPN Policy Installer application
(0x3D08B4F7), 1, 0, 0, {"VPN Policy Installer"}

Note: The two absolute paths are paths on the phone and must not be modified.

Create an unsigned SIS file

The unsigned SIS file is created by the makesis.exe utility. With the VPN.pol, VPN.pin and VPN.pkg file in the current working directory the makesis utility must be invoked as follows:

makesis.exe VPN.pkg VPN.sis

Afterwards you should have a VPN.sis file in your current working directory.

Create a signed SIS file

The SIS file created in the last step is still unsigned and has to be signed to be accepted by the phone. The SIS file is signed using the signsis.exe utility. It is invoked as follows, assuming the previously created SIS file and the VPN.key and VPN.cer file from www.symbiansigned.com are all located in the current working directory:

signsis.exe VPN.sis VPN.sisx VPN.cer VPN.key <key password>

Afterwards you should have a signed SIS file called VPN.sisx in your current working directory, which can be uploaded to your phone.

Mobile phone configuration

Before you start configuring the Nokia Mobile VPN client, you have to upload the signed SIS file created in the previous step to the phone. This can be done using an USB cable, infrared or Bluetooth or you can download the file from a web site. During installation of the policy file, you might get several warnings regarding the developer cerificate and phone incompatibilities, ignore and confirm all of them. After the installation completes the policy should be listed under VPN policies in the phone.

To create a new VPN connection configuration navigate to Menu -> Tools -> Settings -> Connection -> VPN -> VPN management -> VPN policies, highlight a policy and select Options -> Define VPN access point. Configure the connection by specifiying a name, a policy and an internet access point.

You should now be able to use the VPN connection like any other connection. If you have not disabled XAUTH authentication, you are asked for a username and password on connection setup. Enter a valid system user and password of the VPN gateway. That's it! You should now be connected to your VPN.

Caveats & Solutions

DNS servers

During connection setup the VPN client obtains IP address, netmask and DNS settings from the VPN gateway, there is no way to modify those parameters on the phone.
In OpenSwan 2.4.6 there is no (easy) way to configure the DNS servers to be used by the VPN client. DNS servers can only be set using PAM environment variables, which are only available when XAUTH is enabled.

To circumvent this shortcoming I have created a small patch against OpenSwan 2.4.6, which allows setting DNS servers using ordinary environment variables. If you set the environment variables DNS1 and DNS2 before you start OpenSwan, those parameters are transmitted to the VPN client as the primary and secondary DNS server. The patch is available here: openswan-2.4.6.diff

Connecting the Nokia E61 Mobile VPN client to a Linux OpenSwan IPSEC gateway This page describes how to configure and setup the Nokia E61 Mobile VPN client and Linux Openswan IPSEC gateway to establish an encrypted IPSEC tunnel between the two devices. The procedure described herein should work for other mobile devices equipped with a Nokia Mobile VPN Client as well, especially Symbian S60 3rd edition based mobile phones, but has not been tested. Legal advice: This page contains links to external internet sites containing additional information, that might be helpful in the course of setting up the IPSEC tunnel. I have no influence on the content and disclaim any responsibilty for the content provided by those external internet sites. All information on this page is provided as is without any warranty. I am not responsible or liable for any damage caused by following the steps described below. If you damage your phone, it is your fault not mine! Prerequisites Linux prerequisites For my setup I chose a vanilla Linux 2.6.19.1 with IPSEC support and OpenSwan 2.4.6 from Debian testing. Other kernels, distributions and OpenSwan versions could work as well but have not been tested. E61 prerequisites In oder to establish a VPN connection from the Nokia Mobile VPN client, a policy file has to be uploaded to the phone. For some reason, such a policy file cannot be uploaded directly to the phone, but has to be packed into a signed SIS file first. To create such a signed SIS file, you need a developer certificate and two Windows executables from the S60 Platform SDK for Symbian OS for C++ 3rd edition. Luckily those two Windows executables and the Windows executable to create the developer certificate run happily using Wine under Linux. The S60 Platform SDK for Symbian OS for C++ 3rd edition is available from http://www.forum.nokia.com -> Tools & SDKs -> C++ for Symbian OS Tools and SDKs -> S60 Platform for Symbian OS -> 3rd Edition. To unpack the SDK under Linux follow the instructions on Rudolf Königs page. A free developer cetificate and the Windows executable to create such a certificate is available from https://www.symbiansigned.com. Follow the steps on this site to obtain a valid developer certificate. Afterwards you should have a .key and a corresponding .cer file which are later required to sign the SIS file containing the VPN policy file. Configuration Before you start configuration, you should collect the following information, which are required during the configuration process. The actual values are replaced by the following placeholders in the example configuration files below: : Group name for IKE phase 1. This value is ignored by the current OpenSwan configuration. : Group password for IKE phase 1. Choose a good password for this parameter and keep it secret as it is the only thing needed to know to get access to your internal network if you do not use XAUTH authentication. : Length of group password : External static IP address of the OpenSwan gateway. This address is used for authentication and encrypted data exchange. : Internal IP address of the OpenSwan gateway. This address is used when sending packets from the VPN gateway through the VPN tunnel to the client. : Internal IP address assigned to the VPN client. This address is used by the client when sending packets through the VPN tunnel. : The password of your developer key from www.symbiansigned.com. OpenSwan configuration On Debian there are 3 files that have to be edited or created in order to configure OpenSwan as a VPN gateway for the Nokia Mobile VPN client. /etc/ipsec.secrets Add a wildcard PSK (Pre-Shared Key) entry to your ipsec.secrets file. Afterwards your ipsec.secrets file should look like this: : PSK "" /etc/ipsec.conf Add an include directive to the ipsec.conf configuration file. The included file contains the actual configuration for the newly created connection to the Mobile VPN client. Afterwards your ipsec.conf should look like this: version 2.0 config setup nat_traversal=yes nhelpers=0 #plutodebug=all # Add connections here #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf include /etc/ipsec.d/examples/e61.conf /etc/ipsec.d/examples/e61.conf Create a file named e61.conf for the connection parameters with the following contents: conn E61 # Key exchange ike=aes256-sha1-modp1536 # Data exchange esp=aes256-sha1 # Authentication method PSK authby=secret auto=add keyingtries=3 rekey=no pfs=no # Modeconfig setting modecfgpull=yes # local endpoint left= leftxauthserver=yes leftmodecfgserver=yes leftsourceip= leftsubnet=0.0.0.0/0 # remote endpoint right=%any rightxauthclient=yes rightmodecfgclient=yes rightsourceip= rightsubnet=/32 If you set leftxauthserver and rightxauthclient to no, XAUTH authentication will be disabled. Disabling XAUTH authentication might be helpful, if you experience problems during VPN setup, but should not be disabled in production use for security reasons. Creating a signed SIS file containing the VPN policy The Nokia Mobile VPN client is configured by the policy file VPN.pol shown below, that has to be uploaded to the phone in a signed SIS file. In order to create a signed SIS file, two additional files are required. The VPN.pin file contains some (useless) meta information about the policy file, but is required and the VPN.pkg file, which describes the contents of the SIS file. Important: All 3 files have to be created with DOS line delimiters (in vi use: set ff=dos), otherwise the tools or the VPN will not work correctly. VPN.pol SECURITY_FILE_VERSION: 3 [INFO] VPN [POLICY] sa ipsec_1 = { esp encrypt_alg 12 max_encrypt_bits 256 auth_alg 3 identity_remote 0.0.0.0/0 src_specific hard_lifetime_bytes 0 hard_lifetime_addtime 3600 hard_lifetime_usetime 3600 soft_lifetime_bytes 0 soft_lifetime_addtime 3600 soft_lifetime_usetime 3600 } remote 0.0.0.0 0.0.0.0 = { ipsec_1() } inbound = { } outbound = { } [IKE] ADDR: 255.255.255.255 MODE: MAIN SEND_NOTIFICATION: TRUE ID_TYPE: 11 FQDN: GROUP_DESCRIPTION_II: MODP_1536 USE_COMMIT: FALSE IPSEC_EXPIRE: FALSE SEND_CERT: FALSE INITIAL_CONTACT: FALSE RESPONDER_LIFETIME: TRUE REPLAY_STATUS: TRUE USE_INTERNAL_ADDR: FALSE USE_NAT_PROBE: FALSE ESP_UDP_PORT: 0 NAT_KEEPALIVE: 60 USE_XAUTH: TRUE USE_MODE_CFG: TRUE REKEYING_THRESHOLD: 90 PROPOSALS: 1 ENC_ALG: AES256-CBC AUTH_METHOD: PRE-SHARED HASH_ALG: SHA1 GROUP_DESCRIPTION: MODP_1536 GROUP_TYPE: DEFAULT LIFETIME_KBYTES: 0 LIFETIME_SECONDS: 28800 PRF: NONE PRESHARED_KEYS: FORMAT: STRING_FORMAT KEY: If you want to disable XAUTH authentication set USE_XAUTH to FALSE and modify the e61.conf file on the VPN gateway accordingly. VPN.pin [POLICYNAME] VPN [POLICYDESCRIPTION] VPN [POLICYVERSION] 1.1 [ISSUERNAME] Do not edit [CONTACTINFO] Do not edit VPN.pkg ; ; A VPN POLICY PACKAGE ; %{"VPN"} :"VPN" &EN ; - None (English only by default) ; INSTALLATION HEADER ; - Only one component name is needed to support English only ; - UID is the UID of the VPN Policy Installer application #{"VPN"},(0x3D08B4F7),1,0,0,TYPE = SA ; LIST OF FILES ; Policy file "VPN.pol"-"C:\System\Data\Security\Install\VPN.pol" ; Policy-information file ; - NOTE: The policy-information file MUST be the last file in this ; list! ; - FM (FILEMIME) passes the file to the respective MIME handler ; (in this case, the VPN Policy Installer ; application). "VPN.pin"-"C:\System\Data\Security\Install\VPN.pin", FM, "application/x-ipsec-policy-info" ; REQUIRED FILES ; - The VPN Policy Installer application (0x3D08B4F7), 1, 0, 0, {"VPN Policy Installer"} Note: The two absolute paths are paths on the phone and must not be modified. Create an unsigned SIS file The unsigned SIS file is created by the makesis.exe utility. With the VPN.pol, VPN.pin and VPN.pkg file in the current working directory the makesis utility must be invoked as follows: makesis.exe VPN.pkg VPN.sis Afterwards you should have a VPN.sis file in your current working directory. Create a signed SIS file The SIS file created in the last step is still unsigned and has to be signed to be accepted by the phone. The SIS file is signed using the signsis.exe utility. It is invoked as follows, assuming the previously created SIS file and the VPN.key and VPN.cer file from www.symbiansigned.com are all located in the current working directory: signsis.exe VPN.sis VPN.sisx VPN.cer VPN.key Afterwards you should have a signed SIS file called VPN.sisx in your current working directory, which can be uploaded to your phone. Mobile phone configuration Before you start configuring the Nokia Mobile VPN client, you have to upload the signed SIS file created in the previous step to the phone. This can be done using an USB cable, infrared or Bluetooth or you can download the file from a web site. During installation of the policy file, you might get several warnings regarding the developer cerificate and phone incompatibilities, ignore and confirm all of them. After the installation completes the policy should be listed under VPN policies in the phone. To create a new VPN connection configuration navigate to Menu -> Tools -> Settings -> Connection -> VPN -> VPN management -> VPN policies, highlight a policy and select Options -> Define VPN access point. Configure the connection by specifiying a name, a policy and an internet access point. You should now be able to use the VPN connection like any other connection. If you have not disabled XAUTH authentication, you are asked for a username and password on connection setup. Enter a valid system user and password of the VPN gateway. That's it! You should now be connected to your VPN. Caveats & Solutions DNS servers During connection setup the VPN client obtains IP address, netmask and DNS settings from the VPN gateway, there is no way to modify those parameters on the phone. In OpenSwan 2.4.6 there is no (easy) way to configure the DNS servers to be used by the VPN client. DNS servers can only be set using PAM environment variables, which are only available when XAUTH is enabled. To circumvent this shortcoming I have created a small patch against OpenSwan 2.4.6, which allows setting DNS servers using ordinary environment variables. If you set the environment variables DNS1 and DNS2 before you start OpenSwan, those parameters are transmitted to the VPN client as the primary and secondary DNS server. The patch is available here: openswan-2.4.6.diff _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ Back 2356 visitors Imprint

divisor is a number of entries in given table,
for (h = 0; h <= ht->divisor; h++) {
where h is 'unsigned', this suggests 65535 max, but it seems that in reality it's limited to 255 Apparently, it must be in form of 2^x (1,2,4,8,16...256), otherwise you get:

host:~# tc filter add dev eth1 parent 1: prio 0 handle 1: protocol ip u32 divisor 17
Illegal "divisor"

From: "Tom Hibbert"

Hello fellow xenophiles and happy new year!

I've documented the install procedure for a prototype server here since
I found no similar document
Anywhere on the net. It's a Sarge-based Domain0 on linux root raid from
scratch, using LVM to store
the data for the domU mail server and its mailstore. I humbly submit my
notes in the hope that they are useful to some weary traveller.

Have fun!



Debian Sarge XEN dom0 with Linux Root Raid and LVM

Hardware: P4 3.2ghz LG775
	    Asus P5GD1-VM
	    1gb DDR400 DRAM
	    2x80gb Seagate SATA disks

Reasons for using software raid (over Intel ICH raid or more expensive
SCSI raid)
	1. Speed
	   Bonnie++ shows Linux Software Raid is MUCH faster than ICH5
(at least under Linux)
	2. Reliability
	   I have observed that frequent disk access with small files
has destroyed ICH5 raid arrays in 	   the past (at least under
Linux)
	3. Recovery
	   I had a bad experience with the death of an Adaptec 3200S
controller not long ago. The array
	   was nonrecoverable because a replacement card could not be
sourced in time. Additionally the
	   firmware revision for the 3200s was unknown. (Recovery from
controller death if even 	   possible requires the same firmware
revision as the original card, since that was not known
we would have had to guess which takes time and time is money when you
have a dead server)
	4. Price
	   Reduce cost of hardware to the client because we arent using
expensive raid controllers
	5. Prevalence
	   It is much easier to source standard disks than it is to
source SCSI disks (in the case
	   of using SCSI raid controllers). It is also much easier to
source a standard SATA controller 	   than it is to source a RAID
controller 

Reasons for using XEN
	1. Recovery
	   Putting all network services inside XEN virtual machines that
can be backed up makes       	   disaster recovery a non-brainer
	2. Better utilisation of hardware
	   Stacking virtual machines allows more efficient use of
hardware (cost effectiveness)
	3. It's just cooler :)

Methodology
	1. Setting up the hardware - setting SATA to compatible mode
	2. Boot off Feather Linux USB key
	3. Partition primary drive
	4. Install base system
	5. Chroot into base system
	6. Install C/C++ development packages
	7. Install XEN packages
	8. Configure/build/install XEN Dom0 kernel
	9. Install GRUB
	10. Reboot to base system and set SATA to enhanced mode
	11. Migrate system into RAID1 and test
	12. Configure/build/install XEN DomU kernel
	13. Configure LVM
	14. Create DomU environment
      * 15. Install services into DomU
	16. Configure XEN to boot DomU automatically
      * 17. Testing
      * 18. Deployment

* Not covered by this document


1. Setting up the hardware
   -----------------------

Standard stuff here. Set the mode for SATA to Compatible so that
Feather's kernel was able to access the hard disks.

2. Boot off Feather Linux USB key
   ------------------------------

Feather is fantastic because it allows one to setup a Debian system
without having to boot from the now heavily outdated Woody install CD.
It supports more hardware and  also allows easy installation to a system
without a CDRom drive in a build network without an 'evil' segment (PXE
boot). It also makes a convenient rescue platform.
http://featherlinux.berlios.de

3. Partition primary drive
   -----------------------

Feather Linux does not properly support the ICHx and it doesnt have the
administration tools for making raid arrays. Therefore the setup method
we will use is to build the base system on a single disk and then
migrate it into RAID1. Trust me, this is much easier than it sounds!

I partitioned the primary drive as follows

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1               1           3       24066   fd  Linux raid
autodetect
/dev/hda2               4         501     4000185   fd  Linux raid
autodetect
/dev/hda3             502        9605    73127880   fd  Linux raid
autodetect
/dev/hda4            9606        9729      996030   fd  Linux raid
autodetect

using hda2 for root and hda1 for boot with swap on hda4. hda3 is not
used yet.

Format and mount up the drive to /target:

# mkdir /target
# mkfs.ext3 /dev/hda1
# mkfs.ext3 /dev/hda2
# mount /dev/hda2 /target
# mkdir /target/boot
# mount /dev/hda1 /target/boot


4. Install the base system
   ----------------------

Set up Feather with APT and debootstrap:

# dpkg-get
# apt-get install debootstrap

Install the base system

# debootstrap sarge /target

Perform basic configuration

# vi /target/etc/fstab

/dev/sda2        /       ext3    defaults        0       1
/dev/sda1        /boot   ext3    defaults        0       2
proc             /proc   proc    defaults        0       0

You may be asking why am I putting sda here? The reason is because once
I set the ICH6 to use Enhanced Mode and reboot into the fresh 2.6.9 xen0
kernel with SATA support compiled the drives appear as SCSI devices. hda
will be enumerated as /dev/sda.

5. Chroot into base system
   -----------------------

# umount /dev/hda1
# cd /target
# chroot .
# su -
# mount /dev/hda1 /boot

Unmounting and remounting boot is important for configuring GRUB later.

Some more configuration needs to be done at this point:

# rm /etc/resolv.conf
# rm /etc/hostname
# echo xen0-test > /etc/hostname
# echo nameserver 210.55.13.3 > /etc/resolv.conf

6. Install C/C++ packages
   ----------------------

# apt-setup
# apt-get update
# dselect update
# tasksel
(Select C/C++ development packages)

7. Install XEN packages
   --------------------
  
Until Adam's packages get released I am using some homebrew packages
descended from Brian's original 
work.

# mkdir xen
# cd xen
# apt-get install wget
# wget -r http://cryptocracy.hn.org/xen/
# cd cryptocracy.hn.org/xen
# dpkg -i *.deb
# apt-get -f install

8. Configure/build/install XEN dom0 kernel
   ---------------------------------------

Since this is the first time configuring XEN on this hardware I am
building the kernel from scratch.
When we get more of these servers I will install a prebuilt debianised
kernel on them.

# cd /usr/src/
# tar -jxvf ./kernel-source-2.6.9_2.6.9-3_all.deb
# cd kernel-source-2.6.9
# export ARCH=xen
# cp ~/xen/cryptocracy.hn.org/xen/config.xen0 .config
# make menuconfig
(Make changes as appropriate for this hardware)
# make
# make modules_install
# cp vmlinuz /boot/vmlinuz-2.6.9-dom0

9. Configure GRUB
   --------------

# apt-get install grub
# grub-install
# update-grub

Now edit the grub menu.lst file and modify the kernel definition so it
looks like this:

title Xen 2.0.1 / Xenolinux 2.6.9
root (hd0,0)
kernel /xen.gz dom0_mem=131072
module /269-xen0 root=/dev/sda2 ro console=tty0

10. Reboot to base system and revert SATA configuration to Enhanced mode
    --------------------------------------------------------------------

# reboot

Set the relevant option in the BIOS and we're good to go.

11. Migrate to RAID1 and test
    -------------------------

We've just built a complete Dom0 base system on the first disk. In order
to migrate this into RAID1,
we will create a RAID array using the second disk only, duplicate the
data onto the second drive, reboot into it and then readd the first
drive to the array. Sounds complex, but it isnt. This is another
advantage of Linux RAID over conventional RAID: it is easy to migrate
from a single disk to a RAID configuration.


First we need to partition the second disk exactly like the first:

# sfdisk -d /dev/sda > ~/partitions.sda

Having this data backed up is an incredibly good idea. I experienced a
catastrophic faliure on
one server once by enabling DMA with a buggy OSB4 driver. The partition
table was destroyed. Using
the partition data backed up in the manner above i was able to restore
the partition to find
that my data (an important IMAP store) was still intact.

Duplicating the partition table (or restoring from backup) is simple:

# sfdisk /dev/sdb < ~/partitions.sda

That's it. The two drives are now identically partitioned.

Now we need to initialise the RAID on the second disk without destroying
the data on the first.

# apt-get install mdadm raidtools2

Begin by creating the raidtab. My one looks like this:

raiddev /dev/md0
        raid-level 1
        nr-raid-disks 2
        persistent-superblock 1
        chunk-size 8
        
        device  /dev/sda1
        failed-disk 0
        device /dev/sdb1
        raid-disk 1

... repeated for each partition. Marking the partitions on sda - our
source drive - as failed BEFORE
creating the raid array is very important as it prevents them from being
overwritten by mkraid.

Create the RAID disks now.

# for i in 'seq 0 3'; do mkraid /dev/md$i; done

Format and mount the root and boot partitions and initialise swap:

# mkfs.ext3 /dev/md0
# mkfs.ext3 /dev/md1
# mkswap /dev/md2
# mkdir /target
# mount /dev/md1 /target
# mkdir /target/boot
# mount /dev/md0 /target/boot

Copy the contents of our base system into the RAID we've just created:

# ls -1 / | grep -v proc | while read line ; do cp -afx /$line /target;
done
# cp -afx /boot/* /target/boot

Modify the target's fstab and grub configuration as follows:

/target/etc/fstab now looks like this:

/dev/md1        /       ext3    defaults        0       1
/dev/md0        /boot   ext3    defaults        0       2
proc            /proc   proc    defaults        0       0
/dev/md2        none    swap    sw              0       0

And change the kernel definition in /target/boot/menu.lst slightly:

module /269-xen0 root=/dev/md1 ro console=tty0

Umount /target/boot:

# umount /target/boot

Chroot into the target:

# cd /target
# chroot .
# su -

Remount boot and install grub:

# mount -a
# grub-install
# update-grub
# exit
# logout

We're now ready to reboot into our new RAID! 

# reboot

Most modern boards these days (at least the ASUS ones which is all I
use) have an option to select
the boot device. On the P4 and P5 series mainboards this is accessed
through F8. As your system is
booting hit F8 and choose the second drive. If your system does not
support this you can change the
boot order in the bios or if you prefer you can edit the GRUB options by
pressing 'e' at the prompt.

Once the system has rebooted you should now be inside your RAID setup.
It's time to import the first
drive into the array.

First edit the raidtab and mark sda as usable:

raiddev /dev/md0
        raid-level 1
        nr-raid-disks 2
        persistent-superblock 1
        chunk-size 8
        
        device  /dev/sda1
        raid-disk 0
        device /dev/sdb1
        raid-disk 1

... etc. Now add the partitions on sda as members using raidhotadd:

# raidhotadd /dev/md0 /dev/sda1

Rinse and repeat for each partition, or use a tricky bash one liner :)

The mirror is now syncing each partition in sequence. You can check the
status of this process 
by periodically cating /proc/mdstat.

Once each partition is synced your mirror is complete and you can
reboot, remove and shuffle drives
about to your hearts content, or at least until you're satisfied that
the root raid is working
correctly.

12. Configure/build/install XEN domU kernel

There's no point in building the domU kernel until you're ready to use
it. If I was using a prebuilt
kernel package I would have included the domU kernel so this step would
be avoided.

# cd /usr/src/kernel-source-2.6.9
# make clean
# export ARCH=xen
# cp ~/xen/cryptocracy.hn.org/xen/config.xenU .config
# make menuconfig
(Make changes as appropriate)
# make
# make modules_install
# cp vmlinuz /boot/vmlinuz-2.6.9-domU

13. Configure LVM

I use LVM (or devmapper) to store the domU VBDs, including their data.
This allows for easy resizing of 
partitions/images as required by services.

# apt-get install lvm10 lvm2

Initialise the partition as a physical volume:

# pvcreate /dev/md3

Create a volume group for xen:

# vgcreate xen /dev/md3

14. Create domU environment
    -----------------------

Create logical volumes for the service domU and its mailstore:

# lvcreate -L4096M -n mail xen
# lvcreate -L65000M -n store xen

Format and mount the domU VBD:

# mount.ext3 /dev/xen/mail
# mount /dev/xen/mail /target

Install the base system on the domU:

# export ARCH=i386
# apt-get install debootstrap
# debootstrap /target

Configure the target:

# cd /target
# chroot .
# su -
# rm /etc/hostname
# rm /etc/resolv.conf
# echo mail > /etc/hostname
# echo nameserver 210.55.13.3 > /etc/resolv.conf
# apt-setup

Edit /etc/fstab:

/dev/hda1       /       ext3    errors=remount-ro       0       1
/dev/hdb1       /store  reiserfs defaults               0       2
proc            /proc   proc    defaults                0       0

Edit /etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

# exit
# logout

Create the config file for the new domain

# cp /etc/xen/xmexample1 /etc/xen/mail

Edit the file and change the name and disk parameters:

name = mail
disk = [ 'phy:xen/mail,hda1,w', 'phy:xen/store,hdb1,w']

Unmount the target and format the store partition:

# umount /target
# apt-get install reiserfsprogs
# mkfs.reiserfs /dev/xen/store

Fire up your new xenU domain!

# /etc/init.d/xend start
# xm create -f /etc/xen/mail
# xm console mail

Have a play and to return to the xen0 hit ctrl-].

16. Configure xen to start up the domain automatically
    --------------------------------------------------

# ln -s /etc/init.d/xend /etc/rc2.d/S20xen
# ln -s /etc/init.d/xendomains /etc/rc2.d/S21xendomains
# mv /etc/xen/main /etc/xen/auto

That's it! :) Enjoy your fresh new server.


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

pokurcz eyck 13:53 ~/shared/projects/tftp/svk > svk mirror //project/cpan https://smaug.forumakad.pl/esvn/cpan/
Committed revision 1.
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk 
cache  config  local
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk/local 
README.txt  conf  dav  db  format  hooks  locks
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk/cache 
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > svk sync //project/cpan                                  
Syncing https://smaug.forumakad.pl/esvn/cpan
Retrieving log information from 1 to 7
Committed revision 2 from revision 6.
Committed revision 3 from revision 7.
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk 
cache  config  local
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > # svk sync //project/trunk
pokurcz eyck 13:55 ~/shared/projects/tftp/svk >  svk sync //project/trunk
no source specificed at /usr/share/perl5/SVN/Mirror.pm line 52.
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > scp checkout //project/cpan cpan
cp: cannot stat `checkout': No such file or directory
cp: cannot stat `//project/cpan': No such file or directory
zsh: exit 1     scp checkout //project/cpan cpan
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > svk checkout //project/cpan cpan
Syncing //project/cpan(/project/cpan) in /home/eyck/shared/projects/tftp/svk/cpan to 3.
A   cpan/Net-Lite-FTP
A   cpan/Net-Lite-FTP/L8R.txt
A   cpan/Net-Lite-FTP/t
A   cpan/Net-Lite-FTP/t/Net-Lite-FTP.t
A   cpan/Net-Lite-FTP/Meta.yml
A   cpan/Net-Lite-FTP/MANIFEST
A   cpan/Net-Lite-FTP/lib
A   cpan/Net-Lite-FTP/lib/Net
A   cpan/Net-Lite-FTP/lib/Net/Lite
A   cpan/Net-Lite-FTP/lib/Net/Lite/FTP.pm
A   cpan/Net-Lite-FTP/Makefile.PL
A   cpan/Net-Lite-FTP/Changes
A   cpan/Net-Lite-FTP/client.pl
A   cpan/Net-Lite-FTP/Makefile.old
A   cpan/Net-Lite-FTP/README
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls

cd cpan/Net-Lite-FTP
play...

pokurcz eyck 13:57 ..ftp/svk/cpan/Net-Lite-FTP > svk diff
=== L8R.txt
==================================================================
--- L8R.txt  (revision 3)
+++ L8R.txt  (local)
@@ -1,3 +1,4 @@
+#
 sub list {
      my ($self)=@_;
      my $sock=$self->{'Sock'};


pokurcz eyck 13:57 ..ftp/svk/cpan/Net-Lite-FTP > svk ci
Merging back to SVN::Mirror source https://smaug.forumakad.pl/esvn/cpan.
Merge back committed as revision 8.
Syncing https://smaug.forumakad.pl/esvn/cpan
Retrieving log information from 8 to 8
Committed revision 4 from revision 8.

( error message : "

 (20014)Error string not specified yet: Expected version '3' of repository; found version '2'
Could not fetch resource information.  [500, #0]
Could not open the requested SVN filesystem  [500, #165005]
(84)Invalid or incomplete multibyte or wide character: Could not open the requested SVN filesystem  [500, #165005]

" )

svnadmin-0.33.0-0.backports.org.1 dump /var/lib/svn/  > svn.0.33.dump

Now it's ideal time for:

cat svn.0.33.dump | svndumpfilter exclude diskspace.hogging.test.repository  |gzip -1 >  svn.0.33.dump.without.sht.gz

And now, for the grand finale:

svnadmin create /var/lib/svn
cat svn.0.33.dump | svnadmin load /var/lib/svn/

deb http://www.backports.org/debian woody amavis-ng deb http://www.backports.org/debian woody clamav #clamav: deb http://people.debian.org/~aurel32/BACKPORTS stable main

apt-get install amavisd-new clamavis-daemon

For exim.conf: trusted_users = mail:amavis . . . . amavis_smtp: driver = smtp hosts = localhost port = 10024 allow_localhost hosts_override end ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### amavis_director: condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" driver = smartuser transport = amavis_smtp verify = false . . . . ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### amavis_router: condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" driver = domainlist transport = amavis_smtp verify = false route_list = * localhost byname self = send uncomment exim3 settings from amavisd-new, restart it.. optionally comment out spamassassin-disabling line..

ALWAYS create your VGs with -i 32 ( 32M physical extents ), this allows for 2TB size arrays, with default you get only 256G.

lftp apt-rpm.tuxfamily.org:~/apt/redhat/9/en/i386/RPMS.extra> ls
-rw-r--r--   1 nobody   nogroup    873124 Apr 16  2003 apt-0.5.5cnc5-fr2.i386.rpm
-rw-r--r--   1 nobody   nogroup    527526 Apr 16  2003 apt-devel-0.5.5cnc5-fr2.i386.rpm

1. Get Oracle10g ;)
2. get some diskspace, get some ram, get some swap, create users and groups for oracle ( oracle user is enough, you can go with group dba, user oracle, orainstall etc etc.. though.. )
3. 
apt-get install make rpm binutils gcc
ln -s /usr/bin/awk /bin/awk
ln -s /usr/bin/rpm /bin/rpm
It's also nice to go and tasksel -> c/c++ development
4. Pretend you're a redhat:
root@ox $cat > /etc/redhat-release
Red Hat Linux release 2.1 (drupal)
^D

5. uncompress your install and run installation script: /opt/oracle/Disk1/runInstall
6. Make some choice, push some buttons, run some runme.sh scripts, ignore two compilation errors and voile'a:
eyck@ox $ sqlplus

Enter user-name: eyck@OX
Enter password:
Connected to:
Oracle Database 10g Release 10.1.0.2.0 - Production


ox.1.png ox.2.png

I. DEBIAN GNU/LINUX ENVIRONMENT SETUP Steps to perform as root for setting up Oracle installation environment: a. Create oracle group, user and home directory.
addgroup dba
adduser --home /ora --no-create-home --ingroup dba oracle
chown oracle.dba /ora
mkdir /ora/9iR2
chown oracle.dba /ora/9iR2
b. Create links needed by Oracle installer.
ln -s /usr/bin/awk /bin/awk
ln -s /usr/bin/sort /bin/sort
ln -s /usr/bin/basename /bin/basename
c. Install mandatory packages.
apt-get install make binutils gcc libstdc++2.10-glibc2.2 libstdc++2.10-dev libstdc++2.9-glibc2.1


See more ...

Look:

topik:/home/eyck# grub-install /dev/sda
Installation finished. No error reported.
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.

(fd0)   /dev/fd0
(hd0)   /dev/hda
(hd1)   /dev/sda
(hd2)   /dev/sdb
(hd3)   /dev/sdc
(hd4)   /dev/sdd
topik:/home/eyck# grub-install /dev/sdc
Installation finished. No error reported.
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.

(fd0)   /dev/fd0
(hd0)   /dev/hda
(hd1)   /dev/sda
(hd2)   /dev/sdb
(hd3)   /dev/sdc
(hd4)   /dev/sdd

but:

topik:/home/eyck# grub-install /dev/sdc
/dev/md1 does not have any corresponding BIOS drive.

( you need to edit your /etc/mtab and replace md1(root) with hmmm.. with anything - for examples sda1 )

1. create partition on new disk with type 8e
2. goliat:/fs/samba# pvcreate /dev/hdd2 pvcreate -- physical volume "/dev/hdd2" successfully created

goliat:/fs/samba# vgextend share_vg /dev/hdd2
vgextend -- INFO: maximum logical volume size is 255.99 Gigabyte
vgextend -- doing automatic backup of volume group "share_vg"
vgextend -- volume group "share_vg" successfully extended

goliat:/fs/samba# lvextend /dev/share_vg/share_lv 
lvextend -- please enter l or L option

goliat:/fs/samba# pvscan 
pvscan -- reading all physical volumes (this may take a while...)
pvscan -- ACTIVE   PV "/dev/hdc3" of VG "share_vg" [70.37 GB / 416 MB free]
pvscan -- ACTIVE   PV "/dev/hdd2" of VG "share_vg" [74.41 GB / 74.41 GB free]
pvscan -- ACTIVE   PV "/dev/hda2" of VG "home_vg"  [992 MB / 0 free]
pvscan -- ACTIVE   PV "/dev/hda3" of VG "share_vg" [69.64 GB / 0 free]
pvscan -- total: 4 [215.41 GB] / in use: 4 [215.41 GB] / in no VG: 0 [0]

goliat:/fs/samba# lvextend -L+74G /dev/share_vg/share_lv 
lvextend -- extending logical volume "/dev/share_vg/share_lv" to 213.60 GB
lvextend -- doing automatic backup of volume group "share_vg"
lvextend -- logical volume "/dev/share_vg/share_lv" successfully extended

goliat:/fs/samba# lvextend -L+1G /dev/share_vg/share_lv 
lvextend -- only 208 free physical extents in volume group "share_vg"

goliat:/fs/samba# lvextend -L+500M /dev/share_vg/share_lv 
lvextend -- extending logical volume "/dev/share_vg/share_lv" to 214.09 GB
lvextend -- doing automatic backup of volume group "share_vg"
lvextend -- logical volume "/dev/share_vg/share_lv" successfully extended

goliat:/fs/samba# lvextend -L+500M /dev/share_vg/share_lv 
lvextend -- only 83 free physical extents in volume group "share_vg"

goliat:/fs/samba# lvextend -L+50M /dev/share_vg/share_lv 
lvextend -- rounding relative size up to physical extent boundary
lvextend -- extending logical volume "/dev/share_vg/share_lv" to 214.14 GB
lvextend -- doing automatic backup of volume group "share_vg"
lvextend -- logical volume "/dev/share_vg/share_lv" successfully extended

goliat:/fs/samba# xfs   
xfs_admin     xfs_check     xfs_estimate  xfs_fsr       xfs_info      xfs_mkfile    xfs_repair    xfsdq         xfsinvutil    xfsrq         
xfs_bmap      xfs_db        xfs_freeze    xfs_growfs    xfs_logprint  xfs_ncheck    xfs_rtcp      xfsdump       xfsrestore    
goliat:/fs/samba# xfs_growfs /dev/share_vg/share_lv 
xfs_growfs: /dev/share_vg/share_lv is not a filesystem mount point, according to /etc/mtab
goliat:/fs/samba# xfs_growfs /fs/s                  
s2     samba  
goliat:/fs/samba# xfs_growfs /fs/samba/Inne/
meta-data=/fs/samba/Inne         isize=256    agcount=35, agsize=1048576 blks
data     =                       bsize=4096   blocks=36595712, imaxpct=25
         =                       sunit=0      swidth=0 blks, unwritten=0
naming   =version 2              bsize=4096  
log      =internal               bsize=4096   blocks=2227
realtime =none                   extsz=65536  blocks=0, rtextents=0
data blocks changed from 36595712 to 56135680
goliat:/fs/samba# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hde1             3.9G  919M  3.0G  23% /
/dev/home_vg/home_lv  987M  699M  289M  71% /home
/dev/share_vg/share_lv
                      214G  139G   75G  65% /fs/samba/Inne
goliat:/fs/samba# 

http://www.debian.org/devel/wnpp

apt-get install reportbug

reportbug wnpp

then enter: RFP then: packagename

sid:/etc/exim4# /usr/share/doc/exim4-base/examples/exim-gencert 
[*] Creating a self signed SSL certificate for Exim!
    This may be sufficient to establish encrypted connections but for
    secure identification you need to buy a real certificate!
    
    Please enter the hostname of your MTA at the Common Name (CN) prompt!
    
Generating a 1024 bit RSA private key
...................................................................++++++
.......++++++
unable to write 'random state'
writing new private key to '/etc/exim4/exim.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Code (2 letters) [US]:PL
State or Province Name (full name) [Some-State]:Lubelskie
Locality Name (eg, city) []:Lublin
Organization Name (eg, company; recommended) []:G
Organizational Unit Name (eg, section) []:unSecurity
Server name (eg. ssl.domain.tld; required!!!) []:grendel.ar.lublin.pl
Email Address []:eyck at grendel.ar.lublin.pl
[*] Done generating self signed certificates for exim!
    Refer to the documentation and example configuration files
    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS
    support in your mail transfer agent.

sid:/etc/exim4#  /usr/lib/ecartis/ecartis  -newlist llug

Creating new list 'llug'...
List admin e-mail: eyck@grendel.ar.lublin.pl
 Writing config file...done.
  Creating default user file...done.
  Sending aliases for sendmail/Exim/Postfix/Zmailer to stdout.

  # Aliases for 'llug' mailing list.
  llug: "|/usr/lib/ecartis/ecartis -s llug"
  llug-request: "|/usr/lib/ecartis/ecartis -r llug"
  llug-repost: "|/usr/lib/ecartis/ecartis -a llug"
  llug-admins: "|/usr/lib/ecartis/ecartis -admins llug"
  llug-moderators: "|/usr/lib/ecartis/ecartis -moderators llug"
  llug-bounce: "|/usr/lib/ecartis/ecartis -bounce llug"

sid:/etc/exim4#  cat >> /etc/aliases
  # Aliases for 'llug' mailing list.
  llug: "|/usr/lib/ecartis/ecartis -s llug"
  llug-request: "|/usr/lib/ecartis/ecartis -r llug"
  llug-repost: "|/usr/lib/ecartis/ecartis -a llug"
  llug-admins: "|/usr/lib/ecartis/ecartis -admins llug"
  llug-moderators: "|/usr/lib/ecartis/ecartis -moderators llug"
  llug-bounce: "|/usr/lib/ecartis/ecartis -bounce llug"

sid:/etc/exim4#  sync

sid:/etc/exim4#  cd /var/lib/ecarts/lists/llug && perl -p -i.b -e 's/\@sid/\@host.name.tld/' config

CREATE UNDO TABLESPACE undotbs02
DATAFILE '/opt/oracle/oradata1/sbrd/undotbs02.dbf' SIZE 3000M REUSE   
AUTOEXTEND ON;

ALTER SYSTEM SET UNDO_TABLESPACE = undotbs02;

DROP TABLESPACE undotbs01;

Under woody:

$ openssl req -new -x509 -days 365 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem

With sid/sarge you also need those in proftpd.conf:

#TLSCACertificateFile /etc/proftpd/ftpd-rsa.pem
TLSRSACertificateFile /etc/proftpd/ftpd-rsa.pem
TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem
TLSLog /var/log/proftpd/tls.log
TLSRequired     on
TLSEngine       on

Suppose you're running some unsafe kernel in remote location, you wouldn't like your machine to freeze waiting for you to power it down in case of panic. So what do you do?

echo "69" > /proc/sys/kernel/panic

this will make it wait 69 seconds and then reboot in case of panic ( unless of course, like with my problem with audio half of panics loop infinitely )

# xfsdump -J - / | xfsrestore -J - /new

ghost:/fs/new# xfsdump  -J - /usr | xfsrestore -J - 2/
xfsdump: using file dump (drive_simple) strategy
xfsdump: version 3.0 - Running single-threaded
xfsdump: level 0 dump of ghost:/usr
xfsdump: dump date: Thu Oct  9 20:06:40 2003
xfsdump: session id: 3ae3f0fd-42f1-4058-a7d8-16f9244e0c7a
xfsdump: session label: ""
xfsdump: ino map phase 1: skipping (no subtrees specified)
xfsdump: ino map phase 2: constructing initial dump list
xfsrestore: using file dump (drive_simple) strategy
xfsrestore: version 3.0 - Running single-threaded
xfsrestore: searching media for dump
xfsdump: ino map phase 3: skipping (no pruning necessary)
xfsdump: ino map phase 4: skipping (size estimated in phase 2)
xfsdump: ino map phase 5: skipping (only one dump stream)
xfsdump: ino map construction complete
xfsdump: estimated dump size: 2717644928 bytes
xfsdump: creating dump session media file 0 (media 0, file 0)
xfsdump: dumping ino map
xfsdump: dumping directories
xfsrestore: examining media file 0
xfsrestore: dump description: 
xfsrestore: hostname: ghost
xfsrestore: mount point: /usr
xfsrestore: volume: /dev/hda2
xfsrestore: session time: Thu Oct  9 20:06:40 2003
xfsrestore: level: 0
xfsrestore: session label: ""
xfsrestore: media label: ""
xfsrestore: file system id: 16f58678-aa1c-4fb3-8ebb-2b4f396e6d51
xfsrestore: session id: 3ae3f0fd-42f1-4058-a7d8-16f9244e0c7a
xfsrestore: media id: 72be49e3-c012-49b8-ae7c-d50c135f6f1c
xfsrestore: searching media for directory dump
xfsrestore: reading directories
xfsdump: dumping non-directory files
xfsrestore: 2834 directories and 47251 entries processed
xfsrestore: directory post-processing
xfsrestore: restoring non-directory files
xfsdump: ending media file
xfsdump: media file size 2636356224 bytes
xfsdump: dump size (non-dir files) : 2621231040 bytes
xfsdump: dump complete: 227 seconds elapsed
xfsdump: Dump Status: SUCCESS
xfsrestore: restore complete: 227 seconds elapsed
xfsrestore: Restore Status: SUCCESS
ghost:/fs/new# 

ghost:/fs/new# mkfs.xfs -f -L Var /dev/hdd5
meta-data=/dev/hdd5              isize=256    agcount=8, agsize=93628 blks
data     =                       bsize=4096   blocks=749022, imaxpct=25
         =                       sunit=0      swidth=0 blks, unwritten=0
naming   =version 2              bsize=4096  
log      =internal log           bsize=4096   blocks=1200
realtime =none                   extsz=65536  blocks=0, rtextents=0
ghost:/fs/new# mkfs.xfs -f -L Home /dev/hdd6
meta-data=/dev/hdd6              isize=256    agcount=8, agsize=156131 blks
data     =                       bsize=4096   blocks=1249045, imaxpct=25
         =                       sunit=0      swidth=0 blks, unwritten=0
naming   =version 2              bsize=4096  
log      =internal log           bsize=4096   blocks=1200
realtime =none                   extsz=65536  blocks=0, rtextents=0
ghost:/fs/new# mkfs.xfs -f -L Dat /dev/hdd7
meta-data=/dev/hdd7              isize=256    agcount=17, agsize=1048576 blks
data     =                       bsize=4096   blocks=17500801, imaxpct=25
         =                       sunit=0      swidth=0 blks, unwritten=0
naming   =version 2              bsize=4096  
log      =internal log           bsize=4096   blocks=2136
realtime =none                   extsz=65536  blocks=0, rtextents=0
ghost:/fs/new# mount /dev/hdd5 5
ghost:/fs/new# mount /dev/hdd6 6
ghost:/fs/new# mount /dev/hdd7 7
ghost:/fs/new# time nice xfsdump  -J - /var | xfsrestore -J - 5/; time nice xfsdump -J - /home | xfsrestore -J - 6/;time nice xfsdump -J - /fs/dat | xfsrestore -J - 7/

/sbin/kbdrate -r 30 -d 250 is supposed to be the fastest setting for i386.

You need this in /dev: tty tty7 (default, probably use something else..) psaux ( mouse ) mem ( SHIT! )

Hi! On Sat Apr 26, 2003 at 03:32:26PM +0200, Florian Weimer wrote: > At work, we recommend rebooting the system. Currently, it's the only > reliable way to replace all memory-resident libraries. 8-( lsof +L1 prints every unlinked open file: # lsof +L1 COMMAND PID USER FD TYPE DEVICE SIZE NLINK NODE NAME exim3 288 mail mem DEL 3,3 0 96454 /usr/lib/libsasl.so.7.1.10.dpkg-new cardmgr 389 root 1u CHR 254,0 0 94906 /var/run/cm-389-1 (deleted) cardmgr 389 root 2u CHR 254,1 0 94907 /var/run/cm-389-3 (deleted) sshd 409 root mem DEL 3,3 0 111693 /usr/lib/i586/libcrypto.so.0.9.6.dpkg-new ssh-agent 511 djmaecki mem DEL 3,3 0 111693 /usr/lib/i586/libcrypto.so.0.9.6.dpkg-new wmbattery 520 djmaecki mem DEL 3,3 0 96718 /usr/lib/libapm.so.1.0.0.dpkg-new Here I should restart exim, sshd, ssh-agent and wmbattery (--> .dpkg-new) so long Thomas -- .''`. Obviously we do not want to leave zombies around. - W. R. Stevens : :' : Thomas Krennwallner `. `'` 1024D/67A1DA7B 9484 D99D 2E1E 4E02 5446 DAD9 FF58 4E59 67A1 DA7B `- http://bigfish.ull.at/~djmaecki/

cd ~/public_html && tar -zc blosxom | ssh another.server.pl 'cd  public_html && tar zxv '

Why like this?

Because blosxom depends on mtime for sorting, and this way we preserve mtime.

Add deb http://eyck.forumakad.pl/debian ./ line to your

/etc/apt/sources.list

and then apt-get install mplayer. If you'd like to see some OSD, then apt-get install mplayer-fonts, and if default gui skin is not enough for you: apt-get install mplayer-skins.