Gentoo – initramfs with busybox, lvm and some more…

Preparations

mkdir -p /usr/src/initramfs/{bin,lib/modules,dev,etc,mnt/root,proc,root,sbin,sys}
cp -a /dev/{null,console,tty,sda*} /usr/src/initramfs/dev/

busybox

USE="static make-symlinks -pam -savedconfig" emerge --root=/usr/src/initramfs/ -av busybox

LVM
LVM provides already a static binary 🙂

cp /sbin/lvm.static /usr/src/initramfs/lvm

ldap initial configuration

A more or less initial configuration for openldap (>2.4)

##
# to import run:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f $filename
#
# to verfiy run:
# ldapsearch -Y EXTERNAL -H ldapi:/// -b "olcDatabase={1}hdb,cn=config"
#
# to create a password:
# slappasswd -h {SSHA} -s admin
##

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=de
-
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=de" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=de" write by * read
-
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=de
-
replace: olcRootPW
olcRootPW: {SSHA}4RHgrU6ghLqA21CNI8biQblHtEodToyd

TLS config

dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: AES128+EECDH:AES128+EDH
-
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/ca.crt
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/cert.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/keyfile.key
-
add: olcTLSVerifyClient
# never - allow - try - demand
olcTLSVerifyClient: demand

Refs
openldap – tls config
openldap – access

Monitoring a fritzbox via upnp – FritzOS 6.20 // FritzBox 7490

curl "http://fritz.box:49000/igdupnp/control/WANCommonIFC1" -H "Content-Type: text/xml; charset="utf-8"" -H "SoapAction:urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetAddonInfos" sion='1.0' encoding='utf-8'?> <s:Envelope s:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'> <s:Body> <u:GetAddonInfos xmlns:u='urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1' /> </s:Body> </s:Envelope>"
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:GetAddonInfosResponse xmlns:u="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1">
<NewByteSendRate>0</NewByteSendRate>
<NewByteReceiveRate>0</NewByteReceiveRate>
<NewPacketSendRate>0</NewPacketSendRate>
<NewPacketReceiveRate>0</NewPacketReceiveRate>
<NewTotalBytesSent>270290911</NewTotalBytesSent>
<NewTotalBytesReceived>1577019202</NewTotalBytesReceived>
<NewAutoDisconnectTime>0</NewAutoDisconnectTime>
<NewIdleDisconnectTime>1</NewIdleDisconnectTime>
<NewDNSServer1>81.xxx.xxx.xxx</NewDNSServer1>
<NewDNSServer2>81.xxx.xxx.xxx</NewDNSServer2>
<NewVoipDNSServer1>81.xxx.xxx.xxx</NewVoipDNSServer1>
<NewVoipDNSServer2>81.xxx.xxx.xxx</NewVoipDNSServer2>
<NewUpnpControlEnabled>0</NewUpnpControlEnabled>
<NewRoutedBridgedModeBoth>0</NewRoutedBridgedModeBoth>
</u:GetAddonInfosResponse>
</s:Body>
</s:Envelope>
curl "http://fritz.box:49000/igdupnp/control/WANIPConn1" -H "Content-Type: text/xml; charset="utf-8"" -H "SoapAction:urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress" -d "<?xml version='1.0' encoding='utf-8'?> <s:Envelope s:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'> <s:Body> <u:GetExternalIPAddress xmlns:u='urn:schemas-upnp-org:service:WANIPConnection:1' /> </s:Body> </s:Envelope>"
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:GetExternalIPAddressResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewExternalIPAddress>xxx.xxx.xxx.xxx</NewExternalIPAddress>
</u:GetExternalIPAddressResponse>
</s:Body>
</s:Envelope>
curl "http://fritz.box:49000/igdupnp/control/WANCommonIFC1" -H "Content-Type: text/xml; charset="utf-8"" -H "SoapAction:urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetCommonLinkProperties" -d "<?xml version='1.0' encoding='utf-8'?> <s:Envelope s:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'> <s:Body> <u:GetCommonLinkProperties xmlns:u='urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1' /> </s:Body> </s:Envelope>"
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:GetCommonLinkPropertiesResponse xmlns:u="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1">
<NewWANAccessType>DSL</NewWANAccessType>
<NewLayer1UpstreamMaxBitRate>11964000</NewLayer1UpstreamMaxBitRate>
<NewLayer1DownstreamMaxBitRate>100014000</NewLayer1DownstreamMaxBitRate>
<NewPhysicalLinkStatus>Up</NewPhysicalLinkStatus>
</u:GetCommonLinkPropertiesResponse>
</s:Body>
</s:Envelope>

apache and tomcat – packetsize per request

During a consulting project i had some trouble with the following environment

Infrastructure

Loadbalancer >> Apache >> Tomcat / JBoss

Each request ended in a 400 Bad Request but the configuration looks good and works fine with other projects.

In the end we made some configuration modifications to the apache and tomcat.

Configuration

Apache

LimitRequestFieldSize 16384
ProxyIOBufferSize 16384

Tomcat

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector address="10.a.b.c" port="8009" protocol="AJP/1.3" redirectPort="8443" packetSize="16384" />

Refs

Tomcat AJP Docu
Apache 2.2 mod_proxy

systemd – abstract

Rescue Mode

cmdline=…systemd.unit=rescue.target

Analyzing the boot process

* systemd-analyze
* systemd-analyze blame
* systemd-analyze plot > /tmp/plot.svg

Start/Stop/Disable services

* systemctl start/stop/restart/mask [service]
* systemctl daemon-reload
* systemctl list-units –type=[timer,service,target,mounts,…]

Journal

* journalctl -u ssh
* _PID=1
* -b

Custom unit

http://www.freedesktop.org/software/systemd/man/systemd.unit.html

Retrieve Windows key from ACPI MSDM table

[root@localhost ~]# hexdump -C /sys/firmware/acpi/tables/MSDM
00000000 4d 53 44 4d 55 00 00 00 03 d3 4c 45 4e 4f 56 4f |MSDMU.....LENOVO|
00000010 54 50 2d 47 32 20 20 20 70 25 00 00 50 54 4c 20 |TP-G2   p%..PTL |
00000020 02 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 |................|
00000030 00 00 00 00 1d 00 00 00 XX XX XX XX XX XX XX XX |........xxxxx-xx|
00000040 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX |xxx-xxxxx-xxxxx-|
00000050 XX XX XX XX XX                                  |xxxxx|
00000055
cat /sys/firmware/acpi/tables/MSDM | dd bs=1 skip=56 2>/dev/null

Ahh yes…and thanks to everyone how post a howto with screenshots with black bars – don’t forget the hexdump 😉

Syncing a fork with git/github

  • Configure a remote
    git remove -v
    # git remote add <name> <url>
    git remote add upstream https://github.com/foo/bar.git
    git remove -v
  • Pull “upstream”
    # git fetch <name>
    git fetch upstream
  • Checkout the master
    git checkout master
  • Merge “upstream” master to local master
    # git merge <name>/<branch>
    git merge upstream/master
  • (optional) Delete old branch
    # git push origin :<branch>
    git push origin :foobar
    git branch -d foobar

Refs https://help.github.com/articles/

OS X Mavericks and MacPorts

A few weeks ago i upgraded to Mavericks (10.9)…so far, so good.

But i had some trouble with my MacPorts installation…

:info:configure CMake Error at Modules/Platform/Darwin.cmake:211 (message):
:info:configure   CMAKE_OSX_DEPLOYMENT_TARGET is '10.9' but CMAKE_OSX_SYSROOT:
:info:configure 
:info:configure    ""
:info:configure 
:info:configure   is not set to a MacOSX SDK with a recognized version.  Either set
:info:configure   CMAKE_OSX_SYSROOT to a valid SDK or set CMAKE_OSX_DEPLOYMENT_TARGET to
:info:configure   empty.

On https://trac.macports.org was this problem already reported but without any solutions that worked for me. So i did my own research and i ended up with a really dirty workaround.

Create a list of all installed ports (incl. variants)

sudo port -qv installed

Uninstall all ports

sudo port -f uninstall installed

Clean any builds

sudo port clean all

Reinstall all necessary ports

port install <port> +variant1

Yeah…it’s not the best… i know!

Choosing the right scheduler on a virtual maschine (kvm)

The default i/o scheduler is the Completely Fair Queuing (cfq) in the 2.6 kernel. This is not the first choice for a virtual machine/hypervisor. The combination of the noop and the deadline scheduler is much better for a virtualization host.

virtual machine: noop
hypervisor: deadline

Set the scheduler temporarily (vm)

$ echo noop > /sys/block/sda/queue/scheduler

Set the scheduler permanently (vm)

/boot/grub/menu.lst:
kernel /vmlinuz-3.8.11 root=/dev/vgsystem/lvroot elevator=noop

(For the hypervisor replace noop with deadline!)

And don’t forget to use virtio & raw devices for guest and noatime & nodiratime in fstab wherever it’s possible.

Hint: VMware also recommends the noop scheduler for the guests.