A few things, mostly technical notes...

Monday, September 26, 2005

devlabel shows different page80 identifiers on multipathed devices

I've 5 multipathed luns from Symmetrix as shown below, (Lun 0 being vol. logix database)


Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
Attached scsi disk sdb at scsi0, channel 0, id 0, lun 2
Attached scsi disk sdc at scsi0, channel 0, id 0, lun 3
Attached scsi disk sdd at scsi0, channel 0, id 0, lun 4
Attached scsi disk sde at scsi0, channel 0, id 0, lun 5
Attached scsi disk sdf at scsi1, channel 0, id 0, lun 0
Attached scsi disk sdg at scsi1, channel 0, id 0, lun 2
Attached scsi disk sdh at scsi1, channel 0, id 0, lun 3
Attached scsi disk sdi at scsi1, channel 0, id 0, lun 4
Attached scsi disk sdj at scsi1, channel 0, id 0, lun 5

Let us examine lun 2. The device names are /dev/sdb and /dev/sdg.

/dev/sdb (primary path)

# devlabel printid -d /dev/sdb
S80:373031303731303231303330EMCSYMMETRIX

/dev/sdg (alt path)

# devlabel printid -d /dev/sdg
S80:373031303731303231333031EMCSYMMETRIX

The SCSI Page 80 identifiers of /dev/sdb and /dev/sdg should be identical, both being dual paths to the same device. BUT THEY ARE DIFFERENT...(!!??)


Lets use scsi_unique_id to examine /dev/sdb and /dev/sdg further:

/dev/sdb

# scsi_unique_id /dev/sdb
model: EMC SYMMETRIX
page80: 373031303731303231303330
page83 type6: 00018570107153594d3032310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

/dev/sdg

# scsi_unique_id /dev/sdg
model: EMC SYMMETRIX
page80: 373031303731303231333031
page83 type6: 00018570107153594d3032310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000


scsi_unique_id shows two different page80 identifiers: 373031303731303231303330 (sdb) and
373031303731303231333031 (sdg)..!!


(Oh yes, /dev/sdb and /dev/sdg are *indeed* alternate devices..!!)


System Details:

ES release 3 (Taroon Update 5) , 2.4.21-27.ELsmp, devlabel: 0.48.03


Update (10.27.05): They had to turn on C-Bit, and once they did that, this problem went away.

Monday, June 06, 2005

How to force a panic/crash in Linux?


You can evoke a crash/panic by:

echo c > /proc/sysrq-trigger

System can be forced to crash from the console by pressing: "Alt-syrq-c"

What are the command keys and what do they do?

'r' - Turns off keyboard raw mode and sets it to XLATE.

'k' - Secure Access Key (SAK) Kills all programs on the current virtual
console. NOTE: See important comments below in SAK section.

'b' - Will immediately reboot the system without syncing or unmounting
your disks.

'c' - Intentionally crash the system without syncing or unmounting
your disks. This is most useful if the NETDUMP client package
has been installed.

'o' - Will shut your system off (if configured and supported).

's' - Will attempt to sync all mounted filesystems.

'u' - Will attempt to remount all mounted filesystems read-only.

'p' - Will dump the current registers and flags to your console.

't' - Will dump a list of current tasks and their information to your
console.

'm' - Will dump current memory info to your console.

'0'-'9' - Sets the console log level, controlling which kernel messages
will be printed to your console. ('0', for example would make
it so that only emergency messages like PANICs or OOPSes would
make it to your console.)

'e' - Send a SIGTERM to all processes, except for init.

'i' - Send a SIGKILL to all processes, except for init.

'l' - Send a SIGKILL to all processes, INCLUDING init. (Your system
will be non-functional after this.)

'h' - Will display help ( actually any other key than those listed
above will display help. but 'h' is easy to remember :-)

See sysrq.txt somewhere underneath /usr/src/linux-XXX/Documentation for more information.


Thursday, May 12, 2005

/sbin/lvm.static in rhel4.0 systems

RHEL 4.0 has lvm2. There is an executable file /sbin/lvm.static, and this is to explain what it does.

     o The full set of LVM2 commands is now installed in /usr/sbin/. In boot
environments where /usr/ is not available, it is necessary to prefix
each command with /sbin/lvm.static (/sbin/lvm.static vgchange -ay, for
example).

       In environments where /usr/ is available, it is no longer necessary to
prefix each command with lvm (/usr/sbin/lvm vgchange -ay becomes
/usr/sbin/vgchange -ay, for example).

o The new LVM2 commands (such as /usr/sbin/vgchange -ay and
/sbin/lvm.static vgchange -ay) detect if you are running a 2.4 kernel,
and transparently invoke the old LVM1 commands if appropriate. The
LVM1 commands have been renamed to end with ".lvm1" (for example,
/sbin/vgchange.lvm1 -ay).

See this link for more information.

Saturday, April 23, 2005

GandhiCon 3 ? M$ to Support Linux in Virtual Server 2005

M$ has announced support for Linux in its virtualization software, Virtual Server 2005.

Follow the /. thread for more. Here is the news link.

From that thread:
"A VM-type OS is larger and much more complex. In a proprietary VM, it would be easy to hide a test for a specific OS so that it couldn't be found. You could break arbitrary parts of the target OS, and it would be extremely difficult for the OS's supporters to diagnose what you've done and program around it. They've done it in the past; they'll do it in the future. "

Yeah, if guest_os is linux, MS Virtual Server probably *will* slow that instance down.

MS's Steve Ballmer in a statement made in year 2000 stated that "Linux is communism. " , and later as "Linux is Cancer" (2001).

I guess, that all have changed now, huh?

IE, like FireFox to support Tabbed Browsing too?

It is not about Maxthon, nor about MYIE2.

Following what Firefox has, IE6 is soon to support Tabbed Browsing with an update to the MSN toolbar.

They are going to have an RSS aggregator too.

More at this link.


Its about time the buggy software changed a bit since it is last inception, which was umm.. err.. 4 years ago?

Monday, April 18, 2005

Does Linux LVM support alternate PV links?

Stuff has changed and evolved over time.

Answer: NO.

Linux LVM knows nothing about the alternate path to your PV. If you extend your volume group to the alternate PV, LVM treats the alt device as if it were a new PV.

When the system starts up, it calls vgscan to scan all the devices; and I don't know what lvm2 does when it finds lvm2 VGDA on the alternate PVs. Perhaps, it just ignores it.

With the Demise of Sistina, looks like the official stance is to advise mdadm etc. Neverthless, that also is kind of incomplete, as mdadm has on-disk metadata and modifies it and hence is NOT cluster-safe for concurrent activation.

Not sure about EVMs, whether it supports alternate PV links. More on that later...


Drop a comment if you have something to say on Linux LVM.

Sunday, April 17, 2005

Setting up ssh equivalency between Linux hosts

Alright, most of the decent and latest Linux ssh are version 2. Hence I am to cut the crap and get directly onto how to get this to work.

Say, you have hostA, which should get to hostB as root without a password.

We got to tell hostB the public keys of hostA. We have to create keys first for hostA. Login as root onto hostA, and run:

# ssh-keygen -b 1024 -t dsa

This would created a file, id_dsa.pub mostly in $HOME/.ssh directory.

Cut and paste this file's contents onto a file authorized_keys2 in $HOME/.ssh/ directory of the other host.

If you are trying to get in as root, make sure that your sshd_config (usually it is /etc/ssh/sshd_config ) has "PermitRootLogin yes".

If you're making changes to sshd_config, make sure you restart sshd to bring those changes into effect. sshd can be restarted as "service sshd restart" as root.

Now, from hostA, run ssh hostB. If its the first time you're sshing to hostB, you may see a question like: "Are you sure you want to continue connecting (yes/no)? " , say yes, and bingo you're good to go...

Thursday, April 14, 2005

Second field in /etc/shadow explained.

An interesting thing about RHEL /etc/shadow file.

Its about the second field of /etc/shadow (if shadow passwords are enabled).

If the value is ! or *, the account is locked and the user is not allowed to log in.

If the value is !! a password has never been set before (and the user, not having set a password, will not be able to log in).

More here...

To disable an user, just replace the second field in his/her /etc/shadow entry with * or ! .

Wednesday, April 13, 2005

CNET.com --- stupid, mindless IT journalism.

Cnet article about DNS outages at Comcast explains DNS as:

"The DNS system essentially routes one's Internet protocol address to the appropriate Web site that the user wants to visit. "

Original Article here. Screenshot of article is at this link.

Huh? WTF?

They got that wrong, and backwards.

Essentially, a DNS server resolves the hostnames to an IP address.

Stop smoking, Cnet...!!

Friday, April 08, 2005

Microsoft Corp. v. Zamos (Goliath .v. David)

University of Akron student David Zamos bought educational copies of Microsoft Windows and Office XP Pro for $60 each. After realizing he'd have to wipe his computer to install them, he tried to return them. The college would not take them, neither would Microsoft. He was forced to keep them. The kid sold the un-opened pieces of the software on E-bay. Microsoft sued him for thousands of dollars in damages, their lawyers threatened to take his Ford Escort to recover $ 143.50.

Zamos has been fighting .

In short, instead of caving into
high-powered attorneys for the Software Giant, he decides to fight back, and goes to the press. Goliath is hit. Read on here...

Devsense, fusion
Google

Saturday, April 02, 2005

Gmail grows and Gmail ROCKS..!!

Looks like my Inbox just grew bigger.

I've now 1854 MB.



MSN Hotmail, you suck. Comes to mind is the time when I had 2MB as my Inbox Limit.

Yahoo's 6MB in those days were a true Luxury...!!

Best of all, Gmail lets me access from Thunderbird.

Oh, and I've not seen a spam in my Gmail Inbox.

Wednesday, March 09, 2005

Can you trust download.com?

Was reading about the Security Fix for PuTTY dated Feb 20, 2005, I stumbled upon this on their download page:

2004-12-23 Trojan PuTTY installer circulating

We've been alerted to a trojan PuTTY 0.56 installer that was posted on CNET's download.com for about a fortnight (now removed). We are informed it installed various spyware.

The file length was 509860 bytes (much shorter than any installer we've ever released) and the md5sum was 49550e478e9dd008998c2c5294a884c5.

We'd like to take this opportunity to encourage everyone to verify the signatures of PuTTY downloads before executing them. Details are on our Keys page.

Another solid proof that you cannot trust downloads.com and similar sites. Not that they wrote the program, they are just storing it to be downloaded, but still Spyware gets inside there copy. Whew...!!

Tuesday, March 08, 2005

Adblock options explained...

Gathered the following mostly from the forums.

Obj-Tabs:

This would place a translucent tab next to Flash movies and similar Objects, which can be clicked for blocking.

Collapse Blocked Elements:

Adblock will remove the space left where the blocked Object was.

Check Parent Links:

Adblock will also filter on the URL the ads point to, and not only their own URL. That is, the objects from a blocked server will also be blocked when this option is enabled.

Site Blocking:

If enabled, it will display Blocked Sites. If disabled, it shows the site in your filter list, but will not display any Objects.

See this for more info.

Tuesday, March 01, 2005

Gmail Down?



Tue Mar 1 12:43:53 EST 2005:

From the looks of it, incoming mails are not working at gmail. I could send out emails, but have not gotten the replies -- realised this when I called them up.

This is from the web interface of gmail.

Anyways, Gmail is in Beta, so cannot bitch about this aloud.

Thursday, February 24, 2005

How RAM is used in Linux



Stumbled upon a very good post here, which explains why "top" or similar utils always show all your RAM being used.

mine:> free -m
total used free shared buffers cached
Mem: 91 84 7 20 21 15
-/+ buffers/cache: 47 44
Swap: 513 58 455

The -/+ buffers/cache line shows how much memory is being used and is free.
91 Meg is the RAM available after being reserved plus occupied by Kernel (which
cannot be swapped out) .

You're good if you are not swapping much. I've ~ 58 Megs of swap being used, well, it is normal with hardly 90 some Megs of RAM.

Quote from sapphirecat's original thread: " The reason Linux uses so much memory for disk cache is because the RAM is wasted if it isn't used. Keeping the cache means that if something needs the same data again, there's a good chance it will still be in the cache in memory. Fetching the information from there is around 1,000 times quicker than getting it from the hard disk. If it's not found in the cache, the hard disk needs to be read anyway, but in that case nothing has been lost in time. "

RHEL ES 4.0 release 1 -- miseries while kickstarting..

Okay, I got a DL 360 to play with, has two Broadcom cards and the installer loads tg3.ko as the drivers, and it says links is up at 100 Half.



Hmmm...

Okay, but later fails to get a dhcp response from the network.



And, throws you back at:



When you hit enter, still asking it to get response from dhcp, it cannot even find the device(?):



Alright.

Now if you assign IP addresses manually and hit enter, it will not still get onto the network:



Arrgghh..!!

Now I pop in a floppy (vfat) with a ks.cfg which has static IP details in it, and boot the box with linux ks=floppy argument...

Look what happens, it cannot even read the floppy.




Updated (03.01.2005) :

I've submitted this as bug 149682 on Feb 24 to bugzilla. Here is the link.

Tuesday, February 22, 2005

Auto-finding your hard drives for Linux Kickstart



With different hardware, the device names are to change, and thus one will have to edit the ks.cfg for Linux Kickstarts everytime you are dealing with a different hardware.

Starting with RHEL 3.0, you could include a python script in your kickstart file and derive the list of your harddrives into a file. You could later include that file to define your drives.


%pre --interpreter /usr/bin/python
import os, sys
sys.path.append('/usr/lib/anaconda')
import isys

# get a sorted list of drives
drives = isys.hardDriveDict().keys()
drives.sort()

# write the include file to /tmp/kspart, drives[0] is the first drive,
# drives[1] is the second, etc. To get the filet to be used, put
# '%include /tmp/partitions' in your kickstart configuration.
print "Writing partition details"
f = open("/tmp/partitions", "w")
f.write("part /boot --size 400 --ondisk %s\n" % drives[0])
f.write("part / --size 6144 --ondisk %s\n" % drives[0])
f.write("part swap --size 2048 --ondisk %s\n" % drives[0])
f.write("part /var --size 3072 --ondisk %s\n" % drives[0])
f.write("part /home --size 2048 --ondisk %s\n" % drives[0])
f.write("part /tmp --size 4096 --ondisk %s\n" % drives[0])
f.write("part /data --size 6144 --ondisk %s\n" % drives[0])

f.close()



Of course, add this to your kickstart file:
%include /tmp/partitions
Original posting here.


AFAIK, this does not work with RHEL 2.1, as its anaconda is still retarded. Still working on RHEL 4.0 to confirm....

Saturday, February 19, 2005

How to read Malayalam newspapers using FireFox



Most of the Malayalam newspapers use dynamic fonts. FireFox and Mozilla browsers do not support Dynamic fonts by default. Here is how you can read Malayalam and Other Indic publications using Firefox:

Option 1: Use firefox extension padma.

This works on all recent stable versions of Firefox at the time of this writing.

An advantage worth mentioning -- padma converts those pages to Unicode for you - This saves you the pain of installing individual fonts for the content you want to read. In other words, if you have an Unicode malayalam font installed already, thats all it takes...!!

A little bit about padma from the extension's page: Padma is a technology for transforming Indic text between public and proprietary formats for Mozilla based applications.

Ok, now how to get that done:

Step 1

Install Firefox's extension padma.

If you have a fairly decent Unicode font installed already, you are good to go now. Otherwise, read on:

Step 2

Download Anjali Oldlipi - perhaps the best unicode Malayalam font. Open up this url, download the latest version of AnjaliOldLipi. (At the time of this writing, 0.730 is the latest).

Copy the downloaded font file into your Fonts Directory (Settings->Crontol Panel->Fonts).

In case you are running Linux I am going to assume that you already know how to add a font.

Now, fireup Firefox, Tools ->Options -> Content and set your Default Font to AnjaliOldLipi as seen in this screenshot:




That is it...!!

Enjoy browsing Malayalam publications like: Deepika, Madhyamam, Manorama, Mangalam, Mathrubhumi and more...

Oh, did I mention that you can kill all the annoying ads using AdBlock Plus?


Option 2:

Note: This is dependent on a Firefox extension "AutoCharacterEncoding" which does not seem to be in active development anymore. (Hey, developers are people too, and they move onto other things as well..!!) At the time of this writing, said extension does not work on Firefox 1.5. Another disadvantage is that, you are required to download and install the individual fonts of the malayalam publications you want to read, onto your computer.

Step 1

Download and install the fonts from the newspaper's website, unless you already have them. (Download the .ttf file, and copy it over to your Fonts directory.)

Step 2

Install AutoCharacterEncoding from mozdev.

(It merely sets the fonts for userdefined character encoding automatically.)

Step 3

Restart FireFox, and browse, saving yourself from annoying ads and popups.

Friday, February 18, 2005

How to turn on rsh and rlogin on RedHat Enterprise Linux (RHEL 2.1/ 3.0)



You have two hosts: hostA and hostB. You want to set up some sort of equivalency for user "root" on both of them.

Enable them:

Turn on these three using chkconfig on both the nodes: rexec, rsh and rlogin.


# chkconfig rexec on
# chkconfig rsh on
# chkconfig rlogin on

xinetd

Restart xinetd to be sure.

# service xinetd restart

.rhosts

On hostA's root home directory (usually /root), create a .rhosts file, which has hostB in it.

# cat .rhosts
hostB

Similarly, create a .rhosts on hostB's root home directory which has hostA in it.

# cat .rhosts
hostA

hosts.allow


Now, edit /etc/hosts.allow on hostA:


#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL : hostB


Edit /etc/hosts.allow on hostB:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL : hostA

hosts.equiv

Edit /etc/hosts.equiv on hostA to have

# cat /etc/hosts.equiv
hostB


Edit /etc/hosts.equiv on hostB to have

# cat /etc/hosts.equiv
hostA
/etc/securetty

And finally, knock off /etc/securetty (rename it or worse, purge it) on both hostA and hostB

Now you are good to go.

Disclaimer: Use at your own risk. Don't flame me. It sure worked for me. Actual results may vary. Use ssh in place of rlogin/rsh/telnet and the like, as ssh is more secure.

Thursday, February 17, 2005

Addressing IDN Spoofing on Firefox...



While debates are on, I added this "/[^\x20-\xFF]/" to my set of adblock filters. (Everything except the quotes.)

That thingy between the quotes above blocks URLs with characters outside normal ASCII range.

Editing the compreg.dat works fine until you are removing or adding a new Firefox extension, as it is recreated when Extensions are changed.

Then again, the moment you over-write your adblock filters....

You can test your browser from this page.

Tuesday, February 15, 2005

Debug flags for sendmail



Common flags:

-d0 General debugging.
-d1 Show send information.
-d2 End with finis( ).
-d3 Print the load average.
-d4 Enough disk space.
-d5 Show events.
-d6 Show failed mail.
-d7 The queue file name.
-d8 DNS name resolution.
-d9 Trace RFC1413 queries.
-d9.1 Make host name canonical.
-d10 Show recipient delivery.
-d11 Trace delivery.
-d12 Show mapping of relative host.
-d13 Show delivery.
-d14 Show header field commas.
-d15 Show network get request activity.
-d16 Outgoing connections.
-d17 List MX hosts.

-d12 Set flag 12 to level 1
-d12.3 Set flag 12 to level 3
-d3-17 Set flags 3 through 17 to level 1
-d3-17.4 Set flags 3 through 17 to level 4

More details in these following links...

Geocities, Monkeytools? , Sendmail 2nd edition, Whole scoop on configuration file

Debugging check_rcpt (Anti-Relay)

The three scenarios that should be checked out are:

1) From INT to INT
2) From EXT to INT
3) From EXT to EXT

Evoke sendmail as:

root@somelinux:> sendmail -bt -d21.4
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)

.D{client_addr}165.89.185.15
check_rcpt {email@foo.bar}


Open Relay Database is maintained here.

Project Work

A picture drawn by my brother:

Sendmail 8.11.x without DNS...



For a nullclient with DS macro enabled....

[root@haha mail]# grep service.swi /etc/sendmail.cf
# service switch file (ignored on Solaris, Ultrix, OSF/1, others)
O ServiceSwitchFile=/etc/mail/service.switch
[root@haha1 mail]# cat service.switch
hosts files
Check the /etc/host.conf to have:
order hosts
multi on

Use switch 8.8 to see it bitching about failed resolver lookups...
date |sendmail -v -d13.9 foo@foo.org

Also:

# sendmail -bt -d8.8
check_mail foo@foo.bar
/mx foo.bar
/map host foo.bar
/quit

Thursday, February 10, 2005

About kernel.sysrq

Magic SysRq is a key combination directly intercepted by the kernel and can be used, among other things, to perform an emergency shutdown. It is described in Documentation/sysrq.txt and implemented in drivers/char/sysrq.c in the kernel source tree. It exists primarily for kernel hackers, but it can be useful to people in user-space also. Since it is implemented as a part of the keyboard driver, it is guaranteed to work most of the time, unless the kernel itself is dead.

A note: In the rest of this article, when I say "SysRq key" I mean the single key beside the Scroll lock key. But when I say "magic SysRq" I mean the combination <> /proc/sys/kernel/sysrq

If you want it to be always enabled, append these lines to one of your initialization scripts(preferably rc.local).

#Enable SysRq
echo -e "Enabling SysRq\n"
echo "1" > /proc/sys/kernel/sysrq

Alternatively, you might look for a file called /etc/sysctl or /etc/sysctl.conf which some distributions have(mine, RedHat, does). You can add a line like this to it, and sysrq will be enabled at boot-time.

kernel.sysrq = 1

The magic SysRq combination is a unique one. Now, every key on the keyboard sends a code when pressed or released, called the scan-code. The magic SysRq combination (Alt+SysRq), however, sends only one scan-code(0x54, decimal 84) even though two keys have been pressed. Check this out using showkey -s.

What can I do with it ?

Magic SysRq is invoked as <> + <> sent from a remote console will be interpreted as <>, and the consequences can be disastrous. See the Remote-Serial-Console-HOWTO for more details.

Conclusion

The magic SysRq hack can come in very handy at times. However, it must be used with care. It can also give you some insights into the inner workings of the kernel. If you are enterprising, you might even hack the kernel and add new commands !

Note: The original article is here

Followers

സൂചിക::Index


Creative Commons License
This work is licensed under a Creative Commons License.