What I Know About Linux That You May Not Know

Since I am working on RHEV support group, I am really elated to shared this news.

If you are an enthusiast to explore various virtualization offerings, a fully supported RHEV3 60 day evaluation is available for you to test.

You can sign up at http://www.redhat.com/promo/rhev3/

Evaluation Guide at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/3.0/html-single/Evaluation_Guide/index.html

More details at https://access.redhat.com/kb/docs/DOC-69002

Couple of days back, I had to sync some photos from my laptop to Picasa web albums. This was the first time I used Picasa app after installing Fedora 12 in my laptop.

I clicked on the "Sign In to Web Albums" and entered my gmail username and password and got log in failure message. The log in window returned immediately showing "Login failed - Please try again later". The error was thrown in less than a second which was ample reason for me to believe that that this is a problem at my end, not at gmail end.



Searched the web and got the solution suggesting to install "openssl-devel" package on my laptop.

# yum install openssl-devel

Tried to sign in to the web album again, but unfortunately still getting the same error message.

Banged on my head for a couple of minutes and finally realized that Fedora 13 running on my laptop was x86_64 and picasa is a 32 bit application and I must install openssl-devel.i686.

# yum install openssl-devel.i686

I was really happy after that. Everything worked as expected and my engagement photos are now live on picasa.

Shell scripting gives great advantage to system Administrators and I often use bash in my daily work. Though my work now involves less scripting but for a specific task, i wanted to write a script on my own. The script will take a Project Name as argument, which will would automatically take to that particular Project directory on an NFS share.

For example: Assume that I am working on a Project named MCP1516, then I want my script to take me to that directory. Now you may ask what's the need for a script, just cd command would suffice. But i wanted to do some other things also,

$cd /mnt/projects/*/mcp1516

1. If the nfs share is not mounted , then mount the NFS share under /mnt/projects
2. If the project directory doesn't exist, create the Project directory.
3. Reuse this script with other tasks (probably as a function).

Now the script looked like this:


#!/bin/bash
/bin/mount | grep nfs | grep nfs-server 1> /dev/null
result=`echo $?`

if [ $result -eq 0 ]
then
cd /mnt/projects/*/1ドル
else
sudo /bin/mount -t nfs nfs-server:/share/projects /mnt/projects
cd /mnt/projects/*/1ドル
fi

Seems pretty simple script, Now i call the above script as "takemeto"

$takemeto mcp1516

Assuming that the directory already exists , the above script when run should change my "pwd" to /mnt/projects/mcp1516, but (un)fortunately it doesn't.

Now the problem is not in the script but the way bash works and the command "cd" .

First of all, when the script is called, the script is run in a new shell , so the command cd is being run in the "Newly created shell", the parent shell, i.e the shell which called the script has no idea about the commands run in the new shell, next cd is not an external command but it's a bash in-built command . So to execute the bash built commands in the current shell or also called Parent shell, use "source" command.

So if you call the same script using source command , it would change the directory in the current shell

$source takemeto mcp1516

So happy scripting :)

Niranjan

Found a nice write up here. Just thought it's worth sharing as most people are unaware of this. There is one more nasty reason for df and du to show different output which is not discussed there. May not be worth discussing there.

Me had a case where an administrator installed a system with just 5GB allocated to /. Later he figured out the log files in /var is quickly growing up and / will fill up very soon. So far /var has logs of size 2GB. He just created another 10GB partition, copied the current contents of /var to it, then mounted the new partition on /var without deleting the current contents in /var.

This administrator did never document this event and quit the company. A new guy stepped in. Later, when he scanned the / filesystem (may be when the / was 100% next time) he found df and du output of / is different. (showing 2GB difference). You can imagine what is the cause?

The worst question is how a Technical Support Engineer figure this out? Wild guesses? But I had to.

I was about to submit claims for my expenses. I had to scan the receipts and email them to blah blah blah. The scanner gave me multiple pdfs and I preferred to send only one pdf. I had to merge the pdfs and did that by using the below command in my Fedora 10 box.

# gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=merged.pdf -dBATCH first.pdf second.pdf

I got this solution through a search in the web.

Today when I logged into one of my test system and did "ls -l /root", I found a "+" in the output against each file and directory immediately after the permission bits are displayed. One example is given below.

-rw-r-xr--+ 1 root root 151 Jul 31 20:38 test.sh

I had no idea what this "+" indicates about the file or directory. I just searched google to find out without any luck. Every docuemnt that I referred speaks about all other fields displayed in the output, but kept silent about "+". "man ls" has nothing to say about it. But I was not ready to give up, I found out myself what that field indicates. You may already know what is meant by this +, but this blog is intended to explain how did I find it out myself which may be useful for you also if you face a similar situation in future. Below is the method that I followed.

I created a file in /tmp named file.txt. When I did "ls -l" on that file, I didn't see the "+" in the output. Now I have a file which has a + in the "ls -l" output and one which doesn't have.

Now I did strace on "ls -l" while listing both the files. Strace was executed as below.

# strace -fvvv -s 1024 -o output-file ls -l file-name

Analyzed both straces and compared them. This comparison helped me to see what is different between these two files.

For the file which has + in its output, I found the below system call in strace.

29608 getxattr("/root/test.sh", "system.posix_acl_access", 0x0, 0) = 44

For the file which doesn't have + in the output, I found the same system call as below.

29616 getxattr("/tmp/file.txt", "system.posix_acl_access", 0x0, 0) = -1 ENODATA (No data available)
29616 getxattr("/tmp/file.txt", "system.posix_acl_default", 0x0, 0) = -1 ENODATA (No data available)

The difference in the output of getxattr() told me that the file which has a "+" in the output has a filesystem acl on it where as the file which doesn't have a "+" in the output has no acls set on it (This is indicated by the "-1 ENODATA (No data available").

I verified this by running "getfacl " on both files. Then I did "man acl" and started reading that and found the below details.

"For files that have a default ACL or an access ACL that contains more than the three required ACL entries, the ls(1) utility in the long form produced by ls -l displays a plus sign (+) after the permission string."

Is "man acl" the right place to have this info?

I am running Fedora 10 on my Laptop. My sister brought a vcd and requested me to play that. I inserted the vcd, mounted on /mnt and started to play it. To my surprise, it didn't work.

$ cd /mnt/

$ ls
cdi ext mpegav segment vcd

$ cd mpegav/

$ ls
avseq01.dat

$ mplayer avseq01.dat

Playing avseq01.dat.
Seek failed

Exiting... (End of file)

Then I tried to copy the avseq01.dat to a local folder.

$ cp avseq01.dat ~/
cp: reading `avseq01.dat': Input/output error

Tried to copy using dd, but no luck.

$ dd if=avseq01.dat of=~/vcd.dat
dd: reading `avseq01.dat': Input/output error
0+0 records in
0+0 records out
0 bytes (0 B) copied, 0.00805312 s, 0.0 kB/s

Problem is neither with cdrom nor with the drive, but with the format of the data which need to be converted to another format which is free from the proprietry stuffs. So my friend Ritesh came to my help. Below is how I did it.

- Installed "vcdimager" package. That version that I installed was vcdimager-0.6.2-1.i386. It's available via yum.

- Create a folder named ~/vcd and cd into it.

- Run vcdrip (vcdxrip in the latest version of vcdimager package) to copy the video file to mpg format.

$ vcdrip --rip --cdrom-device=/dev/cdrom

- The above command will copy the avseq01.dat from cd to avseq01.mpg in the current working directory. This process will take sometime and will take more time if there are a lot of scratches on the cd. Once it exits, run "mplayer avseq01.mpg" in the current directory to play it.

Below are the steps that I followed to clone an RHEL5 guest running under vmware ESX-3.5 to Xen environment over the network. The method that I followed can be used to clone any virtual machine (except windows?) running under any virtualization product to any other virtualization product (Correct?). I agree that there are specific tools provided by vendors for p2v and v2v conversions, but they are limited to their virtualization product. Eg, Vmware tools may not be used to convert a virtual machine running under vmware to run on Xen/KVM and vice-versa.

Pre-requisites.

- Linux based LiveCD. (Which should have coreutils and nc - netcat - packages installed).

Below are the steps that I followed:

- Downloaded the LiveCD for Fedora 10 from here (You can use whatever Linux LiveCD you want.)

- Booted the rhel5 virtual machine already available in Vmware ESX from this ISO by attaching this ISO to the guest and selecting cdrom as the first boot device. (Consult the concerned documentation for more details)

- Created a new blank guest in Xen and assigned it a hard disk with the same size of vmware disk. I just created a fully virtualized guest using virt-manager and when it started the anaconda installation, aborted the installation and shutdown the guest. Now I have a guest with a blank image.

- Then started the blank guest under Xen from the Fedora LiveCD. (If not sure how to do it, please consult xen documentation).

Now we have both Vmware guest (will be called GuestA from now onwards) and a guest with blank image in Xen (will be called GuestB from now onwards) booted of the Fedora 10 Live CD.

- On both guests flush the iptables firewall.

# iptables -F

- Networking should be enabled automatically by the LiveCD. Make sure that networking is working as expected on both guests and they can ping each other.

- Run fdisk -l on both guests and identify how the hard disk has been detected. I had them detected as "/dev/sda" on both GuestA and GuestB.

- On GuestB, run the below command:

# nc -l 7000 | dd of=/dev/sda bs=16M

- On GuestA, run the below command.

# dd if=/dev/sda bs=16M | nc ip-of-GuestB 7000

Replace ip-of-GuestB with the actual ip of GuestB and replace /dev/sda with the actual block device in both commands. 7000 is the port number, you can use other unused ports as well.

The process of copying the hard disk image will take sometime depending upon the network bandwidth and the IO bandwidth availability of storage. Please be patient and restart GuestB once the process is over from the hard disk.

- Went to bed and had a good sleep. When I was up in the morning, I had the guest cloned successfully and started off the new guest.

Below are the steps which explain how to set this up in a simple environment.

This setup involves three systems.

1. Windows 2003 as KDC
2. NFS server
3. NFS client

Windows server is Windows 2003 R2 SP2. NFS server and NFS client are running RHEL-5.3

Pre-requisites

- Working DNS server
- Working NTP server so that time in all the machines are in sync.

These are requirements for Kerberos to work.

In Windows server create a user "nfsuser" with some password.

How to setup NFS server?

1.1- Run "authconfig-tui". In the "Authentication" section, select "Use Kerberos" -> Next -> Type in the realm name, IP of Windows AD for KDC and admin server.

1.2- Add a user named "nfsuser" with uid 2000 without setting up any password for that user.

# useradd -u 2000 nfsuser

1.3- Create 2 groups named "group1 and group2" with gid 3001-3002 on the system.

1.4- Add "nfsuser" as member of both the groups.

# usermod -G group1,group2 nfsuser

1.5- Create a directory to share using nfs.

# mkdir /nfs

Create 2 directories and each writable by one group.

# mkdir /nfs/group1
# chgrp group1 /nfs/group1
# chmod g+w /nfs/group1

# mkdir /nfs/group2
# chgrp group2 /nfs/group2
# chmod g+w /nfs/group2

1.6 - Edit /etc/sysconfig/nfs and un-comment the below line.

SECURE_NFS="yes"

1.7 - Edit /etc/exports and share /nfs as below.

/nfs gss/krb5p(rw,sync,fsid=0)

1.8- Now create the keytab on windows server in command prompt using the below coammnd.

ktpass -princ nfs/nfsserver.example.com@EXAMPLE.COM -mapuser nfsuser -pass **** -out nfsrv.keytab /crytp rc4-hmac-nt /ptype KRB5_NT_PRINCIPAL

* Please note that I have used "rc4-hmac-nt" crypto.

RC4-HMAC-NT is the default and employs 128-bit encryption.

You can find more details about ktpass and types of crypto here

1.9- Copy nfsrv.keytab on NFS server as /etc/krb5.keytab
1.10- Verify with klist -ke

# klist -ke /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 nfs/nfsserver.example.com@EXAMPLE.COM (ArcFour with HMAC/md5)

1.11- Start nfs server service and rpcidmapd.

# service nfs start
# service rpcidmapd restart

How to configure NFS client?

2.1 - Repeat step 1.1
2.2 - Repeat step 1.2
2.3 - Repeat step 1.3
2.4 - Repeat step 1.4

2.5- Edit /etc/sysconfig/nfs and un-comment the below line.

SECURE_NFS="yes"

2.6- Create the keytab on windows server

ktpass -princ nfs/nfsclient.example.com@EXAMPLE.COM -mapuser nfsuser -pass **** -out nfscli.keytab /crytp rc4-hmac-nt /ptype KRB5_NT_PRINCIPAL

2.7- Copy nfscli.keytab on NFS client as /etc/krb5.keytab

2.8- Verify with klist -ke

# klist -ke /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 nfs/nfsclient.example.com@EXAMPLE.COM (ArcFour with HMAC/md5)


2.9- Start "rpcgssd" and "rpcidmapd".

# service rpcgssd start
# service rpcidmapd restart

2.10 - Mount the share as below.

# mount -t nfs4 nfsserver.example.com:/ -o sec=krb5p

# mount | grep nfs4
nfsserver.example.com:/ on /mnt type nfs4 (rw,sec=krb5p,addr=10.65.209.189)

# ls /mnt
group1 group2

I have a windows Xp virtual machine running in my laptop on top of Fedora 10 KVM. One day I accidentally deleted the sound card from virt-manager -> Hardware tab for that guest. I then understood my mistake and tried to add it via "Add Hardware" wizard. To my dismay, there was no option to add a sound card.

Then how did I add the sound card back to the guest?

- I did "virsh dumpxml anotherguest" which has sound card attached to it and was able to see the below line in the output.

....................
sound model='es1370'
....................

- I then did "virsh dumpxml xp" and was not able to see the above line in it. So fixing this is as simple as adding the above line to winxp configuration file.

How to do that?

- Dump the xml file to a file in the disk.

# virsh dumpxml xp> xp.xml

- Edit the xp.xml and add the below line to it.

sound model='es1370'

I added this immediately before the "devices" line.

- Then redefine the guest using the new configuration file.

# virsh define xp.xml

Restart the guest and the network card would be present in the guest. Hope we can add the sound card in F11 through virt-manager GUI.