acct

install

• use process accounting to display summary of process, user and tty usage 2009-05-02 14:40

root@opl:/srv/sysadmin-cookbook/recepies/acct# apt-get -f install acct

lastcomm duration

• use process accounting to display summary of process, user and tty usage 2009-05-02 14:40
• display statistics just for long running commands 2009-05-02 14:44
• lastcomm-duration.pl 4 will return all commands longer than 4s 2009-05-02 14:46

#!/usr/bin/perl

use warnings;
use strict;

use YAML;

my $too_long = shift @ARGV || 0.5; # s
my $stats;

open(my $lastcomm, '-|', 'lastcomm');
while(<$lastcomm>) {
	chomp;
	if ( m{^(\S+).+?(\S+)\s+(\S+)\s+(\d+\.\d+) secs} ) {
		my ( $command, $user, $tty, $duration ) = ( $1, $2, $3, $4 );
		$stats->{command}->{$command} += $duration;
		$stats->{user}->{$user} += $duration;
		$stats->{tty}->{$tty} += $duration;
		print "$_\n" if $duration > $too_long;
	} else {
		warn "# $_";
	}
}

foreach my $stat ( keys %$stats ) {
	print "\n$stat:\n";
	my $counter = $stats->{$stat};
	foreach my $name ( sort { $counter->{$b} <=> $counter->{$a} } keys %$counter ) {
		my $d = $counter->{$name};
		printf "%8.2f %s\n", $d, $name if $d > $too_long;
	}
}

amt

install

• begin fun with amt using amtterm 2009-05-13 11:41

root@klin:/srv/sysadmin-cookbook/recepies/amt# apt-get install amtterm

amt openamt

heci

• added Intel AMT kernel module build and insmod 2009-09-16 20:46

#!/bin/sh

test -d heci || svn co https://openamt.svn.sourceforge.net/svnroot/openamt/heci/trunk heci
cd heci && make && modinfo ./src/heci.ko && insmod ./src/heci.ko heci_debug=1

lms

• compile http://www.openamt.org/trac/wiki/LocalManageabilityService 2009-09-16 20:57

Index: src/LMEConnection.cpp
===================================================================
--- src/LMEConnection.cpp	(revision 213)
+++ src/LMEConnection.cpp	(working copy)
@@ -41,6 +41,8 @@
 #include <arpa/inet.h>
 #endif
 
+#include <pthread.h>
+
 #define HECI_BUFF_SIZE 0x1000
 #define HECI_IO_TIMEOUT 5000

lms

• compile http://www.openamt.org/trac/wiki/LocalManageabilityService 2009-09-16 20:57

#!/bin/sh

test -d lms || svn co https://openamt.svn.sourceforge.net/svnroot/openamt/lms/trunk lms

cd lms && patch -N -p0 < ../2.lms.diff
cd -

test -x lms/src/lms || ( cd lms && ./bootstrap.sh && ./configure --enable-debug && make )

serial console

• add serial console as described in amt-howto 2009-05-17 11:35
• add console option to kernel 2009-05-17 11:50
• add serial console to grup and run update-grub 2009-05-17 11:58
• test if serial port is found in dmesg output 2009-05-18 08:26
• fallback on normal tty0 console (?!) if no serial is found Kernel doesn't have multiplexing, and while Internet claims that this configuration will show boot messages on both VGA and serial, it doesn't really work for me. Kernel will use *last* console parameter for /dev/console 2009-05-18 15:21
• output kernel messages to serial console with fallback to tty0 insert grub directives at correct place in config, so we see grub now over serial console (still no bios, ugh!) 2009-05-19 17:56
• use last serial port (so we can use normal serials too) make grub modification optional 2009-08-25 17:48

#!/bin/sh -x

# add AMT serial console to inittab

ttyS=`dmesg | grep ttyS | grep 0x | tail -1 | sed 's/^.*\(ttyS[0-9]\).*$/\1/'`

test -z "$ttyS" && echo "Can't find serial port in dmesg output" && exit

if ! grep $ttyS /etc/inittab | grep -v ^# ; then
	echo "Am:2345:respawn:/sbin/getty $ttyS 115200 vt100-nav" >> /etc/inittab
	init q
fi

ps ax | grep $ttyS | grep -v grep

grub=/boot/grub/menu.lst
tmp=/tmp/menu.lst

test -f $grub || exit

if ! grep '^# kopt=' $grub | grep console= ; then
	cat $grub | sed "s/^\(# kopt=.*\)$/\1 console=$ttyS,115200 console=tty0/" > $tmp
else
	cat $grub > $tmp
fi


if ! grep 'terminal *serial' $grub ; then
	port=`dmesg | grep ttyS | grep 0xe | sed 's/^.*\(0xe[0-9a-f]*\).*$/\1/'`
	cat $tmp | sed "s/\(### BEGIN AUTOMAGIC KERNELS LIST\)/serial --port=$port --speed=115200\nterminal serial\n\n\1/" >> $tmp.serial && mv $tmp.serial $tmp || exit
fi

if ! diff -urw $grub $tmp ; then
	mv $tmp $grub && update-grub
fi

apache2

deflate test

• check if deflate gets any benefits to single URL 2009-11-02 15:40

#!/bin/sh

if [ -z "$1" ] ; then
	echo "Usage: $0 http://www.example.com/"
	exit 1
else
	url=$1
fi

time wget $url -O /tmp/foo
echo
time wget --header="Accept-Encoding: gzip" $url -O /tmp/foo.gz
echo

orig_size=`ls -al /tmp/foo    | awk '{ print $5 }'`
comp_size=`ls -al /tmp/foo.gz | awk '{ print $5 }'`

if [ $comp_size -lt $orig_size ] ; then
	echo "OK $comp_size < $orig_size";
else
	echo "ERROR: no visible compression benefits"
fi

#ls -al /tmp/foo /tmp/foo.gz

deflate

• Apache2 configuration to deflate all content 2009-11-02 15:39

# /etc/apache2/conf.d/deflate.conf

<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/html text/plain text/xml

	SetOutputFilter DEFLATE
	SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ 			no-gzip dont-vary
	SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$	no-gzip dont-vary
	SetEnvIfNoCase Request_URI \.pdf$							no-gzip dont-vary

	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

	DeflateFilterNote Input input_info
	DeflateFilterNote Output output_info
	DeflateFilterNote Ratio ratio_info
	LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
	CustomLog /var/log/apache2/deflate.log deflate
</IfModule>

server status

• add /server-status in /etc/apache2/conf.d/ 2009-11-09 14:42

<IfModule mod_status.c>

# munin needs ExtededStatus
ExtendedStatus On

<Location /server-status>
	SetHandler server-status
	Order deny,allow
	Deny from all
#	Allow from all
	Allow from 127.0.0.1
	Allow from .ffzg.hr
</Location>

</IfModule>

btrfs

install

• install btrfs-tools 2009-05-12 17:33

root@t42:~# apt-get install btrfs-tools

create snapshot

• example how to create btrfs snapshot (currently you can't remove them!) 2009-05-12 18:03

root@klin:/srv/sysadmin-cookbook/recepies/btrfs# btrfsctl -S snapshot /btrfs
operation complete
Btrfs Btrfs v0.18

root@klin:/btrfs# btrfsctl -s /btrfs/snapshot/test /btrfs/212226/
operation complete
Btrfs Btrfs v0.18

README

• added warning about alpha state of btrfs in kernel 2009-05-16 12:38

http://blog.rot13.org/2009/05/btrfs_kernel_warning_about_alpha_state_is_there_for_a_reason.html

btrfs progs unstable checkinstall

• create Debian package of unstable btrfs progs using checkinstall 2010-01-27 19:27

#!/bin/sh -x

test -e btrfs-progs-unstable || git clone git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-progs-unstable.git

cd btrfs-progs-unstable && git pull && make && \
	checkinstall --pkgname=btrfs-progs-unstable \
	--pkgversion=`grep BTRFS_BUILD_VERSION version.h | cut -d\" -f2 | sed 's/.* v//'`

pull snapshot backup

• example script to pull backup over rsync and create btrfs snapshot 2009-05-16 12:38

#!/bin/sh -x

from=koha-hw.ffzg.hr
date=`date +%Y-%m-%d`
pool=btrfs
log=/var/log/

function rsync_veid() {
	rsync -ravHC --numeric-ids --delete $from:/mnt/vz-backup/private/$1/ /$pool/$1/ && btrfsctl -s /$pool/backup/$1@$date /btrfs/$1/
}

(
df -h /$pool
ssh $from 'sync && sync && lvcreate -s -L 10G -n vz-backup /dev/vg/vz && mount /dev/vg/vz-backup /mnt/vz-backup/' || exit
rsync_veid 212226
rsync_veid 212052
ssh $from 'umount /mnt/vz-backup/ && lvremove -f /dev/vg/vz-backup'
df -h /$pool
) | tee -a $log/$0.$date.log

cryo

checkout and compile

• Cryo is a ptrace-based userspace checkpoint/restart proof of concept 2009-05-15 12:49

dpavlin@klin:/srv/sysadmin-cookbook/recepies/cryo$ sudo apt-get install git-core

dpavlin@klin:/srv/sysadmin-cookbook/recepies/cryo$ git clone git://git.sr71.net/~hallyn/cryodev.git

dpavlin@klin:/srv/sysadmin-cookbook/recepies/cryo$ cd cryodev/ && make

debian

apt sources

• add custom repository to /etc/apt/sources.list 2009-05-17 12:19

#!/bin/sh -x

path=/etc/apt/sources.list
tmp=/tmp/sources.list

cp $path $tmp

function append() {
	if ! grep "$1" $path ; then
		echo "$1" >> $tmp
	fi
}

append "deb http://debian.rot13.org binary/"
append "deb http://debian.pkgs.cpan.org/debian unstable main"
#append "deb http://debian.rot13.org/debian unstable main"

if ! diff -uw $path $tmp ; then
	cp $path $path.old && mv $tmp $path
	apt-get update
fi

debian cpan

README

• turn CPAN into debian packages 2009-05-17 12:49

http://debian.pkgs.cpan.org/

dell

install

• flash Dell bios from Linux 2009-08-20 12:43
• added iselect 2009-08-20 13:34

apt-get install libsmbios-bin iselect

README

• flash Dell bios from Linux 2009-08-20 12:43

based on instructions from http://www.ducea.com/2007/08/27/dell-bios-firmware-updates-on-debian/

flash bios

• flash Dell bios from Linux 2009-08-20 12:43
• select bios using iselect 2009-08-20 12:57
• abort if getSystemID doesn't return valid id 2009-08-20 13:34
• display system_id and current bios version 2009-08-20 13:35

#!/bin/sh -x

system_id=`getSystemId | grep 'System ID:' | cut -d: -f2 | sed 's/ //g'`
version=`getSystemId | grep 'BIOS' | cut -d: -f2 | sed 's/ //g'`

dir=linux.dell.com/repo/firmware/bios-hdrs

bios=`ls -d $dir/*$system_id*/bios.hdr | cut -d/ -f 5 | iselect -a -t "System $system_id BIOS $version"`

test -z "$bios" && exit

bios="$dir/$bios/bios.hdr"

dellBiosUpdate -i -f $bios || exit
dellBiosUpdate -t -f $bios || exit

echo -n "ENTER to program bios and reboot or CTRL+C to abort ";
read

modprobe dell_rbu
dellBiosUpdate -u -f $bios
reboot

make mirror

• flash Dell bios from Linux 2009-08-20 12:43
• abort if getSystemID doesn't return valid id 2009-08-20 13:34

#!/bin/sh -x

system_id=`getSystemId | grep 'System ID:' | cut -d: -f2 | sed 's/ //g'`

test -z "$system_id" && exit

url=http://linux.dell.com/repo/firmware/bios-hdrs/

wget -q -O - $url | grep system_bios_ven_0x1028_dev_$system_id | sed -e 's/^.*href="//' -e 's/".*$//' -e "s|^|$url|" -e "s|$|bios.hdr|" | xargs wget -m

deploy cookbook

install subversion

• how to deploy this cookbook 2009-04-30 22:16

root@opl:~# apt-get install -y subversion

append /root/.ssh/config

• how to deploy this cookbook 2009-04-30 22:16

Host llin
	Hostname 10.60.0.81
	User dpavlin
	Port 22013

perms

• fix .ssh/config permission 2009-05-01 13:07

root@koha-hw:~# chmod 600 /root/.ssh/config

checkout ../ssh/login without password/2.copy root identity

• how to deploy this cookbook 2009-04-30 22:16
• checkout in single line, so it works over ssh 2009-05-16 12:37

root@opl:~# cd /srv/ && svn co svn+ssh://llin/home/dpavlin/private/svn/sysadmin-cookbook/

setup PATH

• add our helper scripts to $PATH 2009-05-01 12:27

# . setup-PATH
export PATH=/srv/sysadmin-cookbook/bin:$PATH

etherpuppet

install

• build ether puppet for different arhitectures using Firmware Linux 2009-08-15 01:19

apt-get install etherpuppet

README

• build ether puppet for different arhitectures using Firmware Linux 2009-08-15 01:19

EtherPuppet: http://www.secdev.org/projects/etherpuppet/
Firmware Linux: http://impactlinux.com/firmware-linux/

build arch

• build ether puppet for different arhitectures using Firmware Linux 2009-08-15 01:19

#!/bin/sh -x

arch=$1
fwl=/virtual/fwl/

wget -m -nd -nH http://hg.secdev.org/etherpuppet/raw-file/tip/etherpuppet.c || exit

path="$fwl/cross-compiler-$arch"

if [ ! -e $path ] ; then
	cd $fwl || exit
	wget -m -nd -nH http://impactlinux.com/fwl/downloads/binaries/cross-compiler/host-i686/cross-compiler-$arch.tar.bz2 || exit
	tar xvfj cross-compiler-$arch.tar.bz2
	cd -
fi

PATH=$path/bin:$PATH
$arch-gcc -static -o etherpuppet-$arch etherpuppet.c

ls -al etherpuppet-$arch
file   etherpuppet-$arch

firefox

install

• change window and menu font size in firefox 2009-11-17 21:48

#!/bin/sh -x

ls -d $HOME/.mozilla/firefox/*.*/ | xargs -i cp -v userChrome.css {}/chrome/

userChrome

• change window and menu font size in firefox 2009-11-17 21:48

window {
  font-size: 12px !important;
}

menubar, menubutton, menulist, menu, menuitem, textbox, toolbar, tab,
tree, tooltip
{
    font-size: 11px !important;
}

git

install

• begin git part of cookbook It's git haters tutorial for subversion and svk lover :-) 2009-10-17 12:39

sudo apt-get install git-core git-svn

authors file

• example of Frey import into git over svn+ssh 2009-10-17 12:40

dpavlin = Dobrica Pavlinusic <dpavlin@rot13.org>

git checkout svn

• example of Frey import into git over svn+ssh 2009-10-17 12:40

#!/bin/sh -x

repository=svn+ssh://llin/home/dpavlin/private/svn/Frey

git svn clone $repository -T trunk -b branches \
	--authors-file /srv/sysadmin-cookbook/recepies/git/authors-file
cd Frey/
git branch -r

git revert trunk

• from man git-svn 2009-10-17 12:40

git reset --hard remotes/trunk

git gitweb

install

• install gitweb 2009-10-17 12:41

sudo apt-get install gitweb

gstreamer

record screencast

• hints from https://wiki.ubuntu.com/ScreenCasts/GStreamer 2009-07-17 17:08

gst-launch-0.10 -v ximagesrc ! video/x-raw-rgb,framerate=5/1 ! videorate ! ffmpegcolorspace ! videoscale method=1 ! timeoverlay ! theoraenc ! oggmux ! filesink location=screencast.ogg

test card

• hints from https://wiki.ubuntu.com/ScreenCasts/GStreamer 2009-07-17 17:08

gst-launch-0.10 -v videotestsrc ! video/x-raw-rgb ! ffmpegcolorspace ! timeoverlay ! theoraenc ! oggmux ! filesink location=testcard.ogg

kvm

create image

• create cqow2 image and mount it unsing nbd 2009-05-11 13:20

root@klin:/btrfs# kvm-img create -f qcow2 212052.cqow2 50G
Formatting '212052.cqow2', fmt=qcow2, size=52428800 kB

mount image

• create cqow2 image and mount it unsing nbd 2009-05-11 13:20
• turn qemu/kvm image into nbd device 2009-05-11 21:48

root@klin:/btrfs# kvm-nbd --port 10000 212052.qcow2 &

root@klin:/btrfs# nbd-client localhost 10000 /dev/nbd0
Negotiation: ..size = 52428800KB
bs=1024, sz=52428800

root@klin:/btrfs# mount /dev/nbd0p1 /mnt/tmp
root@klin:/btrfs# df /mnt/tmp
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/nbd0p1           51605436     53064  48930968   1% /mnt/tmp

image device

• turn qemu/kvm image into nbd device 2009-05-11 21:48
• kill existing image, mount all partitions 2009-05-12 15:52

#!/bin/sh -x

test -e $1 || ( echo echo "Usage: $0 image.qcow2" ; exit 1 )

image=$1

test -e $image.pid && kill `cat $image.pid` 

running=`ps ax | grep kvm-nbd | grep -v grep | wc -l`
port=`expr 10000 + $running`

kvm-nbd --port $port $image &
echo $! > $image.pid

sleep 1

nbd-client localhost $port /dev/nbd$running || exit

fdisk -l /dev/nbd$running

fdisk -l /dev/nbd1 | grep ^/dev/nbd | cut -d" " -f1 | sed 's!/dev/!!' | xargs -i sh -x -c "mkdir -p /mnt/$image/{} ; mount -v /dev/{} /mnt/$image/{}"

df -h /mnt/$image/*

image stop

• kill mounterd kvm/qemu image 2009-05-12 15:51

#!/bin/sh

kill -9 `cat $1.pid || cat $1`

kvm windows drivers

build iso

• build iso from latest windows network guest drivers (virtio) 2009-08-10 22:10

#!/bin/sh

sudo apt-get install mkisofs

wget -m -nd -nH http://sourceforge.net/projects/kvm/files/kvm-guest-drivers-windows/2/kvm-guest-drivers-windows-2.zip/download
unzip kvm-guest-drivers-windows-2.zip -d iso
mkisofs -J -R -o kvm-guest-drivers-windows-2.iso iso/

lvm

create lvm snapshot

• finish rsync backup over ssh from lvm snapshot to zfs snapshot 2009-05-01 17:41

root@koha-hw:~# lvcreate -s -L 10G -n vz-backup /dev/vg/vz
  Logical volume "vz-backup" created

root@koha-hw:~# test -d /mnt/vz-backup || mkdir /mnt/vz-backup

root@koha-hw:~# mount /dev/vg/vz-backup /mnt/vz-backup/

root@koha-hw:~# df /mnt/vz-backup/
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/vg-vz--backup
                     103212320  76571060  26641260  75% /mnt/vz-backup

lvcreate

• create 200Gb logical volume 2009-05-01 15:34

# LV_NAME=zfs-200
# SIZE=200G

root@opl:/srv/sysadmin-cookbook/recepies/lvm# lvcreate -n zfs-200 -L 200G /dev/raid0
  Logical volume "zfs-200" created
root@opl:/srv/sysadmin-cookbook/recepies/lvm# lvdisplay /dev/raid0/zfs-200
  --- Logical volume ---
  LV Name                /dev/raid0/zfs-200
  VG Name                raid0
  LV UUID                Ms1SXp-mHKC-6wBt-KjcR-JS18-GoTZ-n0APy0
  LV Write Access        read/write
  LV Status              available
  # open                 0
  LV Size                200.00 GB
  Current LE             51200
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2

lvdisplay kb

• info recepies start without a number because they are not dependend on order of execution 2009-04-30 22:55
• accept arguments and make runnable 2009-05-01 17:26

lvdisplay --units k $*

remove lvm snapshot

• finish rsync backup over ssh from lvm snapshot to zfs snapshot 2009-05-01 17:41

root@koha-hw:~# umount /dev/vg/vz-backup

root@koha-hw:~# lvremove /dev/vg/vz-backup 
Do you really want to remove active logical volume "vz-backup"? [y/n]: y
  Logical volume "vz-backup" successfully removed

lxc

install

• Linux Containers are now part of standard 2.6.29 Debian kernel 2009-05-12 16:06
• we also need bridge-utils for networking 2009-05-17 18:39

root@klin:~# sudo apt-get install lxc bridge-utils

root@klin:~# zcat /usr/share/doc/lxc/examples/lxc-debian.gz  > /usr/local/sbin/lxc-debian && chmod 700 /usr/local/sbin/lxc-debian

append /etc/fstab

• Linux Containers are now part of standard 2.6.29 Debian kernel 2009-05-12 16:06

cgroup		/cgroup				cgroup	rw		0	0

append /etc/network/interfaces

• configure bridge in /etc/network/interfaces (the Debian way) 2009-05-14 09:48

#allow-hotplug eth0

# man bridge-utils-interfaces
auto br0
iface br0 inet static
	bridge_ports eth0
	bridge_fd 0
	address 10.60.0.92
	netmask 255.255.254.0
	gateway 10.60.0.1

append /etc/inittab

• fale-safe ttys needed by lxc, but not available on openvz containers 2009-05-12 23:13
• append ttys to /etc/inittab 2009-05-13 16:41

# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux

README

• Linux Containers are now part of standard 2.6.29 Debian kernel 2009-05-12 16:06

* http://lxc.sourceforge.net/
* http://www.ibm.com/developerworks/linux/library/l-lxc-containers/

create bridge

• Linux Containers are now part of standard 2.6.29 Debian kernel 2009-05-12 16:06
• add eth0 to bridge 2009-05-12 23:13
• show configured bridge 2009-05-13 18:45
• moved bridge creation recepie to shell script 2009-05-14 09:47

#!/bin/sh -x

brctl addbr br0
brctl setfd br0 0

ifconfig br0 172.20.0.1 netmask 255.255.255.0

brctl addif br0 eth0

brctl show br0
ifconfig br0

lxc debian

• zcat /usr/share/doc/lxc/examples/lxc-debian.gz > lxc-debian 2010-03-13 13:21
• added --arch to force arhitecture to bootstrap 2010-03-15 23:09

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

configure_debian()
{
    rootfs=$1
    hostname=$2

    # configure the inittab
    cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

    # disable selinux in debian
    mkdir -p $rootfs/selinux
    echo 0 > $rootfs/selinux/enforce

    # by default setup root password with no password
    cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF

    # configure the network using the dhcp
    cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

    # set the hostname
    cat <<EOF > $rootfs/etc/hostname
$hostname
EOF

    # reconfigure some services
    chroot $rootfs /usr/sbin/dpkg-reconfigure locales

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
}

arch=$(arch)

download_debian()
{
    packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server

    cache=$1

    # check the mini debian was not already downloaded
    mkdir -p "$cache/partial-$arch"
    if [ $? -ne 0 ]; then
	echo "Failed to create '$cache/partial-$arch' directory"
	return 1
    fi

    # download a mini debian into a cache
    echo "Downloading debian minimal ..."
    debootstrap --verbose --variant=minbase --arch=$arch \
	--include $packages \
	lenny $cache/partial-$arch http://ftp.debian.org/debian
    if [ $? -ne 0 ]; then
	echo "Failed to download the rootfs, aborting."
	return 1
    fi

    mv "$1/partial-$arch" "$1/rootfs-$arch"
    echo "Download complete."

    return 0
}

copy_debian()
{
    cache=$1
    rootfs=$3

    # make a local copy of the minidebian
    echo -n "Copying rootfs to $rootfs..."
    cp -a $cache/rootfs-$arch $rootfs || return 1
    return 0
}

install_debian()
{
    cache="/var/cache/lxc/debian"
    rootfs=$1
    mkdir -p /var/lock/subsys/
    (
	flock -n -x 200
	if [ $? -ne 0 ]; then
	    echo "Cache repository is busy."
	    return 1
	fi

	if [ "$arch" == "x86_64" ]; then
	    arch=amd64
	fi

	if [ "$arch" == "i686" ]; then
	    arch=i386
	fi

	echo "Checking cache download in $cache/rootfs-$arch ... "
	if [ ! -e "$cache/rootfs-$arch" ]; then
	    download_debian $cache $arch
	    if [ $? -ne 0 ]; then
		echo "Failed to download 'debian base'"
		return 1
	    fi
	fi

	copy_debian $cache $arch $rootfs
	if [ $? -ne 0 ]; then
	    echo "Failed to copy rootfs"
	    return 1
	fi

	return 0

	) 200>/var/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

    cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

    if [ $? -ne 0 ]; then
	echo "Failed to add configuration"
	return 1
    fi

    return 0
}

clean()
{
    cache="/var/cache/lxc/debian"

    if [ ! -e $cache ]; then
	exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
	flock -n -x 200 
	if [ $? != 0 ]; then
	    echo "Cache repository is busy."
	    exit 1
	fi

	echo -n "Purging the download cache..."
	rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
	exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> -a|--arch=stable --clean
EOF
    return 0
}

options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
	exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
		-n|--name)      name=$2; shift 2;;
		-c|--clean)     clean=$2; shift 2;;
		-a|--arch)		arch=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi 

rootfs=$path/rootfs

install_debian $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install debian"
    exit 1
fi

configure_debian $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure debian for a container"
    exit 1
fi

copy_configuration $path $rootfs
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi

lxc watchdog

• Start container and stop/start on reboot/halt 2010-03-15 23:08
• make container name first argument 2010-03-16 14:52
• cleanup init scripts which are not needed inside containers 2010-03-16 15:06
• add powerfail to container's /etc/inittab which halt on kill -SIGPWR 2010-03-16 15:33
• use lxc-ps to find container's init 2010-03-16 16:18
• rewrite into init-like script with start/stop/status name 2010-03-16 17:39
• move inotify so watchdog can stop lxc in init state 0 2010-03-16 17:46
• real host reboot, status now include rootfs and on_boot 2010-03-16 19:59
• added proper LSB init.d headers 2010-03-16 20:42
• create on_boot only if it doesn't exist 2010-03-16 20:51
• give container 5 seconds to start more than one process 2010-03-16 20:53
• timestap watchdog output 2010-03-16 21:36

#! /bin/sh
### BEGIN INIT INFO
# Provides:          lxc-watchdog
# Required-Start:    $remote_fs $named $network $time
# Required-Stop:     $remote_fs $named $network
# Required-Start:    
# Required-Stop:     
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Manage Linux Containers startup/shutdown
# Description:       Uses clever inotify hack to monitor container's
#                    halt/reboot events watching /var/run/utmp
### END INIT INFO

# Author: Dobrica Pavlinusic <dpavlin@rot13.org>
#
# based on Tony Risinger post to lxc-users mailing list
# http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00074.html


which inotifywait >/dev/null || apt-get install inotify-tools


lxc_exists() {
	name=$1

	if [ ! -e /var/lib/lxc/$name/config ] ; then
		echo "Usage: $0 name"
		lxc_status
		exit 1
	fi
}


lxc_rootfs() {
	grep lxc.rootfs "/var/lib/lxc/$1/config" | cut -d= -f2 | sed 's/^ *//'
}


lxc_status() {
	lxc-ls -1 | sort -u | xargs -i lxc-info -n {} | sed "s/'//g" | while read name is status ; do
		on_boot="       "
		test -s /var/lib/lxc/$name/on_boot && on_boot="on_boot"
		echo "$name $status $on_boot $(lxc_rootfs $name)"
	done
}


cleanup_init_scripts() {
	rootfs=$(lxc_rootfs $1)

	ls \
		$rootfs/etc/rc?.d/*umountfs \
		$rootfs/etc/rc?.d/*umountroot \
		$rootfs/etc/rc?.d/*hwclock* \
	2>/dev/null | xargs -i rm -v {}
}


setup_inittab() {
	rootfs=$(lxc_rootfs $1)
	remove=$2
	add=$3

	# let container respond to kill -SIGPWR
	inittab=$rootfs/etc/inittab
	if ! grep "$add" ${inittab} >/dev/null ; then
		grep -v "$remove" ${inittab} > ${inittab}.new
		echo $add >> ${inittab}.new
		mv ${inittab}.new ${inittab}
		echo "$inittab modified with $add"
	fi
}


lxc_kill() {
	name=$1
	sig=$2

	init_pid=`lxc-ps -C init -o pid | grep "^$name" | cut -d" " -f2-`
	if [ -z "$init_pid" ] ; then
		lxc-info -n $name
		exit 1
	fi
	echo "$name kill $sig $init_pid"
	/bin/kill $sig $init_pid
}

lxc_stop() {
	lxc_kill $name -SIGPWR
	lxc-wait -n $name -s STOPPED
#	rm -f /var/lib/lxc/${name}/on_boot
}


lxc_start() {
	name=$1

	if ! lxc-info -n $name | grep RUNNING ; then
		echo "$name start"
		lxc-start -n $name -o /tmp/${name}.log -d
		lxc-wait  -n $name -s RUNNING
		lxc-info  -n $name
		test -f /var/lib/lxc/${name}/on_boot || echo $name > /var/lib/lxc/${name}/on_boot
	fi
}

lxc_log() {
	echo `date +%Y-%m-%dT%H:%M:%S` $*
}

lxc_watchdog() {
name=$1
rootfs=$(lxc_rootfs $1)

while true; do
	vps_utmp=${rootfs}/var/run/utmp
	tasks=`wc -l < /cgroup/${name}/tasks`
	test -z "$tasks" && exit 1
	if [ "$tasks" -eq 1 ]; then

		runlevel="$(runlevel ${vps_utmp})"
		lxc_log "$name runlevel $runlevel"

		case $runlevel in
		N*)
			# nothing for new boot state
		;;
		??0)
			lxc_log "$name halt"
			lxc-stop -n "${name}"
			lxc-wait -n ${name} -s STOPPED
			break
		;;
		??6)
			lxc_log "$name reboot";
			lxc-stop -n ${name}
			lxc-wait -n ${name} -s STOPPED
			lxc-start -d -n ${name} -o /tmp/${name}.log
		;;
		*)
			# make sure vps is still running
			state="$(lxc-info -n "${name}" | sed -e 's/.* is //')"
			[ "$state" = "RUNNING" ] || break
		;;
		esac
	else
		lxc_log "$name $tasks tasks"
	fi

	# time of 5 minutes on it JUST IN CASE...
	inotifywait -qqt 300 ${vps_utmp}
done

lxc_log "$name exited"

}


command_on_lxc() {
command=$1
shift

echo "# $command $1"

case "$command" in

start)
	lxc_exists $1
	cleanup_init_scripts $1
	setup_inittab $1 ::power      "p0::powerfail:/sbin/init 0"
	setup_inittab $1 ::ctrlaltdel "p6::ctrlaltdel:/sbin/init 6"
	lxc_start $1
	# give container 5 seconds to start more than one process
	( sleep 5 ; nohup $0 watchdog $1 >> /tmp/$1.log 2>/dev/null ) &
	;;
stop|halt)
	lxc_exists $1
	lxc_stop $1
	;;
reload|force-reload|restart|reboot)
	lxc_kill $1 -SIGINT
	;;
watchdog)
	lxc_watchdog $1
	;;
*)
	echo "Usage: $0 {start|stop|restart|status}" >&2
	exit 3
	;;

esac

}

command=$1
shift

test "$command" = "status" && lxc_status && exit

if [ -z "$1" ] ; then
	ls /var/lib/lxc/*/on_boot | while read path ; do
		name=`echo $path | cut -d/ -f5`
		command_on_lxc $command $name
	done
else
	while [ ! -z "$1" ] ; do
		command_on_lxc $command $1
		shift
	done
fi

ve2lxc

• convert OpenVZ container to LXC 2009-05-17 20:54
• configure /etc/network/interfaces in new lxc container 2009-05-21 15:46
• put template lxc configuration inside script itself change /etc/hostname 2009-05-21 15:55
• copy /etc/resolv.conf from host system 2009-06-15 19:19
• added gateway to lxc's /etc/network/interfaces 2009-06-15 20:22
• added IP and ve2lxc hostname to /etc/hosts 2009-06-15 20:22
• configurable hostname as optional third param 2009-10-21 12:06

#!/bin/sh -x

test -z "$1" && echo "usage: $0 /path/to/ve/private [10.60.0.253 [hostname]]" && exit

dir=$1
ip=$2
hostname=$3
netmask=`grep netmask /etc/network/interfaces | head -1 | sed 's/^.*netmask *//'`
gateway=`grep gateway /etc/network/interfaces | head -1 | sed 's/^.*gateway *//'`

test -z "$ip" && ip=10.60.0.252
test -z "$hostname" && hostname=ve2lxc

path=/$dir/etc/inittab
tmp=/tmp/inittab

cp $path $tmp || exit

function append() {
	if ! grep "$1" $path ; then
		echo "$1" >> $tmp
	fi
}

append "z6:6:respawn:/sbin/sulogin"
append "1:2345:respawn:/sbin/getty 38400 console"
append "c1:12345:respawn:/sbin/getty 38400 tty1 linux"
append "c2:12345:respawn:/sbin/getty 38400 tty2 linux"
append "c3:12345:respawn:/sbin/getty 38400 tty3 linux"
append "c4:12345:respawn:/sbin/getty 38400 tty4 linux"

if ! diff -uw $path $tmp ; then
	cp $path $path.old && mv $tmp $path
fi

lxc-stop -n $hostname
lxc-destroy -n $hostname

test -d /cgroup || mkdir /cgroup
grep /cgroup /etc/fstab || echo "cgroup /cgroup cgroup rw 0 0" >> /etc/fstab

grep eth0 $dir/etc/network/interfaces || cat << __interfaces__ > $dir/etc/network/interfaces
auto eth0 lo

iface lo inet loopback

iface eth0 inet static
	address $ip
	netmask $netmask
	gateway $gateway

__interfaces__

echo $hostname > $dir/etc/hostname

echo "$ip $hostname" >> $dir/etc/hosts

conf=/tmp/$hostname.conf

cat << __lxc__ > $conf
lxc.utsname = $hostname
lxc.tty = 4
lxc.pts = 1024
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
#lxc.mount = $MNTFILE
lxc.rootfs = $dir
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
__lxc__

cp -v /etc/resolv.conf /$dir/etc/resolv.conf

mount | grep /cgroup || mount /cgroup || exit

lxc-create -n $hostname -f $conf && lxc-start -n $hostname

nbd

install server

• started nbd recepie with installation of server 2009-04-30 21:54
• rename according to new markup, install server configuration and start it 2009-04-30 22:31

root@opr:~# apt-get install -y nbd-server

create /etc/nbd server/config

• rename according to new markup, install server configuration and start it 2009-04-30 22:31
• export whole disk and not just single partition 2009-04-30 23:16

[generic]
	user = nbd
	group = disk
[export]
	exportname = /dev/sda
	port = 1234

start nbd server

• rename according to new markup, install server configuration and start it 2009-04-30 22:31

root@opr:~# /etc/init.d/nbd-server start
 nbd-server.

install client

• install client 2009-04-30 22:36

root@opl:~# apt-get install -y nbd-client

start client

• start client and verify new device 2009-04-30 22:43

root@opl:/srv/sysadmin-cookbook/recepies/nbd# nbd-client 10.60.0.91 1234 /dev/nbd0
Negotiation: ..size = 244140625KB
bs=1024, sz=244140625

root@opl:/srv/sysadmin-cookbook/recepies/nbd# fdisk -l /dev/nbd0

Disk /dev/nbd0: 250.0 GB, 250000000000 bytes
255 heads, 63 sectors/track, 30394 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

     Device Boot      Start         End      Blocks   Id  System
/dev/nbd0p1               1       12159    97667136   83  Linux

netpipe tcp

install

• test speed of network 2009-05-25 20:19

root@opl:~# apt-get install netpipe-tcp

Makefile

• rule graph produce png graph 2009-05-25 22:11
• create gnuplot graphs based on http://oss.lzu.edu.cn/blog/article.php?tid_1204.html 2009-05-25 22:27
• added xlax target to open terminals to each host in hosts using mkxlax 2009-05-26 16:52
• install netpipe-tcp on all hosts with make install 2010-02-20 16:31
• cleanup empty *.np files 2010-02-20 17:35

graph:
	find . -name "*.np" -size 0 -exec rm {} \;
	./np2graphviz.pl | dot -Tpng -o graph.png && qiv graph.png

gnuplot:
	ls */*.np | xargs -i ./gnuplot.sh {}

xlax:
	mkxlax `cat hosts`

install:
	cat hosts | xargs -i ssh {} apt-get install -y netpipe-tcp

collect

• collect all /tmp/*.np files from hosts 2009-05-25 21:14
• more verbose collect (it's automatic in test-all.pl!) 2010-02-20 17:36

#!/bin/sh

cat hosts | xargs -i sh -c "test -d {} || mkdir {} ; rsync -v {}:/tmp/*.np {}/"
ls -al */*.np

gnuplot

• create gnuplot graphs based on http://oss.lzu.edu.cn/blog/article.php?tid_1204.html 2009-05-25 22:27

#!/bin/sh

echo "creating $1.png"

cat << __gnuplot__ | gnuplot
set term png
set output "$1.png"

set grid

set ylabel "Throughput In Mbps"
set xlabel "Message Size"

set size 1,0.8 

plot "$1" using 1:2 title "$1" with lines linewidth 3 
__gnuplot__

hosts

• test speed of network 2009-05-25 20:19
• added few more hosts 2010-02-20 17:36

mjesec.ffzg.hr
koha-hw.ffzg.hr
10.60.0.9
10.60.0.10
10.60.0.90
10.60.0.91
10.60.0.92
10.60.0.93
10.60.0.200

np2graphviz

• parse last line of every */*.np file 2009-05-25 21:15
• create graphviz dot file 2009-05-25 22:11
• red color under 150Mb/s 2010-02-20 16:32
• show symetrical transfer as single dashed edge 2010-02-21 14:33

#!/usr/bin/perl

use warnings;
use strict;

my $graph;

my ($max,$min);

foreach my $file ( glob '*/*.np' ) {

	my $direction = $file;
	$direction =~ s/\.np$//;
	my ( $from, $to ) = split(m{/},$direction,2);

	my $line = `tail -1 $file`;
	$line =~ s{^\s+}{};
	$line =~ s{\s+$}{};
	my ( $size, $speed, $rtt ) = split(/\s+/, $line);

	warn "$from -> $to | $size | $speed | $rtt\n";

	my $len = int($speed / 100);

	my $rev = qq|"$to" -> "$from"|;

	# make edge bi-directional if speed difference is less then 10%
	if ( $graph->{$rev} && abs($graph->{$rev}->{speed}->[0] - $speed) < ($speed/10) ) {
		$graph->{$rev}->{speed}->[1] = int($speed);
		$graph->{$rev}->{dir} = 'both';
	} else {
		$graph->{ qq|"$from" -> "$to"| } = {
			size => $size,
			speed => [ int($speed) ],
			rtt => $rtt,
			dir => 'forward',
		};
	}

	$min ||= $speed;
	$min = $speed if $speed < $min;

	$max ||= $speed;
	$max = $speed if $speed > $max;

}

warn "# speed $min ... $max\n";

print qq|
digraph "netpipe" {
|,
join("\n", map {
	my $node = $_;
	my @speed = @{ $graph->{$node}->{speed} };
	my $speed = 0;
	$speed += $_ foreach @speed;
	$speed /= $#speed + 1;
	my $c = 'ff0000';
	$c = '00ff00' if ( $speed /  100 ) > 5;
	$c = '0000ff' if ( $speed / 1000 ) > 1;
	$c = '8888ff' if ( $speed / 1000 ) > 2;
	my $label = qq|labelfontsize=10,weight=$speed,|;
	$label .= qq|headlabel=$speed[0],| if $speed[0];
	$label .= qq|taillabel=$speed[1],| if $speed[1];
	$label .= qq|style=dashed,| if $graph->{$node}->{dir} eq 'both';
	qq|$node [ $label color="#$c",dir=$graph->{$node}->{dir} ]|;
} keys %$graph),
qq|
}
|;

ssh

• execute command on all hosts 2010-02-20 17:15

#!/bin/sh -x
cat hosts | xargs -i ssh {} $*

test all

• run tests on all hosts automatically 2010-02-19 22:36
• don't require anything on target hosts 2010-02-20 16:32
• test just missing files 2010-02-20 17:35

#!/usr/bin/perl

# usage: test-all.pl hosts

use warnings;
use strict;
use autodie;
use File::Slurp;
use Data::Dump qw(dump);

chdir '/srv/sysadmin-cookbook/recepies/netpipe-tcp/';

my @hosts = read_file 'hosts';
@hosts = map { chomp; $_ } @hosts;
warn "hosts = ",dump(@hosts);

foreach my $host ( @hosts ) {
	chomp($host);

	my @test;

	foreach my $to ( @hosts ) {
		next if -s "$host/$to.np";
		warn "start NPtcp on $to\n";
		system "ssh $to NPtcp &";
		push @test, $to;
	}

	warn "# missing ", dump(@test);

	open(my $ssh, '|-', "ssh $host xargs -i NPtcp -h {} -u 1048576 -o /tmp/{}.np");
	foreach my $to ( @test ) {
		warn "TEST from $host to $to\n";
		print $ssh "$to\n";
	}
	close($ssh);

	system "rsync -v $host:/tmp/*.np $host/";
}

test

• test speed of network 2009-05-25 20:19
• instruction to start NPtcp 2010-02-19 21:24
• run test on all hosts 2010-02-19 21:33
• just run test against all hosts 2010-02-19 21:47

#!/bin/sh

cd /srv/sysadmin-cookbook/recepies/netpipe-tcp/
while read host ; do
	echo "TEST `hostname` $host"
	NPtcp -h $host -u 1048576 -o /tmp/$host.np
done < hosts

ntpdate

install

• easiest way to keep machine time in sync with ntp 2009-05-01 15:53

# install on hardware

root@koha-hw:~# apt-get -y install ntpdate

openvz

create ve 1 config

• create template configuration of full hardware machine 2009-05-01 20:00

root@opl:/etc/vz/conf# vzsplit -n 1 -f 1 -s 2048
Config /etc/vz/conf/ve-1.conf-sample was created

set ve on clone

• setup container parameters on cloned filesystem 2009-05-02 11:39
• apply template config for whole machine (1) to create fully functional configuration 2009-05-02 21:16
• added --diskspace 2009-05-02 21:22

root@opl:/etc/vz/conf# vzctl set 60017 --private /zfs/vz-60017-clone/private/212226/ --root /zfs/vz-60017-clone/root/212226/ --ipadd 10.60.0.17 --hostname koha-clone --applyconfig 1 --diskspace 60G:70G --save

pppoe server

install

• configure PPPoE server 2010-03-10 09:54

apt-get install pppoe

create /etc/ppp/pppoe server options

• configure PPPoE server 2010-03-10 09:54

# PPPoE server
#nologin
mru 1492
noreplacedefaultroute
proxyarp
ms-dns 192.168.1.2

append /etc/ppp/pap secrets

• configure PPPoE server 2010-03-10 09:54

# PPPoE server
#client	hostname	<password>	IP
test	*			"test"		*

append /etc/ppp/chap secrets

• configure PPPoE server 2010-03-10 09:54

# PPPoE server
# client	server	secret	IP addresses
test		*	test	*

configure private net

• configure PPPoE server 2010-03-10 09:54

ifconfig eth0:10 10.0.0.1 up

PADI

• configure PPPoE server 2010-03-10 09:54

pppoe-relay -B eth0:1 -C eth0 -n 1 -F

pppoe server

• configure PPPoE server 2010-03-10 09:54

pppoe-server -I eth0:1 -T 60 -C fake -S fake -L 10.0.0.2 -R 10.0.0.10 -N 1 -F

NAT

• configure PPPoE server 2010-03-10 09:54

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 192.168.1.90

tshark dump

• configure PPPoE server 2010-03-10 09:54

tshark -i eth0 -f '!port 80'

ps3

ps3 xserver xorg video spu

install

• rebuild xserver-xorg-video-spu 2009-10-08 18:29

apt-get source xserver-xorg-video-spu
apt-get build-dep xserver-xorg-video-spu
apt-get install build-essential fakeroot dpkg-dev

build

• rebuild xserver-xorg-video-spu 2009-10-08 18:29

cd xserver-xorg-video-spu* && dpkg-buildpackage -rfakeroot -b

pxe

install

• started recepie to cook pxe boot using dnsmasq 2009-05-12 16:01

root@klin:/srv/sysadmin-cookbook/recepies/pxe# apt-get install dnsmasq

create /etc/dnsmasq.d/pxe

• started recepie to cook pxe boot using dnsmasq 2009-05-12 16:01
• configure dnsmasq for pxe boot 2009-05-24 19:58
• select boot file 2009-06-21 18:32

dhcp-boot=pxelinux.0

dhcp-range=192.168.2.50,192.168.2.150,12h

enable-tftp
tftp-root=/srv/sysadmin-cookbook/recepies/pxe/tftpboot/
dhcp-boot=pxelinux.0

enable conf dir

• enable config-dir directive which looks for pxe configuration file 2009-05-24 19:58
• fix conf-dir directive activation 2009-05-30 13:07

#!/bin/sh -x

grep '^conf-dif=/etc/dnsmasq.d' /etc/dnsmasq.conf || ( echo 'conf-dir=/etc/dnsmasq.d' >> /etc/dnsmasq.conf && /etc/init.d/dnsmasq restart )

create tftpboot

• create tftp boot enviroment from upstream debian netboot 2009-05-24 20:31
• use testing netboot 2009-05-30 13:07

#!/bin/sh

url=ftp.hr.debian.org/debian/dists/lenny/main/installer-i386/current/images/netboot/netboot.tar.gz
url=http://people.debian.org/~joeyh/d-i/images/daily/netboot/netboot.tar.gz

test -d tftpboot || wget -nc $url && mkdir tftpboot && cd tftpboot && tar xvfz ../netboot.tar.gz

nat 192.168.2.0 wlan0

• iptables nat from 192.168.2.0/24 to wlan0 with masquarade 2009-06-21 18:34

sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o wlan0 -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

rsync

clone directory

• Copy directory while preserving all permissions using rsync 2009-04-30 18:37

rsync -ravHAX /var/lib/vz/ /zfs/vz/

rsync pull backup over ssh

pull backup from snapshot ../../lvm/create lvm snapshot

• finish rsync backup over ssh from lvm snapshot to zfs snapshot 2009-05-01 17:41

root@opl:~# rsync -ravHC --progress koha-hw:/mnt/vz-backup/ /zfs/vz/

pull backup ../../lvm/remove lvm snapshot

• pull backup from remote host using rsync over ssh 2009-05-01 14:08

rsync -ravH koha-hw:/var/lib/vz/private/ /zfs/vz/private/

rsync clone

• make clone of directory 2009-05-11 22:20
• added --sparse 2009-10-26 13:01

#!/bin/sh -x

rsync -ravH --numeric-ids --sparse --delete $*

screen

install

• install screen 2009-09-01 16:27

apt-get install screen

screen sharing

create student

• add student user for screen sharing 2009-09-01 16:57

useradd -d `pwd`/student -s `pwd`/student/screen.sh student

screen sharing perms

• setup screen suid and tweak /var/tun/screen to allow screen sharing 2009-09-01 16:58

chmod u+s /usr/bin/screen
chmod 755 /var/run/screen

screen restore perms

• restore screen permissions 2009-09-01 16:58

chmod 755 /var/run/screen
chmod 2755 /usr/bin/screen

Makefile

• make screen - to start shared session make test - to connect student@localhost 2009-09-01 17:06

screen:
	sudo sh -x 2.screen-sharing-perms
	sudo -u dpavlin xterm +rv -n perl -e screen -S perl -c screenrc &

test:
	xterm -fg grey -e ssh student@localhost &

screenrc

• add student to shared screen without write permission to create read-only session view 2009-09-01 17:03

multiuser on
acladd student
#aclchg student -w "#"
aclumask student-w

screen sharing student

screen

• student home directory with shell which attaches to shared screen session 2009-09-01 16:59

#!/bin/sh

exec screen -x dpavlin/perl

smtp

install

• test SMTP server with swaks 2009-08-24 18:41

apt-get install swaks

ssh

ssh login without password

generate root ssh key

• how to deploy this cookbook 2009-04-30 22:16
• move ssh root key generation into ssh recepie 2009-05-01 13:19
• don't ask for ssh key filename 2009-05-16 12:36

root@opl:~# test -f /root/.ssh/id_rsa || ssh-keygen -f /root/.ssh/id_rsa -N ''

copy root identity

• how to deploy this cookbook 2009-04-30 22:16
• moved copy root identity 2009-05-01 13:54

root@opl:~# ssh-copy-id -i /root/.ssh/id_rsa llin

strace

strace count

• count syscalls using strace 2009-05-02 12:27

#!/bin/sh -x

trace=/tmp/strace
strace -c -o $trace $* && ls -al $trace && cat $trace

systemtap

kernel source

• rebuild Debian kernel to support systemtap 2010-02-17 14:13

apt-get install linux-source-`uname -r | cut -d\- -f1` kernel-package fakeroot

kernel build

• rebuild Debian kernel to support systemtap 2010-02-17 14:13

r=`uname -r | cut -d\- -f1`
cd /usr/src
test -d linux-source-$r || tar xjf linux-source-$r.tar.bz2
cd linux-source-$r
cat /boot/config-`uname -r` | sed \
	-e  's/^# CONFIG_DEBUG_INFO.*/CONFIG_DEBUG_INFO=y/' \
	-e  's/^# CONFIG_KPROBES.*/CONFIG_KPROBES=y/' \
	> .config
make oldconfig
fakeroot make-kpkg --initrd --append-to-version=-systemtap kernel_image kernel_headers kernel_debug

vblade

client install

• added first vblade example 2009-08-17 21:00

apt-get install aoetools

server install

• added first vblade example 2009-08-17 21:00

apt-get install vblade

aoe module

• added first vblade example 2009-08-17 21:00

rmmod aoe
modprobe aoe aoe_iflist="eth0 virtual"
dmesg | tail -1

client info

• added first vblade example 2009-08-17 21:00

aoe-discover
aoe-stat

server lvblade

• added first vblade example 2009-08-17 21:00

aoe-interfaces eth0
vblade 0 1 eth0 /dev/vg/lvblade

vde2

install

• few vde2 kvm hints from http://faiwiki.informatik.uni-koeln.de/index.php/Local_testing_with_KVM%2C_VDE_and_dnsmasq 2009-07-26 02:21

apt-get install vde2

append /etc/network/interfaces

• few vde2 kvm hints from http://faiwiki.informatik.uni-koeln.de/index.php/Local_testing_with_KVM%2C_VDE_and_dnsmasq 2009-07-26 02:21

iface tap0 inet static
  address 172.25.25.1
  netmask 255.255.255.0
  vde2-switch -

add to group vde2 net

• few vde2 kvm hints from http://faiwiki.informatik.uni-koeln.de/index.php/Local_testing_with_KVM%2C_VDE_and_dnsmasq 2009-07-26 02:21

#!/bin/sh -x

USER=$1
usermod -a -G vde2-net $USER

eth0 nat

• few vde2 kvm hints from http://faiwiki.informatik.uni-koeln.de/index.php/Local_testing_with_KVM%2C_VDE_and_dnsmasq 2009-07-26 02:21

#!/bin/sh -x

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

kvm

• few vde2 kvm hints from http://faiwiki.informatik.uni-koeln.de/index.php/Local_testing_with_KVM%2C_VDE_and_dnsmasq 2009-07-26 02:21

#!/bin/sh

#kvm-img create -f qcow2 faitest.img 5G
vdeq kvm -m 256 -net nic,vlan=1 -net vde,vlan=1,sock=/var/run/vde2/tap0.ctl/ctl -boot n # -hda faitest.img

vde2 virtualnetmanager

build deb

• build Debian package for Virtual NetworkManager from http://wiki.virtualsquare.org/index.php/VirtualNetManager 2009-08-10 23:41

#!/bin/sh -x

test -d trunk && cd trunk && svn update || svn co https://virtualnetmgr.svn.sourceforge.net/svnroot/virtualnetmgr/trunk && cd trunk
sudo checkinstall --requires graphviz --requires python --pkgname virtualnetmanager ./install.sh

vim

install

• added syntax hightlight to vim 2009-05-01 14:09

root@opl:~# apt-get -y install vim

create /home/dpavlin/

• added syntax hightlight to vim 2009-05-01 14:09

syntax on

web

stress test http

• stress test web server by sending it /usr/share/dict/words 2009-05-02 14:07
• use only words which have only a-z in them 2009-05-12 15:51

url='http://10.60.0.17:81/cgi-bin/koha/opac-search.pl?idx=&q='
cat /usr/share/dict/words | grep '^[a-z]*$' | xargs -i time wget -O /dev/null $url{}

yukon

install

• added yukon, OpenGL video capturing framework https://devel.neopsis.com/projects/yukon/ 2009-10-22 15:19

sudo apt-get install libx11-dev libxv-dev x11proto-xext-dev mesa-common-dev libgl1-mesa-dev

checkout

• added yukon, OpenGL video capturing framework https://devel.neopsis.com/projects/yukon/ 2009-10-22 15:19

svn co https://devel.neopsis.com/svn/seom/branches/packetized-stream seom
svn co https://devel.neopsis.com/svn/yukon/branches/rewrite yukon

README

• added yukon, OpenGL video capturing framework https://devel.neopsis.com/projects/yukon/ 2009-10-22 15:19

Yukon is a set of libraries and applications that are designed to capture
realtime videos of OpenGL applications (games).

https://devel.neopsis.com/projects/yukon/

zfs

install

• ZFS on Linux using zfs-fuse 2009-04-30 18:23

root@opl:~# apt-get install libfuse2 fuse-utils libaio1

root@opl:~# dpkg -i zfs-fuse_20090430-1_i386.deb 
Selecting previously deselected package zfs-fuse.
(Reading database ... 21076 files and directories currently installed.)
Unpacking zfs-fuse (from zfs-fuse_20090430-1_i386.deb) ...
Setting up zfs-fuse (20090430-1) ...

create pool

• ZFS on Linux using zfs-fuse 2009-04-30 18:23
• added link to documentation 2009-05-01 12:35

# http://docs.sun.com/app/docs/doc/819-5461/gaynr?a=view

root@opl:~# lvcreate -n zfs -L 100G raid0
  Logical volume "zfs" created

root@opl:~# zpool create zfs /dev/raid0/zfs

root@opl:~# zpool list
NAME   SIZE   USED  AVAIL    CAP  HEALTH  ALTROOT
zfs   99.5G  6.92G  92.6G     6%  ONLINE  -

create file system

• create zfs file system 2009-04-30 20:45

root@opl:~# zfs create zfs/vz

root@opl:~# zfs list /zfs/vz
NAME     USED  AVAIL  REFER  MOUNTPOINT
zfs/vz  72.2G  18.8G  72.2G  /zfs/vz

create compressed file system

• create compressed zfs file system 2009-05-01 12:13

# http://docs.sun.com/app/docs/doc/819-5461/gayns?a=view

root@opl:~# zfs create zfs/install

root@opl:~# zfs set compression=on zfs/install

root@opl:~# zfs list zfs/install
NAME          USED  AVAIL  REFER  MOUNTPOINT
zfs/install    18K  18.8G    18K  /zfs/install

attach device

• attach new device to zfs pool and turn it into mirror 2009-04-30 23:15

root@opl:/srv/sysadmin-cookbook/recepies/zfs# fdisk -l /dev/nbd0

Disk /dev/nbd0: 250.0 GB, 250000000000 bytes
255 heads, 63 sectors/track, 30394 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

     Device Boot      Start         End      Blocks   Id  System
/dev/nbd0p1               1       13374   107426623+  83  Linux


root@opl:~# zpool status
  pool: zfs
 state: ONLINE
 scrub: scrub completed after 0h19m with 0 errors on Thu Apr 30 22:46:09 2009
config:

        NAME         STATE     READ WRITE CKSUM
        zfs          ONLINE       0     0     0
          raid0/zfs  ONLINE       0     0     0

errors: No known data errors


root@opl:~# zpool attach zfs /dev/raid0/zfs /dev/nbd0p1

root@opl:~# zpool status
  pool: zfs
 state: ONLINE
status: One or more devices is currently being resilvered.  The pool will
	continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
 scrub: resilver in progress for 0h2m, 3.47% done, 1h5m to go
config:

	NAME           STATE     READ WRITE CKSUM
	zfs            ONLINE       0     0     0
	  mirror       ONLINE       0     0     0
	    raid0/zfs  ONLINE       0     0     0
	    nbd0p1     ONLINE       0     0     0

errors: No known data errors

create snapshot

• create zfs snapshot 2009-05-01 12:43

# http://docs.sun.com/app/docs/doc/819-5461/gbcya?a=view

root@opl:~# zfs snapshot zfs/vz@`date +%Y-%m-%d_%H:%M:%S`

root@opl:~# zfs list
NAME                         USED  AVAIL  REFER  MOUNTPOINT
zfs                         85.5G  12.4G  6.92G  /zfs
zfs/install                 6.40G  12.4G  6.40G  /zfs/install
zfs/vz                      72.2G  12.4G  72.2G  /zfs/vz
zfs/vz@2009-05-01_14:41:50      0      -  72.2G  -

create writable clone

• create writable clone from snapshot 2009-05-01 19:59

root@opl:/zfs/vz# zfs clone zfs/vz@60017 zfs/vz-60017-clone

root@opl:/zfs/vz# zfs list /zfs/vz-60017-clone
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zfs/vz-60017-clone      0  88.2G  73.1G  /zfs/vz-60017-clone

nc zfs receive

• receive zfs snapshot over netcat 2009-05-05 22:21

root@opl:~# nc -l -p 8888 | dd_rescue - - | zfs receive opl/backup/212052

nc zfs send

• send zfs snapshot over netcat 2009-05-05 22:22

root@opr:/etc/vz/conf# zfs send opr/vz/private/212052@2009-05-01 | dd_rescue - - | nc -w 1 10.60.0.90 8888

create /etc/cron.d/zfs cron backup

• example of cron job to do daily backup 2009-05-17 18:26

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user	command
15 21	* * *	root	/srv/sysadmin-cookbook/recepies/zfs/pull-snapshot-backup.sh

append /etc/rc

• start zfs-fuse on boot and mount filesystems 2009-05-19 18:28
• zpool also needs full path 2009-05-19 18:52

echo -n "Starting ZFS-fuse: "
pidof zfs-fuse || (
	/usr/local/sbin/zfs-fuse && sleep 1 && /usr/local/sbin/zfs mount -a && /usr/local/sbin/zpool status -x
)

Makefile

• checkout source and build zfs-fuse debian package 2009-05-03 14:13
• added clean 2009-05-17 12:51
• clone new upstream branch 2009-08-10 23:36
• new upstream 2009-08-14 19:23

# use newer zfs-fuse branch

#upstream=http://www.wizy.org/mercurial/zfs-fuse/trunk
upstream=http://git.rudd-o.com/zfs/

all:
	echo "make [checkout deb clean]"

checkout:
	hg clone $(upstream) zfs-fuse

install: uninstall
	cd zfs-fuse/src && scons install #install_dir=/usr/sbin/

uninstall:
	rm -vf /usr/local/sbin/zdb /usr/local/sbin/ztest /usr/local/sbin/zpool /usr/local/sbin/zfs /usr/local/sbin/zfs-fuse

deb: uninstall
	echo "ZFS on FUSE/Linux" > zfs-fuse/description-pak
	echo "install:" > zfs-fuse/Makefile
	echo "	cd src && scons install" >> zfs-fuse/Makefile
	cd zfs-fuse && sudo checkinstall \
		--pkgname zfs-fuse --pkgversion `hg log --limit 1 | cut -d: -f2 | head -1` \
		--pkglicense CDDL --pkggroup contrib/non-free \
		--pkgsource $(upstream) --maintainer dpavlin@rot13.org \
		--provides zfs --requires libfuse2,fuse-utils,libaio1 \
		--exclude /rest/cvs/zfs-fuse/src/.sconsign.dblite \

depends:
	sudo apt-get install checkinstall libfuse-dev fuse-utils libaio-dev

clean:
	rm -Rf zfs-fuse/

README

• point to new upstream http://git.rudd-o.com/zfs/ 2009-08-10 23:42

Upstream source with fixes: http://git.rudd-o.com/zfs/

zfs enlarge pool

attach block device to pool ../../lvm/lvcreate

• steps to enlarge pool 2009-05-01 15:50

root@opl:/srv/sysadmin-cookbook/recepies/lvm# zpool status
  pool: zfs
 state: ONLINE
 scrub: resilver completed after 0h45m with 0 errors on Fri May  1 01:56:58 2009
config:

        NAME           STATE     READ WRITE CKSUM
        zfs            ONLINE       0     0     0
          mirror       ONLINE       0     0     0
            raid0/zfs  ONLINE       0     0     0
            nbd0p1     ONLINE       0     0     0

root@opl:/srv/sysadmin-cookbook/recepies/lvm# zpool attach zfs /dev/raid0/zfs /dev/raid0/zfs-200

root@opl:/srv/sysadmin-cookbook/recepies/zfs/enlarge-pool# zpool status zfs
  pool: zfs
 state: ONLINE
status: One or more devices is currently being resilvered.  The pool will
        continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
 scrub: resilver in progress for 0h6m, 10.14% done, 1h0m to go
config:

        NAME               STATE     READ WRITE CKSUM
        zfs                ONLINE       0     0     0
          mirror           ONLINE       0     0     0
            raid0/zfs      ONLINE       0     0     0
            nbd0p1         ONLINE       0     0     0
            raid0/zfs-200  ONLINE       0     0     0

errors: No known data errors

detach old block device

• steps to enlarge pool 2009-05-01 15:50
• this step is optional but will move read load from local block device to network mirror device 2009-05-01 15:52

# this step is optional but will move read load from local block device to network mirror device

root@opl:/srv/sysadmin-cookbook/recepies/zfs/enlarge-pool# zpool detach zfs /dev/raid0/zfs

root@opl:/srv/sysadmin-cookbook/recepies/zfs/enlarge-pool# zpool status
  pool: zfs
 state: ONLINE
status: One or more devices is currently being resilvered.  The pool will
        continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
 scrub: resilver in progress for 0h0m, 0.00% done, 265h17m to go
config:

        NAME               STATE     READ WRITE CKSUM
        zfs                ONLINE       0     0     0
          mirror           ONLINE       0     0     0
            nbd0p1         ONLINE       0     0     0
            raid0/zfs-200  ONLINE       0     0     0

errors: No known data errors

remove small remote block device

• detach small block device from pool so it get enlarged 2009-05-01 16:23

root@opl:~# zfs list
NAME                         USED  AVAIL  REFER  MOUNTPOINT
zfs                         97.7G   288M    22K  /zfs
zfs/install                 6.40G   288M  6.40G  /zfs/install
zfs/vz                      91.3G   288M  72.8G  /zfs/vz
zfs/vz@2009-05-01_14:41:50  18.5G      -  72.2G  -


root@opl:~# zpool status
  pool: zfs
 state: ONLINE
 scrub: resilver completed after 0h28m with 0 errors on Fri May  1 18:13:31 2009
config:

        NAME               STATE     READ WRITE CKSUM
        zfs                ONLINE       0     0     0
          mirror           ONLINE       0     0     0
            nbd0p1         ONLINE       0     0     0
            raid0/zfs-200  ONLINE       0     0     0

errors: No known data errors


root@opl:~# zpool detach zfs nbd0p1


root@opl:~# zpool status
  pool: zfs
 state: ONLINE
 scrub: resilver completed after 0h28m with 0 errors on Fri May  1 18:13:31 2009
config:

        NAME             STATE     READ WRITE CKSUM
        zfs              ONLINE       0     0     0
          raid0/zfs-200  ONLINE       0     0     0

errors: No known data errors


root@opl:~# zfs list
NAME                         USED  AVAIL  REFER  MOUNTPOINT
zfs                         97.7G  98.7G    22K  /zfs
zfs/install                 6.40G  98.7G  6.40G  /zfs/install
zfs/vz                      91.3G  98.7G  72.8G  /zfs/vz
zfs/vz@2009-05-01_14:41:50  18.5G      -  72.2G  -
r

pull snapshot backup

• pull files over rsync from lvm snapshot 2009-05-10 13:01
• delete files which are removed at source location 2009-05-10 13:43
• added --numeric-ids to preserve ownership 2009-05-11 17:13
• extract rsync into function 2009-05-17 12:45
• use current pool on system, compress rsync 2009-05-17 15:26
• create /pool/backup/veid filesystem if it doesn't exist 2009-05-30 12:27
• added --exclude of some temporary files 2009-09-30 12:06

#!/bin/sh -x

from=koha-hw.ffzg.hr
date=`date +%Y-%m-%d`
pool=`zpool list -o name -H`
log=/$pool/log/
exclude='--exclude var/cache --exclude var/lib/koha/zebradb/biblios --exclude data/webpac2/var/'

test -d $log || mkdir $log || exit

function rsync_veid() {
	test -d /$pool/backup/$1 || zfs create $pool/backup/$1 || exit
	echo "## rsync $1"
	rsync $exclude -ravHz --numeric-ids --delete --force --modify-window=2 $from:/mnt/vz-backup/private/$1/ /$pool/backup/$1/ && zfs snapshot $pool/backup/$1@$date
}

(
zfs list -r $pool/backup
ssh $from 'sync && sync && lvcreate -s -L 10G -n vz-backup /dev/vg/vz && mount /dev/vg/vz-backup /mnt/vz-backup/' || exit
rsync_veid 212226
rsync_veid 212052
rsync_veid 212056
ssh $from 'umount /mnt/vz-backup/ && lvremove -f /dev/vg/vz-backup'
zfs list -r $pool/backup
2>&1 ) | tee -a $log/$date.log

zfs expire snapshot

• calculate age of snapshot in days 2009-06-06 13:21
• expire snapshots 2009-06-06 16:56
• added multiple rules for each snapshot in backup 2009-06-25 11:07
• fixed multiple expiration rules by sorting them 2009-07-09 10:14

#!/usr/bin/perl

use warnings;
use strict;

use DateTime;
use Data::Dump qw/dump/;

my $debug = 0;

my $config = {
	'default' => {
		21 => 5,
		30 => 10,
		60 => 30,
	},
	'212052' => {	# koha-dev
		7 => 10,
		14 => 30,
	},
	'212056' => {	# webpac2
		7 => 5,
	}
};

my $now = DateTime->now();

my $last_backup;

open(my $fs, '-|', 'zfs list -H');
while(<$fs>) {
	chomp;
	my ( $name, $used, $avail, $refer, $mountpoint ) = split(/\t/,$_,6);

	next unless $name =~ m{(.+)@(\d\d\d\d)-(\d\d)-(\d\d)};

	my $host = $1;

	my $date = DateTime->new( year => $2, month => $3, day => $4 );

	my $age = $now->delta_days( $date )->delta_days;

	my $op = ' ';
	my $last = 0;

	my $c = (grep { $host =~ m{\Q$_\E} } keys %$config)[0];
	$c = 'default' unless defined $c;

	warn "# config: $c\n" if $debug;

	my $h = $host;
	$h =~ s{,+/([^/]+)$}{}; # just hostname without path

	$c = $config->{$c} || die "can't find config for $c";

	warn "# c = ",dump($c) if $debug;

	my $keep_every_days;
	my $older_than_days;
	foreach ( sort keys %$c ) {
		$older_than_days = $_;
		$keep_every_days = $c->{$_};
		warn "## $host $age > $older_than_days" if $debug;
		last if $age > $older_than_days;
	}

	my $config_applied = '';

	if ( $age > $older_than_days ) {

		$config_applied = "> $older_than_days keep $keep_every_days";

		$last_backup->{$host} ||= $date;
		$last = $last_backup->{$host}->delta_days( $date )->delta_days;

		if ( $last && $last < $keep_every_days ) {
			$op = 'D';
		} else {
			$op = ' ';
			$last_backup->{$host} = $date;
		}
	} else {
		$config_applied = 'none';
	}

	print "$op $name\t$used\t$refer\t$age\t$last\t$config_applied\n";

	system "zfs destroy $name" if $op eq 'D' && @ARGV;
}

zfs receive snaphost

• receive snapshot from other host using nc for low overhead 2009-07-23 23:26

#!/bin/sh -x

from=10.60.0.90

fs=`ssh $from zfs list -t snapshot | grep @ | iselect -t "select snapshot to pull" -a | sed 's/ .*$//'`

if [ -z "$fs" ] ; then
	exit;
fi

veid=`echo $fs | cut -d/ -f3 | cut -d@ -f1`
date=`echo $fs | cut -d/ -f3 | cut -d@ -f2`
pool=`echo $fs | cut -d/ -f1`

echo "pull $pool / $veid @ $date"

local=`zfs list | grep $veid | cut -d" " -f1`

if [ -z "$local" ] ; then
	local_pool=`zfs list | grep /backup/ | head -1 | cut -d/ -f1`
	local="$local_pool/backup/$veid"
	zfs create $local || exit
fi

echo "clone $fs -- $veid to $local";

ssh $from "zfs send $fs | nc -w 5 -l -p 8888" &
sleep 1

nc $from 8888 | dd_rescue -w -y 0 -l /tmp/$veid@$data.log - - | zfs receive -F $local && zfs snapshot $local@$date

zfs list -t snapshot | grep $veid

zfs send snapshot

• send snapshot using netcat with nice info using dd_rescue 2009-06-18 12:56
• dd_rescue don't like sync on stdin/stdout 2009-06-18 13:07

#!/bin/sh -x

fs=`zfs list | grep @ | iselect -t "select snapshot to send over netcat $veid" -a | sed 's/ .*$//'`

if [ -z "$fs" ] ; then
	exit;
fi

nopool=`echo $fs | cut -d/ -f2-`

ip=`ifconfig | awk '/inet addr/ {split ($2,A,":"); print A[2]}' | grep -v 127.0.0.1 | head -1`

echo -e "\n\nStart receiving side with:\n\nnc -w 5 $ip 8888 | dd_rescue -y 0 - - | zfs receive \`hostname\`/$nopool\n\n"

zfs send $fs | dd_rescue -y 0 - - | nc -l -p 8888

zfs snapshot to ve

• select zfs snapshot to turn into OpenVZ container 2009-05-10 13:01
• deduce pool name from name of snapshot 2009-05-10 13:43
• list clone filesystem so that destroy can find it, display available OpenVZ VEs on the end 2009-05-16 12:35
• use configured veid all over 2009-06-06 16:57

#!/bin/sh -x

veid=60018

fs=`zfs list | grep @ | iselect -t "select snapshot to clone into $veid" -a | sed 's/ .*$//'`

if [ -z "$fs" ] ; then
	exit;
fi

orig=`echo $fs | cut -d/ -f3 | cut -d@ -f1`
pool=`echo $fs | cut -d/ -f1`

echo "clone $fs -- $orig to $veid";

clone=$pool/clone/$orig-$veid

vzctl stop $veid && (
	umount /$clone
	zfs list | grep ^$clone
	zfs destroy $clone
)

zfs clone $fs $pool/clone/$orig-$veid

vzctl start $veid

vzlist -a