Raskas’ blog

Kris explained in a previous blog post how you can create multiple bridges.

While testing the multiple bridges in a situation where every bridge is connected to a physical interface and that every virtual interface must be connected to the correct bridge (peth0->xenbr0->vifX.0; peth1->xenbr1->vifX.1; …) I noticed something strange.

The vif interface was not always connected to the correct bridge. When the bridgename is provided in the configuration file (with or without the mac address) the first entry is not always mapped to vifX.0.

A wrapper script brought again a solution. The vif-wrapper-bridge script will chech the name of the vif interface and use the last number (interface number) to define the bridge. That bridgename is stored in the xenstore and used by the vif-bridge script.


[root@GW-Y ~]$ grep wrapper xend-config.sxp
(network-script network-wrapper-bridge)
(vif-script vif-wrapper-bridge)


vif-wrapper-bridge
#!/bin/sh
 
if [ $1 = "online" ]
then
  # load some general functions
  dir=$(dirname "$0")
  . "$dir/vif-common.sh"
  # find the bridge number out of the vif interface name
  brnum=$(echo $vif | sed 's/vif.*\.//')
  bridge=xenbr$brnum
  # store the bridgename in xenstore
  bridge=$(xenstore_write "$XENBUS_PATH/bridge" "$bridge")
fi
 
# load the real vif-bridge script
/etc/xen/scripts/vif-bridge $1


During testing of heartbeat 1 on a xen dom0, some strange errors appeared. One of the error messages was:
ERROR: No local heartbeat. Forcing shutdown

This error message was explained in the heartbeat FAQ but the explained causes didn’t make any sense.
An update from Xen 3 to Xen 3.0.4 didn’t solve the problem.
Updating heartbeat from v1 to v2 made the error disappear and heartbeat was now working without any problems.
Heartbeat v2 has a complete new config file. The main config file (ha.cf) is now an xml file. But don’t worry, if you don’t want to upgrade the config file, you can keep working with a v1 config file. You can’t take advantage of the new features of heartbeat v2 but at least you’re taking advantage of the bugfixes

I repeadetly tried to install xen. The installation of the rpms, downloaded from the xen site, succeeded but when I rebooted into the xen kernel a kernel panic occured.
A message like no version for “struct_module” found: kernel tainted scrolled over the screen during the loading of the modules. A deeper look into that message showed me that it was not fatal and the kernel panic was caused by something else.

A lot of kernel panics are caused because they can’t find the harddisk. This happens because the correct module isn’t build into the kernel or available in the initrd. The same problem occured here. The xen kernel has not as many build in modules as a normal centos kernel and the needed modules aren’t automatically added in the initrd.

The solution is easy: include the needed modules in the initrd.
But which module is the correct one? That depends on the hardware in your system. You can start finding the correct modules by reading the dmesg when you boot that system with a working kernel.

Following command worked on my home machine:

[root@xen ~]# mkinitrd -v -f --with=ide-generic /boot/initrd-2.6.16.33-xen_3.0.4.1.img 2.6.16.33-xen_3.0.4.1


By default xen will bind it’s console on ttyS0 and following message is visible in /var/log/message
kernel: Xen virtual console successfully installed as ttyS0

At this moment you can’t send messages over a serial cable connected to your system because the device is already in use by xen.

Adding following parameter in the grub config file, the default ttyS0 will be changed to whatever you provide or removed if you enter xencons=off.
module /boot/vmlinuz-2.6-xen ro root=/dev/sda1 xencons=ttyS9

ttyS0 will be unused after a reboot and the module providing the serial devices can be loaded, the module is called 8250.
Normally the serial modules are compiled in the kernel and nothing is implemented to load them during boot. But we want to load when the system is booted. Therefore I added that module in /etc/modprobe.conf:
# loading the module for serial devices. We want this at boot time therefore it is aliased to snd-card.
alias snd-card-0 8250
alias snd-card-0 8250_pci
alias snd-card-0 8250_pnp


This is how you can test the serial connection between 2 machine:
* On machine 1 open the serial device: cat /dev/ttyS0
* On machine 2 send a message over the link: echo “Hello World” > /dev/ttyS0
The message should appear on machine 1.

When you initiate a kickstart installation from a bootcd you have to enter something like: linux ks=hd:sda1:/ks.cfg.
This and whatever you enter on the same line can be accessed during the installation. This line is stored in /proc/cmdline.
It is not specific to a kickstart installation, but on every linux system you can find the information entered at the boot prompt in /proc/cmdline.

In a previous post I mentioned how you can mount your usb-drive. As you can see sda1 is hard-coded which isn’t very flexible. This can be done on a different way:

%pre
if grep -iqE "ks=hd:[a-z]{2,3}[0-9]:" /proc/cmdline
then
  DISK=`cat /proc/cmdline | sed 's/.*ks=hd:\(.*\):.*/\1/'`
fi
mkdir -p /tmp/usb-disk-mount/
mount /dev/$DISK /tmp/usb-disk-mount/


There are many things you can do with the line stored in /proc/cmdline.
You can enter a keyword, and with that keyword you can select which files are needed for the installation.
That keyword can also be used to specify a specific option.

The bad thing is that the %pre section is executed in a seperate run. If you set some variables during the %pre section (like $DISK in the above example) they won’t be available for the rest of the script.
The include path of the file must be hard-coded but you can change existing content or generate the complete file during the %pre section.

Everybody know iptables. But do you know arptables?

From the man pages of iptables and arptables:

Iptables  is used to set up, maintain, and inspect the tables of IP  packet filter rules in the Linux kernel.
Arptables is used to set up, maintain, and inspect the tables of ARP packet filter rules in the Linux kernel.


The only difference between these 2 tools is that iptables will filter IP packets and arptables will filter ARP packets. The usage is very simple, if you can work with iptables you can work with arptables, and vice-versa. All commands (Append, Insert, List, …) can be used for both iptables and arptables. The arguments are, off course, different but are very similar in usage.

The package containing arptables is called arptables_jf. I guess the jf stands for Jay Fenlason, which is the name of the writer of arptables.

Last week I started playing with kickstart. You can read more about it in the howto section of my blog.

Today I was testing the %include command but every file and every path I tried gave me a file not found error.
It appears that just the specific kickstart config file is copied to /tmp and the other content of my usb-disk is nowhere to find. This explains why my included files can’t be found.

The solution is to make your included files available during the %pre-section. This is possible because anaconda will parse the ks.cfg file 2 times. The first time it won’t complain about included files that can’t be found and only the %pre section is executed. The second time it will complain if an include file is missing.

This is how I made my includes work:
* mount the usb-drive during the %pre section

%pre
mkdir -p /tmp/usb-disk-mount/
mount /dev/sda1 /tmp/usb-disk-mount/

* include the files

%include /tmp/usb-disk-mount/partition/base
%include /tmp/usb-disk-mount/network/dummy


A new version (v0.6) is now available for download and can be found in the scripts section of my blog (link is at the top of every page).

Besides the dumping of a ldap, mysql and postgresql database and creating a dump of the rpm-package list and the partition table, it is now possible to dump all ownerships and permissions of all files.

This is done by an external script: allrights.pl. More information of this script can be found here.

There are also some minor improvements in the script: The db_dump directory is automatically created and the temporary directory is moved to /tmp and is deleted at the end of the script.

Any comments, remarks, feature-request, success-stories, … are welcome. I appreciate every feedback.

In my last post I listed my WordPress plugins. Now I will give you an overview of the firefox plugins I’m currently using.

Nagios Checker will show you the status of your nagios instance(s). It will flash and/or make some noice when a service of host changes it’s state.
AdBlock Plus will block all the annoying banners. I noticed it really improved the loading speed of some pages.
SwitchProxy makes it able to easily switch the proxy configuration without going to the preferences screen.

For a special task I needed to run a perl script on a specific machine, the problem was… there is no perl on that system.
This can be easily solved with the compilation of the perl script.

Fred tested the perl compilation with perlcc together with me. He has summarized the results in his “perl binary”-blog post. At the end he added the pp (Perl Packager) which also compiles perl scripts.

I tested this and at the first sight it worked fine, but at second sight some strange things happened.

The binary I created on my machine (Fedora Core 6) worked fine on my machine but gave a “Floating point exception” on any other machine. When I tested it on an other FC 6 it worked without any problems.
When the binary is created on an other machine it worked on all machines, including mine. I repeated this test with different machines (CentOs, Debian, Suse) and those worked fine. They also worked on the system without perl.

When comparing the binaries compiled on the different system I noticed that libresolv.so.2 shows up in the output of “ldd” only with the FC6 binaries.
When creating a chart of all systems with the check result, I added the glibc version of the system. It appeared that the version differs on the systems. On FC it was a newer version (2.5) then the other hosts (2.3).

I added glibc in my search query on google and I found following warnings on cpan.org:

Linux and other libc-based platforms
* Try to avoid running pp on a bleeding-edge version of the OS
* Older versions with an earlier libc won't work with new ones

This means that perl compilation with pp with the bleading edge version of glibc (2.5) may not work on other systems. If you compile it on a system with a more stable version of glibc, it will work on all systems. (or at least on the systems with the same glibc).