DaveQB's Rambles

I found upgrading to the latest kernel on linux mint lead to my zfsonlinux modules not being rebuilt through dkms like it should and normally does. Found this thread on google groups.

dkms install -m spl/0.6.0.97 -k 3.2.0-38-generic/x86_64
dkms install -m zfs/0.6.0.97 -k 3.2.0-38-generic/x86_64
update-initramfs

Looking into it, it seems that the /etc/ssl/certs/ca-certificates.crt file is just a concatentation of all the certs found in /etc/ssl/certs/. So to generate this file I simply ran as root:

cat /etc/ssl/certs/* >> /etc/ssl/certs/ca-certificates.crt

Easy as that. Now my Funambol connector for Thunderbird (using curl) doesn't complain and then fail to sync.

If anyone has tried building ZFS on Linux on Suse you will know that you end up at a deadend. Well at least I did. I then had the idea of searching on the OpenSuSe Build service. I found this page: http://software.opensuse.org/download?project=home:munix9:zfs&package=zfs-modules. I went with the manual approach. The commands were:

zypper addrepo http://download.opensuse.org/repositories/home:munix9:zfs/openSUSE_12.1/home:munix9:zfs.repo
zypper refresh
zypper install zfs-modules

But these commands are incorrect. What you actually need to do is:

zypper addrepo http://download.opensuse.org/repositories/home:munix9:zfs/openSUSE_12.1/home:munix9:zfs.repo
zypper refresh
zypper source-install zfs-modules
cd /usr/src/packages/SPECS/
rpmbuild -bb zfs-modules.spec
zypper in ../RPMS/x86_64/zfs-*
modprobe zfs

Initially on a file copy test I was getting 5MB/s. But ever since then all testing is proving adequate performance, about 50MB/s with some bursting up to 90MB/s. Tried working with some video files and although not like ext4, not far behind. The building of the RPM's from the spec files will probably be needed ever kernel update, by hand. Oh well, still a very happy boy.

I have fail2ban on my CentOS 6 server. It wasn't a smooth install and I had to fiddle with some configs to get it all working, but it does. One thing I noticed in my logwatch was pop3 failed authentications where getting into the hundreds per IP address. With maxretry set to 10, this should not be possible. After painstaking troubleshooting, I found to realise that the IP I was looking for, as an example was indeed in the mail logs for a failed auth, but only when trying IMAP. One can only assume pop3 was tried first and then IMAP and at that point the IP was banned. Looking further and testing with telnet from a remote client, pop3 fails authentications were not being logged at all.

Answer: you need to set auth_verbose=yes in dovecot.conf

Just a quick note on getting the Hauppauge WinTV PVR-350 working on OpenSuse 12.1. Yes this is an old card but it is what I use to capture old VHS tapes to my hard drive to then later encode. It has been awhile since I set this up on my system as I have been running PCLinuxOS for a few years now. To get this working you need to install both 'v4l-utils' and 'ivtv-firmware'. From dmesg:

[    7.719978] ivtv: Start initialization, version 1.4.3
[    7.776334] ivtv0: Initializing card 0
[    7.776364] ivtv0: Autodetected Hauppauge card (cx23415 based)
[    7.776465] ivtv 0000:04:07.0: PCI INT A -> GSI 21 (level, low) -> IRQ 21
[    7.776499] ivtv0: Unreasonably low latency timer, setting to 64 (was 32)
[    7.833642] tveeprom 0-0050: Hauppauge model 48139, rev K2B7, serial# 8654550
[    7.833672] tveeprom 0-0050: tuner model is Philips FM1216ME MK5 (idx 117, type 38)
[    7.833699] tveeprom 0-0050: TV standards PAL(B/G) PAL(I) SECAM(L/L') PAL(D/D1/K) (eeprom 0x74)
[    7.833749] tveeprom 0-0050: audio processor is MSP4418 (idx 25)
[    7.833775] tveeprom 0-0050: decoder processor is SAA7115 (idx 19)
[    7.833801] tveeprom 0-0050: has radio, has IR receiver, has no IR transmitter
[    7.833827] ivtv0: Autodetected Hauppauge WinTV PVR-350
[    7.858471] saa7115 0-0021: saa7115 found (1f7115d0e100000) @ 0x42 (ivtv i2c driver #0)
[    7.997481] saa7127 0-0044: saa7129 found @ 0x88 (ivtv i2c driver #0)
[    8.033966] i2c-core: driver [msp3400] using legacy suspend method
[    8.034001] i2c-core: driver [msp3400] using legacy resume method
[    8.045568] msp3400 0-0040: MSP4418G-B3 found @ 0x80 (ivtv i2c driver #0)
[    8.045598] msp3400 0-0040: msp3400 supports nicam and radio, mode is autodetect and autoselect
[    8.046643] i2c-core: driver [tuner] using legacy suspend method
[    8.046674] i2c-core: driver [tuner] using legacy resume method
[    8.052144] tda9887 0-0043: creating new instance
[    8.052178] tda9887 0-0043: tda988[5/6/7] found
[    8.053272] tuner 0-0043: Tuner 74 found with type(s) Radio TV.
[    8.054355] tuner 0-0061: Tuner -1 found with type(s) Radio TV.
[    8.057250] tuner-simple 0-0061: creating new instance
[    8.057277] tuner-simple 0-0061: type set to 38 (Philips PAL/SECAM multi (FM1216ME MK3))
[    8.071854] ivtv0: Registered device video0 for encoder MPG (4096 kB)
[    8.071904] ivtv0: Registered device video32 for encoder YUV (2048 kB)
[    8.071950] ivtv0: Registered device vbi0 for encoder VBI (1024 kB)
[    8.071996] ivtv0: Registered device video24 for encoder PCM (320 kB)
[    8.072074] ivtv0: Registered device radio0 for encoder radio
[    8.072128] ivtv0: Registered device video16 for decoder MPG (1024 kB)
[    8.072178] ivtv0: Registered device vbi8 for decoder VBI (64 kB)
[    8.072226] ivtv0: Registered device vbi16 for decoder VOUT
[    8.072276] ivtv0: Registered device video48 for decoder YUV (1024 kB)
[    8.072303] ivtv0: Initialized card: Hauppauge WinTV PVR-350
[    8.072354] ivtv: End initialization
[    8.697786] ivtv0: Unable to open firmware v4l-cx2341x-enc.fw (must be 376836 bytes)
[    8.697812] ivtv0: Did you put the firmware in the hotplug firmware directory?
[    8.697833] ivtv0: Retry loading firmware
[    9.321108] ivtv0: Unable to open firmware v4l-cx2341x-enc.fw (must be 376836 bytes)
[    9.321133] ivtv0: Did you put the firmware in the hotplug firmware directory?
[    9.321168] ivtv0: Failed to initialize on device video0
[    9.321211] ivtv0: Failed to initialize on device video48
[    9.321251] ivtv0: Failed to initialize on device radio0
[    9.321288] ivtv0: Failed to initialize on device vbi0
[    9.321324] ivtv0: Failed to initialize on device video32
[    9.321360] ivtv0: Failed to initialize on device video24
[    9.321547] ivtv0: Failed to initialize on device vbi16
[    9.321591] ivtv0: Failed to initialize on device video16
[    9.321693] ivtv0: Failed to initialize on device vbi8

rmmod ivtv && modprobe ivtv

Now running 'v4l2-ctl -L' gives us output and not an error.

I realised that the ID of files on NFSv4 mounts on my desktop (client) were the default nobody, 4294967294. In checking there was no idmapd running. Also I noted I had not even edited the /etc/idmapd.conf file to enter the local domain name. Did that but still, there was no idmapd init script to launch and executing idmapd would not start. I found out from some google searching that this is a commonly report problem, that is, idmap is started in the /etc/init.d/nfs script, but if you are mounting NFSv4 mounts (that need idmapd) with autofs, then this script won't be called. Calling it manually doesn't help as it aborts after not finding any NFS monts in /etc/fstab.

So I hacked up an idmapd using the nfs init script and tearing out everything besides the idmapd lines. I have not thoroughly tested it, so YMMV. ensure the file is named rpc.idmapd as this is important. Script is below:

cat /etc/init.d/rpc.idmapd
#! /bin/bash -x
# Copyright (c) 1996-2002 SuSE Linux AG, Nuernberg, Germany.
# Copyright (c) 2008 SuSE LINUX Products GmbH, Nuernberg, Germany.
# All rights reserved.
#
# Author: Florian La Roche, 1996
#      Werner Fink , 1996,2008
#      Burchard Steinbild, 1996
#
# Please send feedback to http://www.suse.de/feedback
#
# /etc/init.d/nfs
#
### BEGIN INIT INFO
# Provides:       rpc.idmapd
# Required-Start: $network $portmap
# Required-Stop:  $network $portmap
# Default-Start:  3 5
# Default-Stop:   0 1 2 6
# Short-Description: idmap Daemon 
# Description:    The NFSv4 idmap Dameon
### END INIT INFO

. /etc/rc.status
. /etc/sysconfig/nfs

# XXX: there should be separate init scripts for these really
IDMAPD_BIN=/usr/sbin/rpc.idmapd

IDMAPD_CLIENT_STATE=/var/run/nfs/nfs-rpc.idmapd
IDMAPD_SERVER_STATE=/var/run/nfs/nfsserver-rpc.idmapd

if [ -z "$RPC_PIPEFS_DIR" ]; then
    RPC_PIPEFS_DIR=/var/lib/nfs/rpc_pipefs
fi

NEED_IDMAPD=no
NEED_GSSD=no
NEED_LDCONFIG=no
state=0
usr=""
opt=""
mnt=""
nfs=$NFS_START_SERVICES
if [ "x$nfs" != "xyes" ]
then nfs=no
fi

if test "$NFS4_SUPPORT" = yes ; then
    NEED_IDMAPD=yes
fi
if grep -E '^(sunrpc|fs.nfs)' /etc/sysctl.conf > /dev/null 2>&1 ; then
    nfs=yes
fi

mount_rpc_pipefs() {
    # See if the file system is there yet
    case `stat -c "%t" -f "$RPC_PIPEFS_DIR"` in
    *67596969*)
        return 0;;
    esac
    mount -t rpc_pipefs rpc_pipefs "$RPC_PIPEFS_DIR"
}

umount_rpc_pipefs() {
    # See if the file system is there
    case `stat -c "%t" -f "$RPC_PIPEFS_DIR"` in
    *67596969*)
        umount "$RPC_PIPEFS_DIR"
    esac
}

do_start_idmapd() {
    mount_rpc_pipefs

    # as idmapd needs to be run by server and client
    # check if there is already a idmapd running
    if checkproc $IDMAPD_BIN && test -f $IDMAPD_SERVER_STATE; then
        killproc -HUP $IDMAPD_BIN
    else
        startproc $IDMAPD_BIN
        return $?
    fi
}

rc_reset

case "$1-$nfs" in
    start-no|reload-no)
        # Always run smnotify, even if no mounts are listed in fstab.
        # If there is nothing to do, it will exit quickly, and if there
        # is something to do, the sooner it is done, the better.
        /usr/sbin/sm-notify $SM_NOTIFY_OPTIONS
        echo -n "Not starting NFS client services - no NFS found in /etc/fstab:"
        rc_status -u
        ;;
    start-yes|force-start-*)
        echo -n "Starting NFS client services:"
        # start idmapd
        if test "$NEED_IDMAPD" = yes ; then
            echo -n " idmapd"
            do_start_idmapd || {
                rc_status -v
                rc_exit
            }
            [ -d /var/run/nfs ] || mkdir /var/run/nfs
            echo $IDMAPD_BIN > $IDMAPD_CLIENT_STATE
        fi

        rc_status -v
        #
        # generate new list of available shared libraries
        #
        if test "$NEED_LDCONFIG" = yes; then
            # check if ld.so.cache needs to be refreshed
            /etc/init.d/boot.ldconfig start
        fi
        #
        ;;
    stop* )
            # stop idmapd
            if test -f $IDMAPD_CLIENT_STATE; then
                # only stop idmapd if it is not needed by server
                if test ! -f $IDMAPD_SERVER_STATE ; then
                    echo -n " idmapd"
                    killproc $IDMAPD_BIN
                fi
                rm -f $IDMAPD_CLIENT_STATE
            fi 
            umount_rpc_pipefs

            rc_status -v
        ;;
    reload*|force-reload*)
        # only IDMAP has any sense in which 'reload' makes sense.
        if checkproc $IDMAPD_BIN; then
            killproc -HUP $IDMAPD_BIN
        fi
        rc_status
        ;;
    restart*)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 force-start
        rc_status
        ;;
    status*)
        # 
        if test "$NEED_IDMAPD" = yes && ! checkproc $IDMAPD_BIN; then
            echo "idmapd not running"
            rc_failed 3
        fi
        rc_status -v
        ;;
    try-restart*|condrestart*)
        # This restart is not only conditional on the services already
        # running, but is also gentler in that NFS filesystems are
        # not unmounted or remounted.
        # It is possible that the programs have been reinstalled so
        # we pass a basename rather than a full path to checkproc and killproc
        echo -n "Restarting NFS services:"
        if checkproc ${IDMAPD_BIN##*/}; then
            echo -n " idmapd"
            killproc ${IDMAPD_BIN##*/}
            startproc $IDMAPD_BIN
        fi
        rc_status -v
        ;;
    *)
        echo "Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart}"
        exit 1
esac
rc_exit                                    

I am loving susestudio to build custom versions of SuSe. The web interface is very easy to work with and gives you lots of ways to customise your own "distribution". One issue I have noticed is the disk image you get is an ext3 file system. Not that ext3 is all that bad, but why not ext4 which is mature now and offers performance advantages. Also the disk images is 1 big partition.

I resized the partition and seperated the root and home paritition and removed the swap partition. I then decided to convert the root partition to ext4. I followed these steps which worked well. I then edited the fstab to change the root from ext3 to ext4. I tried booting and although grub worked and the initrd seemed to get going, I had an error to the effect of unable to mount root volume as the file system has unsupported optional features (4.0). I figured the initrd didn't have ext4 support for some odd reason. I rebooted into a working OS and executed this:

mkdir a
mount /dev/sde1 a
mount -B /dev a/dev
mount -B /sys a/sys
mount -B /proc a/proc
chroot a/
vim /etc/sysconfig/kernel
[Added ext4 into the INITRD_MODULES variable]
mkinitrd -v -k vmlinuz-3.1.10-1.9-default -i initrd-3.1.10-1.9-default
exit
reboot

Happy days. A booting susestudio system made from susestudio and on a root ext4 file system.

Credit goes to this post.

I found that wget has been having issues with SSL certs on PCLinuxOS since about November 2011. It was producing an error like this:

ERROR: Cannot open directory /etc/openssl/certs.

A little google found this blog entry on the matter: http://andrzejl.no-ip.org:10101/wordpress/2011/11/11/solved-wget-https-error-cannot-open-directory-etcopensslcerts/
I didn't even have the folder /etc/openssl. So in stead I just did this:

cat ~/.wgetrc
ca-directory=/etc/ssl/certs/

Creating that wget rc file and putting in that variable solved it for my local user. Of course doesn't solve it for all users. I could perhaps create /etc/wgetrc but this is a single user machine anyway.

When using wget to download files with URL's that give a 302 redirect, wget uses the name in the original URL not the name in the final URL. To use the file name in the final URL, add the switch --trust-server-name.

On he odd occasions I boot up my Muthbuntu system without a disk in it that is in the fstab, I am asked on the boot screen what to do with this missing disk. Press M to manually mount or S to skip. Well this is not practical on a headless system; I end up having to go kind a keyboard and monitor. Drag them over and plus them in to resolve this issue. To avoind this add the nobootwait option to the mounts you want not be skipped if not present. I added it to all but the slash mount. Happy days!