Sunday, November 30, 2008

Kickstart and LVM

There are no examples of reusing an LVM partition after a kickstart. So here we go. Two scenarios: In the first we keep a partition, but blow away the LVM. In the second, we retain one or more of the LVs.

Scenario 1:
# fdisk -l /dev/sda
--- output truncated ---
  Device       Start       End       Blocks   Id   System
/dev/sda1         1        13      104391   83   Linux
/dev/sda2       14      1033   8193150   8e   Linux LVM
/dev/sda3    1034     1670    5116702   83   Linux
We want to keep /dev/sda3, so we can't do a clearpart --all.
The kickstart code:
clearpart --none
part /boot --onpart /dev/sda1 --fstype ext3
part pv.16 --onpart /dev/sda2
volgroup vg0 pv.16 --pesize=32768
logvol swap --fstype swap --name=swap --vgname=vg0
  --size=4096
logvol / --fstype ext3 --name=root --vgname=vg0
  --size=5000
logvol /var --fstype ext3 --name=var --vgname=vg0
  --size=512
logvol /tmp --fstype ext3 --name=tmp --vgname=vg0
  --size=512
Take note of the --onpart statements. Since all the listed items include --fstype, they are all formatted. Since /dev/sda3 was not formatted, we need to have /etc/fstab mount it at boot time. In the post add:
echo "/dev/sda3   /home   ext3   defaults   0 0" >> /etc/fstab

Thursday, November 20, 2008

Falesco Sangiovese

This is a central Italian wine, from the Umbria region. It was nice, for cheap wine. Heavy and dark. It probably would have gone well with chocolate ice cream.

I probably won't get it again, but I had a coupon! 4 of 10.

Domaine Roger Luquet Macon-Villages


After a ridiculously long absence due to Blogger technical issues, I've got some new wine posts.

I got this French white on a recommendation from one of the wine store guys. While not bad, it really wasn't that good, which is aggravating, because it was slightly more expensive than I normally spend for a casual bottle of wine. I found it to be acidic, reminiscent of Chilean wines.

I'm only giving this a 4 of 10. It could be a low five, if it was half the price.

Another Attempt At "mail-to-blogger"

Much to my astonishment... This worked rather quickly:
This feature has been uniformly unreliable in the past, but since their picture post mechanism is offline, I thought I'd try this again, as a alternative.  Normally it takes "a day or two" for the posts to show up.  Pretty pathetic, huh.  Lets time it:

Post sent 11/20/2008 09:54am Eastern

PS: I sent this from my gmail account.  This will be our control value, as it too is under the Google umbrella.

It showed as a draft, even though it is set to publish immediately. Next, an "external address".

To make life easier, I've combine the results in one post.
This one from a Yahoo account.
Post sent 11/20/2008 10:06am Eastern

Both Google and Yahoo took about two minutes.
From My Mobile E-mail
Post sent 11/20/2008 10:12 AM Eastern
About four minutes on this one.

Since the mobile post made it (to drafts, any way), I attached a picture, and tried again. The image took about twelve minutes to process. It was the first time I have been able to post an image in about six months.

Wednesday, November 19, 2008

KVM "TCP/IP error: VNC"

I got an error when attempting to use virt-manager to connect to the console of a virtual machine. TCP/IP error: VNC connection to hypervisor host got refused or disconnected! This seem to be from spawning a new console too fast after closing a console to the same machine. Here's a work-around:
[root@adama qemu]# virsh vncdisplay valk-b
:3
[root@adama qemu]# vncviewer 127.0.0.1:3
This assumes you have X Window support.

Monday, November 17, 2008

GigE Benchmark, Pt. 3

More performance tuning, this time using FTP instead of NFS.
Adama from Scully:
a. 100M, 962,465,792 11.2M/s in 82s
b. GigE, 962,465,792 13.4M/s in 68s
Mulder from Scully:
c. GigE, 962,465,792 14.4M/s in 64s
Adama from Mulder:
d. GigE, 962,465,792 21.0M/s in 43s
Look at the performance difference between "a" and "d" simply by downloading from a 1G rather than a 300M CPU. But... I have one more trick up my sleeve.

Mulder had an overclocked Celeron running at 1G, but with a front side bus at 66mhz. I swapped the CPU with a PIII 600, with a front side bus speed of 133mhz. I don't think this will help us on the PCI, but let's give it a try:
Adama from Mulder w/PIII:
e. GigE, 962,465,792 21.7M/s in 43s
Any performance gain was insignificant. One last test:
Mulder w/PIII from Adama:
f. GigE, 962,465,792 19.0M/s in 52s

GigE Benchmark, Pt. 2

I added a third node to the GigE backbone. Benchmarks for Adama and Mulder copying from Scully via NFS. Test file is an ISO of slightly under 1G size. The goal of the test it to determine the effect of processor speed on GigE throughput.

[root@mulder ~]# echo -n "`date +%T.%N` - "; \
  cp /mnt/isos/RHEL4-dvd-docs.iso .; date +%T.%N

09:40:46.403907606 - 09:42:23.930183317
-------------------------------------
[root@adama ~]# echo -n "`date +%T.%N` - "; \
  cp /mnt/isos/RHEL4-dvd-docs.iso .; date +%T.%N

14:08:53.343940918 - 14:10:12.375121976
(Obviously, somebodies clock is out of sync.)

Given that Scully is our "control value", we get:
  mulder = 1:37.53
  adama  = 1:19.03
Mulder has a 1G CPU and Adama has a 2G CPU. A minor difference that could have been caused by several factors. Now the big test. Scully is a PII 300Mhz. Lets see the transfer rate between Adama and Mulder.
  from mulder to adama = 1:22.48
  from adama to mulder = 1:03.18
Bottom Line
A system's CPU has a effect its transfer rate. Paradoxically, the best speeds come from having the faster system on the server side, rather than the client side. Of course the problem with this is that, in this case, the high speed system is needed for the application.

KVM virt-clone

One of the things I love about Vmware is the ability to deploy a VM from a template. Linux has never had the same capacity, but there is a clone feature. Just as with Vmware, the original VM must be powered off. This is because we can't copy and image file if the VM is making live changs to the image.

Unlike Vmware, we have the advantage of being able to use Logical Volumes in Linux, rather than image files. An LVM image provides better performance that a flat file because we are "closer to the bare metal" of the drive, rather than inside a file system. We can resize an LMV image using native Linux commands, rather than using a third party tool. Unfortunately, this mean cloning requires one extra step: we have to preallocate the LogVol. That should take about 10 seconds.
[root@adama ~]# lvcreate -L 5G img -n vm06f8
  Logical volume "vm06f8" created
[root@adama ~]# virt-clone -o vcl02 -n vcl03 \
  -f /dev/img/vm06f8 --force

Cloning from /dev/img/vm05f8 to /dev/img/vm06f8
Cloning domain... |         5.0 GB     02:55
In this example, we created the image LogVol, /dev/img/vm6f8, and replicated Dom vcl02 as vcl03. Since we were using a preallocated volume, we needed the --force. (No, it is not smart enough to make the the LogVol. Yes, I tried.)

Our big problem now is that both VMs have the same hostname and IP address. Since vcl02 is down, we can bring vcl03 up, and make the changes with out an conflicts. If... You had used LVM inside vcl02, and you used a different VG name than on Dom0, then you could use kpartx to mount the root filesystem, and change the config files directly.

Saturday, November 15, 2008

Vista & D-Link -VS- Samba

I'm going to blame this on Vista, but I think it may be D-Link's fault. For the last few weeks, the three Vista laptops have not been able to access the FC4 Samba server. The four XP machines can. When attempting to access \\Scully\Samba i got the message: the network or server is unreachable. (NOTE: If I connect the laptop via LAN cable, everything works.)

I stumbled across a similar post regarding Ubuntu and Belkin where the solution was to use the IP address of the server rather than the name, in other words: \\192.168.69.13\Samba This works.

That means the problem is either DNS or or Windows Name Resolution. From CMD, I can ping scully, so it has to be on the Windows side (PNRP or LMhosts?) When I map to \\192.168.69.13\Samba, the drive is available. Just for fun, I added the IP address to the hosts file, and now the name works.

Since this is Vista, however, we cannot simply add the IP to the hosts file:
1. Click the Vista icon (or press [Ctrl][Esc])
2. In the Start Search box, type CMD.
3. An icon will appear under Programs.
4. Right click on the icon, and select Run as administrator.
5. Confirm all warnings.
6. At the command prompt, type:
    notepad C:\Windows\System32\Drivers\etc\hosts
7. Add the IP address and Windows machine name.
Now, we can map network drives by host name.

Thursday, November 13, 2008

IPtables Port Foprwarding

I'm battling a firewall issue. Machine "A" can not see machine "B", so I want to bounce through machine "C". Unfortunately, it has to be a selective redirect, as "A" needs services from "C", as well. Three steps, executed on machine "C":
[root@c]# echo 1 /proc/sys/net/ipv4/ip_forward
[root@c]# iptables -A PREROUTING -t nat -i eth0 -p tcp
    --dport 3389 -j DNAT --to 10.11.12.13:9833

[root@c]$ iptables -A FORWARD -p tcp -m state --state NEW
    --dport 3389 -j ACCEPT
First step enables forwarding. Second step takes all packets for port 3389 (machine "C" doesn't run MS terminal services), sends them to 10.11.12.13, and twists them to 9833. Thirds step fires them back out.

Wednesday, November 12, 2008

Reverse Hex Dump

Here's a nasty hack. I needed to automate a VNC user password in a kickstart file. The password, generated by vncpasswd was not easily transportable. Consider this example:
[doug@vinci .vnc]$ vncpasswd
Password: password
Verify: password
[doug@vinci .vnc]$ cat passwd
ÛØ<ýrzX
That's a mess. How are we going to get that into an ASCII file?
[doug@vinci .vnc]$ hexdump passwd
0000000 d8db fd3c 7a72 5814
0000008
Okay: that's hex. But how do we get it back to ASCII?
[doug@vinci .vnc]$ for HEX in d8 db fd 3c 7a 72 58 14; do echo -en "\x$HEX" | awk '{printf "%c", $1}'; done
ØÛý<zrX
With a few stategically placed spaces, it's back into hex.

Ah... It's not quite right. Look at the characters. They're out of order
[doug@vinci hexdump -C passwd
00000000   db d8 3c fd 72 7a 14 58     |..<.rz.X|
00000008
[doug@vinci .vnc]$ for HEX in db d8 3c fd 72 7a 14 58; do echo -en "\x$HEX" | awk '{printf "%c", $1}'; done
ÛØ<ýrzX
Much better. Dare I say perfect. And we don't even need to add the spaces.

Obituary for E-mail Spam

I can not believe this isn't the lead story for every major news venue. Am I the only one that noticed? I actually had to check my e-mail server this morning to ensure it was online. Why? Because there was no spam in my Inbox. I could see spam being denied from Europe, Russia, and Asia-- but no American spam.

Where had it gone?

After checking all my normal news outlets and finding no reason for this great event, I checked in on Brian Krebs' Security Fix at the Washington Post. He is normally a part of every Monday, and slow Thursdays, but not only did he have the answer... but he was the answer.

Turns out, Monday, Brian Krebs solved the American spam problem. He found that all the spam in a the US was coming from one system and he had it disconnected. (It was actually about 75%.) Since then, no spam to my server. Unfortunately, this is only a temporary reprieve as they will be back online by week's end. And then... It will be Blue Frog all over again.

Happy No Spam Day!

error: stdio.h: No such file or directory

I had problems compiling a program under Fedora 9 which resulted in the message:
error: stdio.h: No such file or directory
I didn't find a resource that explained the dependencies for this package, so... I guess its up to me to make one. Obviously, we need gcc, but also:
    glibc-devel
    glibc-headers

CAUTION: For some reason, YUM would not install glibc-headers properly. I had to manually install it.

Friday, November 07, 2008

F10-beta Kickstart Memory Reservation

Got another glitch for you. If you'll recall, one of my saddest moments in my work with F10-beta KVM was when I realized that we had lost the ability to dynamically control guest memory. It bit me again.

When attempting a kickstart, I was allocating 256 Meg of memory. The process would reach package number 10 (I think it was gcc... but who needs that) and freeze. Eventually, I found that by allocating 512, it continued the install. This man have nothing to do with KVM at all, but my have been an issue on a physical machine of less than half a gig of RAM.

There may be a sweet spot between 256 and 512, but I did not investigate any further.

Bottom line: Install at 256, then move down from there.

Thursday, November 06, 2008

F10-beta Error Kickstarting VM

Here's a tremendously perplexing bug. When attempting to kickstart a VM install from the command line, the kickstart dies with any error that it can not read from /dev/sdb.

First oddity is a warning that "The partition table on device sdb was unreadable" and needed to be initialized. This message has always been a anomoly solved by simply responding "Yes". Unfortunately, this time it is for a non-existent /dev/sdb.

After a too long delay, the second warning states "Input/output error during write on /dev/sdb" with the options of Retry / Ignore / Cancel. When I ignore, Anaconda throws exception 11.3.0.50 for KeyError: 'sdb'.

For some reason, virt-install was reserving 3876 MB of disk space for an sdb partition, but not creating the sdb1.

A dozen attempts at a kickstart %pre work around later, broke for dinner, and watched a free HD OnDemand Bond movie (Dalton). When I walk back to the system, the kicktart had worked. It turns out, this time, the kickstart worked. This one, however, was executed via the gui wizard. I examined the log files, and found the difference.

Doesn't work:
virt-install -n vinci -r 256 -f /dev/img/vm02f8
-l /vinf/ISO/Fedora-8-x86_64-DVD.iso -b virbr1
-x "ks=ftp://192.168.169.13/ks/vinci.cfg"

Works:
virt-install -n vinci -r 256 -f /dev/img/vm02f8
-l ftp://192.168.169.13/f8-64 -b virbr1
-x "ks=ftp://192.168.169.13/ks/vinci.cfg"

Can you see the difference? Look at -l. The first (bad) is attempting a local install from an ISO. The second (good) is using an extracted image via FTP.

Now the sad part: I can't report it as a bug, since I can't solve the problem. I do however have a work around, which moves me forward. It doesn't help the developer's with their code problems, but then I'm not a programmer.

Wednesday, November 05, 2008

F10-beta Network Bridge

With a little direction from a fellow Fedora'r, I've finally got the last piece of the F10-beta virtualization suite working.

By default, KVM (I hate that name... a KVM is a type of switch) creates a bridge process between the physical NICs and the virtual machines. The bridge process handles DHCP on an internal subnet and NATs the VMs to the physical world. In other words, virbr0 emulated a Linksys or D-Link home router. This works fine for outbound communications, but does not lend itself to connecting to virtual servers.

What is needed is the ability to route from an external address to a VM. This means slaving an ethernet to a bridge, assigning them to the same network, and establishing a route between the physical card and the bridge. To accomplish this, I created the following script:
[root@adama network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@adama network-scripts]# cat ifcfg-virbr1
#!/bin/sh

IF="eth1"
NET="192.168.69"
HOST="11"
BR="virbr1"

brctl addbr $BR
ifconfig $IF 0.0.0.0
brctl addif $BR $IF
ifconfig $BR $NET.$HOST netmask 255.255.255.0 up
route add -net $NET.0 netmask 255.255.255.0 $BR
route add default gw $NET.1 $BR

exit 0
First the script location. By placing it in network-scripts, it is sourced at boot and service network restart. The name is not relevant except for the minor detail that the ifcfg's are executed alphabetically, so the filename has to start with letter FOX or higher.

Second, the script uses variables for portability. Notice that $NET.$HOST form an IP address. This will end up being the primary interface on the system, as the last command will switch the server's default route to the bridged interface.

Fianlly, I would suspect there is a way to embed this into the virtlibd subsystem. At this time that is not a priority and I think this may provide more flexibility. I say that because adding this script to a kickstart is simply the addition of a cat >> x << EOFcommand in post.

Tuesday, November 04, 2008

Palm Centro: Documents To Go Registration

My Palm Tungsten had a nice feature called Documents To Go that allowed Excel spreadsheets (and Word, et al) to be modified and synchronized with a Windows desktop. When I found that Sprints version of the Palm Centro came bundled with the product, I was very please. Everything worked flawlessly, until about a month ago.

The Centro displayed a notification that there was a new version of Documents To Go, and I should click "OK" to be automatically upgraded over the air. Being a good user, I clicked "OK". The upgrade bumped me up to V10, then prompted for the Registration Number or Activation Key. Of course, I had neither, so by handheld dropped to the eval mode. So sad.

Contacted vendor DataViz. Waste of time. Contacted Sprint. One very smart lady suggested I redownload the software from the Sprint website and reinstall. Good idea! Unfortunately, it wanted a Registration Number or Activation Key, also. Called Sprint again. Waste of time. They didn't have the keys.

At first I though I'd delete the application and install the Tungsten version.
1. Press the Home key.
2. Press the Menu key, and select Delete...
3. Scroll to "Documents" and click Delete.

I decided to factory default the box and start over. And a funny thing happened-- It didn't work, yet it fixed the problem. Here's what I did:
*** WARNING *** HotSync First ***
1. Remove back of handheld.
2. Pull data card.
3. Press and hold the red power button on the front of the phone.
4. When the screen goes black, continue to hold the power button, and remove the battery.
5. Say the "Mary Had a Little Lamb" ryhme.
6. Insert the battery.

When the handheld booted, I expected it to have lost all my info, but it was still there. Further, when I went to Documents To Go, it was back in the registered mode. It seems the reset as listed above replaced the factory default binaries, but left my data. Yeah!

The moral of the story: Document your registration number:
1. Press the Home key.
2. Goto Main, select Documents.
3. Press the Menu key, and select Options.
4. Scroll to Registration Info...

Monday, November 03, 2008

D-Link DIR-628 Wireless Router

It's taken a while, but I think I've got the new router fully operational. I had a Linksys WRT54G, but its WAN link died. (Second one, each lasted about a year, the "B" version might have lasted two years.) I was reluctant to get another Linksys, so I went to Best Buy to get a NetGear. Turns out the D-Link was about $30 less.

Discounting a configuration error on my part that cost me almost two hours, most of the set-up went well. I did get frustrated by the fact that the firmware upgrade did not seem as obvious as it should have been. In this case, it is imperative the firmware is patched. Try this:
1. From the top menu (horizontal) select Tools.
2. From the left menu (verticle), select Firmware.
3. Click Check Now, and follow the onscreen instruction.
Simple, huh. Can't explain it, but it took me a while to find that.

The one other D-Link issue that perplexed me, requires a picture:Without going into the details as to why my network is segmented, the problem was that only the stations on the D-Link local loop could see each other. Kitten and Hyperbole are wireless, and Doggett is plugged directly into the hub. Therefore, their OS's could recognize each other.

The other three systems are behind two ethernet switches. Neither the XP system or the two wireless Vista stations could see the others. As two are XP and Scully FC6, I couldn't blame this on Vista.

I knew it had to be a firewall issue, and after thinking about it, I realized that all stations could ping each other. The problem was simply a Windows thing-- that meant NetBIOS. If NetBIOS broadcasts were not being relayed, the IP's would talk, but Windows could not do WINS name resolution.

Sure enough: clicking Setup and Network Settings lead to a NetBIOS Announcement checkbox. After the reboot needed by many of D-Link's features, all the systems could see each other. All is right with the physical world. Now, back to the virtual...

Add a Shared Printer to Vista

Argh! Since I replaced the Wireless router, I have to redo all the printer configurations. I love the way Vista has created a new verity of printer that never existed before. We use to have local printers and remote printers. Now Vista subdivides remote printers as network and shared.

Ok... fine. A local printer is plugged into you computer. A network printer is a standalone device that you communicate with by IP address. A shared printer is connected to the back of someone else's computer, and we talk to it remotely across the network. And here's the brilliant part: the shared printer is considered local, because it is local to somebody. WTF?

I hacked these instructions from WugNet:

1.) Verify that File and print sharing is turned on and properly configured on the XP machine.
2.) Locate and notate the Win XP computer name (i.e. "Desktop") (Found in System Properties in the Computer Name tab)
3.) Locate and notate the printer share name on the XP computer (i.e. "Printer") (Found under the Sharing tab on the Printer Properties page)
4.) On the Vista machine launch the "Add a Printer" wizard
5.) Choose "Add a local printer"
6.) Select "Create a new port" radio button and choose "Local Port" from the drop down menu
7.) Press Next
8.) In the "Enter Port Name:" box enter the following: \\Desktop\Printer
where "Desktop" = the computer name from step 2 and "Printer" = the printer share name from step 3.
9.) Select the Printer driver from the list provided or use the "Have Disk" button to install the correct Vista driver if it is not in the built-in list. It is critical that the driver you use is Vista compatible.
10.) Press next
11.) Give the printer a distinct name and choose whether to set as the default.
12.) Press Next
13.) Print a test page to verify functionality.
14.) Press Finish
15.) Enjoy network printing !!

Sunday, November 02, 2008

Vista Blocks Wireless Connections

Thank you Vista from saving me from myself. It astounds me at the things that goes through the 'softies heads. Upon replacing my wireless router, the Vista laptops refuse to connect because the wireless access point's security setting (or something) had changed. Of course there is no way to override and no way to delete the previous information.

I found a link at Intel that suggested that if it doesn't work, try it again. It didn't say how many times. Not too helpful. Even more interesting is the fact that the only reference on Microsoft's site is people posting to a forum. No helpful responses. Because... Its not broke-- It is you that are broke. Simply change the wireless network, and it will work. How dare you ask Vista to comply with your wishes... Bitch.

So what's the hack this time?

1. In the Connect to Network window you will see:
The settings on this computer for the network do
not match the requirements of the network

2. Right click over the red "X" and right click on properties.
3. Verify the setting on the Connection tab.
4. Reconfigure the settings on the Security tab.
5. Click OK, and the red "X" should clear, and the message should change to Security-enabled network.
6. If the security setting are correct, the message should indicate Acquiring IP Address, then Connected.

It may take several attempts to get the correct combination of security settings.

Dynex DX-NRUTER Wireless Router

My Linksys has been down for a week. It had been dying a slow an miserable death for about a month. Unfortunately, this was my third Linksys, and I was reluctant to buy another. I ran down to Best Buy and got a Dynex DX-NRUTER for $59, on sale.

Man... It sucked big time. I could not connect from thirty feet out and the hub ports connected to 10M. Other than that it was $30 less than the next competitor, I can't say anything good about this thing. I took it back the next morning.

I'm now connected to a D-Link, and it seems to be running... okay... for now. one minor problem I need to research. Stay tuned.