Long Term Storage

Tiger warned me that IP fowarding was enabled this morning.  It’s behavior is definitely odd in terms of when it reports something is afoot.

NEW: --WARN-- [lin015w] The system has IP forwarding enabled


I digress.  Good article here on how to dis/enable IP Forwarding, but more importantly for my memory it also has the sysctl syntax which I forget on a regular basis.

Check if IP Forwarding is enabled

We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:
Using sysctl:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or just checking out the value in the /proc system:


cat /proc/sys/net/ipv4/ip_forward
0

As we can see in both the above examples this was disabled (as show by the value 0).
Enable IP Forwarding on the fly
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):

sysctl -w net.ipv4.ip_forward=1

or

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.
Permanent setting using /etc/sysctl.conf
If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.
To enable the changes made in sysctl.conf you will need to run the command:

sysctl -p /etc/sysctl.conf


There is some good stuff down in the comments too.
Thanks MDLog.

In my efforts to build a new router, more to come on that topic, I had a need to make a ISO image bootable on a USB Drive.  My Googling let me to this simple, straight forward article.

Thanks Lnx2.

I have made some slight modifications and formatting to the original steps based on what I found to work.

There are two methods.  1 is to not use a partition table and write the file system directly to the device.  Method two is more traditional.

1. Method (/dev/sdX is your USB flash drive) :

A) Create a filesystem n the whole device without a partition table.(saves some space, and you don’t have to worry about the MBR)

sudo mkdosfs -I -v -n Ubuntu -F 32 /dev/sdX

B) Create “volume boot record” and the file ldlinux.sys using this command:

sudo syslinux /dev/sdX”

C) Mount the USB drive and the iso image file.

sudo mount -o loop /path/to/iso /mount/point
sudo mount /dev/sdX /mount/point

D) Copy all the files in the iso to the USB drive:

sudo cp -P --preserve=all -R /path/to/iso/* /path/to/iso/.* /usb/mount/point/

E) Rename the isolinux directory to syslinux and the isolinux/isolinux.cfg to syslinux/syslinux.cfg

sudo mv isolinux syslinux
sudo mv syslinux/isolinux.cfg syslinux/syslinux.cfg

F) reboot

2. Method (/dev/sdX is your USB flash drive):

A) Create a partition:

sudo parted /dev/sdX

In parted

mkpart primary 0% 100%
quit

B) Create a filesystem on the firstpartition

sudo mkdosfs -v -n Ubuntu -F 32 /dev/sdX1

C) Overwrite the MBR.

sudo dd if=/usr/lib/syslinux/mbr.bin of=/dev/sdX count=1

D) Create “volume boot record” and the file ldlinux.sys using this command:

sudo syslinux /dev/sdX1

E) mount the USB drive and the iso image file.

sudo mount -o loop /path/to/iso /mount/point
sudo mount /dev/sdX /mount/point

F)copy all the files in the iso to the USB drive:

sudo cp -P --preserve=all -R /path/to/iso/* /path/to/iso/.* /usb/mount/point/

F) rename the isolinux directory to syslinux and the isolinux/isolinux.cfg to syslinux/syslinux.cfg

sudo mv isolinux syslinux
sudo mv syslinux/isolinux.cfg syslinux/syslinux.cfg

G) reboot

As a follow up to last weeks post on NTFS-3G performance issues, I stumbled across this VMWare KB article today with some further tweeks that can reduce I/O operations by utilizing more system memory.

Same as last time.  Power-off the VM, close it in VMWare application, and edit the .vmx file.

Add the following:

MemTrimRate = "0"
mainMem.useNamedFile=false
sched.mem.pshare.enable = "FALSE"
prefvmx.useRecommendedLockedMemSize = "TRUE"

I haven’t tested it much so far, but I am willing to give anything a try to improve the performance of the VM.

Anyone who runs GNU/Linux is bound to need a console at some point.  Sometimes it is just easier to switch over to a virtual console and do what you need to do.  The default state of most consoles is an 80×30 character display which is basically useless if you want to see any kind of information.

The simple solution to this minimalist display is to set the vga kernel flag.  This allows you to set the resolution on your console framebuffer to something more useful.

The default settings example shows vga=791.  This puts your console in a 1024×768 resultion.  Which while not great is a significate boost over the standard 800×600.  If you simply enable this resolution, you will notice the Ubuntu usplash logo off center.  Very annoying.  The following steps are needed to make your Console Framebuffer something to look at.

1. Figure out what resolution your primary monitor supports.  This is typically what you have your desktop resolution set to.

2. Determine what your vga kernel flag needs to be set to.

The Wikipedia article on VESA BIOS Extensions will probably answer your questions.  Specifically, the section on Linux Video Modes.

For us widescreen users, we are not as lucky with our resolution choices.  Though, through my expirimentation, I did find that vga=840 works to give me a 1400×1050@16bit on my Dell Inspiron 1505 with the NVidia 7300 Go.  This is actually VESA 348 and does not follow the 512 rule stated in the Wiki article.  My assumption about why is probably due to manufacturers implementation.

Note: Don’t worry too much about getting it wrong.  One of two things will happen.  1. You will get no display or 2. you will get a grub screen telling you your video mode is unsupported.  I will cover how to correct this in a moment.

3. Edit your menu.lst file and add the vga= option in two places.  First, add it to the default options line.  You are looking for this line.
# defoptions=quiet splash

Change it to:
# defoptions=quiet splash vga=840

Be sure to set the 840 to the mode that represents your preferences.

Next change the default Boot menu kernel entry at the bottom. In a standard Ubuntu build, the default entry will be the first entry following this line.

## ## End Default Options ##

It will look something like this:
title Ubuntu 8.10, kernel 2.6.27-9-generic
uuid 636dc411-e53a-4776-a9e9-4fc9e277f445
kernel /boot/vmlinuz-2.6.27-9-generic root=UUID=636dc411-e53a-4776-a9e9-4fc9e277f445 ro quiet splash
initrd /boot/initrd.img-2.6.27-9-generic
quiet

You need to add the vga=### to the end of the kernel line so it looks like this.

kernel /boot/vmlinuz-2.6.27-9-generic root=UUID=636dc411-e53a-4776-a9e9-4fc9e277f445 ro quiet splash vga=840

4. Next you need to update the usplash config to match the resolution.  This is how you keep the logo centered.

sudo vi /etc/usplash.conf

Change the x and y resolution lines to match your chosen resolution.

# Usplash configuration file
xres=1400
yres=1050

5.  Update your initramfs to take advantage of the usplash settings change.

sudo update-initramfs -u

6. Reboot.

You should see a smaller, higher resolution Ubuntu logo and then Gnome startup.

Upon reboot, if you get a blank screen, that means you chose a resolution that is larger than what your display can support. In this case, you will need to boot your Ubuntu CD and chose rescue mode. From there, chose a command prompt for the rescue CD. CD to /target/boot/gurb. then edit menu.lst with nano. Remove the vga=840 line from the kernel entry at the bottom.

If you are getting a grub menu saying you have set and invalid mode, press the space bar to see a list of valid modes. If you would like to get a complete list. Type in scan and press enter. This table is what I used to help determine the 840 setting for my display.  Select the letter representing your choice and your machine will continue to boot.

The entries listed on the table are the only VESA modes your video card support. Find the entry that best matches your display preferences without exceeding the max resolution of your monitor.  Take that number, add 512 to it and update the menu.lst file.  If this results in the invalid mode error again, you will need to experiment to find the actual setting.

Note:  The number following the resolution is the color depth or the number of bits being used to describe color.  Unless you have a specific limitation, it is safe and preferable to chose the highest number following your chosen resolution.  You will typically see 8,16, and 32.

My monitor supports 1650×1050 max resolution. The max resolution my video card supports is 1600×1200. Since the 1200 is greater than the 1050, if I chose this resolution, my monitor will not display and/or give me an error indicating that it is out of range. In my case, my next best choice was 1400×1050@16bit. The menu displayed this resolution as VESA 348. My next step was to convert the VESA mode to a linux VGA mode. Per the VESA BIOS Wiki I linker earlier, the standard is to add 512 to the VESA mode which would give me 860. I set vga=860 and rebooted. Same problem but it gave me an error stating 361 was not a valid mode. Since my goal was 348, I tried decreasing it by 12. I set vga=853 and rebooted. I got the grub error again, but it said that 355 was not a valid mode. Some simple math showed that I moved from 361 to 355 by subtracting 12 from the VGA mode, this time I need to move 7. I subtracted 13 this time which gave me the 840 and no grub errors on boot.

I nice guide that covers the most common commands and functions in VI.

A nice set of Linux How-tos and guides over at linuxscrew.com covering Bash, utils, the file system, iptables, advanced routing topics and hardening.

I posted a reply on the vmware community forums regarding backing up your VMWare Virtual Machines and thought it would be good to do something more thorough.

The first consideration you need to make when planning your backup strategy is to know what you are trying to protect yourself from.

This, for the most, boils down to Hardware failure or Software Corruption.

The simple solution to protect against hardware failure is a RAID 1 or higher setup. This creates, in a RAID 1 setup, a exect mirror of the drive. If one goes down, you can rebuild the mirror off of the still working drive.

This however, does not protect you from software corruption. Because the mirroring process is near real-time (write caching delays, etc.) if your OS is corrupted, chances are both copies on the mirror are going to have the same corruption.

To protect against software corruption you have a variety of choices which all depend on your particular setup and budget. I am going to focus on the likely scenario of a home user with limited funds to purchase hardware/software and happen to be running a linux host. (BTW.. if you are running Windows, you are throwing away a serious chunk of your hardware resources to your host OS.)

Since the files that represent your virtual machines are in use cause your VM is powered on, you can not copy them directly. Doing so would dramatically increase the risk of corruption due to write caching in the VM as well as when you bring your backup online the guest will think it did not have a proper shutdown.

This means you need to have the files NOT in use. Since a good backup is one that runs automatically, a GUI is not going to be a good choice. The good people at VMWare thought of that and provided a console tool to manage VMs called “vmrun”.

vmrun can perform the majority of tasks, if not all, I have not really looked into it too much, that you can from a GUI or the craptastic WebUI of Server 2.

The command you are looking for in particular is:
vmrun -h https://hostname:443/sdk -T server -u user -p "password" suspend /path/to/myvm/myvm.vmx

to suspend it and
vmrun -h https://hostname:443/sdk -T server -u user -p "password" start /path/to/myvm.vmx

to bring it back up. Running this command places your VM in a safe state to copy the files that make up its virtual environment.

NOTE: If your password has special characters in it, be sure to include the double quotes around it.

Next we need to think about where you are going to store these files. Because in this scenario, we are talking about protecting vs. software corruption, it does not necessitate that these be stored on a separate machine. Though, by doing so, you can have a pretty good alternative to using a RAID solution.

If you are going to do a local solution. You simply want to perform a copy.
cp -R /path/to/myvm/* /path/to/backup/dir/

Now, the inclination of some would be to tar up the contents of the myvm directory first. You do not want to do this. Remember, you suspended your VM. To tar or compress the files takes time which means you have to wait longer for your VM to come up. Simlpy copy the files, then issue the vmrun start command to bring your VM back online.

Once you have done that, you can tar to your hearts content on the backup dir. You could do something like this:
tar -jcf /path/to/backup/dir/myvm.backup-$(date +%Y-%m-%d-%H.%M.%S).tar.bz2 /path/to/myvm

This will create a bz2 compressed tar of your entire myvm directory with the date and time of the backup in the file name.

If you were taking the path of storing the file on a separate box, this is the point at which you should copy it. Because we put the date into the file name, we have to be able to pull it back out. Since this will be in a script, you would simply move date into a var and do an expansion for the filename.
BACKUPDATE=`date +%Y-%m-%d-%H.%M.%S'

The tar command would become:
tar -jcf /path/to/backup/dir/myvm.backup-$BACKUPDATE.tar.bz2 /path/to/myvm

Now you can perform the copy. I would recommend you use FTP if you are not crossing a public network, otherwise, use SSH. I say FTP due to the performance differences. In FTP you do not have all of the encryption overhead for the network and processor.

For FTP you would do something like.
ftp -n $HOST <<EOS
quote USER $USER
quote PASS $PASSWD
put myvm.backup-$BACKUPDATE.tar.bz2
quit
EOS
Or for something a little more complex. This allows for error handling.
global FTP
spawn ftp $HOST
set ftp $spawn_id
expect "name"
send "$USER\r"
expect "Password:"
send "$PASSWD\r"
expect "ftp>"
send "put myvm.backup-$BACKUPDATE.tar.bz2\r"
expect "ftp>"
send "quit\r"

SFTP is a much simpler option in terms of syntax.
sftp /path/to/myvm.backup-$BACKUPDATE.tar.bz2 sshuser@host.example.com:/path/to/store/backup

To provide authentication, you simply setup public key authentication for SSH.

From here, you can delete the directory with a simple rm -rfd /path/to/myvm. Just be sure that the compressed copy you just created is not in the directory you are about to delete.

Through out this, you could add in a vairety of checks and error handling to make it much more robust.

— wow this was a lot of thought.. I am currently working on a script to semi-generically do this. Stay tuned.

Something new.. Mounting a filesystem over SSH.  Kind of like NFS but simpler.

http://ubuntu.wordpress.com/2005/10/28/how-to-mount-a-remote-ssh-filesystem-using-sshfs/

Useful commands for generating keys, csr’s, and certs..

http://shib.kuleuven.be/docs/ssl_commands.shtml

I will have to come back later to put in some others.

I can never remember the command to get to the bottom of a log file in vi.

Is it “L”.. maybe for Last?

http://www.lagmonster.org/docs/vi.html