Kyle Brandt

A Intermittent Problem:
I wrote a Perl script for Nagios that would figure out the bandwidth of an interface by parsing TX (transmit) and RX (receive) bytes from /proc/net/dev. The proc file system is a virtual file system that provides the ability to view various kernel statistics as well as modify some kernel parameters. My script parses the file twice at a specified interval, and then subtracts the old value from the new value to return bytes per second. I realized that this wasn’t the most accurate method, but it was good enough for my purposes and I didn’t have to install snmp. Also, the larger the interval, the smaller the error would generally be assuming light load.

The problem was that this script would fail every so often with ‘Not numeric subtraction’. So I started saving snapshots of /proc/net/dev and noticed that the script would fail after when the values were around 4 billion something. This I knew to be in the neighborhood of 2^32 (The max of a positive only 32-bit integer value). To confirm my thoughts that this was the max value for this counter, I decided to have a poke around the kernel source code.

Into the Kernel:
I didn’t know where to look in the source for this, but /proc/net/dev has the string ‘Inter-|’ which I figured would be a unique enough string to give me a place to start. Sure enough, a recursive grep for this string returned only 3 lines of code. The function I wanted was dev_seq_printf_stats in dev/core/dev.c:

static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
{
        struct net_device_stats *stats = dev->get_stats(dev);
        seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
                   "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
                   dev->name, stats->rx_bytes, stats->rx_packets,
                   stats->rx_errors,
                   ///.....

Looking at the printf specifiers for this they were %ul — unsigned long integer, which on my system was indeed a max of 4294967295 ( 32^2 – 1). I wanted to be extra sure, so I traced the net_device_stats struct to include/linux/netdevice.h and confirmed that the net_device_stats->rx_bytes member was in fact an unsigned long integer. So now I knew the error happened when the counter maxed out and then reset to zero, but why a non-numeric subtraction error?

Problem Found:
%8lu as a ANSI C standard library printf specifier defaults to 8 characters wide, and also defaults to right justify since there is no hyphen flag. To find out if the kernel did the same I traced seq_printf to lib/vsprintf.c and saw that the Linux kernel version formatted this in the same way. When the bytes value was less than 8 characters long, there was leading white space that threw off my parser. All I needed was to add the extra line at line 9 to eliminate any leading whitespace:

sub parseBandwidth {
    my $interface = shift;
    my @ifconfigOutput = @_;
    foreach my $line (@ifconfigOutput) {
        if ( $line =~ /:/ ) {
            my @interfaceLine = split( /:/, $line);
            if ($interfaceLine[0] =~ /$interface/) {
                # Next line is to sanitize leading whitespace
                $interfaceLine[1] =~ s/^\s+//;
                my @interfaceStats = split( /\s+/, $interfaceLine[1] );
                print( LOG "DEBUG I have parsed out: @interfaceStats\n") if $debug;
                return @interfaceStats;
            }
        }
    }
}

Introduction:
I just got a new G1 Android phone, and since it runs Linux I just had to get the Bash shell running on it, the built in shell would just not do.  I do need my tab completion after all. Cross compilation is the process of compiling software on one platform that is meant to run on another.  With the following an ARM executable is compiled on a x86 Linux machine.

Requirements (Not sure if all this is needed, but it is what I used):

• Cupcake 1.5 JS Build with root access: http://androidandme.com/2009/05/guides/beginners-guide-for-rooting-your-android-g1-to-install-cupcake/
• ARM Toolkit (The Cross Compiler): http://www.codesourcery.com/gnu_toolchains/arm/download.html
• Android SDK installed on Linux: http://developer.android.com/sdk/1.5_r2/index.htm
• A G1
• The source code for Bash 4.0: ftp://ftp.cwru.edu/pub/bash/bash-4.0.tar.gz

Step 1: Connect your pc to your phone with the SDK
You first have to be able to connect to your computer with adp which is included with the sdk.  To do this with Ubuntu Januty Jackalope you first need to create a /etc/udev/rules.d/51-android.rules file with the following contents:

SUBSYSTEM=="usb", SYSFS{idVendor}=="0bb4", MODE="0666"

After this run the following to restart udev: ’sudo /etc/init.d/udev reload’. Lastly, on your phone make sure Settings :: Applications :: Development :: USB Debugging is enabled and the plug in your phone.  When you run ‘./adp devices’ you should see a device listed.

Step 2: Build the Bash Shell
After installing ARM toolkit in /home/kbrandt/bin/arm-toolkit (used for this example) set the following environment variables in your shell.

CC='/home/kbrandt/bin/arm-toolkit/bin/arm-none-linux-gnueabi-gcc'
PATH="$PATH:$HOME/bin/"

Then cd to the directory where you extracted the Bash source and run the following:

./configure --prefix=/opt/arm_bash/ -host=arm-linux --enable-static-link --without-bash-malloc

Assuming that worked, edit the ‘Makefile’ file and change ‘CFLAGS = -g -O2′ to ‘CFLAGS = -g -O2 -static’ and then run ‘make’. If this works, it should create a bash executable in the current directory. You can verify that this has been compiled for the ARM architecture with ‘file bash’. This should return:

bash: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, for GNU/Linux 2.6.14, not stripped

Step 3: Copy the File to your android.
From the host computer in the tools directory of the SDK run ‘./adb push ~/src/bash-4.0/bash /data/’ to copy the executable to the phone. If you try to copy it to your sdcard, make sure the sdcard is not mounted with the noexec mount option as this disables the executable permission bit.

Step 4: Run, Enjoy, and Find Bugs.
You can now connect to your phone with ‘./adp shell’ and cd to the data directory and run ‘./bash’ and you should get a bash prompt.  You might need to ‘chmod 555 bash’ if you get permission denied.

References:
http://jiggawatt.org/badc0de/android/index.html

Introduction
For a system administrator it is important to have an efficient and comfortable interface to all your servers. GNU Screen is an excellent utility to be able to have a single terminal connected to multiple servers that won’t disappear when you close the window. I have a set up that allows me to spawn gnome-terminal with different screen sessions for each location I administer in a different tab. Then each screen session has a named ‘tab’ that automatically logs into each server at that location. It ends up looking like this:

My main two recommendations for screen are to set up the meta character as back-tick ( ` ) and to give screen a ‘tab bar’. You can read how to do these two things here.

Setting up Screen
Once you have screen set up the way you like, you can the specify an additional screenrc file with the -c switch and your settings in the ~/.screenrc will still be used. The secondary screenrc is where you can list different server groups. This file will make it so there are named ‘tabs’ for each server, and each tab will log into the server you specify. Each line in the file should be something like ’screen -t myServer ssh myServer’, the first mySever is the name of the tab, and then ssh myServer is the command that will be run. To simplify doing this in the future, I made a little Perl script that reads a file that has one server name per line and prints the rc file to standard out.

#!/usr/bin/perl
#===============================================================================
#         FILE:  makeScreenRc.pl
#        USAGE:  ./makeScreenRc.pl
#       AUTHOR:  Kyle Brandt (kb), kyle@kbrandt.com
#===============================================================================

use strict;
use warnings;

print "zombie qr\n";
while (<>) {
        chomp;
        my $server = $_;
        print "screen -t $server ssh $server", "\n";
}

So if you called the above script with something like ‘perl makeScreenRc.pl myDmzList > myScreenDmzRc’ you can then use the created file with ’screen -R DMZ -c myScreenDmzRc’. The capital R switch looks for an existing detached session and will attempt to reattach it before creating a new one. This will be useful with gnome-terminal in case gnome-terminal crashes.

Setting Up Gnome-Terminal
The next step is to create a profile for each of the screen sessions. You can do this by going to File::New Profile and then create a profile with a relevant name for the screen session, i.e. ‘DMZ’ . After that, Go to the Title and Command tab, check ‘Run a custom Command instead of my shell’ and and edit the command to be something like ’screen -R DMZ -c myScreenDmzRc’. Then repeat this for each of the screen sessions you have set up. Then, you can run something like ‘gnome-terminal –tab-with-profile=DMZ –tab-with-profile=MyOffice’ where DMZ and MyOffice are the names of the gnome-terminal profiles you created. This automatically detaches itself from the controlling terminal, so if you close the terminal you launched this from, the new terminal will not close. Lastly, you can set up a shell alias to run the above command, so all you have to do to open up your command central is type something like ‘myservers’.

Introduction:
GNS3 is a graphical network simulator that is integrated with the Cisco router emulator Dynamips.  In this tutorial I will explain how to connect your Linux host to an emulated 7200 series router, then that router to another 7200 router, and finally that second router will be connected to a Linux VM running in VMware Server.  In this lab environment we will also configure access control lists ( ACLs ), Network Address Translation ( NAT ), and a site-to-site Internet Security Protocol Virtual Private Network ( IPsec VPN ) tunnel between the two routers in Part 2.

Pre-Requists:
• VMware Server
• A Cisco 7200 router firmware image ( You will have to get this on your own, I don’t want to step on Cisco’s copyright )
• This tutorial assumes the Linux host and the virtual machine are running Ubuntu 8.10

Getting Started:
1. Install GNS3: sudo apt-get install gns3 dynamips
2. Start GNS3 and follow the setup wizard, you will want to load the 7200 .bin files
3. Install VMware server: You will need to patch it see here ( http://ubuntu-tutorials.com/2008/11/01/vmware-server-107-on-ubuntu-810-intrepid-2627-7-generic/ ) before installing.  Make sure to allow host-only networking ( You can chose to install all the different networking options ).
4. Create a Ubuntu 8.10 VM with host only networking in VMware server.

Setting up our layout in GNS3:
1. Start gns3 as root: gksudo gns3
2. Create two Cisco 7200 by dragging the icon over from the left.
3. Right click each router, click on the slots tab, and change slot0 to C7200-IO-2FE and slot1 to PA-2FETX ( this will give each router 4 Fast Ethernet interfaces ).
4. Right click each router and change the host names to lab1 and lab2.

GNS3 Network Diagram

Basic configuration for each router:
1. Right click lab1 and chose start.
2. Right click lab1 and chose console.
3. You should see ‘Self Decompressing the Image’, we are now in the emulated IOS terminal connection.

a. Chose yes for ‘initial configuration dialog’.
b. Chose yes for ‘basic management setup’.
c. Call the router lab1.
d. Enter passwords when asked.
e. chose no to SNMP management.
f. Chose FastEthernet0/0 for ‘management network from the above interface summary’.
g. Chose Use the 100 Base-TX (RJ-45) connection.
h. Select no for full duplex.
i. Chose yes to Configure IP on that interface.
j. For the interface IP, chose a s /24 subnet that is not being used in your network or by VMWare ( run ifconfig on your host machine and look at what the vmnet interfaces are to see what VMWare is using ). For my example it is going to be 192.168.1.1
k. Accept the 255.255.255.0 subnet mask.
l.  Press 2 to save.
m. Then go into enable mode by typing ‘enable‘ and then type ‘copy run start‘.
n. Save your work so far in GNS3 by choosing ‘Save as’ and also extract all your configurations by pressing the yellow arrow.

4. Repeat steps 1-3 above for the lab2 router but for step j:

i. Start your VMware Linux VM that was set up with host only networking.
ii. Look at what IP you have  been given, for my example it is was 192.168.21.128
iii. Configure the F0/0 on this router to match that network, in my case it would be 192.168.21.1 with a subnet mask of 255.255.255.0

Getting the Routers to talk to each Other:
1. On lab1:

a. Open up the console for lab1.
b. Run the following commands in the lab1 console:
enable
conf t
int F1/0
ip address 12.12.12.1 255.255.255.252
< ctrl-z >
copy run start

2. On Lab2:

a. Do the same as above but with: ip address 12.12.12.2 255.255.255.252

3. In GNS3 click the icon that looks like an Ethernet cable, chose fast ethernet and connect f1/0 of lab1 to f1/0 of lab2 by clicking on a router and then clicking the other router. Expand the ‘Topology Summary’ for each router so you can verify that the correct interfaces are connected to each other. Do verify that you got the interfaces specified, I found this to be a bit buggy to get the interfaces I wanted.
4. Log into the console of each router and ping the other to make sure the connection is working.

Connect your Host Machine to the Virtual Network:
1. In GNS3 Create a cloud by dragging it from the left.
2. Right click the cloud and chose configure.
3. Click on the NIO TAP tab, type in ‘tap0′ to the field and click ‘Add’ and then ‘Apply’.
4. From your Linux host open up a terminal:

a. Install the utilities that let you create tap interfaces: sudo apt-get install uml-utilities
b. Become Root: sudo su -
c. Load the tun module: modprobe tun
d. Create the tunnel interface: tunctl
c. Give the tap interface an IP that matches your network for lab1’s f0/0, i.e. : ifconfig tap0 192.168.1.100 netmask 255.255.255.0 up
d. If using iptables you may need to add some rules like: iptables -I INPUT 1 -i tap0 -j ACCEPT

5. In GNS3 click the Ethernet icon and select fast ethernet.  Then click Lab1 first and the cloud and select the tap0 interface.
6. Verify you can reach the IP of Lab1’s FastEthernet 0/0 ip by pinging it from you Linux Host.

Connect your Virtual Machine to the Virtual Network:
1. In GNS3 create a cloud by dragging it from the left.
2. Right click the cloud and chose configure.
3. Click on the NIO ETHERNET tab and then ‘Linux Ethernet NIO’, select the vmnet interface that corresponds to the host only networking and click ‘Add’ and then ‘Apply’.  In my example it is vmnet1.
4. In a terminal on your Linux host note the IP of the vmnet interface of the previous step and then remove the ip by entering: sudo ifconfig vmnet1 0.0.0.0 #if vmnet1 was the interface from step 3. The IP is removed because that is the IP we gave the FastEthernet interface on Lab2.
5. In GNS3 connect the cloud to the cloud by clicking the Ethernet icon, selecting fast ethernet, clicking lab2, and then selecting the nio_linux_eth:vmnet1 interface of the cloud.
6. Verify that you can reach the IP of Lab2’s FastEthernet 0/0 by pinging it from the Linux VM.
7. To be able to reach the VM from the Linux host throught the virtual network add the following route to the Linux host: sudo route add -net 192.168.21.0 netmask 255.255.255.0 gw 192.168.1.1

Conclusion:
You should now have a basic network with two routers that you can practice with.  In the second article we will configure NAT, IPsec, and ACLs on the routers.  Please do comment on any confusing steps in this tutorial, I wrote it after doing this myself and not as I did it, so something might be missing.

Reference:
http://www.blindhog.net/tutorials/linux-loopback-tap0.htm
Lab1 Router Configuration
Lab2 Router Configuration

Wojciech Kocjan’s Learning Nagios 3.0 is a clear and gentle introduction that takes readers through the basics and introduces them to the more advanced topics of infrastructure monitoring with Nagios. The writing has a good balance of concise technical information while also providing thorough examples in a tutorial style. This keeps the book from being too dense while not being so repetitive that it comes off as condescending.

The installation and initial configuration are covered together in the same chapter. The installation instructions are thorough; different package managers as well as compiling from source code are included. There are also troubleshooting instructions that cover common mistakes that people tend to encounter when first installing Nagios. One troubleshooting detail that the author neglected to include is a short CPAN tutorial. This would be useful because when standard plug-ins are missing necessary Perl dependencies, CPAN can be used to install them. The configuration of Nagios involves an inheritance engine that can often lead to a high level of complexity. This book includes illustrations for this and many other concepts that are more easily understood visually, and each illustration is explained well.

The more advanced topics covered include distributed monitoring, automated responses to problems (event handlers), and options to reduce the performance impact that monitoring can have. These chapters have inspiring introductions to taking Nagios to a level beyond just a mechanism for the notification of problems. For example, event handlers can be created to restart services that have failed automatically. Also, something such as configuring Nagios to escalate issues to certain people can improve the organization of an IT administration team. The book also explores different organizational styles for configuration files.

Probably the most universal monitoring protocol is Simple Network Management Protocol. This book has one of the clearest explanations of SNMP I have read, as well as a very clear explanation of how to use SNMP with Nagios. I would recommend this chapter to anyone looking for a good SNMP introduction, even if Nagios is not the primary interest.

The one chapter I felt was lacking in thoroughness was ‘Extending Nagios,’ which gets into writing your own plug-ins. The first simple example is a thirty line Python script, but an effective Nagios plug-in can be a shell script that is only a few lines. Also there are standards to writing Nagios plug-ins (see http://nagiosplug.sourceforge.net/developer-guidelines.html) which are discussed in Chapter 4, but this part is glossed over.

Overall I found this to be a well written and informative book that guides an administrator through Nagios with more clarity than Nagios’ own documentation does.

I recently picked up a 40 inch 1080p TV on Black Friday for my media computer (standard Ubuntu Intrepid Ibex install). Since this machine is a $450 dollar Dell Vostro (Intel Core 2 Duo E4500 CPU) it isn’t the fastest machine out there, but I have still been able to get generally smooth playback of H.264 1080p video.

Vocabulary
My understanding of the relevant codec vocabulary is as follows (Please comment on any inaccuracies). You get can get a lot of detail from this thread.

• H.264 is the format of the encoded video.
• x264 is a common encoder for creating H.264 video.
• ffmpeg an open source decoder of H.264 video. It is the packaged standard in Linux for vlc and MPlayer.
• CoreAVC is a commercial decoder that is built for windows, but can be used in Linux.
• mkv (Mastroka) is a container that packages the video, audio, subtitles, etc. into one file. There is often H.264 in these files, but .mkv does not always mean H.264 or even HD.

Abstract
To successfully get good playback of 1080p H.264 video I had to purchase the CoreAVC codec, use the coreavc-for-linux project and wine to enable CoreAVC in Linux, and then recompile MPlayer with support for CoreAVC.

CoreAVC
The reason CoreAVC performs so much better than ffmpeg on my system is because CoreAVC is multi-threaded. This means that on a dual core system both CPU cores will be used to decode the video, instead of just one. If you run top and press ‘1′ you can see the utilization of each core, you will probably just see 1 core being utilized when you play video. The other core will probably show some usage, but it will be another process using it.

Since decoding H.264 is very resource intensive, multi-threading really helps. Currently there is no GPU (video card based) decoding for Linux except for a very beta NVidia driver.

CoreAVC costs a very reasonable 15 dollars, so it is definitely worth supporting the development of it.

CoreAVC For Linux
CoreAVC for Linux allows you to use the windows CoreAVC codec with Linux. The wiki on the project page will guide you through the installation. You must first run the CoreAVC install using wine (‘apt-get install wine‘ if you don’t have it already). Then follow the steps in registering the codec. Lastly, you will need to apply a patch to MPlayer and then compile it from source. Alternativly, you can get pre-built binaries (.deb ) from here of MPlayer and coreavc-for linux, but you will still need to install and register CoreAVC.

Mplayer

Mplayer is a very flexible player with a great depth of configuration. After applying the patch as instructed to in the CoreAVC wiki I configured it to install into /opt/mplayer before compiling (with ‘./configure PREFIX=/opt/mplayer‘) so I would have both the Ubuntu packed MPlayer and my own compiled version. I then run my version by typing the absolute path to it ( /opt/mplayer/bin/mplayer ).

I also had to update my x264 libraries for the latest subversion snapshot of MPlayer to compile successfully in Ubuntu Inrepid Ibex:

sudo apt-get install git-core
git clone git://git.videolan.org/x264.git
cd x264
make
sudo make install


The one problem I am still trying to resolve with MPlayer is to stop screen tearing. Screen tearing is when part of the image is no longer vertically aligned with the rest of the image for a brief moment. It is most noticeable in shots when the camera is panning. It is caused by the refresh rate of the monitor not being synced with the refresh rate of the video. There is only one way to fix this that I have found in Linux and that is to enable VSync to Blank and use the OpenGL output buffer. (sync to vblank can be enabled with the driconf package). Unfortunetly, for me when I select OpenGL with MPlayer the screen flickers. To try OpenGL pass ‘-vo gl’ to MPlayer.

The MPlayer options I use are: ‘-vc coreserve -cache 20000 -fs’. ‘-vc coresevre’ selects CoreAVC,the cache switch creates a cache of 20MB that will help if other applications are accessing the disk, and finally ‘-fs’ makes the playback fullscreen. I also increase the disk io and the cpu priority of MPlayer and dshowserver to max with the following commands:

ps aux | grep mplayer #Note the PID of the process (second column)
ps aux | grep dshow #Again, note the PID
#The following for both PIDs:
renice -1 -p$PID
ionice -c 1 -p$PID

Conclusion
With this setup I get much better 1080p HD playback than I did with the default Ubuntu Intrepid Ibex setup. I only occasionally get a hickup in playback but only in the most demanding scenes (lots of water) from something like BBC’s Planet Earth.

The current infrastructure at my office uses network information services (NIS) to authenticate users on Linux machines against the office’s Window’s domain. I found this to be unreliable. It depends upon Microsoft Identity Management for Unix, version 5.2, which is flaky in my experience.

My goal was to be able to transition from NIS to authenticating directly with Active Directory (AD) smoothly. I also wanted to maintain the shared home directories that reside on a network file system (NFS) server. The solution I have chosen is Likewise Open, I have found it very easy to set up while still being customizable. In order to maintain the shared home directories I have just taken the automount configuration out of NIS and put it locally on each machine. Even though this may not be as centralized I think it is better because the mounts don’t depend upon Microsoft’s Unix Identity Management.

The following are the steps I took to set this up. Likewise has good documentation so I recommend you look at that before you follow my steps. I am deploying this as I rebuild machines with Centos 5.2 which makes the process a little neater (If you want to transition current machines you will probably need to google nsswitch.conf):

1. When deploying Centos be sure to set up Network Time Protocol (NTP) during the installation because Kerberos authentication depends on approximate clock synchronization between the client and the server.
2. Download and install Likewise Open (as root):
   a) wget http://www.likewisesoftware.com/bits/Fall08/3895/LikewiseIdentityServiceOpen-5.0.0.3895-linux-i386-rpm-installer
   b) chmod +x LikewiseIdentityServiceOpen-5.0.0.3895-linux-i386-rpm-installer
   c) ./LikewiseIdentityServiceOpen-5.0.0.3895-linux-i386-rpm-installer
3. Join the domain (as root):
   a) /opt/likewise/bin/domainjoin-cli join mydomain.com administrator
   b) Where administrator is a user with privileges to join a computer to the domain
4. Customize Likewise to use the mounted home directories (automount of home directories explained in step 5). It is important to do this before logging in, because once users have logged in you can’t change the home directory without reinitializing likewise:
   a) in /etc/likewise/lsassd.conf edit the following:
   i) Change the homedirecy path: homedir-template = %H/users/%U
   ii) Make sure it doesn’t mess up a home directory: create-homedir = no
   iii) Make it so when logging in the domain does not have to be specified: assume-default-domain = yes
   iv) Changed the shell to bash: login-shell-template = /bin/bash
5. Set up automount to mount people’s home directories which live on a NFS server:
   a) Add the following to /etc/auto.master: /home/users /etc/auto.home –timeout 60
   b) Create auto.home and enter the following into the file: * -rw [nfs_server_ip]:/dir_where_homes_are/&
   c) restart autofs: /etc/init.d/autofs restart
   d) The home directories will not appear until you change directory into them, hence automount
6. Migrate from NIS:
   a) After a successful login with a windows username type the id command and note the users UID number. The UID number is what Unix cares about, the name isn’t important. The UID that Likewise generates is a hashed version of the Windows SID.
   b) Log into your Windows domain controller. Click the user properties and then in the “Unix Properties” tab change the UID to match what Likewise generated. This way servers that are still on NIS will be consistent with Likewise Open.
   c) Reown the users home directory with the new UID: chown -R [UID] /home/users/[user]
7. Optional: Change users shell
   a) Since everyone with Likewise uses the same shell, if you like a different shell like zsh you can put the following in /home/users/[user]/.profile : if which zsh; then; exec zsh; fi
   b) The exec command replaces the current shell with whatever command you specify, so you won’t be running zsh within a bash process.

Update: I do not recommend the following the method. It left me with a partial install (which fortunately I have seem to recovered from). Also when trying to install a restricted driver, I had to delete the cdrom source from apt. This was because the restricted drivers GUI would hang when trying to mount the cdrom.

Since I have several computers with Ubuntu that I wanted to upgrade the most efficient way for me to do this was to upgrade using the cdrom. In order to do this you must use the alternate install cd. If you scroll to the bottom of the previous link you can grab the alternate cd from one of the mirrors.

When I did the following upgrade process it was from Hardy Heron to Intrepid Ibex. The following instructions are at your own risk, upgrades can often lead to bad situations.

1. Get the alternate install cd (see above).
2. Mount the .iso image or burn it and put it in the cdrom drive: To mount the iso image, first create the /mnt/iso directory with mkdir /mnt/iso and then: sudo mount ubuntu-8.10-alternate-i386.iso /mnt/iso/ -t iso9660 -o ro,loop=/dev/loop0
3. ssh into your remote machine you wish to upgrade: ssh remote-machine
4. (Optional, but highly recommended): Start a screen session so if you get disconnected it won’t interrupt the upgrade (read how to use screen here): screen
5. Within the screen session, start a text-based cdrom upgrade with the following command: sudo /mnt/iso/cdromupgrade –frontend=DistUpgradeViewText
6. The upgrade will periodically ask you yes/no questions throughout the upgrade, so it is not unattended. If you really wanted it to you could try using the yes command and a pipe to force yes to all, but I wouldn’t recommend it and am not sure if it would work:-) One odd thing is if you type ‘d’ for details it opens the information in the program ‘less’, so if you chose this just press ‘q’ to quit after you are done reading the information.

“OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict.”

For each of these containers or VEs, there are resource limits. The psuedo file system, /proc, tracks various process and kernel information. The OpenVZ kernel provides the file /proc/user_beancounters that tells us if any of these limits have been reached (amoung other information). This is important because a process may fail to start (i.e. tomcat) if the limits have been reached. I wrote a script in python designed to be executed on the OpenVZ host machine by Nagios.

The script parses /proc/user_beancounters and will exit with appropriate Nagios exit status if one of these limits has been reached. If you don’t want to run this script as root, I recommend compiling a shell script with shc to copy the bean_counters file, own it as a unprivilaged user, and then make that a setuid root script (Linux won’t usually allow setuid shell scripts, which is why shc can be used to compile it. Does anyone think if the script only copys the file to tmp that this might be dangerious?). This is what the script expects with its current configuration. The script is easy to modify to make it check for other parameters besides the fail count (failcnt) as well.

You can get the script here: nagios_vz_bean.py

I was lucky enough to be loaned a couple of CISCO 1720 routers by my office today. Connecting to them was pretty straight forward.

What you will need:

1. A roll-over cable (aka Cisco Console Cable). These are usually RJ-45 on the router side and serial on the PC side.

2. If your computer doesn’t have a serial port (like mine) you can get a 9-pin D-sub serial to USB cable. I got the Gigaware cable from RadioShack for thirty dollars.

Get Connected:

The following worked for me with Hardy Heron installed on my MSI Wind.

1. Connect all the cables: USB — > Serial –> Crossover –> Console Port
2. Download and install Minicom: sudo apt-get install minicom
3. Make sure that the USB to serial cable is recognized. lsusb should list something like Bus 001 Device 002: ID 05ad:0fba Y.C. Cable U.S.A., Inc.
4. Type ls /dev/tty* to make sure /dev/ttyUSB0 or something similar is listed.

Update: In my search to reset the password to the router, I needed to send a break to the console. I was finally able to do this using GNU screen. Screen is easier than minicom, all you need to do is type screen /dev/ttyUSB0 instead of the remaining steps five through eight. I was then able to send my break using [meta-command]-B or [meta-command]-b (Not sure which it was).

5. Start minicom with minicom and hit CTRL-A and then O to open the options. (All commands in minicom start with CTRL-A, like GNU Screen).
6. Enter A to change the serial device setting to /dev/ttyUSB0 or whatever you found in step 4.
7. Select “Save setup as dfl”
8. Hit CTRL-A X to exit and then restart minicom, the port should be displayed as /dev/ttyUSB0
9. When it restarted all I had to do was hit enter to get the prompt of my CISCO 1720