tompos – weblog

ESXi: boot from PXE server

Posted on 2013-06-02 by tompos

Install ESXi server on a disk as usually
Copy files from /bootbank to the tftp server
Copy mboot.c32 file as well (from the isntalled partition mounted (FAT32) externally to a system or from the installer iso)
modify boot.cfg

$ sed -i 's@/@@g' boot.cfg

edit pxcelinux configuration

label esx01
   kernel esx01/mboot.c32
   append -c esx01/boot.cfg

Continue reading →

Posted in ESXi, IT | Leave a comment

ESXi: Install (Areca) storage driver from command line

Posted on 2013-06-01 by tompos

# enter maintenance mode
~ # vim-cmd hostsvc/maintenance_mode_enter
'vim.Task:haTask-ha-host-vim.HostSystem.enterMaintenanceMode-455649990'

# install storage driver
# !!! ABSOLUT PATH must be used !!!!
~ # esxcli software vib install -v /VMware_bootbank_scsi-arcmsr_1.20.00.15.vmk5.120930-1vmw.500.0.0.472560.vib
Installation Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
VIBs Installed: VMware_bootbank_scsi-arcmsr_1.20.00.15.vmk5.120930-1vmw.500.0.0.472560
VIBs Removed:
VIBs Skipped:

# system restart: takes some time
~ # reboot
~ #

# exit maintenance mode
~ # vim-cmd hostsvc/maintenance_mode_exit
'vim.Task:haTask-ha-host-vim.HostSystem.exitMaintenanceMode-511601346'

Posted in ESXi, IT | 1 Comment

jenkins eats up cpu and memory resources

Posted on 2013-05-28 by tompos

In the last two years we were suffering from jenkins CPU and memory utilization. The following switches made miracle:

JAVA_ARGS="-Djava.awt.headless=true -Xms1g -Xmx6g -XX:MaxPermSize=1G -XX:+UseParNewGC -Dorg.kohsuke.stapler.compression.CompressionFilter.disabled=true"

We see ~60% CPU usage at peaks(!) on a Xeon E5504 2.00GHz, instead of constant 400%.
Currently there are 80 executors.

Posted in IT | Leave a comment

Convert squid.log timestamp to readable format

Posted on 2013-05-21 by tompos

Squid log looks like this:

Tue May 21 07:32:33 2013     25 10.0.1.63 TCP_MISS/200 68240 GET http://www.olcsobabakocsi.com/imagebrowser/ib_p010_0_66.jpg - DIRECT/212.108.200.61 image/jpeg

Use this one-liner to convert unix timestamp to readable dates:

#!/usr/bin/perl -p
s/^\d+\.\d+/localtime $&/e;

Posted in IT, Linux | Leave a comment

HP iLO lost password recovery

Posted on 2013-05-19 by tompos

There are number of howtos about changing a lost password in iLO. They’re all talking about properly formatted xml file and hponcfg.

But what if you get this message?

$ hponcfg 
HP Lights-Out Online Configuration utility
Version 4.0.0 Date 12/08/2011 (c) Hewlett-Packard Company, 2011
ERROR:  Could not find the Management Processor Device Node.
  Please check if the iLO driver module is installed and running properly.
  ACTION REQUIRED: Install/Re-install hp Lights-Out driver package(&#039;hp-ilo&#039; RPM) for iLO.

It’s worth verifying, that it’s really iLO not Lights-Out 100!

Lights-Out 100 (or LO100) is a standard IPMI device.

It’s easy to manage:

$ ipmitool user list
# if admin is 6th user
$ ipmitool user enable 6
$ ipmitool user set password 6 admin

Posted in IT | Leave a comment

Upgrade LXC container from Ubuntu Lucid to Precise

Posted on 2013-05-18 by tompos

Through the release upgrade process there is an error:

unable to make backup link of `./lib/init/fstab’ before installing new version: Invalid cross-device link

$ apt-get -f install
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Correcting dependencies... Done
The following extra packages will be installed:
  mountall
The following packages will be upgraded:
  mountall
1 upgraded, 0 newly installed, 0 to remove and 246 not upgraded.
8 not fully installed or removed.
Need to get 0B/67.8kB of archives.
After this operation, 5,120B of additional disk space will be used.
Do you want to continue [Y/n]? 
(Reading database ... 18882 files and directories currently installed.)
Preparing to replace mountall 2.15.3 (using .../mountall_2.36.4_amd64.deb) ...
Moving obsolete conffile /etc/init/mounted-varrun.conf out of the way...
Unpacking replacement mountall ...
dpkg: error processing /var/cache/apt/archives/mountall_2.36.4_amd64.deb (--unpack):
 unable to make backup link of `./lib/init/fstab&#039; before installing new version: Invalid cross-device link
Reinstalling /etc/init/mounted-varrun.conf that was moved away
Errors were encountered while processing:
 /var/cache/apt/archives/mountall_2.36.4_amd64.deb
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB

Total disk space freed by localepurge: 0 KiB

Stop the container and run this command from the host:

$ lxc-unshare -s MOUNT -- chroot rootfs apt-get -f install

Posted in IT, Linux, Ubuntu | Leave a comment

rm * does not work

Posted on 2013-03-01 by tompos

‘sudo rm -f’ does not remove directory content.

$ sudo rm -f /1/*
$ echo $?
0
$ sudo ls /1
1 2 3 4 5

How can this happen?
Check permissions:

$ ls -ld /1
d-wx--x--x 1 user user 10 Mar 1 16:24 /1

If user doesn’t have permission to list the directory, the wildcard matches to nothing in despite of sudo.

Note: in zsh an error message is displayed:

zsh: no matches found: /1/*

Posted in IT, Linux | Leave a comment

iroute does not work for openvpn networks

Posted on 2012-11-11 by tompos

There is a quite common openvpn scenario:

NETWORK_A — GW_A — INTERNET — GW_B — NETWORK_B
GW_A is openvpn server, GW_B is client.

Everything is setup correctly including iroute.
Networking routes still cannot be used.
Continue reading →

Posted in BSD, IT, Linux | Leave a comment

Liar Zimbra

Posted on 2012-10-28 by tompos

=======================================
Notify Zimbra of your installation? [Yes] no
Notifying Zimbra of installation via
http://www.zimbra.com/cgi-bin/notify.cgi?VER=8.0.0_GA_5434_UBUNTU12_64&MAIL=admin@domain.hu

Notification complete
=======================================

Thanks:o)

Posted in Fun | Leave a comment

Ubuntu (Quantal) 12.10: window button layout (order)

Posted on 2012-10-27 by tompos

For unknown reason on my desktop the default button layout has changed.
There are a lot of links on the web, but they don’t look useful in Quantal.

The solution is using dconf instead of gconf.

In dconf-editor go to

org.gnome.desktop.wm.preferences

than

Change button-layout to: close,minimize,maximize:.
The change takes effect immediately.

Posted in IT, Linux, Ubuntu | Leave a comment

Nokia N9: “connect to wi-fi network to download maps”

Posted on 2012-10-07 by tompos

When I wanted to install new or update available maps I saw the following error message:

Connect to Wi-Fi network to download maps.

Solution is on this page:
http://discussions.nokia.com/t5/Maemo-and-MeeGo-Devices/N9-Wi-Fi-internet-connectivity-problem/td-p/1189865/page/3

1) Turn off Power saving – Device|Battery|Power Saving. If this is on it will turn off the WiFi when it thinks it is not being used! You can turn it back on when finished the map downloads.

2) In the Map application go to Settings and turn ‘On-line’ on. This seems to turn itself off…

However for me the first step was not necessary.
Whereas restarting the Maps application was a must.

Posted in Nokia N9 | Leave a comment

IPA err=53

Posted on 2012-08-26 by tompos

[26/Aug/2012:16:10:49 -0400] conn=183 fd=68 slot=68 connection from 10.0.0.4 to 10.0.0.5
[26/Aug/2012:16:10:49 -0400] conn=183 op=0 BIND dn="admin" method=128 version=3
[26/Aug/2012:16:10:49 -0400] conn=183 op=0 RESULT err=53 tag=97 nentries=0 etime=0
[26/Aug/2012:16:10:49 -0400] conn=183 op=-1 fd=68 closed - B1

Official error code shows:

#define	EBADR		53	/* Invalid request descriptor */

Not really useful.

Solution: connection was initiated by the user (bind dn) ‘admin’, but wrong credential was provided.

Posted in IT, RedHat | Leave a comment

run command on multiple computers (nodes)

Posted on 2012-08-26 by tompos

run-all () {
    GROUP=$1
    shift
    for host in `cat /root/.hosts.$GROUP`; do
        echo $host
        ssh $host "$*"
    done
}

usage:

$ run-all web-servers apt-get upgrade -y

/root/.hosts.web-servers

w1
w2
w3

Posted in IT | Leave a comment

glusterfs: mismatching layouts

Posted on 2012-05-15 by tompos

There are messages like this in glusterfs mount point’s log:

W-Projects.log:[2012-05-14 19:13:14.283459] I [dht-layout.c:682:dht_layout_dir_mismatch] 0-w-vol-dht: subvol: w-vol-client-3; inode layout - 0 - 0; disk layout - 858993459 - 1717986917

W-Projects.log:[2012-05-14 19:13:14.283475] I [dht-common.c:524:dht_revalidate_cbk] 0-w-vol-dht: mismatching layouts for /97_KAMU/60_Elements/Prod/KAMU_ARNOLDTESZT/KAMU_ARNOLDTESZT_LGS/CG/KAMU_ARNOLDTESZT_LGS-cg_li_v004/masterLayer/Kettle_Indirect_Diffuse_raw

Although it’s not identified as an error, it is. Some of the clients cannot access the affected files.

For fix, run this command on each(?) cluster node:

gluster volume rebalance w-vol fix-layout start

Posted in IT | Leave a comment

shell fork bomb

Posted on 2012-03-01 by tompos

Do not try on any kind of production environment. But good for testing for example a VM.

:(){ :|:& };:

Posted in BSD, Linux | Leave a comment

RHEV: Error from Kerberos: Integrity check on decrypted field failed

Posted on 2012-02-04 by tompos

There is an almost brand new RHEV 3.0 installation.
Old users can authenticate and can be listed on the administration interface, but a new user cannot be added.
In the IPA log no relevant information or error message, only the same as in the rhev.log:

2012-02-01 09:51:13,189 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (pool-10-thread-3) Error from Kerberos: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
2012-02-01 09:51:13,189 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http-0.0.0.0-8443-1) Failed ldap search server LDAP://ipa.domain.org:389 due to org.ovirt.engine.core.bll.adbroker.RhevmDirectoryServiceException. We should not try the next server
org.ovirt.engine.core.bll.adbroker.RhevmDirectoryServiceException

Solution: by default IPA password policy require to change the passwords from time to time. RHEV was installed before changing the password of the user, who used accessing IPA.
So change back the password and error disappear.

Posted in IT, RedHat | Leave a comment

Ubuntu Lucid 10.04 + KVM + Windows XP virtio block device: “Windows could not start because of computer disk hardware configuration problem.”

Posted on 2012-01-31 by tompos

With this issue Windows 7 is not affected.
I installed Windows XP with virtio block device fine. After rebooting the OS cannot be started from the disk with this message:

Windows could not start because of computer disk hardware
configuration problem.
Could not read from the selected boot disk. Check boot path
and disk hardware.
Please check the Windows documentation about hardware disk
configuration and your hardware reference manuals for
additional information.

Solution: upgrade seabios package to 0.6.2-0ubuntu2 or above.

Posted in IT, Linux, Ubuntu, Windows | Leave a comment

IPA on LXC

Posted on 2012-01-24 by tompos

It’s possible to install IPA into an LXC container.

First time I got this error message:

Failed to create semaphore for stats file

Solution: set up tmpfs for /tmp

none /tmp tmpfs nodev,nosuid,noatime,size=1000M,mode=1777 0 0

Posted in IT, Linux, RedHat | Leave a comment

ant -f fetch.xml -> maven-artifact-ant-2.0.4-dep.jar -> 404 (not found)

Posted on 2012-01-20 by tompos

When you install ant from tarball, according to http://ant.apache.org/manual/install.html library dependencies need to be downloaded and installed.
If you recieve 404 (Not found) you should check this post.
Continue reading →

Posted in IT | Leave a comment

audio calls with skype on Precise Pangolin

Posted on 2012-01-17 by tompos

I could not hear skype buddies, but I could talk to them.
I fixed this by installing the a library:

$ apt-get install libsdl1.2debian:i386

Posted in IT, Linux, Ubuntu | Leave a comment

nginx: https proxy for http backend

Posted on 2012-01-06 by tompos

This come up in many cases. Typical secanario for tomcat based applications.

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_cache off;

proxy_pass http://localhost:8080;
proxy_redirect default;
proxy_redirect http://tomcat.rtfm.co.hu/ /;
proxy_redirect http://localhost:8080/ https://tomcat.rtfm.co.hu/;
}

Posted in IT | Leave a comment

tomcat+runit+rotatelog

Posted on 2012-01-06 by tompos

#!/bin/bash

ulimit -m 6291456
ulimit -v 6291456
ulimit -d 6291456
ulimit -n 4196
ulimit -f 1048576

exec 2>&1

if pgrep -u tomcat -f Dcatalina.home=/opt/java/apache-tomcat-7 > /dev/null; then
echo "Tomcat 7 instance is already running!"
logger -i -p user.err -- "Tomcat 7 instance is already running!"
## prevent runit storming
sleep 30
exit 0
fi

U="tomcat"
G="tomcat"

chgrp -R ${G} supervise
chmod g+rw supervise/*
chmod g+rwxs supervise

JAVA_HOME="/opt/java/latest"
# set in $CATALINA_BASE/bin/setenv.sh
#JAVA_OPTS="-XX:MaxPermSize=256m -XX:-OmitStackTraceInFastThrow -Djava.awt.headless=true"

export JAVA_HOME JAVA_OPTS

exec > >( chpst -u ${U}:${G} rotatelogs -l -f /opt/java/apache-tomcat-7.0.20/logs/catalina-%F.out 86400 )
exec 2>&1

exec chpst -u ${U}:${G} /opt/java/apache-tomcat-7.0.20/bin/catalina.sh run \
>> /opt/java/apache-tomcat-7.0.20/logs/catalina.out 2>&1

Posted in IT | Leave a comment

safe mysql backup mode: snapshot & dump

Posted on 2011-07-08 by tompos

This is an easy to use mysql backup script. Optionally you can choose whether you want to dump or only copy the database files which are created with an lvm snapshot in a safe way.

Continue reading →

Posted in IT | Leave a comment

send_nsca: Error: Timeout after 10 seconds

Posted on 2011-06-27 by tompos

The official wiki page at http://munin-monitoring.org/wiki/HowToContactNagios says, the system can be configured by telnet. But no, you will get timeout.

Actually it can be tested via send_nsca like this:

# echo "test;test;0;test-output" | send_nsca -H 127.0.0.1 -p 5667 -c /etc/send_nsca.cfg -d ";"
1 data packet(s) sent to host successfully.

In syslog this must be appeared if debug is enabled:

Jun 27 17:46:40 nagiospro nsca[6122]: Connection from 127.0.0.1 port 48773
Jun 27 17:46:40 nagiospro nsca[6122]: Handling the connection…
Jun 27 17:46:50 nagiospro nsca[6122]: End of connection…
Jun 27 17:46:54 nagiospro nsca[6129]: Connection from 127.0.0.1 port 49285
Jun 27 17:46:54 nagiospro nsca[6129]: Handling the connection…
Jun 27 17:46:58 nagiospro nsca[6129]: SERVICE CHECK -> Host Name: ‘test’, Service Description: ‘test’, Return Code: ‘0’, Output: ‘test-output’
Jun 27 17:46:58 nagiospro nagios3: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;test;test;0;test-output
Jun 27 17:46:58 nagiospro nagios3: Warning: Passive check result was received for service ‘test’ on host ‘test’, but the host could not be found!
Jun 27 17:47:04 nagiospro nsca[6129]: End of connection…
Jun 27 17:49:32 nagiospro nagios3: Auto-save of retention data completed successfully.

Posted in IT | Leave a comment

RTSP DNAT rules for Vivotek cameras

Posted on 2011-06-13 by tompos

Topology:

WEB [10.0.0.1] – fw1 [1.1.1.1] —– INTERNET —– [2.2.2.2] fw2 – CAMERA [192.168.0.1]

On fw1:

-A PREROUTING -t nat -p udp -d 1.1.1.1 --sport 5500:6000 --dport 30000:31000 -j DNAT --to 10.0.0.1

On fw2:

-A PREROUTING -p tcp -d 2.2.2.2 --dport http -j DNAT --to 192.168.0.1
-A PREROUTING -p tcp -d 2.2.2.2 --dport rtsp -j DNAT --to 192.168.0.1
-A PREROUTING -p udp -d 2.2.2.2 --dport rtsp -j DNAT --to 192.168.0.1

Posted in IT | Leave a comment

zimbra: logger service does not start after installing custom certificate

Posted on 2011-06-12 by tompos

After installing custom openssl certificate it cannot be properly restarted with this failure message:

Starting logger…Failed.
Starting logswatch…ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
zimbra logger service is not enabled! failed.

Continue reading →

Posted in IT | Leave a comment

svn service: as smart as possible

Posted on 2011-05-29 by tompos

Everybody needs it and bigger crews also use ldap authentication.

Continue reading →

Posted in IT | Leave a comment

hpsa: monitoring on debian/ubuntu server

Posted on 2011-05-22 by tompos

After kernel version 2.6.33 for HP SmartArray storage controllers the driver changed.
Actually cciss is a driver for a raid controller, the new hpsa is a driver for SCSI/SATA/SAS block devices.

Continue reading →

Posted in IT, Linux, Ubuntu | Leave a comment