Thursday, 31 March 2011

TRIM support for snow leopard on a Macbook Air 3.2 (2010)

http://www.groths.org/?p=308

And follow the erase free space option


After doing this and running xbench comparisons, i had a 17% increases in speed on my SSD! Sweet!

Works perfectly  on:
Model Name:    MacBook Air
  Model Identifier:    MacBookAir3,2
  Processor Name:    Intel Core 2 Duo
  Processor Speed:    1.86 GHz

Capacity:    121.33 GB (121,332,826,112 bytes)
  Model:    APPLE SSD TS128C                       
  Revision:    CJAA0201
  Serial Number:            xxx
  Native Command Queuing:    No
  Removable Media:    No
  Detachable Drive:    No
  BSD Name:    disk0
  Medium Type:    Solid State
  TRIM Support:    Yes
  Partition Map Type:    GPT (GUID Partition Table)
  S.M.A.R.T. status:    Verified


A more advanced check_mk check i've written for linux_ulimits


#!/bin/python


inventory_process = []
inventory_process_version = []
def inventory_linux_ulimit (checkname, info):
        inventory = []
        if checkname == "linux_ulimit":
                #print "linux ulimit inv"
                #print info
                for line in info:
                        ln1 = line[0]
                        ln2 = line[1]
                ln1 = int(ln1)
                ln2 = int(ln2)
                #print "%d %d" % (ln1, ln2)
                value = "%d / %d" % (ln1, ln2)
                inventory.append ( ("Ulimit", (ln1,ln2)))
                return inventory






#the actual check


def check_linux_ulimit (item, params, info):
        perfdata = []

        perfdata = (float((params[0])/float(params[1]))*100.0)
        #value = ("Cur=%d ; Max=%d" % (params[0], params[1]))
        value = [("ulimit_cur",params[0],params[1]),]
        #print value
        if perfdata > 90.0:
                return (2, "Critical@90%: %d of %d used. %.1f%%" % (params[0],params[1],perfdata), value)
        if perfdata > 85.0:
                return (1, "Warning@85: %d of %d used. %.1f%%" % (params[0], params[1],perfdata),value)


        return (0, "OK - %d of %d used. %.1f%% " % (params[0], params[1],perfdata), value)


# checking function, service description, perf data, invenotry function
check_info['linux_ulimit'] = (check_linux_ulimit, "Linux",1 ,inventory_linux_ulimit)


Tuesday, 29 March 2011

Zalman VE200 SATA caddy with virtual ODD


FFS trying to get this to work with a CF card is impossible.... No idea why it won't work....

Always comes up with a "1st Partition: 0", which means it doesn't recognise it

ERROR MESSAGES (using 57N firmware):
Error 23                 (I have no idea what this means but it displayed it even when a valid hard disk was connected that worked fine on a friends VE200!). Try CLEANing/wiping the drive! 
1st Partition: XX    where XX is a number such as 6, B, C, 83, F etc. (the number means 'the partition type of the 1st partition is XX and I DON'T LIKE IT!')
1st Partition: FF    Either 1st partition type is FF or I cannot read/understand the logical partition (volume) format (e.g. type 7 partition but it is formatted as exFAT)
1st Partition: 0      drive is not partitioned
NO - DISC             the VE200 has found the _ISO folder :-) but it contains no valid files with a valid extension (e.g. .iso, .ima, .dsk)
TOO Many FILES  you have more than 32 objects (files + folders) in the _ISO folder or in the user selected folder which is under the _ISO folder. (>32 FILES+FOLDERS! would have been a better message)
ALREADY HIT       you have already selected this file for emulation and it is already loaded
vDISK LIMIT         the VE200 can emulate a max of 4 virtual disks 
NO _ISO               I can read the 1st partition OK but I cannot find any folder called _ISO or _iso
First reset the VE200 back to DUAL MODE as follows: Unplug USB - Press and hold in Jog button - Reconnect USB cable. If this does not work, try:

1. Under Windows 7 run DISKPART, then type LIST DIS and then SEL DISK 2 (assuming disk 2 is your VE200 drive), then type LIST DISK and make SURE the * is against the VE200 drive and then type CLEAN to completely erase the hard disk partitions.
2. Unplug the VE200 and then wait for 20 seconds - then re-connect it whilst pressing in the jog wheel
3. Now partition and format the VE200 hard disk as NTFS PRIMARY.
4. Now use 'Safely Remove Hardware' systray icon to eject it and unplug and re-connect it whilst pressing in the jog wheel

With luck, it should power up and say "NO _ISO".

Monday, 28 March 2011

dual booting existing win 7 with win xp

ah yeah, that time again, you need to test your product on an XP install and well, there are none in the office.

easy peasy, just dual boot.

1. create a partition from win 7 by shrinking one of your current partitions. i think win XP only requires about 16-20GB.

2. insert win XP cd and restart machine to boot into it.

3. go thru w the install picking the right partition!

4. when finished and when you reboot win 7 will not appear in the bootloader and it will go into XP directly.
fine.

5. dl .net framework and install easyBCD. (.net is a requirement)

6. in easybcd, choose: add new entry > click on windows drop down list and choose NT/2K/XP/2K3 and make sure you leave Automatically detect correct drive ticked.

7. go to bootloader setup > make sure install vista/7 bootloader is selected and click on write MBR.

8. that is it. reboot and the bootloader should offer you a choice.

i guess some ppl will run into trouble with this process, sometimes win 7 wont boot anymore (startup repair w win 7 DVD will help), if you get an error loading OS after XP restart in the first phase of the process (before MBR is amended) then using the win 7 install DVD you can run the following commands:

  • bootrec /FixMbr
  • bootrec /FixBoot
  • bootrec /RebuildBcd
restart and you should be ok!

Thursday, 24 March 2011

Creating your own checks in check_mk


It is important to distinguish between inidividual checks and subset check e.g.

LINUX.SUBSET, where the main check is linux, subcheck SUBSET
e.g. linux.version is a subset of check linux, so there will be a check for linux + linux.version, which will both be contained in the same plugin script!


So, any further checks against linux, can be done via linux.XXX
Agent
/usr/lib/check_mk_agent/plugins#


linux_version.sh

#!/bin/sh
echo '<<<linux>>>'
cat /etc/issue.net


this will turn up if you telnet to the agent box i.e. 
telnet server 6556


Check the agent is outputting your plugin
check_mk -d servername | fgrep linux -A 5




The tricky part is the agent check itself.



Follow the guides on the check_mk site, then under the checks directory
/usr/share/check_mk/checks




#!/bin/python
inventory_process = []
inventory_process_version = []


# the inventory version (dummy)
def inventory_linux_version(checkname, info):
        # begin with empty inventory
        inventory = []
# fork to see which subcheck
        if checkname == "linux.version":
                # linux versions
#               print "linux version"
                for line in info:
                        ldistro = line[0]
                        ltype = line[1]
                        lcodename = line[2]
                        inventory.append ( ( None, (ldistro, ltype, lcodename) ) )
                        return inventory
        else:
                # must be std linux command
                inventory = []
                print "std linux check"
                #i
#the actual check
def check_linux_version (item, params, info):
        #print info.strip ('(')
        return (0, "OK - %s" % (info ,))
        #print item
        #print params
        #print info
        #       return (3, "Sorry - not implemented")


#check for std linux command
def check_linux (item, params, info):
        #print item
        #print params,
        #print info
        return (3, "Sorry - not implemented")

# checking function, service description, perf data, invenotry function
# one fucntion for each check (linux, linux.version)
check_info['linux'] = (check_linux, "Linux data (not finished(",0 ,inventory_linux_version)
check_info['linux.version'] = (check_linux_version, "Linux version",0 ,inventory_linux_version)




if it all works out it should have a 
check_mk -L | grep linux
check_mk --checks=linux.version -I servername


dump check info to console
check_mk -nv servername
SIMPLES!

Wednesday, 23 March 2011

Joyent smart machines and munin monitoring

ok it's time i gather what little info i have gathered on how to make this work.
Joyent uses Solaris, their own branded bastard perverted version (as if Solaris wasn't perverted enough!). it makes things difficult. very difficult.

so anyhow, to set up a munin server on joyent here are the instructions:

pkg_add munin-server

which will install the stuff.

then you must fix the munin user to something more "real" (Solaris love):

usermod -d /var/munin -s /usr/bin/bash munin
cp /home/admin/.profile /var/munin
chown munin:munin /var/munin/.profile
passwd munin (whatever, you will not actually log on w user munin)

then create a cron job to poll the nodes every 5 mins:
crontab -e munin
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /opt/local/bin/munin-cron


then as munin generates graphs and sticks them in /opt/local/www/munin/data, you must make this available via apache:


ServerName munin.yourdomain.com
DocumentRoot /opt/local/www/munin/data

AllowOverride All
Order allow,deny
Allow from all



obv you will wanna tighten this up in terms of security, like add .htpasswd permissions, symlink it or whatever.


this is pretty much it for the server.

note that any node will need to be added to the munin.conf file, and then a forced update will need to be run to reflect changes.
/opt/local/lib/munin/munin-update --force-root

(if you do that as it is running the cron job you will get a lock error/ dying)



now the nodes!

that is a little easier... just a little.

pkg_add munin-node

there again the munin user must be fixed as above, skip these steps if you are installing the node on the munin server machine.

to pre configure the plugins, this command should be run:

/opt/local/sbin/munin-node-configure --shell | sh

but beware, it doesn't always work. effectively it checks a plugin to see if it is working, and if so creates a link. the plugin itself is stored in /opt/local/lib/munin/plugins but you need to create a link in /opt/local/etc/munin/plugins to make it work.

also to get a nice easy way to restart the munin node, do:

svccfg import /opt/local/share/smf/manifest/munin-node.xm

svcadm enable munin
(or disable)

much easier than killing processes i find!

to test if everything is working ok on the client node side, do:

telnet localhost 4949
list
fetch

if you get a reasonable looking output, you're in!

Tuesday, 22 March 2011

Thecus 7700+ hot swap is go!

To go back on the Thecuses and their fabulous features, we have a Thecus 7700+ here at work and recently a hard drive failed because of a heat problem. (WD2002FYPS)
so guys and gals, the hot swap is absolutely go! took the faulty drive out without turning ANYTHING off, replaced it and it started rebuilding the RAID (5) straight away. 24 hours later the RAID is healthy again. moreover, the shares were still available during the rebuilding process.

i know this is supposed to be a feature according to the manual, but isn't it nice it's a feature that actually works as it should!
am always quite concerned about hot swapping and find it rather a rather nerve wrecking process!

Sunday, 20 March 2011

Mac OS X - finder doesn't go back up a directory via backspace

God I miss that in Finder... so much for Mac's being easy to use.... that's BS. Windows Explorer is much easier to use...

Keyboard shortcuts for doing most of the easy file manipulations seem to be be lacking or overly complicated. e.g. Return to open a folder <CMD + O>, F2 to rename <use the mouse>, Delete to delete from the right <FN + backspace>....

Anyway, I decided to have a backspace to go up a directory, but as Mac OS X doesn't cater for just backspace, I had to settle with ALT+Backspace, and for that to call up a macro via Keyboard Maestro applescript.

I used growl to notify me and this seems to work pretty well, as long as full pathnames are not used in the window title.

On to the script:

--register growl
tell application "GrowlHelperApp"
    -- Make a list of all the notification types
    -- that this script will ever send:
    set the allNotificationsList to ¬
        {"Go up"}
   
    -- Make a list of the notifications
    -- that will be enabled by default.     
    -- Those not enabled by default can be enabled later
    -- in the 'Applications' tab of the growl prefpane.
    set the enabledNotificationsList to ¬
        {"Go up"}
   
    -- Register our script with growl.
    -- You can optionally (as here) set a default icon
    -- for this script's notifications.
    register as application ¬
        "AppleScript Go up" all notifications allNotificationsList ¬
        default notifications enabledNotificationsList ¬
        icon of application "Finder"
   
    --       Send a Notification...
   
   
   
end tell
tell application "System Events"
    set app_name to name of the first process whose frontmost is true
   
    if app_name is not "Finder" then
        --tell application "GrowlHelperApp"
        --    notify with name ¬
        --        "Go up" title ¬
        --        "Go up" description ¬
        --        app_name application name "AppleScript Go up"
        --end tell
        --display dialog app_name
        return 0
    else
        tell application "Finder"
            try
                set the_folder to (folder of the front window) as text
            on error
                tell application "GrowlHelperApp"
                    notify with name ¬
                        "Go up" title ¬
                        "Go up" description ¬
                        "Cannot go up" application name "AppleScript Go up"
                end tell
               
                return 0
            end try
            set the clipboard to the_folder
            --display dialog the_folder
            set len to the count of the_folder
            set len to len - 1
            set old_folder to text 1 thru len of the_folder
            --get jsut the window name
            set rev to reverse of characters of old_folder as text
            set loc to offset of ":" in rev
            set start to len - loc + 2
            set old_folder to text start thru len of old_folder
            --display dialog old_folder
           
            --close previous folder window
            close Finder window old_folder
           
            --display dialog the_folder
            set len to count of the_folder
            set len to len - 1
            set the_folder to text 1 thru len of the_folder
            --display dialog the_folder
           
            --display dialog len
            set rev to reverse of characters of the_folder as text
            set loc to offset of ":" in rev
            set len to len - loc
            set the_folder to text 1 thru len of the_folder
            --display dialog the_folder
           
            activate "Finder"
            open the_folder
            --set workingDir to the_folder
           
        end tell
        tell application "GrowlHelperApp"
            notify with name ¬
                "Go up" title ¬
                "Go up" description ¬
                the_folder application name "AppleScript Go up"
        end tell
    end if
end tell


This didn't take long to knock up, maybe an hour to learn applescript, growl and the limitations of Mac OS X... It auto registers with Growl each time it starts up, but that doesn't really matter.

Saturday, 19 March 2011

Thecus n5200 / pro with 5 x 2Tb hard drives 4k sector size

I have a n5200 and a n5200 Pro NAS box.

According to Thecus only a limited set of HDDs are supported, at most 1.5Tb - this could possibly due to the 4k sector size....

Sadly, some HDDs are aligned on 4k sectors - and these are usually the newer 2Tb drives. Older drives, are aligned to 512byte sectors. If 512 byte data has to be written across two physical 4KB blocks, the hard drive will have to read the 4KB blocks that are affected, introduce the modifications, and write them back onto the drive. 

Windows Vista and Windows 7 are sector-aware, meaning they will automatically align 512 byte sectors with the hard drive’s physical sectors starting at LBA block 2048. Xp doesn't have this, and starts writing at LBA sector number 63, all following sectors will be misaligned, causing a noticeable performance impact.

There is a more detailed article here: Linux on 4KB-sector disks

So basically - under linux, issue this:
fdisk -H 224 -S 56 /dev/sda

What a pain this issue is.... but if you don't align the sectors, you could be getting 10-15MB/s instead of 35-45MB/s

Ubuntu boot freezes at fsck from util-linux-ng 2.16 2.17-2

Well if this happens to you, and the machine freezes on bootup after (may be) one or 2 successful fscks on a drive, and then it continues to boot up in teh background (so networking works), but the screen is non-responsive.
Then.... the reason could be that the device mappings have changed for teh drives you mapped in fstab!

Yup that sucks....
in my case /dev/sdc1 changed to /dev/sdb1

This happened when I migrated a VM from one ESX host to another, and then back again.

Setting up a linux firewall with Ubuntu

The most important lines are:
:INPUT DROP     [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT  [0:0]

# SECTION THAT DEALS WITH NAT/MASQ
*nat 
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth2 -j MASQUERADE

It's that simple!
Of course, this is a pretty open config, and you'll need to beef up the security.
assuming eth0 is your internal (LAN) interface and eth2 you external (WAN) interface.

The INPUT DROP basically uses the DROP rule for all input to the firewall. This is an important distinction between INPUT and FORWARD.
INPUT is trafficwhich ultimate destination is the firewall itself (inlcudes traffic destined to another device e.g. apache server behind the firewall). FORWARD is for traffic that will pass though the traffic via the firewall.

Also if you do a lot of torrenting, you'll nee to increase the max connections in sysctl.conf
net.ipv4.netfilter.ip_conntrack_max = 262144

Otherwise 10 or so torrents will totally max out your firewall, and you won't be able to make outgoing connections anymore!

I won't go further into it, but there are more articles on this to get the best out of your firewall

Port knocking

Port knocking is a very handy way of opening ports in your firewall e.g. You want to run SSH on the standard port 22, but you don't want this open all the time.

So...
your basic iptables input rule is DENY
Sample iptables.rules file for use with iptables-restore < iptables.rules
:INPUT DROP     [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT  [0:0]

.
To open this port, you can use a specially sequenced TCP SYN on certain ports to open the SSH port.

e.g. sync connect on ports 1000,2000,3000 and 4000 then your system will open port 22

[options]
        logfile = /var/log/knockd.log

[openSSH]
        sequence    = 1000,2000,3000,4000
        seq_timeout = 5
        command     = iptables -A INPUT -p tcp --dport 22 - j ACCEPT
       tcpflags    = syn


similarly, you can use another sequence to close port 22

Squid proxying for BBC iplayer and such...

Well this started as my friends will be moving back to their respective home countries.... they wanted to be able to stream bbc iplayer. This also enabled them to view BBC streams from Japan during the on going disaster...
First install squid (linux/win). Linux get the RPM or apt-get. Windows get the native port from http://squid.acmeconsulting.it/index.html

Ok... well on to the config!

Firstly, squid is being installed (2.7) compile or install the package

Despite what all the documentation says on the net - some of it is just plain god-damn wrong!

The important parts of the squid config are:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_users
auth_param basic children 5
auth_param basic realm Phil's streaming proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl auth_users proxy_auth REQUIRED
acl all src all
acl all_others dst 0.0.0.0/0.0.0.0
acl safe_sites dstdomain "/etc/squid/allowed_sites"
# Only allow cachemgr access from localhost
acl filetypes urlpath_regex -i "/etc/squid/denied_files"
http_access allow purge localhost
http_access allow safe_sites
http_access deny purge

http_access deny to_localhost
http_access deny all_others
cache_dir null /tmp
cache_deny all


with allowed_sites:
.bbc.co.uk
.bbcimg.co.uk
.edgefcs.net
.llnwd.net
.markiza.sk
.itv.co.uk
.itv.com
.national-lottery.co.uk
.securesuite.co.uk

and the squid_users file full of htpasswd entries
 e.g.
phil:xxxxxxx
bob:xxxxxx


with denied_files in regex format:
\.(mp4)$