Linux
AV / Linux / Technology / Troubleshooting

XBMC HDMI Audio Troubleshooting

by MadHatter on Jun 30, 2011 No Comments

I ran into some issues while configuring my XBMC HTPC with HDMI audio.  After some time with various troubleshooting steps I was able to repair the issue by completing the following steps:

 

Relevant system specific information:

OS: Ubuntu Desktop 11.04
HDMI Device: XFX ATI 5770

sudo alsamixer

Ensure no devices are muted (indicated by “MM”).

sudo alsactl store 0

This step saves the running alsa configuration

sudo aplay -l

This command will list the installed alsa devices.  Choose the device which you want to output the HDMI audio from – paying attention to the card number and device number.

card 1: Generic [HD-Audio Generic], device 3: HDMI 0 [HDMI 0]

The above information is used to configure a custom audio device within XBMC.  Within the XBMC system configuration settings, change the output device and output passthrough device to custom with the following name:

plughw:1,3  (Note that yours may differ – it is based on the output of the aplay command.

 

After saving, restarting the machine, and re-launching XBMC, I was now receiving audio over HDMI – though sounds for the system menus no longer functioned (an issue I’ve since ignored).  However, when I played audio, it did not seem as though I was receiving the center channel audio.  I was able to fix this by an odd combination of configuration settings.  While playing a video I set the audio to analog – changed the volume from -60db to 0db, and switched audio back to HDMI.

Linux / Networking / Technology / Troubleshooting

Ubuntu Server PXE Install

by MadHatter on Nov 1, 2010 No Comments

I was working on a set of Ubuntu servers for a cluster in my network lab and wanted to look into alternative boot methods to streamline the process.  I followed a lot of tutorials which recommended setting up a new DHCP server that could assign the machines leases and then direct the machines to the correct boot file.  After some failed attempts with running a temporary DHCP and TFTP server on a Windows machine I sifted through my DHCP server settings for pfSense and found that it actually had support for network boot built in.  This was great and allowed me to skip the whole DHCP server step and just change the following in the Services > DHCP Server tab in pfSense:

Of course for this to work I had to have pfSense’s DHCP server enabled.  Having this setup will now allow the bootable machines to be assigned a DHCP lease then look for the TFTP server at the address specified (192.168.2.200 in my situation) and to look for pxelinux.0 to boot from.  The next portion of this setup is a slightly modified version of the article found here https://help.ubuntu.com/community/PXEInstallServer , modified in the sense that I left out any DHCP server steps due to the fact that I’m handling the direction through pfSense.

Setting up your PXE server on Ubuntu:

sudo apt-get install inetutils-inetd tftpd-hpa

sudo nano /etc/default/tftpd-hpa

Make sure this file looks like this:

#Defaults for tftpd-hpa
RUN_DAEMON="yes"
OPTIONS="-l -s /var/lib/tftpboot"

Save the file if you need to make any changes and restart the daemon:

sudo /etc/init.d/tftpd-hpa restart

sudo nano /etc/inetd.conf

Edit the file so it looks similar to the following (note that you may need to change “udp” to “udp4” to override the default and use IPv4:

tftp    dgram   udp    wait    root    /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot

Once completed editing this file we need to copy the boot files from the Ubuntu ISO or CD.  In my case I inserted the Ubuntu Server CD into the machine’s drive and then completed the following:

sudo cp -r /media/cdrom/install/netboot/* /var/lib/tftpboot/

You can copy these files from wherever you’d like just as long as they end up in /var/lib/tftpboot/

At this point you should have everything in working order on the server side.  If your NIC has a boot menu for network boot (as some of my Intel NICs do) you can go ahead and try booting to the network.  If successful, it should retrieve the file from the server and then proceed to the Ubuntu Server installation screen.  If you want to customize your boot from this point (for example, retrieving the files from a local CD instead of over the Ubuntu mirrors via HTTP) see the Ubuntu guide listed earlier.

Client Machine Setup Using gpxe:

I found that I had better results using gpxe on the client machines.  I setup a boot floppy that included all of the NIC drivers by going to this website http://rom-o-matic.net/gpxe/gpxe-git/gpxe.git/contrib/rom-o-matic/ and choosing “all-drivers” and selecting a .dsk as the output format.  There are many different options you can chose as well if you would rather use USB or CD for example.  I created a floppy from this image using the following command:

dd if=IMAGE.dsk of=/dev/fd0

The example above assumes IMAGE.dsk is in the directory you issue this command from and also that your floppy drive is located at /dev/fd0.

This boot disk is quite useful if you are running into any issues.  It has a menu with a few setup and diagnostic commands.  You can manually set the server of which to direct once booted to this disk (if things don’t work for you automatically), change the target boot file, etc.

Troubleshooting:

Hopefully this gets those interested in PXE boot going successfully.  If you are having any problems, here are a few things to check:

  • Check your DHCP server settings.  Ensure that the IP address and filename is correct.
  • Check all of the configuration files edited earlier in this guide.  Any typos in the directory path will prevent things from working properly.
  • Check that your PXE server is listening by issuing the following command: 
    netstat -a | grep tftp
  • Check that your NIC supports PXE boot
  • Check that you have properly enabled network boot in BIOS

If I’ve missed anything feel free to contact me and I’ll add any additional steps for setup or troubleshooting to the list.

Education / Linux / Networking / Technology

Squid3 Transparent Proxy Setup

by MadHatter on Oct 15, 2010 No Comments

Introduction
Being a networking geek, I often try to figure out every aspect I can about different network technologies being used, how to configure them, and what benefits they have to provide when implemented. My home network/lab is a great place to test these technologies in a non-crucial environment. One such networking aspect I haven’t researched much is proxies. Sure, I’ve run into it with application installation that needs a connection configured, and had setup a CGI proxy in the past on a windows machine after my frustrations with my high school’s network blocking my once favorite social new site digg.com, but overall I hadn’t had much knowledge about why else proxies were implemented on a network, so I decided to play with Squid3 to educate myself.

Squid3
Squid3 works as a web-cache proxy which means that while you browse, the content you are retrieving can also be cached for faster retrieval on the machine running the proxy – based on a set of rules in the proxy’s configuration files. This is not to say that ALL content gets cached, due to the fact that most content you are retrieving is dynamic, and it wouldn’t make sense to cache it due to the fact that you would quickly be viewing outdated material. In fact, in most environments only a small amount of content gets cached – which is why a web-cache proxy becomes more effective with more users working behind it. With a one-user environment the speed increase given by the cached content may not even offset the costs of running the proxy. With a multiple user environment there is most likely a significant amount of overlap in the viewed content and leads to the web-cache loading more of the local cached content versus retrieving new material each time. Although the amount of users on such proxies are not limitless as, due to the nature of a web-cache proxy, it will have to perform many reads/writes to its drives to receive and deliver cached content – and without adequate hardware to handle these read/writes, the network will actually suffer in performance as it will be bottlenecked by the proxy’s speed. If you have more questions about what exactly squid is and how it works checkout Squid’s site.

With all of this being said, the decision to implement a proxy on your network will need to be carefully examined by the needs and amount of throughput of the network. Keep in mind that Squid can be majorly tweaked to fit the needs of the network – so looking at the configuration options available is not something to be ignored.
Okay, enough with the explanations, on to the fun part – installation and configuration!

Target Setup:
There are many ways to setup Squid. The most simple is re-directing all traffic to a Squid box on the local network through your software. This requires simply adding the Squid box to the network and directing the web applications on the clients as needed. But those of us administering larger networks know that redirecting client browsers is a pain, and look toward a more automated solution. This was the reason I chose to setup this Squid box as transparent. It is transparent in the sense that no changes will be needed on the client-side for any network settings or re-direction in order for the proxy to be implemented. The diagram below illustrates this setup:

Diagram created using Gliffy

For clients, they have the following settings:

IP Address: DHCP (in the 192.168.2.0 subnet)
Gateway: 192.168.2.1
DNS: whatever you want, doesn’t affect this setup as long as they are working DNS servers.

The running Squid3 box will simply pass all traffic on eth0 to eth1 and vis versa, but will intercept all traffic on port 80 and re-direct it to the port that Squid is running on. From here, Squid will work its magic in either delivering the cached content to the client or retrieving it and then caching as needed. The client will have no idea where the content is being delivered from, and should ideally only notice it is being received quickly.

Installation:
I completed the following steps on a machine running Ubuntu 10.04 with 2 NICs installed (eth0, eth1). We will assume eth0 will be the incoming line from the gateway, and eth1 is the outgoing line to switch which the clients access (demonstrated in diagram).

sudo apt-get install squid3

That was simple enough… Most of the work is completed in the configuration.

Configuration:
We need to first add a few lines to the squid configuration file to make the proxy transparent.

sudo nano /etc/squid3/squid.conf

Add the lines below to the configuration:

http_port 3128 transparent
acl localnet src 192.168.2.0/24
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localnet
http_access allow localhost

This next line is optional – it changes the default size for Squid’s cache to 5000MB to be stored in /var/spool/squid3.

cache_dir ufs /var/spool/squid3 5000 16 256

After making the changes above, save the configuration file and restart squid3. If there are errors Squid should fail to start.

sudo /etc/init.d/squid3 restart

I found ebtables easier to configure the bridge to pass traffic accordingly than iptables. You can use whichever you’d like.
Install ebtables and enter the lines below to pass traffic through accordingly. The port at which Squid is set to run by default is 3128, but if you have changed this in the squid configuration make sure and make the change in the rule accordingly.

sudo apt-get install ebtables
sudo ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT
sudo iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Also, enable traffic to be passed through both IPv4 and IPv6 on the local machine by uncommenting the following lines in /etc/sysctl.conf

sudo nano /etc/sysctl.conf
(uncomment the following)
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

You will need to install the bridge-utils to configure the bridge within your /etc/network/interfaces file.

sudo apt-get install bridge-utils

After configured my /etc/network/interfaces filled looked like this:

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
address 192.168.2.199
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1

auto br0
iface br0 inet static
address 192.168.2.200
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
bridge-ports eth0 eth1

Save this file and either reboot the system or restart networking and squid3.

sudo /etc/init.d/networking restart
sudo /etc/init.d/squid3 restart

After this go to one of your client machines and browse the web for a few seconds. You can then tell if squid3 is working correctly by checking the logs:

tail /var/log/squid3/access.log

This should show you the requests as they are received by squid3. Make sure and check traffic on other ports as well to ensure that it is being passed through correctly.
If traffic is not being passed correctly or squid is not logging any requests a good step to take would be to set the client machine’s browser proxy settings to direct right to the proxy. See if browsing is now working correctly. If so, squid3 is working correctly but there is most likely an issue with the traffic passing rules on the machine the proxy is running on.

Conclusion:

These were all the steps I completed to get my transparent proxy running successfully. Obviously you can tweak to fit your needs. The other added benefit of running the proxy in the “transparent” mode is that if the box fails you can simply disconnect the cable from the gateway to the proxy and plug directly into the client switch and the network will continue to function (obviously without local caching enabled).

Hopefully this helps others out there attempting to complete a similar setup. If you notice any errors with this tutorial please let me know. Thanks for reading.

Linux / Networking / Technology / windows

Network Backups Using BackupPC

by MadHatter on Oct 1, 2010 2 Comments

BackupPC has been the only Ubuntu Server oriented backup method I have found to work great right after configuration and also have a web front-end for easy status monitoring/change configuration. I’m using it to backup my Linux *and* Windows machines on my local network – both full and incremental backups. There seem to be plenty that work nicely for Ubuntu Desktop but options for those with a graphical interface are limited on Ubuntu Server (as expected). One I tried previous to BackupPC was Bacula. I thought Bacula plus its web front-end Bweb would work nicely for my lab setup. However, even in the initial installation had issues communicating with MySQL and after numerous attempts to resolve the issue I decided to look at alternatives.

BackupPC, as mentioned, has a web front-end of which you can control almost every aspect of the backup setup/schedules. There is some initial configuration for network machines depending on the method of transfer, but it’s pretty simple to work through.

Here is the file browser on BackupPC’s web interface that shows a previous machine’s backup. This can be great if a user deletes a certain file on accident and needs to retrieve it a week later.

Rsync was the preferred method of setup for me as it allows for easy full backups as well as incremental. For my Windows machine I simply switched it to use smb as the transfer method, gave it the proper authentication, and it worked flawlessly. I can’t say I’ve had the best experience with Windows and Linux network file transfer permissions so this was delightful surprise.

Installation:

The box I set this up on was an Ubuntu Server running 10.04. Here is the setup and configuration guide to get BackupPC working with network machines:

First we need to install backuppc:

On Backup Server:

sudo apt-get install backuppc

Once it’s installed we can change the password from the auto-generated one:
sudo htpasswd /etc/backuppc/htpasswd backuppc

You should now be able to login to the Web administration interface by typing into a web browser:

http://yourip/backuppc/

You will be prompted for authentication where you will enter:

Username: backuppc
Password: Password you set in previous step.

Setting Up SSH Authentication For rsync:
Backuppc will use ssh to run the rsync command remotely to backup your machine. For this to work successfully you have to enable passwordless login for the user to the client machine. The steps below will allow you to successfully implement this:

On both machines:

Sudo nano /etc/hosts

Add each machine to the file so each will understand what each host corresponds with which IP address.

On Backup Server:

sudo su – backuppc

After entering in the password for backuppc you will be brought to a shell. This is designated simply by “$”.

Enter the following to generate your RSA key:

ssh-keygen -t rsa -C "backuppc"

On client machine:
We need to install rsync and setup the user and grant them permissions so that they may retrieve the files for backups.

sudo apt-get install rsync
sudo adduser backuppc
sudo -i
echo "backuppc  ALL=NOPASSWD: /usr/bin/rsync" >> /etc/sudoers
exit
sudo usermod –g admin backuppc

The usermod command places backuppc into the admin group. This may not be the most secure setup for you and it would be advisable to create a separate group to place the backuppc user into which has more limited permissions. However, for testing it will be nice to not have to deal with permissions issues so we will leave it in this group for now.

On Server:
While you are still logged in as the user backuppc:

ssh-copy-id backuppc@client

Make sure your client name is the actual name of the host and not the IP. Your authentication files will store these differently.

Passwordless SSH login should now work from the server to the client machine. Test it out using:

ssh backuppc@client

Setup a Full System Backup:
BackupPC’s interface isn’t amazing but it’s pretty simple to use. There are just a few steps to take to setup a full system backup for the designated client:

Login to the web interface.
Navigate to Edit Hosts.

Under the hosts tab you can add the client machine. Once again, make sure you input this as the actual hostname and not the IP. This will mess up your SSH passwordless login otherwise.

Save changes (button at the top) and then select the host under the drop down menu on the Top-Left.
Navigate to Edit Config

Under the Xfer tab we need to make a few changes:
XferMethod should be changed to “rsync”
Ensure the RsyncShareName has “/” next to the Insert button.
Change the two below to the following:

RsyncClientCmd: $sshPath -x -l backuppc $host $rsyncPath $argList+
RsyncClientRestoreCmd: $sshPath -x -l backuppc $host $rsyncPath $argList+

Notice that “$sshPath –q –x –l” has been has been changed to “$sshPath –x –l” removing the “-q” which enables quiet mode. We have removed it so we can examine any issues should they arise during the first backup. You can add “-q” back later.

The last changes you need to make is to add the folders you wish to exclude from the backup (if any). There are 2 ways to do this- chose the method you prefer.

You can add them in BackupFilesExclude or you can add them as additional arguments under RsyncArgs. Both give the same result.

Save the changes at the top and navigate to the host’s Home page. Under User Actions click Start Full Backup.

Your backup should now start for the client machine. You can check the status on the Status page. This will show you backup jobs currently running as well as those with errors. If there is an error there will be a link to the logfile. Since we disabled quiet mode on the SSH command you should have a good idea of what the issue is (if one should arise).

After the running backup disappears from the Running Jobs section, navigate to Host Summary and you should see the backup details, highlighted in Green.

It’s not too well documented, so it should be noted that the default location of your backups is /var/lib/backuppc

Conclusion:

This should give a good introduction of how to create backups using BackupPC and where things need to be configured. There are many more configuration options not covered here that you can look into on your own. I would recommend first looking through all of the options under the configuration for each host. You can click on each command to find out more information about what it means.

Overall the interface worked very well, and little terminal work was required besides the authentication setup listed above. I would like to see some RRD graph data added to include the speed of transfer and network congestion since I use the machine to backup multiple units. However, I’ll most likely just setup SNMP traps on another box and see if I can capture it’s network throughput alternatively using that method. Other than that, compression was great (up to 43% for a network filesystem backup) and the interface allowed for easy viewing when issues arise. For network administrators who want something powerful as an rsync or smb backup application vs. manual scripts and additions to cron, BackupPC is a great choice.

I have to give a lot of the credit for this article to this site. For the most part this got me through how to setup SSH passwordless transfers for BackupPC.

Linux / Networking / Technology

SSH Login Without Password:

by MadHatter on Sep 15, 2010 No Comments

I’m working on an automated rsync script that requires remote access to another machine on the local network.  The easy and secure way to accomplish this is to connect using SSH.  The problem I found while testing the script is that it will not run because it’s prompted by the remote machine for a password each time.  Okay I’ll just use key-only login which doesn’t require passwords, easy enough, right?  Well.. though the commands were simple enough to configure SSH login this way I couldn’t ever get it working properly.  I gave it one last try using ssh-keygen and actually got it working!  I thought I’d share the process I followed for success in case anyone else is experiencing the same headache:


I’m using 2 machines.  “localpc” is the machine which will run the script so I want passwordless login to the other host.  “remotepc” is the machine I wish to login to.


Clear your .ssh/ directory on both localpc and remotepc for the user you wish to login as.  This helps to start from scratch with no possible issues in the key files.

sudo rm –R /home/user/.ssh/*

Login to localpc from remotepc through SSH normally:

ssh user@localpc

and do the same from the other machine:

ssh user@remotepc

I’m not completely sure why but this helps alleviate a “no identities error” that can happen later on.


On localpc:

Create an RSA key:

ssh-keygen –t rsa

Chose the default Save location (Just press Enter)

Chose no passphrase (Press Enter again)


On localpc:

ssh-copy-id -i /home/user/.ssh/id_rsa.pub user@remotepc

Make sure and change the user and remotepc to the names that represent your setup.


You’re Done!  Test it out. 

On localpc:

ssh user@remotepc
Linux / Technology

apt-get upgrade Confusion

by MadHatter on Sep 1, 2010 No Comments

While performing some regular maintenance on one of my Ubuntu machines I was getting a bit confused between all of the upgrade commands, so I investigated further.  I’ve listed below the basic differences between each:

sudo apt-get upgrade

install newest versions of packages on machine

sudo apt-get dist-upgrade

upgrades all packages on system, handle dependency changes (remove obsolete packages).  This command prepares the system for upgrade but since /etc/sources.list is not changed to the sources for the newer distribution it will not actually upgrade to the newest version.

To actually perform a distribution upgrade the following command should be used (ensure you have a backup before issuing this command.  The upgrade could make your system unstable):

First, check which version you are currently running using the following:

lsb_release -a

Next, you can download the newest update manager and issue the upgrade command:

sudo apt-get install update-manager-core
sudo do-release-upgrade

All of these commands should be used with caution as you are directly affecting your software packages installed on the system.

This site was very helpful in my initial investigation of the differences of this command.

Linux / Networking

BIND Tip – Dumping The Cache

by MadHatter on Aug 1, 2010 No Comments

Thought it would be useful to document a useful command while learning how to operate BIND.  I set BIND9 up on my print server and was trying to examine how much resources it was consuming.  I found the following command helpful – it dumps the current BIND9 database from memory to /var/cache/bind (by default):

sudo rndc dumpdb –all

After that I simply navigated to /var/cache/bind and issued the command

ls –lah

and was shown that it consumes 649K in memory from the output of the command above:

-rw-r--r--  1 bind bind 649K 2010-05-02 08:15 named_dump.db

I’m not a BIND expert and am actually stumbling around with some custom zone settings but I thought this was worth mentioning.  I’m also assuming this is quite small for a db size since this was only setup for testing for a 1 user network.  Nevertheless, it would be useful to check that you have adequate memory to handle the database size if you are deploying a DNS server for your network. I believe you can also limit the cache size if needed, but I don’t think I’ll be needing that option added to my config anytime soon.

If you haven’t already, read up on the rndc command – because it’s quite powerful.  In addition, make sure you are using the latest stable version of BIND to (as well as other benefits) protect against cache poisoning.

Linux / Technology / Troubleshooting

Boot To USB Without BIOS USB Boot Support

by MadHatter on Jul 1, 2010 No Comments

On any new machine I purchase I ensure to thoroughly run all hardware with the various diagnostic applications available on the Ultimate Boot CD.  I have the UBCD setup on a USB drive which allows me to ditch the CD wallet.  Problem is, even in this day and age, there are still machines I encounter that are not compatible with USB boot.  Most of the time I’ll burn an ISO to CD and hook up a spare CD-ROM drive, but recently I was determined to get the computer to boot to USB.  No BIOS update was available and I searched every inch of the BIOS menus looking for a USB boot option with no success.  So, after some browsing around I found PLoP.  PLoP is a Boot Manager that will (among other things) allow a machine to boot to USB even without BIOS support.  It’s actually quite an easy solution but does require you to make either a floppy or CD.  Since the machines I was working with were previously used in a cluster they had no CD-ROM drives but they did contain a floppy drive.  To create a PLoP boot disk using another Ubuntu machine I completed the following:

wget http://download.plop.at/files/bootmngr/plpbt-5.0.10.zip

sudo apt-get install unzip

unzip plpbt-5.0.1.0.zip

cd phpbt-5.0.10/

Insert the floppy to write to into the drive.  I’m assuming it’s located at /dev/fd0.

fdformat /dev/fd0

dd if=plpbt.img of=/dev/fd0 bs=1440k

Once you complete this you have created the bootable floppy and can now boot the machine to the floppy which contains the boot manager.  You will need to ensure that the installed floppy drive is listed on the boot list.  Note that the ISO is also included in the downloaded package if you would rather create a CD.

After you boot into PLoP there is a list of available boot options.  USB should be an option in the list and you simply select that as the boot option, press Enter, and your USB bootable drive can now be accessed!  Note:  Once booted to USB I could *only* use PS/2 keyboard and mouse with the machine.

Linux / Networking / Technology / Troubleshooting

Reassign NIC Identifiers In Ubuntu

by MadHatter on Jun 15, 2010 No Comments

I swapped out some NICs recently on a few of my lab machines.  These machines had a working install of Ubuntu Server 9.04.  After installing the NICs and rebooting, ifconfig showed nothing but lo details.  The first thing I did was ensured that the cards were seen by the OS by typing:

lspci | grep Ethernet

to which I received the output:

02:04.0 Ethernet controller: Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 (rev 08) 

02:05.0 Ethernet controller: Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 (rev 08)

This was correct as my new NIC was a dual Intel NIC.  From there I issued the command:

sudo mv /etc/udev/rules.d/70-persistent-net.rules /etc/udev/rules.d/70-persistent-net.rules.old

I reboot the system and all NICs were re-assigned to the correct Eth* interface.  Note that that the 70-persistent-net.rules.old will contain the old configuration should I choose this new NIC doesn’t work out for the system.

Where I originally found the re-assignment command.

Bash / Linux / Technology

Differential Backup Using Rsync

by MadHatter on Jun 1, 2010 No Comments

Rsync is a well known tool for many who work in Linux regularly.  Quite some time ago I put together a short script that uses Rsync and logs the result nicely. The first task Rsync performs is to send an incremental file list which contains any differences between the source and destination drive, then makes changes to the destination drive accordingly.    Because of that last part extreme caution should be used when executing such a script because you run the risk of overwriting information on the destination drive you may not want removed.  I have a dedicated drive for DV backups mounted in /media/dv-backup.  To use this script just change the variables accordingly:

#!/bin/bash

#dv backup script

src=/media/dv 

dest=/media/dv-backup

log=/var/log/backup/dv-backup.log

echo "---" $date "-------------------" >> $log

rsync -t -r -v --delete $src $dest >> $log

echo "--------------- END ---------------" >> $log

I have my backups log in /var/log/backup/ and they merely append the file each time Rsync runs.  I’m aware this is quite a simple script and could even be consolidated to one line.  However, I found that breaking this up makes it easy to read and change.  Also, who wants to remember every Rsync switch they want each time they want to perform a differential backup?

One quick change you could make to make it require less manually editing is replace the variables to take the terminal arguments.  Such a revision is listed below:

src=$1

dest=$2

log=$3

echo "---" $date "-------------------" >> $log

rsync -t -r -v --delete $src $dest >> $log

echo "--------------- END ---------------" >> $log

Usage to achieve same result as original:

./backup.sh /media/dv /media/dv-backup /var/log/backup/dv-backup.log

Both script revisions are attached:  backup.sh backup2.sh Use at your own risk.. don’t blame me if you incorrectly wipe a drive!

Linux / Networking / Technology

Setup Link Aggregation in Ubuntu

by MadHatter on May 15, 2010 No Comments

Link aggregation is something that has greatly interested me the last few months and I’ve been anxious to play with it on my own network setup.  For those not familiar with link aggregation there is a lot of good documentation on Wikipedia to get caught up to speed.  In my lab I wanted to setup link aggregation on a box with a NC3134 which is a dual NIC (2x 10/100 full duplex ports).  I couldn’t do proper 802.3ad because I don’t have a switch which supports it…yet.  However, since I am running Ubuntu server I found I could still set it up using a different mode.  The mode I decided to configure the bond as is mode 0 otherwise known as the round-robin bond mode.  This type is described as “Round-robin policy: Transmit packets in sequential order from the first available slave through the last.  This mode provides load balancing and fault tolerance.” (Linux Horizon)

The setup for bonding the NICs is actually quite simple.

sudo apt-get install ifenslave
sudo nano /etc/network/interfaces

Comment out your current configuration lines using the “#” before all lines.  The following was my setup for the bond address configuration:

auto bond0
iface bond0 inet static
     address 192.168.2.200
     netmask 255.255.255.0
     broadcast 192.168.2.255
     gateway 192.168.2.1
slaves all
bond-mode 0
bond-miimon 100

This configuration will use all of my network devices in the bond (which in this case is just 2) and give the IP address 192.168.2.200.  Note that I specified bond-mode 0.  There are several other bond types (some of which require a 802.3ad capable switch) and it would be worth your while to read up on them to find which would be best for you.

Another thing to note in this configuration is that I used bond-miimon 100.  This means that the links will be checked for failures every 100 milliseconds.  Setting this value to 0 disables checking for link failure.

Save and exit the configuration file.  From here you can take the interfaces down by issuing:

sudo ifdown eth0
sudo ifdown eth1

At this point I connected the 2nd Ethernet cable and restarted the networking services

/etc/init.d/networking restart

Simply type ifconfig and you should see bond0 in the list and listed as UP BROADCAST RUNNING MASTER MULTICAST and all others as UP BROADCAST RUNNING SLAVE MULTICAST.  Next we will test performance of the connection to ensure that the bond is functioning as it should.

Using iperf I can test the bandwidth utilized between the server and client in memory (which takes the drive write bottleneck out of the equation).  To setup iperf see my previous article on using iperf.

I have 192.168.2.101 setup as the server and 192.168.2.200 (the bonded NICs) as the client.  I issue the following command to test my connection:

Iperf –c 192.168.2.101 –i 2

The output was as follows:

------------------------------------------------------------
Client connecting to 192.168.2.101, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.2.200 port 33878 connected with 192.168.2.101 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 2.0 sec  44.8 MBytes    188 Mbits/sec
[  3]  2.0- 4.0 sec  44.9 MBytes    188 Mbits/sec
[  3]  4.0- 6.0 sec  44.9 MBytes    188 Mbits/sec
[  3]  6.0- 8.0 sec  43.9 MBytes    184 Mbits/sec
[  3]  8.0-10.0 sec  44.8 MBytes    188 Mbits/sec
[  3]  0.0-10.0 sec    223 MBytes    187 Mbits/sec

You can see that now the connection is reaching ~188Mbits out of the theoretical 200Mbits that the bond provides (remember we are using 2x 100mbit lines).  This is exactly the result we want.

Next, I wanted to test the fault of one line.  I disconnected one one of the cables from the dual NIC and ran the iperf connection test again.

------------------------------------------------------------
Client connecting to 192.168.2.101, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.2.200 port 33879 connected with 192.168.2.101 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 2.0 sec  22.5 MBytes  94.4 Mbits/sec
[  3]  2.0- 4.0 sec  22.4 MBytes  94.1 Mbits/sec
[  3]  4.0- 6.0 sec  22.4 MBytes  94.0 Mbits/sec
[  3]  6.0- 8.0 sec  22.5 MBytes  94.2 Mbits/sec
[  3]  8.0-10.0 sec  22.4 MBytes  94.0 Mbits/sec
[  3]  0.0-10.0 sec    112 MBytes  94.2 Mbits/sec

You can see that the bandwidth has fallen back down to 94Mbits but the line still worked correctly without any traffic loss.

That’s it!  Pretty simple to setup and test the bond.   If you are creating a bond purely for the bandwidth increase keep in mind that system bottlenecks can still hinder performance – your hard drive write speed being the most likely.

With such a simple setup for this networking task it shows another benefit Linux servers can provide in comparison to Windows servers which (to my knowledge) do not natively support link aggregation.

The question I asked myself after this setup was: How does the 802.3ad configuration (mode 4) differ from mode 0 which doesn’t require switches with 802.ad support?  After some further research I found that while mode 0 uses sequential transmission, it can often receive packets out of order which creates the need for segment retransmission (as mentioned here).  It seems that mode 4 is able to receive all packets in order which produces an overall increase in efficiency.  I would be curious to see some performance benchmarks between the two and plan to do so once I have a managed switch – so stay tuned!

Cisco / Education / Linux / Networking / Technology

Cisco PIX 501 Quick Setup

by MadHatter on May 1, 2010 No Comments

I inherited a Cisco Pix 501 firewall recently and have to say I’m not near as educated on Cisco equipment yet as I feel I should be.  After a good amount of searching along the way I started getting the hang of things.  I had worked in Cisco’s Pix Device Manager (PDM) and found it to be more of a pain trying to navigate than to setup through command line.  So, for this tutorial I will focus only on the CLI for setup of the device.

pix501

Here is how I was able to get things setup.  Note that this is just a basic setup using the CLI with the following:

WAN: DHCP

LAN: Enable NAT, and enable DHCP

After configuration the firewall will be accessible at 192.168.3.1 (and netmask 255.255.255.0) and DHCP leases available will be 192.168.3.50 – 192.168.3.80.  You can change these accordingly while going through the commands.

First of all, you need to connect to the device using your Cisco console cable which is an RJ45 to DB9.  Connect the RJ45 end to the 501, and the DB9 end to a machine with the connector.  In my case this was a Linux machine running Ubuntu.  If you are on a Windows machine you can simply use HyperTerminal to connect. I issued the following commands to get connected to the 501:

Sudo apt-get install cu
cu -l  /dev/ttyS0 -s 9600

ttyS0 was what worked for me, but yours may need to be changed to ttyS1, etc. depending on your setup.

Once things are connected I issued the following commands:

First press no to the guided install (if you plan to follow the tutorial below).

enable

You will be prompted here for a password.  The Enter key is the default password.

config t

This will allow access to the configuration menu.  Press “?” to find all commands available.

username  USER password ***** privilege 15

enable  password ******

passwd  ******

Replace USER with the username you wish to create.  This allows you to create an administrator account for the system.

interface  ethernet0 auto

interface  ethernet1 100full

ip address  outside dhcp

Make sure your WAN connection is live when issuing the command above.  It will try to assign a DHCP address when it’s issued.

ip address  inside 192.168.3.1 255.255.255.0

show ip  address

The above command just shows the current setup.  I used it to double check I entered everything properly.

ip address  outside dhcp setroute

nat  (inside) 1 192.168.3.1 255.255.255.0

global  (outside) 1 interface

telnet  192.168.3.50

This was an optional command.  This allowed telnet access to the client at 192.168.3.50.  This was added so I didn’t need the console cable connected after the initial setup, and could merely telnet in from the client as needed.

no banner  exec

no banner  login

no banner  motd

The banner commands are also optional.  I wanted to cut out any extra information at logins.  You can leave these, or change them as you desire.

hostname  YOURHOST

Replace YOURHOST with the hostname you wish to give the 501.

domain  local

dhcpd  address 192.168.3.50-192.168.3.80 inside

dhcpd dns  4.2.2.1 4.2.2.2

These were test DNS servers I used during setup.  I believe they are Level3’s, and they are rather stable.  You can change to your local ISP’s DNS servers or others as desired.

dhcpd  lease 3600

dhcpd  ping_timeout 750

dhcpd  enable inside

The above command assigns the 501 as the DHCP server for the inside interface (LAN).  If you wish to use a different DHCP server or don’t care to enable DHCP, simply disregard this command.

access-list  ping_acl permit icmp any any

access-group  ping_acl in interface outside

These two commands are added to allow ping requests.  Ping is disabled by default on the 501 and annoyed me when trying to run diagnostics.  These are optional.

wr mem

This finalizes your setup by writing all changes to memory.
These are the commands I found to work for me – and don’t have this in production.  I don’t claim for this method of setup to be secure for your environment and highly recommend you study up on the device more before placing it in a production environment.  If anyone has some modifications or additions to this guide please feel free to contact me.  Hopefully this tutorial can serve as a first step in becoming familiar with setup for the Pix 501, thanks for reading.

Source Image: cisco.com

Archives

© 2010 MaddHat.com. All Rights Reserved.
Powered by WordPress.

Designed by WPSHOWER