If a man speaks in a forest, and his wife's not there, is he still wrong?

View Printable Version

Setting zfs permissions for CIFS/NFS/local interoperability

I've had a Solaris NAS for some time now, with data shared over NFS (for linux clients) and CIFS (for Windows clients). I've always had problems with permissions, i.e. getting files created from Windows to be accessible to Linux clients, and vice versa.

I've always sort of known what the issue was - I needed to understand the ACLs used in ZFS and to set the right ACLs at the top-level of the shared data store.

Well, over the weekend, I cracked it!

Here's what I did...

View Printable Version

Replacing a failed drive in zfs on Solaris

I have a NAS box at home running OpenSolaris (currently using snv104). It has 2x80GB drives (mirrored) as the system area and 10x500GB drives (using raidz2) as the data store, both using zfs.

I've recently installed all the 500GB drives in caddies so they are easily removable/replaceable and I wanted to see what happened when I pulled a drive from the live system. The short answer: not a lot! The data zpool was marked as degraded, and the system kept running quite normally. Adding the drive back took some additional Solaris shenanigans though.

Here's what I did:

 

View Printable Version

perl 6 say function on perl 5

Perl6 has a few "nice" features that just make life that little bit easier. One of them is the "say" function - basically, "print" with a newline.

However, this is also available in perl 5.10 with "use feature 'say'" and in perl 5.8 with "use Perl6::Say".

Here's how to load the right version depending on what version of perl your code is running on:

View Printable Version

rpm --import: avoiding duplicate GPG public keys

yum uses gpg signatures to verify the integrity of rpm packages installed from yum repos. In order to use them, the GPG public key must first be imported into the rpm db. However, this is a rather "dumb" operation - no checks are made to prevent the same key being imported multiple times. Duplicate (or triplicate, or quadruplicate, etc.) keys do not cause any problems, but are unnecessary clutter in the rpmdb.

Here's how to check if a public key has already been imported into the rpmdb.

View Printable Version

python code to manipulate ini-style config files

I wanted to be able to enable/disable yum repo files from a kickstart script. They are in "ini" file format, e.g.:

[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=0

I have written some perl code to do this that uses the Config::IniFiles module. But, this is not included in perl core and so would require installation before it could be used.

python includes ini-style file manipulation with the ConfigParser module, so I've written a python script to use it.

Sample usage:

initool --file /etc/yum.repos.d/epel.repo --section epel --option enabled=0
initool --file /etc/yum.repos.d/epel.repo --section epel --del priority

Here's the code:

View Printable Version

Bridged network set up on CentOS 5.2 with xen 3.3

In earlier versions of xen, the default network setup was a bridge - the domU guests attached to the bridge and were not affected by the firewall on dom0.

In recent versions (> 3.1.x, I think) with libvirt, the default set up is slightly different - the standard libvirt installation provides NAT based connectivity to virtual machines through virbr0, which has an IP address of 192.168.122.1. This is all described on the libvirt networking page.

However, I'd tried this set up several times before and always had problems - specifically, the bridge would not start automatically at boot, it failed and had to be brought up manually post-boot.

Today, I decided to dig in and get to the bottom of the issue. I hopped onto the  #virt IRC channel on ORTC and asked for help. As luck would have it, danpb was in there and worked through things with me. The breakthrough was when he said:

<danpb> you have got ifcfg-br0 using  TYPE=Bridge, and not  TYPE=BRIDGE  right ?
<danpb> it is stupidly case sensitive

I was actually using "TYPE=bridge". I made the change and rebooted and it worked!

Dan has since added a note about this to the wiki page.

One further useful tip: if you don't need libvirt's NAT network then you can remove it:

virsh net-destroy default

Or disable it, but leave it defined:

virsh net-autostart --disable default

Then restart libvirtd to see it disappear:

service libvirtd restart

View Printable Version

xen 3.3 on CentOS 5.2 x86_64

I decided it was time to sort out my xen box (a quad core, 8GB machine I use to run several virtual machines under xen).

It was previously running CentOS 5.2 with xen 3.1.2 that I built myself from Fedora RPMS; I decided it was time to do a fresh install and to upgrade to xen 3.3.

This proved to be remarkably trivial, having found the gitco repository, which has x86_64 RPMs for xen 3.3 and libvirt 0.4.4. Simply do a minimal CentOS 5.2 install, including the xen kernel, add the gitco repository to your yum config, and install:

yum install xen xen-libs libvirt python-libvirt python-virtinst

There was one small gotcha - the install process doesn't modify the grub config to boot from the correct xen kernel image. The symptoms are that xend won't start (you see permission denied errors) and virsh list results in errors in /var/log/xen/xend-debug.log like:

sysctl operation failed -- need to rebuild the user-space tool set?
Exception starting xend: (13, 'Permission denied')

Once you've realised what the problem is, the fix is straight-forward. This link was helpful. So, simply modify /boot/grub/grub.conf, changing the kernel line to boot the correct xen kernel image, e.g.:

title CentOS (2.6.18-92.1.13.el5xen) + xen 3.3
        root (hd0,0)
        kernel /xen.gz-3.3.0 dom0_mem=384M
        module /vmlinuz-2.6.18-92.1.13.el5xen ro root=/dev/vg_virt01/lv_root
        module /initrd-2.6.18-92.1.13.el5xen.img

This could also be done using a script like this:

perl -pi -e 's/([^#]\s+kernel).*$/$1 \/xen.gz-3.3.0 dom0_mem=384M/' /boot/grub/grub.conf

dom0_mem=384M sets the size of memory used by dom0, and is not strictly necessary.

Reboot and all should be working.

View Printable Version

zabbix on CentOS 5

I've recently been asked to investigate Zabbix and found this guide to installing Zabbix 1.4 on CentOS.

However, I also found that Zabbix RPMs are available in the EPEL repository, which makes installation much mores straight-forward.

View Printable Version

Watch out America, here I come!

I'm heading off to Los Angeles today to meet the guys at RIS. I shall try and blog my trip here as I go along.

Phase one: train from York to Heathrow. well, strictly speaking, York to London to Heathrow - I'll have got get across London on the tube to get Heathrow Express from Paddington.

National Express provide free wifi on the train; as you can see it seems to work well! unfortunately, the power socket at my seat is not working and my laptop doesn't work on battery for very long, so this post was typed on my PDA.

I wonder if there's 'net connection on the plane? We'll see...
View Printable Version

root access to zfs datasets shared over NFS

One of the great things about zfs on Solaris is how it integrates with NFS, thus making it very easy to manage NFS shares.

By default, the root user on a client machine has restricted access to an NFS-mounted share.

Here's how to grant full access to local root users to NFS mounts:

zfs set sharenfs=rw=@192.168.1.0/24,root=@192.168.1.0/24 space

This gives full access for root users on any machine in the 192.168.1.0/24 subnet to the zfs dataset "space".

Topics

  • Home
  • Misc (6/0)
  • Audio (5/0)
  • Linux (21/0)
  • Family (1/0)
  • Fishing Diary (1/0)
  • OpenSolaris (7/0)
  • Computing (11/0)
  • General News (7/0)
  • Chloe (1/0)
  • Emily (2/0)
  • Twins (5/0)
  • Classifieds (2/0)
  • GeekLog (2/0)
  • Project Management (1/0)
  • User Functions






    Lost your password?

    Poll

    How should we abbreviate Abigail's name?

    1/1: How should we abbreviate Abigail's name?

    Abby 6.77%
    Abi 47.07%
    Abbie 45.18%
    Other 0.98%

    Google Ads

    Poll

    How should we abbreviate Abigail's name?

    1/1: How should we abbreviate Abigail's name?

    Abby 6.77%
    Abi 47.07%
    Abbie 45.18%
    Other 0.98%