Working with Linux is just art. It is unbelievable how creative one can be using it, something I bet you will never find with this kind of flexibility somewhere*windows*cough*else.
The prerequisites: you need to realize that 99% of the things you do by hand in Linux you can actually automate.
I’ve running an old SME Server (mail server with webgui) distribution on an even older hardware. A hard disc already died in the past, wiping out everything. The next outage is around the corner, I know it. We have contracted replacement for the server, but it may still take another month or two until it will be there. In the meantime, I cannot afford loosing the mail server.
First step: what do I want?
We purchased the Primergy RX200 S3 Killer and I want the mail serer to run in the Primergy. But not as a primary service: as a vserver.
This below roughly outlines the steps I had to go through, some with explanations why:
- Create the new vserver which will hold your new machine
- Get all the files from the remote machine on the local machine, using rsync
rsync -avz --numeric-ids --delete --exclude-from=1exclude-files.txt -e ssh root@mail:/ 10.16.0.3-mail/
Important factor: use --numeric-ids or you get translated ID numbers of file ownership and groups which won’t work
- Have a second copy of the rsyncd data on the new system
I need to make modifications, the system won’t work out of the box. Modification deals mostly with IP address changes, fstab etc, see below. Important: this one goes right into your vservers vdir. This will potentially destroy your dev/ and proc/ dirs and need to be restored.
- Change into vserver/etc/ and replace all occurrences of the old IP address:
perl -p -i -e 's;OLDIP;NEWIP;g' `find -type f|xargs grep -l OLDIP |grep -v cdb`
In my case I also needed to exclude those binary cdb files
- Comment out every line in /etc/fstab:
perl -p -i -e 's;^([^#].*);# $1;g' fstab
- SME Server uses runlevel 7 which is not support by util-vserver at the moment.
Workaround: vserver by default start into runlevel 3. Modify runlevel 3 in SME to be runlevel 7:
mv rc3.d rc3.disabled
ln -s rc.d/rc7.d rc3.d
- Disable some services I don’t need:
rm rc3.d/S25keytable
rm rc3.d/S37network
rm rc3.d/S91atalk
rm rc3.d/S91smb
- SME server also has one essential service, svscan, it starts from init and thus this service is defined in inittab:
sv:7:respawn:/usr/bin/env - PATH=/usr/local/bin:$PATH /usr/local/bin/svscan /service &
Because vserver doesn’t run init, the process doesn’t get executed. A quick (and probably very bad) solution is to have it started as first service in runlevel 3:
echo -e '#!/bin/bash\nPATH=/usr/local/bin:$PATH /usr/local/bin/svscan /service &' | sed 's;\\;;g' < rc3.d/S01svscan
chmod 755 rc3.d/S01svscan
Now, that’s it. I now was able to start the vserver and everything was up and running. Automated. Awesome.
July 13th, 2007
Since I’ve the bad habit of running multiple Linux installation on my hardware with chroot, I could be using vserver as well anyway.
First, why virtualizing anyway? Buy big fat hardware and consolidate services. Use less hardware and run more services on it. We’re getting a new development machine in our company shortly and we need a real working infrastructure:
- pure development machine
- experimental testing machine
- at least one but better more staging/QA machines
- provide stable services inside the company like:
- Wiki/Intranet
- Possible a Webmail-Server
Another important point is flexibility: I can move around vserver from one hardware to another if I have to. For me this is an unbeatable feature. Just think about what happens if the hardware shows its age and you need to acquire a new one: install everything from scratch again? Definitely not. But lets get started.
Today I gave it a first shot with Debian sarge and went quite smooth. When I started experimenting a day ago I didn’t realized that I was having backparts.org in my apt sources.list which is quite important: no backports, no ready-made vserver kernel images, no tools, etc. ;) Here’s the line I’m using in my host system:
deb http://www.backports.org/debian/ sarge-backports main contrib non-free
Continuing here I consulted various sources on how to get started, the most helpful which I reference here:
My experience is a result from all sources, reading through them and then finally started testing.
First I completely did not understand how the networking is meant to be set up, a few sites mentioned messing around with ipfilter but I tried to get away with this tool first because, from my simple perspective, I just wanted to run a vserver on a dedicated IP in my private network. Period.
I started with the following command:
vserver vserv00 build -m debootstrap --hostname vserver00.home --netdev eth1 --interface v00=192.168.1.10/24 --context 100 -- -d etch -m http://ftp.at.debian.org/debian
This command tells vserver to set up a new vserver, use the debootstrap mechanism, configure the vservers FQDN to be vserver00.home, use the hosts eth1 device, create a new interface v00 for this vserver and assign it Ip 192.168.1.10 in the 255.255.255.0 network (that’s the 24 CIDR directive). I’m not yet sure about the context number, it seems every vserver needs one and it must be unique. Not yet sure if the number affects some kind of priority.
This runs the debootstrap installation and thus downloads all necessary packages. Once done, you can start your vserver and enter it:
vserver vserv00 start
vserver vserv00 enter
I frequently get an error message like this when entering which I just ignore for now:
# vserver vserv00 entermesg: /dev/pts/2: Operation not permitted
Inside the vserver the sources.list is just the bare minimum. I quickly replaced it with the following:
deb http://ftp.at.debian.org/debian/ etch main non-free contribdeb-src http://ftp.at.debian.org/debian/ etch main non-free contribdeb http://security.debian.org/ etch/updates main contrib non-free
and ran through the complete dselect update/upgrade mechanism.
Enjoy :)
Update: the context is just a unique ID and doesn’t influence any kind of priority. Also, the error message
mesg: /dev/pts/2: Operation not permitted went away once I had a real system running inside.
Update 2: I’ve to admin: vserver is an awesome application/kernel extension. I successfully migrated my first long-runing chroot installation (been using over four years) to vserver and still runs. I had to make some adjustments, mainly the IP address changes of the new vserver and that syslog-ng cannot read /proc/kmsg (which isn’t a problem, actually) and make sure that the server gets started by default and that was it. Damn, this thing is so hot.
June 18th, 2007
Basically, follow the steps outlined at http://www.bpfh.net/simes/computing/chroot-break.html and you’re done.
The reason I wrote this is that I accidentally locked myself out of my hardware system installation. I had SSH access to one of the chroot systems running on the same machine but because I changed some SSHD settings on the hardware system I forgot to properly start SSHD again. The above document really gives an idiots guide to break out of the chroot and once the syntax error in line 62 is fixed (maybe it’s on purpose?) you end up with a shell outside the chroot. Luckily, in my case.
June 17th, 2007
A few days ago I switched to a new power supply. I switched on the server and let him ran for hours when I suddenly realized that the computer hung. It was always in combination with data transfers over the network. Since the primary reason of the server is file storage on my network via Samba I started out with investigation what could cause this by googling around.
I eventually found this thread (in German) which mentions the via rhine chipset and problems with the power management implementation in Linux. After trying out various combinations I finally found the one which did not lock up the computer until now:
acpi=off pci=noacpi noapic
After some time again I’ve upgraded to 2.6.16 because I needed to get the rt2005 drivers to run (for my not yet purchased wireless pci card, I always prefer to make sure I can compile drivers before I buy hardware) because they didn’t work with 2.6.8. On the new kernel I only appended the noapic kernel parameter and everything worked smooth.
What surprises me completely is that this problem started to occur after I changed the power supply. To me nothing which warrants anything related to the change I need.
January 29th, 2007
Now this is what I really call retro: a side hosting classic Amiga games reviews.
They’re having articles from the following magazines: Amiga Computer, Amiga Power, Amiga Format, CU, Amiga Joker, Zero and Zzap! Currently they host more than 3000 reviews of nearly 2000 games. Awesome!
January 21st, 2007
It’s one of those days. Yes, exactly. I was installing software for evaluation on Windows when it happened at least three times to me that I didn’t see the last screen during the installation of this software because right in the second the screen came up I was writing text in another application and pressing either Return or Escape. They keystroke got received by the installers last screen and disappeared; right before I could read anything.
I really hate this.
This also happened to me the other day with a web-based newsletter application I was using. The application had opened a popup with a textarea which got updated every time there was something to report, like invalid email addresses. Every time the textarea got updated, the popup window received focus.
Guess what? I was happily surfing in FF the other time and closing some tabs with CTRL-W when out of a sudden the newsletter application grabbed the focus and, you guessed it, I was closing the popup which sends the newsletter out. Oh, did I mention that having this popup open was vital for sending the newsletter, i.e. closing the popup would stop sending the newsletter?
I complained immediately to the software company which admitted the problem but was unable to fix this because “that’s the way internet explorer works, try FF”. Ok, so I’m stupid, right, because I didn’t use FF? Learned another lesson, man.
Application developers should taken away the right to grab focus and bring out a window to the front which automatically grabs keyboard actions. It’s ridiculous.
Btw, I updated my blogs’ theme. Why is it so … spare? a) because most people today use some kind of RSS reader software anywhere and since I publish my articles as a whole there’s no need to visit the page and b) because I’m no designer, I don’t like the existing designs and don’t want to be just another copy of a theme. It’s basically a rip-off of Asa Dotzlers blog at the moment; sorry for that :-)
January 5th, 2007
I received my copy of Gothic 3 yesterday and because I’m currently moving to another flat I could only test it on my company IBM Z60 laptop. Unfortunately there’s a very annoying behaviour of Gothic 3: it forces the numlock to always be on! It completely ignores the user choice. On my laptop this is a problem because I don’t have a separate numeric block but they get maped over the regular alpha keyboards, which means that now in gothic I don’t have the keys m, j, k, etc. but they are numbers 0, 1, …
Which means that for example I can’t press the M key, because it is actually 0, which means jumping on the numeric one.
I crawled the ini files but didn’t find anything hinting that this behaviour can be disabled. I don’t understand what developers sometimes have at their mind. I sincerly hope that they issue a patch either removing this horrible thing or at least provide an ini setting for it.
October 14th, 2006
Lately I’ve been banging my head against my keyboard because of a double event assigning bug I expirienced when using Behaviour from Ben Nolan.
Tracking done the beast I found that the class pattern matching in Behaviour, which is done through the getElementsBySelector implementation from Simon Willison, uses word boundary matching which I think is not the most suitable solutation for this.
My selector looked like .menu and unfortunately it also did match div class="menu-selector" in my code. This is because a dash also counts as word boundary when using Javascript \b pattern.
I modified the class matching regular expression do the following
'(^|\s)' + className + '($|\s)'
and this did work very well for me.
I’m currently trying to contact Simon Willison about his opinion whether this change is a good idea or not, I’ll update this post once I’ve received feedback.
October 9th, 2006
Take this example screenshot I made on my system (warning: resolution is 2880×900):
Side by side: Left: Internet Explorer with ads, right: Firefox with Adblock
Question: Do you see the difference?
The thing is, at least for me, I know advertisement is a necessary business. But come on, this is way to obtrusive.
October 4th, 2006
I’ve hacked together a little PHP script which allows to filter mysql log files for sql statements issued by specific users.
Basic usage:
php mysqltail.php /var/log/mysql.log userToFilter [orOtherUser]
It can also be used to pipe an existing logfile:
cat mysql.log | php mysqltail.php - userToFilter
Download: http://markus.fischer.name/lab/php/mysqltail.php.txt
September 19th, 2006
Next Posts
Previous Posts