Arch Linux net-tools depreciated.

0
Posted by mike on June 10, 2011 – 6:49 pm
Filed under Arch, IPv6, Linux

Arch Linux has depreciated the usage of net-tools in /etc/rc.conf in favor of iproute2. The new syntax in /etc/rc.conf makes it simple to setup a single interface though anything complicated is best done through netcfg. I didn’t really want to use netcfg for my main workstation as it’s network setup never changes and it seemed like overkill. Unfortunately I did need to configure IPv6 related settings and this was no longer easily done in rc.conf. The two items I needed to set were the IPv6 address and the interface MTU. (If I don’t set an MTU of 1280-1480 I have trouble with my IPv6 tunnel.)

I decided to remove the IPv6 address setting completely and rely on radvd running on my router. This took care of my workstation’s IPv6 address and default route. I really should have done this earlier.

I started patching the /etc/rc.d/network script to take an mtu variable but started to have second thoughts. Most users would not need it and it seemed a shame to complicate the network_up() function. There was a good chance the patch would not be accepted. In the end I just added the line:

ip link set dev eth0 mtu 1280

to /etc/rc.local. This worked fine.

SSDs

0
Posted by mike on June 6, 2011 – 12:35 am
Filed under Uncategorized

Picked up a OCZ Vertex 2 160GB SSD recently with plans to use it as a boot/system drive in my main workstation. Unfortunately things did not go well. Partitioning the disk seemed to work fine using gdisk and I created an ext4 file system on it though it took a while to complete. Trying to mount the file system resulted in multiple errors of different types and trying to read the partition table also gave garbage output. A quick Google showed a few people with similar issues with SSDs when used with the on board SATA ports on my motherboard, an ASUS M2N which uses an nVidia nForce 430 MCP chipset. The board is quite dated by todays standards but hasn’t given me any trouble in the past.

I removed the SSD and placed it in a spare machine fitted with an Adapted AAR 1210 SATA controller. This time the drive performed much better. The partition table appeared fine and the creation of the ext4 file system was much faster. A run of bonnie++ completed with multiple errors when the file system was mounted with the “discard” option to make use of TRIM. Mounting the file system without the “discard” option resulted in a bonnie++ run without errors.

None of my machines have AHCI support which I would have liked to test. I’m not sure if AHCI is required for TRIM support or not. I’m guessing the drive is fine and I’m just having issues due to the age of my hardware. I’ll test the SSD on a more recent AHCI machine at work tomorrow. I may need to invest in a AHCI PCIe SATA controller for my main workstation or replace the motherboard.

It appears that SSDs are not always a simple drop in replacement for HDDs.

Nginx

0
Posted by mike on March 30, 2011 – 9:42 pm
Filed under Debian, Linux

Recently replaced lighttpd with nginx on Debian squeeze. Used spawn-fcgi to manage PHP as php-fpm is not in squeeze yet. Had a little trouble with reliability until I set a couple of environment variables before spawning the PHP processes. Since using the script below to start php all has been well.

#!/bin/bash
PHP_FCGI_CHILDREN=2 \
PHP_FCGI_MAX_REQUESTS=1000 \
/usr/bin/spawn-fcgi -s /tmp/cgi-php.socket -u www-data -g www-data \
                    -P /var/run/cgi-php.pid \
                    -- /usr/bin/php5-cgi

Next I would like to look at setting up varnish in front of nginx.

IPv6

0
Posted by mike on February 14, 2011 – 8:16 pm
Filed under IPv6, Linux

Having recently watched a couple of talks centered around the current state of IPv4 address space exhaustion I decided to look into setting up an IPv6 tunnel to my home network as my ISP does not seem to offer native IPv6 yet. I checked out a few of the free tunnel brokers available and settled on Hurricane Electric. As someone who knew nothing about IPv6 I found HE’s website to be a helpful resource. Another resource I found helpful was The Second Internet which is a freely available ebook. I also referred to the Linux IPv6 HOWTO. I enabled IPv6 in a couple of steps:

  1. Router.
  2. LAN
  3. Extras (e.g. Certification Tests and Enable Google IPv6 services)

Router

Router setup was relatively straight forward. First use HE’s web interface to register an account and create a tunnel. You will need to know your local static IPv4 address for this. Once the tunnel appears in your account you can retrieve a list of commands to activate it on various platforms in the dropdown box at the bottom of the page. Linux users have two choices: Linux-route2 or Linux-net-tools. I chose Linux-route2 and simply copied the generated commands. As my router is behind a NAT device I had to replace the local IPv4 address with the address of the NAT device. The NAT device must also forward protocol 41 through to your endpoint. I had no trouble with a consumer level D-Link device. HE mentions both of these items in a bullet point.

Once these commands are executed I was able to use ping6 to ping the tunnel endpoints as well as IPv6 hosts on the internet.

$ ping6 -c 2 ipv6.google.com
PING ipv6.google.com(2404:6800:8004::68) 56 data bytes
64 bytes from 2404:6800:8004::68: icmp_seq=1 ttl=54 time=473 ms
64 bytes from 2404:6800:8004::68: icmp_seq=2 ttl=54 time=473 ms

--- ipv6.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 473.126/473.322/473.519/0.715 ms

LAN

HE supplies a routed /64 network to use as your LAN subnet. If you require multiple subnets you can request a /48. I only required one subnet so I did not request the /48. As I only wanted one LAN client to have an IPv6 address while I am testing I did not use DHCP6 or radvd and just setup the interfaces manually. This step is not much different to manually setting up an IPv4 lan client except for the IPv6 addresses.

On the router you have to enable IPv6 packet forwarding and give the LAN interface one of the routed /64 IPv6 addresses:

# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
# ip addr add <<routed /64 prefix>>::1/64 dev eth1

On the LAN client you have to give the LAN interface one of the routed /64 addresses and set a default route:

# ip addr add <<routed /64 prefix>>::2/64 dev eth0
# ip route add ::/0 <<routed /64 prefix>>::1

Once this is done you should have IPv6 connectivity from the LAN client.

Extras

Is it working?

While it is easy to check that IPv6 is working via testing with ping6, traceroute6, dig, etc, I wanted to be able to check at a glance how much traffic was going through the IPv6 tunnel. Two tools I was already using on the router were handy to monitor IPv6 usage: bwm-ng and vnstat. bwm-ng gives you a snapshot of throughput of all interfaces while vnstat tracks usage over time.

bwm-ng v0.6 (probing every 0.500s), press 'h' for help
  input: /proc/net/dev type: rate
  /         iface                   Rx                   Tx                Total
  ==============================================================================
               lo:           0.00 KB/s            0.00 KB/s            0.00 KB/s
             eth0:           0.00 KB/s            0.00 KB/s            0.00 KB/s
             eth1:           0.13 KB/s            0.31 KB/s            0.44 KB/s
             eth2:           0.00 KB/s            0.00 KB/s            0.00 KB/s
          he-ipv6:           0.00 KB/s            0.00 KB/s            0.00 KB/s
  ------------------------------------------------------------------------------
            total:           0.13 KB/s            0.31 KB/s            0.44 KB/s
$ vnstat -d -i he-ipv6

 he-ipv6  /  daily

         day         rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
      02/10/11         0 KiB |       0 KiB |       0 KiB |    0.00 kbit/s
      02/11/11      6.97 MiB |    1.79 MiB |    8.76 MiB |    0.83 kbit/s
      02/12/11     91.47 MiB |    9.01 MiB |  100.48 MiB |    9.53 kbit/s
      02/13/11     91.89 MiB |   10.88 MiB |  102.78 MiB |    9.74 kbit/s
      02/14/11     10.17 MiB |    3.26 MiB |   13.43 MiB |    1.52 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated        11 MiB |       3 MiB |      14 MiB |

Google over IPv6

While Google allows access to Google Search on IPv6 other services are not served over IPv6 by default. Access to Gmail, etc over IPv6 normally requires registering with Google however thanks to HE you just need to use the supplied HE DNS resolvers to automatically gain access to Google’s IPv6 services.

Certification

HE offers an IPv6 certification test which takes you through different aspects of IPv6 configuration. I found this fun and educational and learnt quite a bit about IPv6 and DNS.

Todo

  • Having your LAN devices pop up on the internet has obvious security implications. Before enabling IPv6 for all LAN devices I will need to add IPv6 support to my firewall scripts. For the moment I have just made sure that services are only listening on IPv4 sockets and not IPv6.
  • Once security is taken care of I will install radvd and/or DHCP6 to take care of the LAN side of things.
  • At the moment I have to create the tunnel manually when I reboot my router. I should add the required stanza to /etc/network/interfaces to automate this.

GPT RAID1 setup.

0
Posted by mike on February 9, 2011 – 7:33 pm
Filed under Hardware, Linux

My home partition hit 90% recently and I decided it was time to upgrade my storage. I had been running 4x250GB hard disks in a RAID1/RAID10 setup and switched to a 2x1TB RAID1 setup. The drives were Western Digital Advanced Format drives with 4kB physical sectors and 512B logical sectors. It is important when partitioning these drives to ensure that partitions start on a logical sector number that is divisible by 8 otherwise performance will suffer as file system clusters will not be aligned to the underlying 4kB physical sector. If the partition is not aligned then writes turn into a read-modify-write. I also decided to use a GPT instead of an MBR partition table. I used gdisk to create boot, swap, root and home partitions:

$ sudo sgdisk -p /dev/sda
Disk /dev/sda: 1953525168 sectors, 931.5 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 0658FE0C-AE06-4FD9-8CCC-7DDB178BB0CA
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 1953525134
Partitions will be aligned on 2048-sector boundaries
Total free space is 3437 sectors (1.7 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048          264191   128.0 MiB   FD00  Linux RAID
   2          264192        12847103   6.0 GiB     8200  Linux swap
   3        12847104       147064831   64.0 GiB    FD00  Linux RAID
   4       147064832      1953523711   861.4 GiB   FD00  Linux RAID

I actually aligned the start of all my partitions to 1MiB (2048 sectors) which seems to be somewhat of an industry standard and was suggested by gdisk as well.

I had done some research into how to exactly boot Linux on a GPT disk and was happy to find that my boot loader, extlinux, works out of the box. Installing extlinux was as simple as:

# extlinux --raid --install /boot/extlinux
# sgdisk /dev/sda --attributes=1:set:2
# sgdisk /dev/sdb --attributes=1:set:2
# cat /usr/lib/syslinux/gptmbr.bin > /dev/sda
# cat /usr/lib/syslinux/gptmbr.bin > /dev/sdb

These commands install ldlinux.sys, set the bootable attribute for partition 1 of both disks and install the gptmbr.bin boot code into the first sector of both disks.

Once my file systems were copied onto my new disk setup I recreated my initrd images with a new /etc/mdadm.conf and edited /etc/fstab and /boot/extlinux/extlinux.conf. The Arch Linux Wiki article Installing with Software RAID or LVM proved handy for assembling the arrays.

I now have plenty of disk space again:

$ pydf / /boot /home
Filesystem Size Used Avail Use%                               Mounted on
/dev/md1    63G  31G   29G 48.6 [#############..............] /
/dev/md0   124M  17M  101M 13.6 [####.......................] /boot
/dev/md2   861G 373G  488G 43.3 [############...............] /home

A quick check with Bonnie++ showed that disk performance was as expected which confirmed that I hadn’t made any mistakes with partition alignment.

End of Semester

0
Posted by mike on November 17, 2010 – 7:33 pm
Filed under Books, Linux

Haven’t had time to post much of late due to the end of semester madness. I have been micro-blogging on twitter as @mfsampson though. I have found twitter to be a great medium and a effective way of tracking news. Twitter’s signal-to-noise ratio is high as long as you follow the correct people.

In other news I have transferred my configs to github. While github has had a couple of issues with reliability recently it is a great service. Features like auto rendering of marked up readme files and the ease of use make it a unique service. So far I have enjoyed using it.

I’m enjoying the opportunity to read something other than text books and study notes and have read three chapters of “Coders at Work” by Peter Seibel. So far it has been a great read.

linux.conf.au 2011

0
Posted by mike on September 21, 2010 – 10:25 pm
Filed under Linux

I’m planning on attending the 2011 linux.conf.au in Brisbane and there is now a draft schedule online. There are some great talks on offer including sessions by:

There are some great graphics related sessions and the mini-confs look interesting too. It should be a great event.

USB 3.0

1
Posted by mike on September 5, 2010 – 8:43 pm
Filed under Hardware, Linux

I’m currently in the process of encrypting my USB 1TB backup drives with LUKS. Part of this process involves filling the disk with random data. For USB2 this takes about 10 hours for a 1TB drive. Admittedly this is a one off process though I often move large chunks of data around for one reason or another. I decided to have a look at USB3. I picked up a Western Digital My Book 3.0 along with a Gigabit PCI-e 1x USB 3 card. I had a little difficulty getting Linux to recognize the drive and found I had to reload the xhci kernel module:

sudo rmmod xhci_hcd
sudo modprobe xhci_hcd

Not sure if this issue was a one off or not. I may need to look at this later. Perhaps this module needs to be loaded before/after some of the other USB related modules? Once it was detected I reformatted it with XFS and ran the bonnie++ benchmark on it:

Version 1.03e       ------Sequential Output------ --Sequential Input- --Random-
                    -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
Machine        Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  /sec %CP
mercury         12G 88824  99 100197  31 43076  18 55770  94 137263  23 273.3   1
                    ------Sequential Create------ --------Random Create--------
                    -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--
              files  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP
                 16  7882  67 +++++ +++  5057  45  7693  69 +++++ +++  5516  50

Performance was impressive. Looking at block transfers showed writes just below 100MiB/s and reads above 130MiB/s. I didn’t test a USB2 drive as I know from experience it would be no where near that speed. I did test my internal storage which is XFS on LVM on RAID10 (4 x 250GB SATA):

Version 1.03e       ------Sequential Output------ --Sequential Input- --Random-
                    -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
Machine        Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  /sec %CP
mercury         12G 89567  97 115355  38 58405  32 65973  88 123363  33 536.0   3
                    ------Sequential Create------ --------Random Create--------
                    -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--
              files  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP
                 16   188   2 +++++ +++   185   2   189   2 +++++ +++   173   2

My internal storage performed slightly better than the USB3 drive though it couldn’t match the 130MiB/s block read speed. I’m not sure why there was such a difference with the metadata tests. The USB3 device was an order of magnitude faster. It may have been connected with the fact that the USB3 test was a new file system and the internal XFS file system has been in use for quite a while. Not sure though.

Bottom line is that next time I need to transfer my main workstation’s file systems to external storage for hardware maintenance it will be a lot faster!

BTRFS, EXTLINUX and i3.

0
Posted by mike on September 2, 2010 – 3:24 pm
Filed under Arch, Linux

Lately I have been experimenting with some of the netbook specific Linux distros on my Dell Mini 9. I looked at Moblin, ChromeOS, Ubuntu Netbook Remix and Jolicloud. They were all fairly impressive though I did miss the simplicity and versatility of Arch Linux and decided to reinstall Arch Linux. I installed Arch Linux to a single ext4 partition with a 512M swap partition. I had been having some trouble with the Broadcom wireless adapter so I replaced it with a spare Intel wireless adapter I had on hand. No more out of tree kernel modules as the Broadcom card required the wl driver from AUR which made kernel updates interesting if I didn’t have an ethernet port handy.

I recently watched a webcast by Chris Mason the lead developer of btrfs and one of the things covered was the ability to convert extX to btrfs via btrfs-convert. I decided to give this a try and on a 16GB SSD, with 2GB used, it only took a minute or so to convert. One nifty feature is that the btrfs is created in the empty part of the extX filesystem with the extX filesystem being saved as a sparse file inside a dedicated subvolume:

[mike@mini|~] $ sudo btrfs subvolume list /
ID 256 top level 5 path ext2_saved
[mike@mini|~] $ ls -lh /ext2_saved/
total 1.9G
-r-------- 1 root root 14G Jan 1 1970 image

This makes it possible to revert to the extX filesystem at any point if btrfs does not live up to expectations. The process is explained much more clearly on the btrfs wiki.

As usual of late I installed extlinux as a boot loader. Due to the COW nature of btrfs extlinux installs in a slightly different manner to extX. Instead of installing as a file inside the filesystem it installs in the slack space inside the partition directly following the boot sector:

/* btrfs has to install the ldlinux.sys in the first 64K blank area, which
is not managered by btrfs tree, so actually this is not installed as files.
since the cow feature of btrfs will move the ldlinux.sys every where */

I normally use Xmonad as my WM however I wanted something a little slimmer dependency wise for my netbook. I looked at scrotwm for a while and eventually ended up with i3. So far I am impressed with it. It works pretty much out of the box though I am intending to customize it a little more. i3 is written in C, has great documentation and features a simple IPC interface for control/status integration with external apps. It also has good multi-monitor support though I haven’t tried it yet. I may give it a trial on my main workstation.

Easy Debian/Ubuntu chroots.

0
Posted by mike on August 10, 2010 – 8:56 pm
Filed under Arch, Debian, Linux

Until recently I had been using Adobe’s 64 bit Flash Player plugin. Unfortunately the 64 bit Flash Player has been removed from Adobe’s site with no clear indication of exactly when it will return. For a while I continued to use the last released version however this version contains major security vulnerabilities and I eventually removed it. I don’t use Flash that much but I did miss it every now and then so decided to do something about it. I’m not a fan of multi-lib setups or nspluginwrapper so went with a 32 bit chroot. At first I tried an Arch Linux 32 bit chroot however I experienced issues with some GUI applications not working correctly and segfaulting. While I look into this I installed a Ubuntu Lucid 32 bit chroot using debootstrap.

Debootstrap is a handy way to install a Debian/Ubuntu base system into a directory. It is available in the AUR. Installing a base Lucid 32 bit system is as easy as:

[mike@mercury|~] $ sudo mkdir /opt/lucid32
[mike@mercury|~] $ sudo debootstrap --arch=i386 lucid /opt/lucid32/

To manage entering the chroot I installed schroot. Schroot allows a normal user to enter a chroot. It also handles copying files from the host into the chroot as well as mounting any required filesystems inside the chroot. This comes in handy for keeping /etc/{resolv.conf,hosts,passwd,shadow} and so on in sync as well as mounting /{proc,dev,tmp} inside the chroot. I also mount my /usr/share/fonts directory this way so Chromium has access to my fonts. I still need to do something similar with ny mouse cursor icons. Once configured schroot allows me to launch my 32 bit web browser via:

[mike@mercury|~] $ schroot -c lucid32 -- chromium http://www.archlinux.org

I now have flash working again.