Archive for the ‘sysadmin’ Category

Live migration to RAID-1

Sunday, November 8th, 2009

I've blogged about using md with lvm before. This weekend I came to appreciate it even more when I migrated a live system from single disk to RAID-1 without needing to unmount or reboot. Here's the overview of the steps I used:

  1. Create a RAID-1 on the second disk (sdb). It's initially degraded, meaning that even though we're accessing it as md0, there's only one disk in the array.
  2. Migrate data from the first disk (sda) to the newly-created md0.
  3. Now that sda is freed up, add it to the array to make it a mirror.

Reviewing my system inventory, I have two 500G disks but I'm only using one of them, hosting logical volumes for root, swap, four nfsroots, and two (running) KVM virtual machines. Apart from the large partition holding the logical volumes, I also have a couple small partitions for Windows 7 (I don't actually use it but it's there in case I need to call for warranty support). The other disk is blank and idle. I installed it some time back when I had the machine powered off, though I could have attached it with eSATA to avoid even that interruption.

Here's the partition table from that first disk:

$ sudo parted /dev/sda
(parted) unit kB
(parted) print
Model: ATA WDC WD5000AAKS-6 (scsi)
Disk /dev/sda: 500107862kB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start       End          Size         Type      File system  Flags
 1      1049kB      6443500kB    6442451kB    primary   ntfs         boot
 2      6443500kB   46443500kB   40000000kB   primary   ntfs
 3      46448156kB  47443415kB   995259kB     primary   ext3
 4      47443415kB  500105249kB  452661834kB  extended
 5      47443447kB  500105249kB  452661802kB  logical                lvm

and here's the volume groups and logical volumes, annotated a bit:

$ sudo vgs
  VG   #PV #LV #SN Attr   VSize   VFree
  vg0    1  10   0 wz--n- 421.57G 250.40G

$ sudo lvs
LV         VG   Attr   LSize
jabberwock vg0  -wi-ao  9.31G  # host root filesystem
swap       vg0  -wi-ao  1.86G  # host swap
jubjub     vg0  -wi-ao 20.00G  # jubjub VM disk
agriffis   vg0  -wi-ao 50.00G  # my $HOME, jubjub VM second disk
oliva      vg0  -wi-a- 20.00G  # oliva VM disk
amg        vg0  -wi-a- 50.00G  # Amy's $HOME, oliva VM second disk
nord       vg0  -wi-ao  5.00G  # thin client nfsroot
sud        vg0  -wi-ao  5.00G  # thin client nfsroot
parmigiano vg0  -wi-ao  5.00G  # thin client nfsroot
romano     vg0  -wi-ao  5.00G  # thin client nfsroot

For the partition listing, I used units of kB because that makes it easier to be sure the partitions are exactly the same size when I apply them to the second disk. I'll initially create the RAID-1 with only sdb5 (a degraded array), then later I'll add sda5 to md0 to make it a mirror. For this reason, it's important that the two partitions that will eventually make up md0 are exactly the same size.

Here's the application of that partition table to the second disk. Note I'm not going to actually use the first few partitions there, but I create them anyway for the sake of symmetry:

$ sudo parted /dev/sdb
(parted) unit kB
(parted) mklabel msdos
(parted) mkpart primary  1049kB     6443500kB
(parted) mkpart primary  6443500kB  46443500kB
(parted) mkpart primary  46448156kB 47443415kB
(parted) mkpart extended 47443415kB 500105249kB
(parted) mkpart logical  47443447kB 500105249kB
(parted) set 5 raid on
(parted) print
Model: ATA ST3500418AS (scsi)
Disk /dev/sdb: 500107862kB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start       End          Size         Type      File system  Flags
 1      1049kB      6443500kB    6442451kB    primary
 2      6443500kB   46443500kB   40000000kB   primary
 3      46448156kB  47443415kB   995259kB     primary
 4      47443415kB  500105249kB  452661834kB  extended               lba
 5      47443447kB  500105249kB  452661802kB  logical                raid

Now create the RAID-1 and extend the volume group to it:

$ sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb5 missing
$ sudo pvcreate /dev/md0
$ sudo vgextend vg0 /dev/md0

Move the data hosted on sda5 to md0. Note pvmove reports an error, but when I try to continue the operation, it reports that it's already done, so I don't think this is a real problem:

$ sudo pvmove /dev/sda5 /dev/md0
/dev/sda5: Moved: 99.9%
ABORTING: Can't find mirror LV in vg0 for /dev/sda5

$ sudo pvmove /dev/sda5 /dev/md0
No data to move for vg0

Now remove sda5 from the volume group and add it to md0:

$ sudo vgreduce vg0 /dev/sda5
$ sudo pvremove /dev/sda5
$ sudo parted /dev/sda set 5 lvm off set 5 raid on
$ sudo mdadm /dev/md0 --add /dev/sda5

And see that it's working:

$ cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda5[2] sdb5[0]
      442052416 blocks [2/1] [U_]
      [>....................]  recovery =  0.0% (288512/442052416)
      finish=153.1min speed=48085K/sec

Finally, add the info to the mdadm config and regenerate the initrd to make sure md0 is found when the system eventually reboots. I found that I had to remove the "metadata" tag from the generated config line, YMMV:

$ sudo mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf
ARRAY /dev/md0 level=raid1 num-devices=2 metadata=00.90 UUID=4aa66439:62c76598:cb06150d:d44aeb51
$ sudo vim /etc/mdadm/mdadm.conf  # to remove "metadata=00.90"
$ sudo update-initramfs -u -k all

All this without any interruption to the system operation!

Tags: , , ,
Posted in sysadmin | 3 Comments »

Firefox profiles on Ubuntu

Tuesday, June 10th, 2008

Running multiple simultaneous Firefox profiles is broken on Ubuntu. It works fine on Debian and Gentoo, among others. I don't know if the Ubuntu maintainer is refusing to fix it on the basis that it's an upstream problem, or if they just haven't looked at what the other distros are doing...

Anyway, it's pretty easy to fix with a /usr/local/bin/firefox wrapper:

#!/bin/bash
[[ " $*" == *" -P"* ]] && export MOZ_NO_REMOTE=1
exec /usr/bin/firefox "$@"

This prevents the binary from attempting to contact the running instance, which allows the -P and -ProfileManager options to work.

Tags: , ,
Posted in sysadmin | 1 Comment »

Ubuntu java plugin on Debian Lenny amd64

Thursday, March 27th, 2008

Things I tried today:

  • apt-get install sun-java6-jre; no plugin included
  • apt-get install sun-java5-jre; no plugin included
  • apt-get install ia32-sun-java6-bin nspluginwrapper; this combination doesn't work because Java uses the OJI plugin API instead of the NPAPI that nspluginwrapper supports
  • download various packages from java.sun.com and install them using make-jpkg; oddly, this doesn't change the fact that Sun's Java doesn't provide an amd64 plugin, duh!

Finally, thanks to Dave Medberry's suggestion, I downloaded the Ubuntu Blackdown amd64 package from http://packages.ubuntu.com/hardy/j2re1.4 and installed it directly with dpkg. The final manual step was:

sudo ln -s /usr/lib/j2se/1.4/jre/plugin/amd64/mozilla/libjavaplugin_oji.so \
    /usr/lib/iceweasel/plugins/

It might not be the latest version, but it works...!

Tags: , , ,
Posted in sysadmin | No Comments »

experimenting with vnc

Thursday, February 7th, 2008

My home setup consists of a server in the basement with thin clients in the upstairs office. I love this setup because it means the office is entirely solid state; no fans or disks to make noise. It's the ultimate silent PC.

Method 1: XDMCP

I typically don't run applications on the thin clients, rather I run an X server with -broadcast to get an XDMCP session from my server. From that point on, everything (gnome, window manager, browser, xterms, etc.) runs on the server with $DISPLAY pointing at the thin client. This is pretty simple to set up, just change gdm.conf on the server:

--- gdm.conf.dpkg-dist  2007-05-29 05:08:37.000000000 -0400
+++ gdm.conf    2008-02-07 09:56:42.000000000 -0500
@@ -59,2 +59,3 @@
 [xdmcp]
+Enable=true

@@ -74,2 +75,3 @@
 [servers]
+0=inactive

and on the thin client, in /etc/rc.local:

X -broadcast

Method 2: VNC

Running X remotely, even on a 100 Mbit network, can get slow. In particular, Firefox just crawls. Making a new tab (blank page), chug chug. Rendering pages, chug chug. It's plenty usable, and you can get used to it, but it's a shock to go back to a normal PC and see the speedup that local rendering buys. (Xterms, btw, are plenty fast on remote X because they're just sending characters to the server, which it then renders locally.)

So I started experimenting with VNC. To my delight, VNC restores Firefox's rendering speed. In fact, VNC is fast all around. I see some very minor latency in my xterms since they're now sending graphics over the link instead of characters, but it's barely a price to pay for the overall speedup.

Here's what I did to make this work. First install the server, apt-get install vnc4server, then create three entries in inetd.conf to correspond to the screens I have attached to the thin clients:

server # cat >> /etc/inetd.conf <<EOF
5910 stream tcp nowait nobody /usr/bin/Xvnc4 Xvnc4 -inetd \
  -depth 24 -geometry 1024x768 -fp tcp/oliva:7100 \
  -query localhost -once -securitytypes none
5912 stream tcp nowait nobody /usr/bin/Xvnc4 Xvnc4 -inetd \
  -depth 24 -geometry 1280x1024 -dpi 85 -fp tcp/oliva:7100 \
  -query localhost -once -securitytypes none
5919 stream tcp nowait nobody /usr/bin/Xvnc4 Xvnc4 -inetd \
  -depth 24 -geometry 1920x1200 -dpi 93 -fp tcp/oliva:7100 \
  -query localhost -once -securitytypes none
EOF
server # /etc/init.d/openbsd-inetd restart

On the thin client I apt-get install xvnc4viewer, then replace the -broadcast line in /etc/rc.local with:

# this corresponds to the 1920x1200 entry, suitable for a 24" LCD
xinit /usr/bin/xvnc4viewer -fullcolor -fullscreen server:5919

Still investigating...

Not everything is perfect using VNC. Here are a few problems I've run into:

  • caps-lock: I normally override caps-lock to be mod4 to control my window manager. It turns out that xvnc4viewer doesn't forward the caps-lock to Xvnc4, instead it's handled on the thin client's X server. That means that it can't be remapped inside the VNC session, instead I have to do it partly on the thin client:

    ssh t5710 "xmodmap -e 'remove lock = Caps_Lock' \
    -e 'keysym Caps_Lock = Super_R'

    then inside the VNC session:

    xmodmap -e 'add mod4 = Super_L Super_R'

  • mouse: My mouse has a bunch of buttons, which normally I can remap with xmodmap. With this setup, though, I only get 5 buttons (left, middle, right, scroll up, scroll down). I haven't figured out a workaround for this yet.

Tags:
Posted in sysadmin | No Comments »

encrypted /home

Monday, July 17th, 2006

I've done this now on a few systems, mostly laptops. My reasoning is that any data I care about (particularly email) are stored in my home directory. If the laptop were to get out of my possession, it would likely be shut off at the time, and I don't use suspend/resume. So encrypting /home suffices to protect me if the laptop is lost or stolen. It's also easier and more performance-friendly than encrypting the root dir or swap.

When I installed my current laptop, I knew I'd encrypt /home eventually so I left a spare partition, hda3. If you don't have one, you'll need to shrink a filesystem to create a new partition or logical volume. When you're ready with that, the next step is to create the encrypted mapping.

modprobe aes # or aes-i586 on x86 systems
emerge cryptsetup-luks
cryptsetup --verify-passphrase luksFormat /dev/hda3
cryptsetup luksOpen /dev/hda3 home
mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/home

Next copy the existing /home to the encrypted filesystem. Be sure not to alter any important data in /home since you'll lose any changes made after the copy. You can enforce this by switching to single user mode but I don't bother personally.

mkdir /mnt/newhome
mount /dev/mapper/home /mnt/newhome
cp -ax /home/. /mnt/newhome
umount /mnt/newhome

Next let Gentoo know about it, then reboot to start using the encrypted /home:

printf 'mount=home\nsource=/dev/hda3\ntype=luks\n' >> /etc/conf.d/cryptfs
echo '/dev/mapper/home /home ext3 noatime 0 0' >> /etc/fstab
echo 'aes' >> /etc/modules.autoload.d/kernel-2.6  # or aes-i586
mv /home /oldhome
mkdir /home
reboot

Finally, when you've verified that it's working, be sure to remove the old home which still contains unencrypted data!

rm -rf /oldhome

Posted in sysadmin | No Comments »

md + lvm2

Monday, June 26th, 2006

It's just beautiful what happens when you mix Linux md with lvm2. I just added two 15K 146G disks to my system. They show up as sdc and sdd. Now I do this:

for x in sdc sdd; do
    parted /dev/$x mklabel msdos mkpart primary 0 100% set 1 raid on print quit
done
cd /dev; MAKEDEV md
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1
pvcreate /dev/md0
vgcreate raid1 /dev/md0
for x in agriffis amg; do
    lvcreate -L 50G -n $x raid1
    mkfs.ext3 -L $x -O dir_index /dev/raid1/$x
    echo "LABEL=$x /home/$x ext3 noatime 1 2" >>/etc/fstab
done
mount -a

That leaves nearly 50G of free space on the physical volume into which I can grow either filesystem eventually, or add a third, depending on future needs.

Posted in sysadmin | 1 Comment »