I recently got asked a question that I ‘m sure I had the right answer.
What if someone changed the permissions of /bin/chmod and removed the execute bits?
-r–r–r–. 1 root root 52472 Oct 15 2014 /bin/chmod
You cant ‘execute’ /bin/chmod because the execute bit is no longer set. I immediately thought. OK.. Reinstall the RPM (rpm -qf /bin/chmod – coreutils package) or copy the chmod bin from another host.
Well it turns out that in perl you can use the ‘chmod’ call from a ‘one-liner’ to set the permissions. As root.
perl -e ‘chmod 0755, “/bin/chmod”‘
-rwxr-xr-x. 1 root root 52472 Oct 15 2014 /bin/chmod
Guess I need to learn more about the system calls themselves instead of just executing binaries.
This morning I decided that the mirrored 146GB disks on my HP DL360 GL server was not going to give me enough working space to setup more than about 5 VMs. I have about 4TB left on my FreeNAS Mini storage array so I figured why not just access all the VMs via NFS from the FreeNAS and see what would happen. I use the VMs mostly for learning and testing so if they so if they are destroyed they are easily rebuilt. It also allows me to rebuild the server easily too as all the VM images are on the FreeNAS mini.
The modifications to move the VM images to the FreeNAS was relatively simple.
- Export the directory location on the FreeNAS mini.
- Update /etc/fstab on the server.
- Mount the VM volume on the server.
- Stop libvirtd.
- Move the VMs to the FreeNAS mini
- mv /var/lib/libvirt/images/ /VM/images
- Change the VM locations.
- Edit /etc/libvirt/storage/default.xml Change location from /var/libvirt/images/ to /VM/images
- Edit each VM image location in /etc/libvirt/qemu*.xml (for each VM)
Change ‘source file” location from /var/lib/libvirt/images/server.xml to /VM/images/server.xml
- Start libvirtd
- Start all your VMs. ( I usually start them manually from virsh)
- virsh#start puppet
- virsh#start lab1
So far the performance is acceptable. Its a lab and not production.
I had to address an issue recently of ‘too many open files’ on a Centos 7 host for a specific user. In the past, pre systemd, it was easy to update /etc/security/limits.conf and just run sysctl -p, and the changes would take effect for the next user session.
Now under systemd, the command has changed to systemctl restart systemd-sysctl.service.
Also, under Centos 7 and Fedora, /etc/sysctl.conf has been replaced with multiple files in /usr/lib/sysctl.d/ If you need to make changes that would in the past be done the single file /etc/sysctl.conf
This year I’ve decided to branch out and try to attend a few more Linux conferences to see what new things are going on and what I can learn. I’ve been to the Red Hat Summit several times in both Boston and San Francisco but decided that attending a community based, instead of a corporate event would be more fun. I haven’t been to Washington State in over 20 years. LinuxFest Northwest 2015. It’ll be a busy weekend but I’m sure I’ll have a blast.
This week I had the task of working out the details on adding 2 different types of storage arrays to a single host. The host was running EMC’s Powerpath MPIO drivers and Linux LVM. Because powerpath is for EMC devices only I had to remove, convert to multipath to use both storage arrays, and RETAIN the LUN Data. It was pretty easy to remove powerpath, install multiipath but there was an order.
Dismount all the LUNS.
Deactivate any volume groups (vgchange -a n ‘volume group’) .
Install multipath, create working /etc/multipath.conf file, start multipathd.
Filter mpath devices in /etc/lvm/lvm.comf
(filter = [ “a/mapper/.*$/”, “a|/dev/sda[0-9]|”, “a|/dev/sdb[0-9]|”)
Re-activate the volume groups (vgchange -a y).
Update /etc/fstab. (if defined as /dev/mapper/’device’ instead of /dev/’volume group’/’logical volume’ )
The process was fairly simple. I prefer multipath over the proprietary drivers anyway.
With the host now converted to multipath the 2nd storage array could be presented on the host without issue.
I bought a Raspberry Pi2 when they came out and also a Pi camera and then came up with an idea on how to use it.
I wanted to take some time lapse photos of the yard to watch the new growth of Spring. To do this I needed to have the Pi outside in the elements but protected. I couldn’t run it off solar because I didn’t have a decent setup to get more than a single day off the battery and the Solar panel I had was way too small for this. I also wanted to run it wireless so I could monitor the Pi and download the photos so I don’t fill the 32G Micro SD card.
So I ran a cord from the house and placed the Pi and Camera in a Coffee Can with a small window for the lens. I cut out holes for the cord and used a clear piece of plastic and used silicone to keep the water out. Inside the can I made a cradle to hold the Pi with, what else.. DUCT TAPE. I then filled the can with some of my wife’s glass beads she uses for planting to give it all enough weight so that the winds couldn’t blow the can over. I put a brick over it all for good measure. Its been running about a week and so far, Spring hasn’t really been cooperating as we’ve had some snow, ice, and a few temps above 60. I’m hoping its the last of the snow till we get back into Winter.
To take the timelapse photos I found a good script that uses raspistill and takes a photo every minute. raspiLapseCam.py. I then ‘rsync’ the images back to my home server once a day.
This setup isn’t polished, Its kind of crude but the Pi is safe, I’m getting photos and it will be kind of nice to see the grass green up, the peonies push up, and the Forsythia bush come out in bright yellow.
I’ve wanted to add an SSL certificate to mmoliver.org for a while but frankly I didn’t want to pay the yearly fees of $40+ dollars for one. I then found that I could get a free SSL cert from startssl.com and use it here on the site. It’s a yearly free certificate for personal sites. I’ve setup SSL certs over the years for customer sites but had to sacrifice insecurity for accessibility to their sites. With the recent ‘Poodle’ and other vulnerabilities that have been recently discovered I decided that I should remove SSLv3 support, all the lower export ciphers and RC4.
SSLProtocol All -SSLv2 -SSLv3
SSL Labs was very helpful in checking the site and ensuring my site would stop using the old protocols and ciphers. Check the site out.