Madgenius.com

We use SolusVM for our clients to manage their VPS servers. Since we have multiple IP subnets we have Xen vlan'd at the Dom0 which I have documented on here before. The problem is that Solus removes the bridge info from the cfg file on reboots and system rebuilds. We opened a ticket with Solus to have a new feature added for vlans, they gave us a short term solution.

So I created a hook_config.sh file that handles the following.

cd /home/xen/vm145/hooks/
vi hook_config.sh

#!/bin/bash
perl -p -i.bak -e 's#KB/s#KB/s, bridge=eth0.3#g' /home/xen/vm145/vm145.cfg

do a chmod 755 on the hook_config.sh file

this file does a search/replace of KB/s which is part of the vif

vif = ['ip=74.xxx.xxx.xxx, vifname=vifvm145.0, mac=00:16:3e:30:52:d3, rate=1280KB/s']

And then replaces it with the bridge info

vif = ['ip=74.xxx.xxx.xxx, vifname=vifvm145.0, mac=00:16:3e:30:52:d3, rate=1280KB/s, bridge=eth0.3']

Now if the client does anything in their web control panel it will always work right.

My next project is to have this file get created automaticly on creation of a new VPS server.

We are buying a lot of Dell PE860's with the SAS Raid card for dedicated hosting. Here is some info for working with that card.

SAS 5/iR adapter is using chip SAS1068 from LSI. The adapter is supported by mptsas driver in Linux 2.6.18 kernel.

Monitoring of RAID status is possible by mpt-status program. We have the RedHat rpm here

Make sure mptctl is loaded and the node is created.

mknod /dev/mptctl c 10 220
modprobe mptctl

Here is an output:

[root@bolt40 root]# mpt-status
ioc0 vol_id 0 type IM, 2 phy, 148 GB, state OPTIMAL, flags ENABLED
ioc0 phy 1 scsi_id 32 ATA WDC WD1600JS-75N 2E04, 149 GB, state ONLINE, flags NONE
ioc0 phy 0 scsi_id 1 ATA WDC WD1600JS-75N 2E04, 149 GB, state ONLINE, flags NONE

By default SAS 5/iR RAID controller came with cache set to write through. That really horribly degrades performance

[root@bolt40 lsiutil]# time (dd if=/dev/zero of=bigfile count=10240 bs=1M; sync)

10240+0 records in
10240+0 records out
10737418240 bytes (11 GB) copied, 257.313 seconds, 41.7 MB/s

real 6m32.576s
user 0m0.012s
sys 0m25.194s

The transfer rate is 10737418240 / (6*60 + 32.576) / 1024 / 1024 = 26.08 MiB/sec. YUCK!
after googling I found some answers.

The tool you need is LSIUtil, it is inside Dell SAS 5/iR Adapter Driver. Cache tuning is not accessible via RAID controller BIOS. If you prefer you can take pre-compiled version of lsiutil-1.56 from our server.

Usage of lsiutil is simple:

[root@bolt40 lsiutil]# ./lsiutil

LSI Logic MPT Configuration Utility, Version 1.56, March 19, 2008

1 MPT Port found

Port Name Chip Vendor/Type/Rev MPT Rev Firmware Rev IOC
1. /proc/mpt/ioc0 LSI Logic SAS1068 B0 105 000a3100 0

Select a device: [1-1 or 0 to quit] 1

1. Identify firmware, BIOS, and/or FCode
2. Download firmware (update the FLASH)
4. Download/erase BIOS and/or FCode (update the FLASH)
8. Scan for devices
10. Change IOC settings (interrupt coalescing)
13. Change SAS IO Unit settings
16. Display attached devices
20. Diagnostics
21. RAID actions
22. Reset bus
23. Reset target
30. Beacon on
31. Beacon off
97. Reset SAS phy
98. Reset SAS link
99. Reset port

Main menu, select an option: [1-99 or e for expert or 0 to quit] 21

1. Show volumes
2. Show physical disks
3. Get volume state
23. Replace physical disk
30. Create volume
31. Delete volume
32. Change volume settings

RAID actions menu, select an option: [1-99 or e for expert or 0 to quit] 32

Volume: [0-1 or RETURN to quit]

Volume 0 Settings: write caching disabled, auto configure, priority resync
Volume 0 draws from Hot Spare Pools:

Enable write caching: [Yes or No, default is No] yes
Offline on SMART data: [Yes or No, default is No]
Auto configuration: [Yes or No, default is Yes]
Priority resync: [Yes or No, default is Yes]
Hot Spare Pools (bitmask of pool numbers): [00 to FF, default is 01]

RAID actions menu, select an option: [1-99 or e for expert or 0 to quit]

Main menu, select an option: [1-99 or e for expert or 0 to quit]

Port Name Chip Vendor/Type/Rev MPT Rev Firmware Rev
1. /proc/mpt/ioc0 LSI Logic SAS1068 B0 105 000a310

Select a device: [1-1 or 0 to quit]

Setting seams to be persistent, it survives system reboot.

[root@bolt40 lsiutil]# time (dd if=/dev/zero of=bigfile count=10240 bs=1M; sync)
10240+0 records in
10240+0 records out
10737418240 bytes (11 GB) copied, 158.017 seconds, 68.0 MB/s

real 3m59.514s
user 0m0.017s
sys 0m27.018s

Write rate is now a lot bigger: 10737418240 / (3 * 60 + 59.514) / 1024 / 1024 = 42.75 MiB/sec.

Possible reason why LSI do not provide this feature inside adapter BIOS might be because this card doesn't have it's own battery backed up memory, adapter does rely on cache of HDDs. I'm afraid that in case of power failure during massive I/O, system could end with badly corrupted file system.

The base Xen installation is configured such that all domains share a bridge to the first available ethernet interface. Although this makes testing VMs quick and painless, however our VPS hosting plans needed to offer multiple ip address blocks to a single Dom0 with only 2 network cards so I started working with Vlans.

Now, you obviously need to have a Xen dom0 set up and running properly. Once you are at that point, adding VLAN bridging is fairly straightforward, CentOS 5.4 has vlaning already installed.

create ifcfg-eth0.2 (vlan2)

DEVICE=eth0.2
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
IPADDR=74.119.217.xxx
NETMASK=255.255.255.0
VLAN=yes
GATEWAY=74.119.217.x

create ifcfg-eth0.3 (vlan3)

DEVICE=eth0.3
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
VLAN=yes

ifconfig eth0
eth0 Link encap:Ethernet HWaddr A4:BA:DB:16:26:77
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:468338734 errors:0 dropped:0 overruns:0 frame:0
TX packets:498911873 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:156460216228 (145.7 GiB) TX bytes:114246923487 (106.4 GiB)
Interrupt:24 Memory:da000000-da012800

We only bring up the eth0 interface automatically but leave it unconfigured. It will not have an IP or any of the other usual information.

In this example the “vlan2″ interface is the replacement for your old “eth0″ interface. Its the interface you’ll be able to reach the dom0 on from the internal VLAN. The “vlan3″ interface is defined but is left unconfigured since there will be no publicly routeable path to the dom0.

Now we create a new network script for xen located at /etc/xen/scripts/network-bridge-wrapper

#!/bin/sh
/etc/xen/scripts/network-bridge netdev=eth0.2 start
/etc/xen/scripts/network-bridge netdev=eth0.3 start

That script basically just calls the standard “network-bridge” script supplied with Xen two times – once for each VLAN we are setting up.

Go ahead and add the call to that script in the place of network-bridge in /etc/xen/xend-config.sxp.

Now we need to do one final thing to another Xen script. By default, the xen-network-common.sh script calls “ifdown” directly to take an interface down. Unfortunately, this has the undesirable side effect of destroying any VLANs associated with that interface. This causes all kinds of problems when we call our “network-multi” script so we need to patch /etc/xen/scripts/xen-network-common.sh with the following section:

# do not call ifdown directly
ifdown() {
ip addr flush $1
ip link set $1 down
true
}

After youve done all that, reboot your dom0. You should now be up and running on the vlan interfaces. The output of “brctl show” should show this:

brctl show
bridge name bridge id STP enabled interfaces
eth0.100 8000.a4badb162677 no vifvm123.0
peth0.100
eth0.2 8000.a4badb162677 no vifvm138.0
vifvm137.0
vifvm127.0
vifvm126.0
vifvm125.0
peth0.2
eth0.3 8000.a4badb162677 no vifvm136.0
vifvm135.0
vifvm134.0
vifvm133.0
vifvm132.0
peth0.3

If so, you should be all ready to go. Now edit the vif line in your config file for a given domU to link its ethernet interface to a bridge.

vif = ['type=ioemu, ip=74.119.217.247 74.119.217.248, vifname=vifvm137.0, mac=00:16:3e:f3:28:f8, bridge=eth0.2']

I was using CiscoVPN software on my mac for a couple years and after upgrading to Snow Leopard I found it wouldn't work. My big problem was that as a contractor I get VPN profiles but have no idea what the groupname or password is. I was able to use the new Apple client once I figured out how to decrypt the group password in the IT supplied pcf file. If you have the pcf file, right-click on it and open it with Text editor. (the pcf file is usually here: /private/etc/CiscoSystemsVPNClient/Profiles)

For the VPN (Cisco IPSec) connection:

OS X VPN = pcf file value
Server Address = Host
Account Name = Your VPN login ID
Password = Your VPN password

Click on "Authentication Settings"

Group Name = GroupName
Shared Secret = GroupPwd

If your GroupPwd value is blank but you have an enc_GroupPwd, you can search the web for decrypting Cisco VPN passwords, copy/paste in the value and get the "clear text" version to use for the "Shared Secret" value.

This is one place you can go to for this decryption:

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

That's it. Then you can use the new built-in Cisco VPN for your connection.

to create a login hook (if you don't know what it is Google it! There's ton of info out there about it including a gui called iHook) which is a shell script that run at login. The script itself will look something like this:

#!/bin/bash

mkdir /Volumes/
/sbin/mount -t smb smb://username:password@172.0.0.0/ /Volumes/

This will mount the share with the given user name and password (for more information on the mount command type 'man mount' in the command line) at the mount point '/Volumes/' (which can actualy be anywhere you want but i like to keep OS conventions). Note, you probably want to set user name to 'guest' as there is no (thank god) variable floating around the operating system that contains the users password.
Also note, you have to give the full '/sbin/' address of mount, the only commands you can use in login scripts without giving their full path name are the ones in the '/bin' folder.
Okay, so save this file as something descriptive (like mapfolder.sh) and save it somewhere universal (I like /Library/Scripts/). When you're saving it, make sure it's in plain text format (so if you're using TextEdit to create it you'll have to go 'Format->Make Plain Text'), change the owner to 'root' and the make sure root has full access (in particular execute privileges):

(in command line type)

sudo chown root
sudo chmod 700

Now we'll bind the script to the log in:

(in command line type)

sudo defaults write com.apple.loginwindow LoginHook /path/to/script/

And now, as long as you've done everything correctly, you should be golden. Restart and try logging in as a user (any user at this point, if you want to make the script more advanced and check if the user is local or not there are many good ways that can be found in other peoples scripts (in particular analyzing the Network Home Redirector script is fun and rewarding) but that is beyond the scope of what I'm trying to demonstrate here) and see if everything works. If not keep tweaking the script until its happy.

Just needed to have a place to document the process to migrate a server to a VM.

Problem: migrate (or consolidate) a phisical Linux machine to a VMware virtual machine without passing through a CD/DVD.

Solution:

1. Install VMWare Server on the desired machine.
2. Create an empty virtual machine with enough disk space, selecting the OS you’re going to migrate.
3. Download a Linux live-CD ISO (for example Grml or Knoppix).
4. Burn one copy on a CD and then copy the ISO to the VMWare server (the host).
5. Reboot the original Linux box with the CD you’ve just burnt, and connect the ISO to the newly created Virtual Machine.
6. Check both live CDs have net connection correctly configured and that they can see each other.
7. In the virtual machine, type this:nc -l -p 10000|dd of=/dev/hda
8. On the machine you’re migrating, type:
dd conv=noerror if=/dev/hda|nc $IP_OF_THE_VM 10000
9. Wait until dd finishes its job, do a clean reboot of the virtual machine and enjoy the consolidation! You may want to install VMWare tools to get everything 100% working in the new system.

A couple of notes:

dd is used to do a physical copy of the disk
conv=noerror is used to bypass error on the original disk. Use this option at your own risk.
nc is used to copy the stream other the net. man lc for further info
kill -USR1 $PID_OF_DD could be used to see dd stats

Take a Linux install iso, my favourite is CentOS 4.6 disk 1, set it as boot device and fire up your VM.
Be sure to boot from the rescue CD. Otherwise you'll surely get a Kernel Panic messages at the boot prompt type Linux Rescue.

do NOT connect the network (sometimes it bring to an hanged system)
Linux rescue will try to mount the virtual machine file system in /mnt/sysimage: mount it in read-write mode.
Issue the chroot /mnt/sysimage command
edit /etc/modules.conf with your favourite editor, changing every scsi alias with BusLogic and each eth nic with pcnet32. Save and exit.
Change directory to /boot and make a backup copy of your initrd-2.x.y-zz.img .
Then issue the mkinitrd command (mkinitrd -v -f /boot/initrd-2.x.y-zz.img 2.x.y-zz, all on one line). Wait for the command to end.
Reboot.

Well... my iBook decided to piss me off. The screen started flaking out and I couldn't do anything. I rebooted and boom! Nothing. Uggh!!!!

So doing a little googling I found this on the apple forum Basicly I am screwed so hop in the car and go to MOA to the Apple Store and talk to a Genius First off I had to wait an hour, then finally get to one and he basicly tells me they need to send it in and get the mainboard replaced. Duh, I could have told them that, of course I was 5 months out of support so I gotta pay for it all.

Hopefully it will stay fixed

So I decided that I had enough of Windows and bought myself a iBook G3 with a 12" screen and 500Mhz CPU. I have to admit I love the interface, it reminded me of SGI Irix with it's OpenGL desktop. I immeadiately bought an Airport card for it but the small screen started to annoy me rather quickly. Also it had a CDROM drive no DVD and memory was only 320Megs. To upgrade all that would have cost me 200 bucks so I went back to Ebay and bought a iBook G3 with a 14" screen DVD and 640Megs of RAM with a 700Mhz CPU. Much nicer, I think I am in love with it.

Man, it sucks all the way around. Pictures of the distruction looting, and general lack of lawlessness. For good information click on some of these blogs on Katrina. Affects are going to be felt all over including here in Minnesota. Gas is already at 2.99 a gallon and a news site I host is getting clobbered. On the plus side I get to build a new database server for this site that should be able to handle the traffic.

I do work for a lot of small to midsized businesses around the Twin Cities area. So I was requested to build a mail server for a company. So I took a Dell Poweredge and installed CentOS 3.4 I also installed Webmin so it would be easy to manage. I am a big believer in making things easy for me and my customers, (but more for me LOL). Finally I installed Open Webmail which is a fairly nice web based email client with spell check, folders and filtering.

The machine ran well for a few months, spam starting becoming an issue so I installed SpamAssassin to handle that, I then got a wierd request from my customer. "I would like all jpg and gif files as blocked attachments" I thought this was a minorly odd request so I asked further about it. "We are having issues with people getting inapproperate attachments" ok, got the idea

So doing a little searching on the web I found a neat program MailScanner using SpamAssassin, and ClamAV for virus scanning it handles all your email problems, INCLUDING blocking attachments, if required. So installing this I asked my customer to give me a list of extentions he would like blocked, it was rather long.

After a couple weeks running in this new configuration I got another call from the customer. "People are now renaming attachments to get around the blocking" Finally at this point I had to put on my security hat. "Listen, I can keep trying to block things in your email but you guys need to start looking at the source of your problems"

Companies cannot expect software to solve problems around users, at some point they need to lay the law down and say "Hey, this is a business, you are using OUR property, if your not doing business-like work on it, you could be terminated or at least taken out back and beat really hard (I wish)"

Or I can bill you 100 bucks every time you want me to block stuff.

Greetings!

So I was reading Ping Zine! and they had a discussion about how webhosting companies are now using blogs to better inform there customers, so this is my try at it. I will warn you, my spelling sucks, I am not very PC and I can rant quite a bit. Also I have no idea how much input I am willing to put on this site.
So with that let me introduce myself, my name is Jon, I own Madgenius.com which I have been running since 1998. I also work for a software company in the Twin Cities doing IS Security. So mostly this blog will be about Madgenius.com but there might be a sprinkle of my other job in here as well, all depends on my rants that day.

Besides myself I have 2 people that I contract work out to right now, Matt at Art Massive he does my graphics work and webpage design work here is some work he is doing right now and David who does Java and PHP work for me. David also helped on the forking of CBMS to MadBMS a really nice ISP billing program. He has also done other PHP work for me as well.

Currently I am in the process of upgrading the support ticket system to a new version of Help Center Live!. Hopefully when I am done there will be more live support for customers of Madgenius.com. For any customers that have issues they can go to http://support.madgenius.com and open a support call.

Also in the marketing area I am now offering 3 months free hosting no strings attached for all new customers looking to try Madgenius.com. After 3 months if your not happy with the service you are welcome to leave. (Of course we hope you stay) If your interested in trying us out click here to request more information

Well this is a start, hopefully I will stick to this and post more on here

Jon
Madgenius.com