Linux

From IdefixWiki
Jump to: navigation, search

Contents

Crypt a partition

Kernel Configuration

Device Drivers | Multi-device support | Device mapper support | Crypt target support

Enable the wanted encryption algorithm Cryptographic options | Cryptographic API (sha and aes)

Create a small testfile

Create a container.

# dd if=/dev/zero of=container.loop bs=52428800 count=1

Mount it via loop device.

# losetup /dev/loop0 container.loop 

Prepare the encryption by selecting the algorithm.

# cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/loop0

WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 

Unlock it.

# cryptsetup luksOpen /dev/loop0 verysecret 
Enter LUKS passphrase: 
key slot 0 unlocked.

Create a filesystem.

# mkfs.xfs /dev/mapper/verysecret 

Mount it.

# mount /dev/mapper/verysecret /mnt/crypt/

Umount it.

# umount /mnt/crypt

Clear the passphrase.

# cryptsetup luksClose verysecret

Add a second key (8 keys are possible).

# cryptsetup luksAddKey /dev/loop0
Enter any LUKS passphrase: 
key slot 0 unlocked.
Enter new passphrase for key slot: 

Delete a key.

# cryptsetup luksDelKey /dev/loop0 1

Umount the loop file.

# losetup -d /dev/loop0

Handling keys

head -c 100 /dev/random | uuencode -m /dev/stdin | tail -n +2 | \
 head -c 32

Damit bekommst du 32 Bytes Zufallsdaten, die du dann als
Platten-Schlüssel benutzt. Wie viele Bytes du brauchst, hängt natürlich
von deinem Verschlüsselungs-Algo ab.

Auf der Festplatte legst du diese Daten in PGP-Verschlüsselt ab:
gpg --symmetric --armor

Um die Platte zu mounten macht mein selbstgeschribenes Script dann unter
anderem das:

FS_KEY="$(gpg --no-options --passphrase-fd 3 --no-tty --batch \
    --no-default-keyring --keyring /tmp/pubkey.gpg \
    --secret-keyring /tmp/seckey.gpg -d ${KEYFILE} 3<<<${PASSPHRASE} \
    2>/dev/null )"

/usr/bin/sudo /bin/cryptsetup -d /dev/stdin create "${MAPPERDEV}" \
 "${DEVICE}" <<<"${FS_KEY}"

See also here.

Gentoo

Update Gentoo

To update the ports enter:

# emerge --sync

or if a firewall blacks you enter:

# emerge-webrsync

To display packages which need an update enter:

# emerge --pretend --verbose world

To update all packages where the USE-FLAG has changed:

# emerge --update --deep --newuse world

To update the complete system enter:

# emerge --update --deep world

To Update the /etc directory

# etc-update

To update dependency execute:

# revdep-rebuild

Tips around portage

USE Flags

Get description for the USE-FLAGS install

# emerge gentoolkit

then type:

# equery uses package

For details on USE flags:

less /usr/portage/profiles/use.desc

USE Flags

Get description for the USE-FLAGS install

# emerge gentoolkit

then type:

# equery uses package

Display all version from one package

emerge eix
eix <package>

Deinstall a portage

emerge --unmerge media-libs/faad2

The rc system

Add script to startup:

# rc-update add postfix default

Show which script is executed

# rc-update show

Remove package from startup

# rc-update del postfix default

Compiling a kernel

cd /usr/src/linux
unset CROSS_COMPILE
genkernel --kernel-config=/usr/src/config-idefix-v3 kernel
or
genkernel --no-mrproper --install kernel

Upgrade to gcc 4.1

see here

Compiling a kernel

cd /usr/src/linux
unset CROSS_COMPILE
genkernel --kernel-config=/usr/src/config-idefix-v3 kernel
or
genkernel --no-mrproper --install kernel

Mounting

Image via loop-back

Create a directory where to mount the image:

mkdir /mnt/image

Mount the image with:

mount /home/images/ppc-2006-01-11.iso /mnt/image -o loop=/dev/loop3
or
mount /tmp/fdimage /mnt -t msdos -o loop=/dev/loop3,blocksize=1024

Wine

>>> Original instance of package unmerged safely.

* ~/.wine/config is now deprecated.  For configuration either use
* winecfg or regedit HKCU\Software\Wine

Warmboot kernel

To directly reboot into a new kernel the tool kexec is necessary:

emerge sys-apps/kexec-tools

The new kernel can be loaded with:

kexec -l --command-line="root=/dev/hdb3 udev video=vesafb:mtrr,ywrap,1024x786-32@85 ro" /boot/vmlinuz
kexec -e

Ubuntu

Upgrade to Ubuntu Dapper

https://help.ubuntu.com/community/DapperUpgrades

ATI driver

Control Beep-Media-Player with Multimedia Keys

Start xev to find the keycodes. You get as result somthing like:

KeyRelease event, serial 43, synthetic NO, window 0x2400001,
    root 0x3d, subw 0x0, time 3939566, (84,27), root:(1498,49),
    state 0x10, keycode 232 (keysym 0x0, NoSymbol), same_screen YES,
    XLookupString gives 0 bytes: 

So we have keycode 232 for this key. Now edit .xmodmaprc in the following style:

keycode 232 = XF86AudioMedia

Allowed symbols can be found in /usr/X11R6/lib/X11/XKeysymDB.

My KeySonic has the following keys:

! config for KeySonic
keycode 153 = XF86AudioNext
keycode 162 = XF86AudioPlay
keycode 144 = XF86AudioPrev
keycode 164 = XF86AudioStop
keycode 176 = XF86AudioRaiseVolume
keycode 174 = XF86AudioLowerVolume
keycode 178 = XF86HomePage
keycode 236 = XF86Mail
keycode 234 = XF86Back
keycode 233 = XF86Forward
keycode 229 = XF86Search
keycode 231 = XF86Refresh
keycode 230 = XF86Favorites
keycode 232 = XF86AudioMedia
keycode 160 = XF86AudioMute
keycode 227 = XF86WakeUp
keycode 223 = XF86Sleep
keycode 222 = XF86PowerOff

Now load the settings with:

xmodmap .xmodmaprc

In Beep-Media-Player activate the plugin "XF86Audio Keys Control" and everything should work.

Diskless System

We want to boot via PXE and mount everything via NFS. At first we create a basic directory structure:

export DISKLESS=vdrhd1
export DISKLESS=diskless
mkdir /usr/local/$DISKLESS/
cd !$
mkdir boot
mkdir dev
mkdir bin
mkdir sbin
mkdir lib
mkdir etc
mkdir usr
mkdir root
mkdir home
mkdir proc
mkdir tmp
chmod a+w tmp
mkdir sys
mkdir var
mkdir var/empty
mkdir var/lock
mkdir var/log
mkdir var/run
mkdir var/spool
mkdir var/lib
mkdir var/lib/dbus
mkdir var/tmp
mkdir var/cache
mkdir var/cache/hald
mknod dev/console c 5 1
mknod -m 666 dev/null c 3 1

Be sure you have the following settings in the kernel config:

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
#
# Network File Systems
#
CONFIG_NFS_FS=y
CONFIG_NFS_V3=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y

Compile and install the kernel with:

make
make INSTALL_PATH=/usr/local/$DISKLESS/boot install
make INSTALL_MOD_PATH=/usr/local/$DISKLESS modules_install

You must copy or symlink your kernel to the tftp directory so the client can download the kernel via tftp.

Install NVIDIA Driver

Execute on the headless system:

sh NVIDIA-Linux-x86-275.09.07.run  -a

Prepare DHCPD

Put the following lines to your dhcpd.conf:

next-server 192.168.0.251;
filename "pxelinux.0";
option tftp-server-name "server.idefix.lan";

Boot the Kernel with PXE

Create a directory on your TFTP directory called pxelinux.cfg now place their the config files. I have one file called default:

DEFAULT memtest
PROMPT 1
TIMEOUT 10

LABEL memtest
  MENU HIDE
  MENU LABEL memtest
  KERNEL memtest86+.bin

LABEL local
  LOCALBOOT 0

And one file with the MAC address 00-de and so on:

PROMPT 1
DEFAULT vdr
TIMEOUT 10

LABEL vdr
  MENU HIDE
  MENU LABEL ^VDR
  KERNEL vmlinuz-2.6.22-gentoo-r5-diskless
  APPEND ip=dhcp root=/dev/nfs nfsroot=192.168.0.149:/usr/local/diskless

LABEL memtest
  MENU HIDE
  MENU LABEL ^memtest86+
  KERNEL memtest.bin

Synchronize folders

rsync -az --delete --ignore-errors --numeric-ids --stats --progress /bin /usr/local/$DISKLESS/
rsync -az --exclude "*$DISKLESS*" --delete --ignore-errors --numeric-ids --stats --progress /lib /usr/local/$DISKLESS/
rsync -az --delete --ignore-errors --numeric-ids --stats --progress /sbin /usr/local/$DISKLESS/
rsync -az --exclude "/var/lib*" --exclude "/var/cache*" --exclude "/var/log*" --exclude "/var/tmp" --exclude "/var/db*" \
--exclude "/var/www" --delete --ignore-errors --numeric-ids --stats --progress /var /usr/local/$DISKLESS/
rsync -az --delete --ignore-errors --numeric-ids --stats --progress /etc /usr/local/$DISKLESS/

Layman

Layman can be used to use external portage directories via svn and more different programs and integrate all into portage.

Using Layman

At first we need to install layman:

emerge -av layman

Create Own Layman Repository

At first create a virtual host in your apache config and place there a config file for layman. overlay.xml Now add to the file /etc/layman/layman.conf the line:

overlays  : http://www.gentoo.org/proj/en/overlays/layman-global.txt
        http://overlay.idefix.lan/overlay.xml

Edit /etc/make.conf

source /usr/portage/local/layman/make.conf


Now we create the xml file on the server:

<?xml version="1.0" ?>
<layman>
        <overlay
            contact = "idefix@fechner.net"
            name = "idefix"
            src  = "http://overlay.idefix.lan/"
            type = "svn"
            status = "official">

                <link>
                        http://overlay.idefix.lan/svn/overlay/trunk/
                </link>

                <description>
                        Idefix overlay.
                </description>
        </overlay>
</layman>

Raid 5

Install at first the raid tools:

emerge -av sys-fs/mdadm

Load the raid module:

modprobe raid5

Create partitions on the three hard-disks with fdisk and type fd.

fdisk /dev/sdb
fdisk /dev/sdc
fdisk /dev/sdd

Create md devices:

cd /dev && MAKEDEV md

New create the raid with:

mdadm --create /dev/md0 --level 5 --raid-devices 3 /dev/sd[bcd]1

To see progress on build:

watch -n 1 cat /proc/mdstat

Store raid in config file:

mdadm --detail --scan >> /etc/mdadm.conf

To see more details for raid:

mdadm --detail /dev/md0

Sending EMail in Case of an Error

Edit the file /etc/mdadm.conf and add there:

MAILADDR idefix@server.idefix.lan

Test email delivery:

mdadm -Ft --scan

In Case of Failure

You can see in /proc/mdstat which device failed:

md0 : active raid5 sdb1[3] sdd1[2] sdc1[1]
      2930271872 blocks level 5, 64k chunk, algorithm 2 [3/2] [_UU]

Remove it with:

mdadm -r /dev/md0 /dev/sdb1

Create a partition on the new disk with type 0xFD and add it to the raid with:

mdadm -a /dev/md0 /dev/sdb1

You can see now in /proc/mdstat that the raid is recovering the data:

cat /proc/mdstat

Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] [multipath] [faulty]
md0 : active raid5 sdb1[3] sdd1[2] sdc1[1]
      2930271872 blocks level 5, 64k chunk, algorithm 2 [3/2] [_UU]
      [>....................]  recovery =  0.8% (12625280/1465135936) finish=302.8min speed=79923K/sec

unused devices: <none>

Create LVW2

emerge -av lvm2
rc-update add device-mapper boot
rc-update add lvm boot

Scan for devices:

vgscan
mdadm -Ac partitions -m 0 /dev/md0

Convert a normal raid to lvm2

At first we create our backup storage. For this create partition on the disks and select as type raid autodetect. Now we create the raid with:

mdadm --create /dev/md0 --level=stripe --raid-devices=2 /dev/sde1 /dev/sdf1

Now we create the lvm2:

vgscan
vgchange -a y
pvcreate /dev/md0
vgcreate vg /dev/md0
lvcreate -L20G -nyavdr vg
lvcreate -L3T -nbackup-video0 vg
mkfs.ext4 /dev/vg/backup-video0

Now we mount the disks:

mount /dev/vg/backup-video0 /mnt/backup-video0
mount video:/video0 /video0

Now we copy the data:

cd /video0
rsync -av --delete . /mnt/backup-video0/

Online Resize Raid5

Replace the first disk with a new one like it is descriped in case of a disk failure. Wait till the raid is restored. Repeat that step for every disk in your raid.

Now we have to resize the raid:

mdadm -G /dev/md0 -z max

You have to wait till the resize is complete, check with:

cat /proc/mdstat

Now we resize the lvm:

pvresize /dev/md0

Now we resize the logical volume:

lvresize -l +100%FREE /dev/vg/video0

Now we resize the filesystem, I use ext4 so do:

resize2fs /dev/vg/video0
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox