All posts in Uncategorized

As I mentioned in my previous post, which is already 2 months old :(, I’m using snapshots for data retention.

Now I run up in the situation, that I wanted to know how full the snapshots are. A ‘normal’ df will not work… but I figured it out! The command lvs is willing to do the work:

# lvs –aligned –separator | vol_backup
  LV                |VG        |Attr  |LSize |Origin|Snap% |Move|Log|Copy% |Convert
  lvm0              |vol_backup|owi-ao|40.00G|      |      |    |   |      |      
  snap-20100412_2350|vol_backup|swi-a-| 4.00G|lvm0  | 23.71|    |   |      |      
  snap-20100413_2350|vol_backup|swi-a-| 4.00G|lvm0  | 21.70|    |   |      |      
  snap-20100414_2350|vol_backup|swi-a-| 4.00G|lvm0  | 19.52|    |   |      |      
  snap-20100415_2350|vol_backup|swi-a-| 4.00G|lvm0  | 17.53|    |   |      |      
  snap-20100416_2350|vol_backup|swi-a-| 4.00G|lvm0  | 15.54|    |   |      |      
  snap-20100417_2350|vol_backup|swi-a-| 4.00G|lvm0  | 13.56|    |   |      |      
  snap-20100418_2350|vol_backup|swi-a-| 4.00G|lvm0  | 11.56|    |   |      |      
  snap-20100419_2353|vol_backup|swi-a-| 4.00G|lvm0  |  9.02|    |   |      |      
  snap-20100420_2353|vol_backup|swi-a-| 4.00G|lvm0  |  6.76|    |   |      |      
  snap-20100421_2350|vol_backup|swi-a-| 4.00G|lvm0  |  2.79|    |   |      | 

In the ‘Snap%‘ column you can see how full your snapshot volume is!

Last monday, I had to ‘secure’ the smcwebserver from Sun (or should I say Oracle?), that is used by ARCo. But I run into a few issues:

1. My lack of knowledge about Java;
2. Keytool doesn’t allow you to import keys generated by tools like openssl

But… I was able to handle them both and know I have an smcwebserver (which is using Java-keystores) running with a key that was generated by openssl and a certificated signed by our enterprise CA.

There for I had to do some Java ‘hacking’. After some hours spending on Google-searches, I landed on a posting on the website of ‘Agent Bob‘. He has some Java-program that allows you to ‘import’ keys and certificates that were generated outside keytool

Although, I had to perform some minor modification on the Java-code, to set the password of the new JKS to ‘changeit‘, because that is what smcwebserver will try to open the keystore. So, you need to make sure that line 87 is:

String keypass = “changeit”;

For your convenience you can download the modified version here.

Now, create a Java class with the command (please note, I’m not a Java-specialist, so something else will work as well… but this worked for me ):
$ javac ImportKey.java

Having this done, you must make sure, your key-file and (signed) certificate are in the DER format. If they are not, you can convert them using the following commands:
$ openssl pkcs -topk8
               -nocrypt
               -in server.key
               -out server.key.der
               -outform der

$ openssl x509 -in server.crt
               -out server.crt.der
               -outform der

We can import the keys with the Java-program:

$ java ImportKey server.key.der server.crt.der webconsole

And last, but not least, put the keystore in place (and of course we make sure we’ve a backup of the old one):

# cp /var/opt/webconsole/domains/console/conf/keystore.jks{,.backup}
# cp $HOME/keystore.ImportKey /var/opt/webconsole/domains/console/conf/keystore.jks

Now we have to restart the smcwebserver:

# smcwebserver stop
# smcwebserver start

That’s all

In my previous post I wrote how to add a module to the initrd.img file. Although, some testing might be nice.This testing can be done using qemu.So for example:# qemu-system-x86_64 -kernel /scratch/blah/isolinux/vmlinuz -initrd /tmp/initrd.img-mod…

Recently I needed to add the support for a new network-interface to a initial ramdisk (initrd) on Linux (RHEL 5u3).

After some h4ck1ng and a number of hours on Google I was able to do add the module to the initrd.

The steps I did are:

Extract initrd

1. Get an original initrd.img from a boot ISO and put it into /tmp/initrd.img-original
2. Create a temp environment where we can extract the initrd:

   $ mkdir -p /scratch/initrd-mod/{initrd,modules}

3. Extract the /tmp/initrd.img-original to the temp-environment:

   $ cd /scratch/initrd-mod/initrd
   $ zcat /tmp/initrd.img-original | cpio -i

Add the module to initrd.img

Extract the modules.cgz file

The modules (.ko files) are located in the (container) modules/modules.cgz in the initrd.

Now you need to extract the modules.cgz file:

$ cd /scratch/initrd-mod/modules
$ zcat /scratch/initrd-mod/initrd/modules/modules.cgz | cpio -idvm

Add the module

Now you’ve to make sure you’ve an module compiled using the right kernel version and architecture. Copy the new .ko file into the extracted modules.cgz tree

$ cp /tmp/new-module.ko /scratch/initrd-mod/modules/{VERSION}/{ARCH}

So in my case with RHEL5u3 it is the location:

$ cp /tmp/igb.ko /scratch/initrd-mod/modules/2.6.18-128.el5/x86_64/

Repack the modules.cgz

Now we need to repack the modules.cgz file:

$ cd /scratch/initrd-mod/modules
$ find . -type f | cpio -o -H crc | gzip -n9 > /scratch/initrd-mod/initrd/modules/modules.cgz

Modify the modules.alias file

Now you need to modify the modules.alias file in order to get the module loaded properly.

The aliases can be find using modinfo:

$ /sbin/modinfo /tmp/igb.ko | grep ^alias
alias: pci:v00008086d000010D6sv*sd*bc*sc*i*
alias: pci:v00008086d000010A9sv*sd*bc*sc*i*
alias: pci:v00008086d000010A7sv*sd*bc*sc*i*
alias: pci:v00008086d000010E8sv*sd*bc*sc*i*
alias: pci:v00008086d0000150Dsv*sd*bc*sc*i*
alias: pci:v00008086d000010E7sv*sd*bc*sc*i*
alias: pci:v00008086d000010E6sv*sd*bc*sc*i*
alias: pci:v00008086d0000150Asv*sd*bc*sc*i*
alias: pci:v00008086d000010C9sv*sd*bc*sc*i*

The correct entries can be create using the following one liner (in this case for the igb module):

$ /sbin/modinfo /tmp/igb.ko | grep ^alias | awk ‘{ print “alias ” $2 ” igb” }’
alias pci:v00008086d000010D6sv*sd*bc*sc*i* igb
alias pci:v00008086d000010A9sv*sd*bc*sc*i* igb
alias pci:v00008086d000010A7sv*sd*bc*sc*i* igb
alias pci:v00008086d000010E8sv*sd*bc*sc*i* igb
alias pci:v00008086d0000150Dsv*sd*bc*sc*i* igb
alias pci:v00008086d000010E7sv*sd*bc*sc*i* igb
alias pci:v00008086d000010E6sv*sd*bc*sc*i* igb
alias pci:v00008086d0000150Asv*sd*bc*sc*i* igb
alias pci:v00008086d000010C9sv*sd*bc*sc*i* igb

Make sure you remove duplicates in the modules.aliases file.

Repack the initrd.img

Now it’s time to repack the intird.img file with the new module:

$ cd /scratch/initrd-mod/initrd
$ find ./ | cpio -H newc -o | gzip -n9 > /tmp/initrd.img-modded

And put the /tmp/initrd.img-modded onto your boot disk.

Yesterday, I decided to reorganize my ‘Archive’ folder of my private mailbox.

My policy is, don’t remove e-mail except if it’s spam

And I noticed some ‘growing’ of the number of e-mails per year in the archive:

 Year		Number of mails
2003		133
2004		530
2005		706
2006		865
2007		1869
2008		2335
2009		2832

So some nice graph of it will be:

For my sister her website (www.m-am.nl) I had issues with IE8

Some rendering was not done properly, but it worked fine on IE7…

After some searching, I found the fix. Put the next line direct after <head>:

<meta http-equiv="X-UA-Compatible" content="IE=7" /> <!-- for IE8 Compatibility -->

And IE8 will be forced to become compatible with IE7.

So you have something like this:

<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=7" /> <!-- for IE8 Compatibility -->
    <title>Foo Bar</title>
  </head>
  <body>
    <!-- website content --/>
  </body>
</html>

What I tried so far… the certificates issued by my own CA were not accepted by any Microsoft application running on Windows Vista…

After some investigations, I found out that you must perform the next actions:

Run the command “certmgr.msc” and right click on Trusted Root Certificate Authorities → All Tasks → Import

And simply follow the wizard to import the certificate

Some week ago, I’ve requested @ IANA a “Private Enterprise Numer” (RFC2865) aka Vendor ID.

A few days ago, I received the confirmation, that I am the “owner” of the numer 33413…. you can validate this on their website (scroll alert) 😉

Hurricane Electric provides a IPv6 certification Check out my current status:

YES!!!!I finally have IPv6 working After some struggling with config-files and a new way of addressing… I got it working …sorry for the short post…