Feb 02 2014

Migrating from KVM to LXC

Category: LinuxTuxevara @ 18:58

After I had to replace the mainboard of my HTPC, on which also two other virtual machines were running on KVM, the kvm_amd module crashed on every boot on the replacement hardware. Though KVM still worked, I don’t like to see any modules crashing on boot. I began asking myself whether I really need full KVM virtualization or if some kind of container based virtualization would do a good or even better job for me.

After reading into the pros and cons of different solutions, I concluded that LinuX Containers (LXC) should probably first choice for me. As the HTPC is running on Ubuntu 12.04, which also has Apparmor profiles that enhance the security of LXC’s weak security concept, I actually decided to continue with LXC.

I don’t want to explain how to install LXC, because this is already covered by many other sites. The only thing that I found which is not covered well enough, is the conversion of machines from KVM (or similar) to LXC. In my case the KVM guests where using RAW disk images, so I am exclusively focusing on converting such below.

Step 1 – Prepare the rootfs folder

First, the new target folder for the root file system of the LXC guest must be created.

mkdir -p /var/lib/lxc//rootfs

Step 2 – Mount the RAW image

Then the RAW disk image must be mounted to access the files. In my case the disk contained only one partition. Modify the mount command may be necessary.

kpartx -a
mount /dev/mapper/loop0p1 /mnt

Step 3 – Copy files to rootfs

Now that the content of the RAW image can be accessed, the files can be copied into the new rootfs folder created in step 1. I have been using the below command for years, to create more or less exact copies:

cd /mnt
find . -xdev | cpio -pmv /var/lib/lxc//rootfs

Step 4 – Modify the configuration

Now comes the trickiest part: The configuration of the new machine must be modified, otherwise it is unlikely that it will boot successfully. Most required changes can be extracted from the template files in /usr/lib/lxc/templates/, which are typically used for the creation of new machines. Below are the modification for Debian machines, which worked perfectly well for Debian Lenny (shame in me) and Squeeze.


rootfs=/var/lib/lxc//rootfs

cat < $rootfs/etc/inittab
id:2:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

mkdir -p $rootfs/selinux
echo 0 > $rootfs/selinux/enforce

mknod $rootfs/dev/tty1 c 4 1
mknod $rootfs/dev/tty2 c 4 2
mknod $rootfs/dev/tty3 c 4 3
mknod $rootfs/dev/tty4 c 4 4

# reconfigure some services
LANG="${LANG:-en_US.UTF-8}"

locale="$LANG $(echo $LANG | cut -d. -f2)"
chroot $rootfs echo "locales locales/default_environment_locale select $LANG" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
chroot $rootfs echo "locales locales/default_environment_locale seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
chroot $rootfs echo "locales locales/locales_to_be_generated seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
chroot $rootfs sed -i -e "0,/^[# ]*$locale *$/ s/^[# ]*$locale *$/$locale/" /etc/locale.gen
chroot $rootfs sh -c "LANG=C dpkg-reconfigure locales -f noninteractive"

# remove pointless services in a container
chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove # S
chroot $rootfs /usr/sbin/update-rc.d checkroot.sh stop 09 S .

chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove # 0 6
chroot $rootfs /usr/sbin/update-rc.d umountfs start 09 0 6 .

chroot $rootfs /usr/sbin/update-rc.d -f umountroot remove # 0 6
chroot $rootfs /usr/sbin/update-rc.d umountroot start 10 0 6 .

# The following initscripts don't provide an empty start or stop block.
# To prevent them being enabled on upgrades, we leave a start link on
# runlevel 3.
chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove # S 0 6
chroot $rootfs /usr/sbin/update-rc.d hwclock.sh start 10 3 .

chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove # S
chroot $rootfs /usr/sbin/update-rc.d hwclockfirst start 08 3 .

chroot $rootfs /usr/sbin/update-rc.d -f module-init-tools remove # S
chroot $rootfs /usr/sbin/update-rc.d module-init-tools start 10 3 .

rm $rootfs/etc/udev/rules.d/70-persistent-net.rules

Step 5 – Create LXC config

Finally we have to create a LXC configuration file for the new machine. Lazy as I am, I have copied an existing config file into /var/lib/lxc// and modified the paths and network configuration accordingly.

After that the machine can be started with

lxc-start -n

Keep in mind that you won’t be able to detach from that console again. But to debug boot problems it is essential to not launch the machine in background mode (-d).

Tags: , , ,

 


Dec 13 2013

Vdr-sxfe audio output issues over and over again

Category: Computer,LinuxTuxevara @ 20:53

And after fixing them for the hundredth time in the last ten years, I finally decided to write down what I seem to always forget. Isn’t this what tech blogs are for?!

So what was happening this time: After some years without any major issues, our media center PC decided to reboot in circles, which turned out to be caused be a defective motherboard. After replacing it with the one from my gaming PC everything worked fine, except that I had to use the onboard graphics card as the passive cooler of the former PC-Express graphics card wouldn’t allow me to use the DVB-S card in the upper PCI slot.

In my vdr-sxfe startup script I’ve set the audio parameter to alsa:plug:'hdmi:CARD=NVidia,DEV=0'. But the only results I get is either no sound at all or vdr-sxfe restarting every few seconds. At some point I managed to set the audio channel in VDR to stereo instead of AC3. Guess what happened? Immediately vdr-sxfe stopped restarting and sound was coming from the left and right speakers.

Conclusion: Something must be terribly wrong with the AC3 passthrough. But what? And who controls which device is used for the AC3 passthrough? I know that I should have asked myself this questions earlier, but trial and error worked perfectly well in the past ;)

After trying to remember which files I modified several times before to optimize vdr-sxfe audio and video output, I came to the point where I felt certain that the whole magic must only happen in ~/.xine/config_xineliboutput. As vdr-sxfe is based on Xine this seems to make sense.

Some tests later it was proven, that the audio parameter of vdr-sxfe never affects the value of audio.device.alsa_passthrough_device in the config file.

So the solution to my AC3 passthrough problem is setting the audio.device.alsa_passthrough_device value in the config file to plug:'hdmi:CARD=NVidia,DEV=0'.

Today the new PCI-Express graphics card arrived and all I had to do is changing the vdr-sxfe audio parameter and the audio.device.alsa_passthrough_device value in the config file to plug:'hdmi:CARD=NVidia_1,DEV=0'.

For the sake of completeness, here are all non-default values from my ~/.xine/config_xineliboutput


audio.device.alsa_default_device:plug:'hdmi:CARD=NVidia_1,DEV=0'
audio.device.alsa_front_device:plug:'hdmi:CARD=NVidia_1,DEV=0'
audio.device.alsa_passthrough_device:plug:'hdmi:CARD=NVidia_1,DEV=0'
audio.device.alsa_surround51_device:plug:'hdmi:CARD=NVidia_1,DEV=0'
audio.output.speaker_arrangement:Pass Through
audio.synchronization.av_sync_method:resample
video.processing.ffmpeg_thread_count:2
media.xvdr.num_buffers_hd:5000
media.xvdr.scr_tuning_step:100
effects.goom.fps:25
effects.goom.height:576
effects.goom.width:720
engine.buffers.audio_num_buffers:500
engine.buffers.video_num_buffers:250
engine.buffers.video_num_frames:50
engine.performance.memcpy_method:libc

Tags: , , , , ,

 


Nov 21 2013

Sophos UTM 9.1 Changlog Fun

Category: Computer,FunTuxevara @ 22:47

While reading through Sophos’ UTM 9.2 Beta overview is stumbled across the following:

sophos_warcraft

Thumbs up, guys! Though I’m more the LOTRO kind of MMORPG player I love your sense of humor.

Looking forward to the release.

 


Nov 11 2013

FOTD: Windows driven water dispenser

Category: ComputerTuxevara @ 19:36

Let’s call it Fail Of The Day! I am just back from the the gym and here is what happened while checking out at the counter: The boss was typing with a pen on the water dispenser’s touch screen as the normal touch screen interface obviously crashed. Of cause this attracted by immediate interest and I went over to him to figure out what operating system is running on that device. And now comes the part which really hurts: IT’S WINDtOWS, W-I-N-D-O-W-S!!! Get down everybody and search for cover, we are doomed! The human race has really made it this far: We are building water dispensers driven by a too insecure, probably never receiving patches, unstable operating system.

Not that I would feel much more comfortable with any other operating systems on water dispensers, but at least you could strip down Linux so far, that nearly no services are running and use framebuffer output instead of a X-Sserver which would minimize any attack vector nearly to zero.

But hey, if that is the way we let technology take control over our lives…

 


Nov 11 2013

Open Rhein Ruhr 2013

Category: Allgemein,Computer,LinuxTuxevara @ 14:50

Wieder ist ein spannendes Open Rhein Ruhr Wochenende vorueber. Fuer mich war es diesmal etwas Besonderes, da ich nicht als Helfer sondern als Orga dabei und auf der Veranstaltung fuer das Netzwerk verantwortlich war. Ausser zwei nicht so ganz sauberen DSL-Leitungen gab es jedoch keine groesseren Probleme, weshalb mir genug Zeit blieb mich unter die Besucher zu mischen und interessante Gespraeche an den Staenden zu fuehren.

ORR Social Event

Auch das Social Event war wie in der Vergangenheit eine tolle Sache, nicht zuletzt wegen der Location.

Was mich aber wirklich jedesmal auf solchen Linux und Open Source Events begeistert, ist der Umgang miteinander. Es fuehlt sich eigentlich immer so an, ob als ob es kein oben oder unten gibt, kein gut oder schlecht gibt und jeder ist in irgendeiner Weise Anbieter und Konsument zugleich. Alle packen mit an wo Haende gebraucht werden. Ich hoffe, dass mich mein Eindruck nicht taeuscht und dass all diese Menschen im Alltag genau so einen offenen Umgang miteinander pflegen.

Mein besonderer Dank gilt natuerlich allen Helfern und vor allem den Freifunkern, welche durch Bereitstellen von weiterer Hardware sowohl das ORR eigene WLAN verbessert haben, als auch zusaetzlich noch Ihr eigenes Freifunk Mesh bereitgestellt haben.

Bis zum naechsten Jahr,wenn es wieder heisst: “Ein Pott voll Software”.

Tags: , ,

 


Oct 31 2013

Setting IMAP INTERNALDATE to header date

Category: Computer,LinuxTuxevara @ 11:02

While setting up a self refilling test mail server, I came across the problem that I need other IMAP INTERNALDATEs (aka arrival date) than the create/modify time of the email file.
As my email generator script creates random dates for the email headers that are between 10 years back and today, it would make perfect sense to also use them as the arrival date of the message.

Five minutes later the following little script was finished, which I think could be pretty useful for anyone who has to update the arrival date in his IMAP server that uses Maildir format or similar. This could for instance become quite handy after an email migration where the IMAP INTERNALDATE could not be retained.

#!/bin/sh

for FILE in `find $1 -type f`
do
    DATE=`grep "Date" $FILE | cut -d ":" -f 2- | sed -e 's/^ *//g' -e 's/ *$//g'`
    if [ -n "$DATE" ]
    then
        echo "Setting modified time of \"$FILE\" to \"$DATE\"."
        touch -c $FILE --date="$DATE"
    else
        echo "No date found in \"$FILE\"."
    fi
done  

Tags: , , ,

 


Jul 04 2013

NRPE on Centos or RHEL6

Category: LinuxTuxevara @ 16:52

If you are running NRPE on Centos or RHEL 6 and wonder why check commands that are prepended with a sudo command always fail: remove the “requiretty” option from your /etc/sudoers and everything will work fine again. It’s a shame that it takes strace to get the initial error message our of nrpe-server.

Tags: , , , ,

 


Jun 30 2013

Comparison: Condor vs. AirBerlin

Category: AllgemeinTuxevara @ 18:00

We had the chance to compare both airlines on medium-haul flights to the canary isle Teneriffe, where we spent one week last November and, due to the bad weather in November, we returned for another week this June.

In November we flew with Condor and this time we had to take AirBerlin as no Condor flight were available when we booked the vacation. The price of the flights itself was nearly exactly the same, but at least the difference in the offered meals on board is huge. On Condor flights to Teneriffe you always get a warm meal for lunch and dinner. As we pre-ordered the premium menu, we got a three/four course menu and steel cutlery for additional 10 EUR per person/flight. Compared to what you get the price is quite fair. The selection of food was very good and had a great taste.

What do you get on AirBerlin medium-haul flights? Without paying extra, you get a cheese or ham sandwich. Well that is what most airlines offer even on short-haul flight. We again pre-ordered a premium meal as we once again were flying to Teneriffe right over lunchtime and back in the evening. The premium meal, which costs also about 10 EUR was just one meal that comes additionally to the sandwich. Quality was good, though it felt a little bit over-priced.

Another thing that bugged me on the AirBerlin fight to Teneriffe was the fact they still have those old proprietary aircraft earphones plugs for which you have to buy extra earphones for 3 EUR each. An the other hand advertising of their duty free shop wasn’t as pushy as on the Condor flights and the onboard entertainment on the A330-200 was awesome on our flight home.

Overall, I personally would prefer Condor over AirBerlin for that trip.

Tags: , ,

 


Jun 30 2013

DHL…The next episode

Category: AllgemeinTuxevara @ 17:32

A while back in a different German post on this blog I wrote about some issues with DHL delivering packets to our address. Instead they always dropped them at the same neighbor telling him we were not at home, which tuned out to be nothing else than a big dirty lie.

During the last two months our neighbors that live on the same floor and we took part in the next episode of DHL’s game “cheating on neighbors”. Here is the full story:

Our neighbors bought some stuff from an Amazon marketplace shop. After the package did not arrive within the expected period, they looked up the status on the DHL package tracking site to figure out where it got stuck. To their surprise the DHL package tracking site told them, that it was already delivered to guess who: US! So they asked us about the package they awaiting. Unfortunately we couldn’t help them, as we never received the package and at least I had a good alibi of being over 150km away from home by bike the day it was delivered to us as being recorded in DHL’s tracking system. Luckily we get along very well with our neighbors, so they fully believed in our statement not having accepted such a package. We both agreed that it would be best to request all delivery information from DHL including the signature of the person who accepted the package.

It took some time as this information can only be requested by the sending party which was not very cooperative. When it finally arrived it was funny and terrifying at the same time: The signature was not even close to mine or my wife’s. Yes right: the delivery boy really tried to fake our signature and probably dropped it in someones trash. U-N-B-E-L-I-E-V-A-B-L-E, isn’t it?!

I received a call from DHL this week that they will do anything to prevent such a thing in the future and fortunately Amazon did a refund, although it was bought trough a marketplace shop and not Amazon directly.

Tags:

 


Jun 04 2013

Windows 8 really sucks hard

Category: ComputerTuxevara @ 16:55

I had the chance to spend some time playing around with Windows 8 for couple of hours today. And shall I tell you something: It sucks even harder than I ever thought it would after catching just quick glimpses in the last months. The whole language and keyboard logic looks completely broken to me. I ended up in so many annoying situations that I stopped counting after a while. How about user management? Using the new shiny interface enforces the creation of a hotmail.com, outlook.com or live.com account. Sorry guys, don’t need and want that. Especially not when only setting up a test machine. At least using the old Computer Management tool allowed me to get past that step.

I still think the usability of the new interface is horrible with keyboard and mouse. It’s getting even worse when connecting to such a machine through VMWare or RDP, where the mouse isn’t trapped inside the window. It’s mostly the same reasons for which I blame Ubuntu’s Unity that I dislike about the new Windows 8 UI.

Tags: ,

 


Next Page »