This Drupal book documents some of the technical information on problems related to Linux and FLOSS. I hope it is useful to you. I welcome your feedback
Unless otherwise noted, ALL content published under this head, should be considered to be licensed under Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License or GNU FDL at your convenience.
select i in c00 c01 c02;do echo $i;done
select i in c00 c01 c02;do echo $i;break;done
start=3; start=$((start+2)); echo $start
for i in `ls`; do
echo $i
done
By default, .bashrc reads /etc/bashrc (only for interactive logins), which loads /etc/bash_completion and /etc/bash_completion.d/*
set -o vi
set -o emacs
Though Linux systems are quite secure by default, one needs to to put in some effort to ensure that it stays that way.
Ensure that the following is done and you have succeeded in repulsing some of the most common attacks.
For example look at the daemons running on a typical research server:
[root@ia64 root]# chkconfig --list|grep ":on" atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off iscsi 0:off 1:off 2:on 3:on 4:off 5:on 6:off [root@ia64 root]#
Partn Size Remarks --------------------------------------------------------------------------------------- / 1000M root /boot 100M boot files: can be left unmounted or mounted read-only /home * All users have their files here /usr 10GB All software/documentation /var 4GB logs /tmp 2GB Temp files. If you don't create this root FS can be filled up easily /data1 * If needed create more partitions to hold custom data (eg ftp uploads) swap 1000MB a minimum swap disk of say 1GB. Swapdisks of more than 4GB is insane. --------------------------------------------------------------------------------------- *=depends on the application
Cellphones, PDAs can reveal a lot of info, take care! http://www.cnn.com/2006/TECH/ptech/08/30/betrayed.byacellphone.ap/index....
Securing SSH: Use
# Refuse root logins PermitRootLogin no # We dont need SSHv1 Protocol 2 # Allow only selected users, add all users needing shell access to shell_users_group AllowGroups shell_users_group
Note that (beginning from Etch) Debian GNU/Linux can encrypt your entire disk, including swap (except /boot), this can provide some interesting options when you are storing sensitive data.
The following uses LUKS (Linux Unified Key Setup and Device mapper, which is available with any 2.6 kernels (2.6.12 or newer may be better choice for access to some cryptosystems to be available)
cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/sdb1 cryptsetup luksOpen /dev/sdb1 delta where delta is any random name root@ariesduo:~# ls -l /dev/mapper/ total 0 crw-rw---- 1 root root 10, 63 2006-09-06 09:31 control brw-rw---- 1 root disk 253, 0 2006-09-06 09:43 delta mkfs.ext3 /dev/mapper/delta cryptsetup luksClose delta
Whenever the disk needs to be used,
cryptsetup luksOpen /dev/sdb1 cryptbkupdev mount /dev/mapper/cryptbkupdev /backups
and use it... After completing your work:
umount /backups cryptsetup luksClose cryptbkupdev
Note that due to absence of LUKS the commands and usage is quite different. Now I am rebooting the server: First create the encrypted volume:
[root@dualathlon32 ~]# cryptsetup create usbbbkupdrv /dev/sda2 Enter passphrase: [root@dualathlon32 ~]# ls /dev/mapper/ control usbbbkupdrv
Create an EXT3 filesystem and mount:
[root@dualathlon32 ~]# mkfs.ext3 /dev/mapper/usbbbkupdrv [root@dualathlon32 ~]# mount /dev/mapper/usbbbkupdrv /mnt
Upon reboot the device will disappear. One needs to issue "create" command again to "open" the device. Unlike LUKS where we can issue close and open commands. A correct password "opens" the device and is mountable immediately. A wrong password does not return any error but the EXT3 FS mount will fail. Let us reboot.
Connection to 10.1.1.198 closed. anand@laptop-aries5672:~$ ssh root@10.1.1.198
The system is back and up, login via ssh:
root@10.1.1.198's password: Last login: Fri Jun 29 07:54:59 2007 from 10.1.1.33
Note that by default the device is not available
[root@dualathlon32 ~]# dmsetup ls No devices found [root@dualathlon32 ~]# ls /dev/mapper/ control
Create command "opens" an existing encrypted device if the right password is provided:
[root@dualathlon32 ~]# cryptsetup create usbbbkupdrv /dev/sda2 Enter passphrase: [root@dualathlon32 ~]# ls /dev/mapper/ control usbbbkupdrv [root@dualathlon32 ~]# mount /dev/mapper/usbbbkupdrv /mnt
Now the mount succeeds!
[root@dualathlon32 ~]# df -h|grep mnt
4.6G 42M 4.4G 1% /mnt
[root@dualathlon32 ~]#
Importing GPG Keys: GPG: "lynx -source http://server/dir/person_key.asc | gpg --import -"
modprobe fuse encfs ~/confidential/encrypted ~/confidential/unencrypted First time create the key etc. Mount the unencrypted dirs: encfs ~/confidential/encrypted ~/confidential/unencrypted After your work is finished, unmount: fusermount -u ~/confidential/unencrypted
Create a virtual network adapter with the aggregate bandwidth of all your physical NICs
Standards: IEEE 802.3ad Link Aggregation, Also called: Trunking (Cisco)
If you have a bladecenter populated with two switch modules, you can have switch failover as well as NIC failover, and slightly higher performance.
modprobe bonding ip addr add 192.168.100.33/24 brd + dev bond0 ip link set dev bond0 up ifenslave bond0 eth2 eth3 ifenslave bond0 eth2 eth3 cat /proc/net/bond0/info
modprobe bonding mode=1 miimon=100 downdelay=200 updelay=200 ip link set dev bond0 addr 00:80:c8:e7:ab:5c ip addr add 192.168.100.33/24 brd + dev bond0 ip link set dev bond0 up ifenslave bond0 eth2 eth3 ip link show eth2 ; ip link show eth3 ; ip link show bond0
An example with RHEL/CentOS: check /etc/modules.conf, if missing, add the following: alias bond0 bonding options bonding mode=6 miimon=100 Create a file : /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 BOOTPROTO=none ONBOOT=yes NETMASK=255.255.255.0 IPADDR=10.1.1.100 USERCTL=no Edit /etc/sysconfig/network-scripts/eth0 DEVICE=eth0 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no Edit /etc/sysconfig/network-scripts/eth1 DEVICE=eth1 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no mode= — Specifies one of four policies allowed for the bonding module. Acceptable values for this parameter are: 0 — Sets a round-robin policy for fault tolerance and load balancing. Transmissions are received and sent out sequentially on each bonded slave interface beginning with the first one available. 1 — Sets an active-backup policy for fault tolerance. Transmissions are received and sent out via the first available bonded slave interface. Another bonded slave interface is only used if the active bonded slave interface fails. 2 — Sets an XOR (exclusive-or) policy for fault tolerance and load balancing. Using this method, the interface matches up the incoming request's MAC address with the MAC address for one of the slave NICs. Once this link is established, transmissions are sent out sequentially beginning with the first available interface. 3 — Sets a broadcast policy for fault tolerance. All transmissions are sent on all slave interfaces. 4 — Sets an IEEE 802.3ad dynamic link aggregation policy. Creates aggregation groups that share the same speed and duplex settings. Transmits and receives on all slaves in the active aggregator. Requires a switch that is 802.3ad compliant. 5 — Sets a Transmit Load Balancing (TLB) policy for fault tolerance and load balancing. The outgoing traffic is distributed according to the current load on each slave interface. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed slave. 6 — Sets an Active Load Balancing (ALB) policy for fault tolerance and load balancing. Includes transmit and receive load balancing for IPV4 traffic. Receive load balancing is achieved through ARP negotiation.
This page has a collection of bits and ideas useful when you HAVE to tame the Linux Kernel. Enjoy! Check the Scheduler choices and Active Scheduler: anand@laptop-aries5672:~$ cat /sys/block/sda/queue/scheduler noop anticipatory deadline [cfq] A list of parameters you can provide to Linux Kernel during installation or bootup to change Linux's behaviour.
| Parameter | What it does | Distro | Notes |
| nousb | Disable USB support | All | Post-install |
| acpi=off | Turn off acpi | All | Use this if your installer or OS hangs without any error messages |
| Number such as 1 2 3 4 5 | Select the runlevel to boot into | All | |
| elevator={cfq | deadline} | Pick the I/O scheduler | All | cfq suitable for desktops, deadline for servers |
| reboot=warm | Quick reboot | All | |
| mce=off | Turn off Machine Check Exceptions | All | |
| nostorage | Turn off Detecting additional storage (eg: FC HBA/SANs) | All |
and to make these persist across reboots, append the following to /etc/sysctl.conf
| Turn off OOM killer | echo 0 > /proc/sys/vm/oom-kill | All | /etc/sysctl.conf: vm.oom-kill = 0 |
| To reboot 5 secs after panic | echo 5 > /proc/sys/kernel/panic | All | /etc/sysctl.conf: kernel.panic = 5 |
To increase the number of loop devices from 7 (default) to 32: add, max_loop=32 into /etc/modprobe.conf and unload and reload the cloop device
Linux and iSCSI
References: http://www.open-iscsi.org/docs/README , manpages
This section is a quick howto on getting Linux, open-iscsi and iscsi-target play together to configure an iSCSI storage system. Please let me know if you have any comments. The cheap way is to run Linux iSCSI target (the "disk" or "storage device" - similar to NFS server) on linux machine with enough free disks and run the open-iscsi initiator (the system that uses this disk - similar to NFS client) Ofcourse, if you wish to use hardware based iSCSI devices for superior performance, we can acquire, install and support IBM iSCSI devices. The following configuration assumes either Debian 4.x or Ubuntu Feisty Fawn or newer systems
* On the server, download and compile iSCSI Enterprise Target (
root@fs:/usr/local/src/iscsitarget-0.4.15# uname -a
Linux fs 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux
apt-get install build-essential linux-headers-generic libssl-dev
wget http://jaist.dl.sourceforge.net/sourceforge/iscsitarget/iscsitarget-0.4....
tar zxvf /root/iscsitarget-0.4.15.tar.gz
cd iscsitarget-0.4.15
root@fs:/usr/local/src/iscsitarget-0.4.15# make
make -C usr
make[1]: Entering directory `/usr/local/src/iscsitarget-0.4.15/usr'
cc -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include -c -o chap.o chap.c
cc -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include -c -o event.o event.c
cc -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include -c -o param.o param.c
cc -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include -c -o plain.o plain.c
cc -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include -c -o isns.o isns.c
cc ietd.o iscsid.o conn.o session.o target.o message.o ctldev.o log.o chap.o event.o param.o plain.o isns.o -o ietd -lcrypto
cc -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include -c -o ietadm.o ietadm.c
cc ietadm.o param.o -o ietadm
make[1]: Leaving directory `/usr/local/src/iscsitarget-0.4.15/usr'
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/usr/local/src/iscsitarget-0.4.15/kernel modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic'
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/tio.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/iscsi.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/nthread.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/wthread.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/config.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/digest.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/conn.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/session.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/target.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/volume.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/iotype.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/file-io.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/null-io.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/target_disk.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/event.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/param.o
CC [M] /usr/local/src/iscsitarget-0.4.15/kernel/block-io.o
LD [M] /usr/local/src/iscsitarget-0.4.15/kernel/iscsi_trgt.o
Building modules, stage 2.
MODPOST 1 modules
CC /usr/local/src/iscsitarget-0.4.15/kernel/iscsi_trgt.mod.o
LD [M] /usr/local/src/iscsitarget-0.4.15/kernel/iscsi_trgt.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic'
root@fs:/usr/local/src/iscsitarget-0.4.15# make install
install: creating directory `/lib/modules/2.6.20-16-generic/kernel/iscsi'
`kernel/iscsi_trgt.ko' -> `/lib/modules/2.6.20-16-generic/kernel/iscsi/iscsi_trgt.ko'
depmod -aq
`usr/ietd' -> `/usr/sbin/ietd'
`usr/ietadm' -> `/usr/sbin/ietadm'
`etc/initd/initd.debian' -> `/etc/init.d/iscsi-target'
`etc/ietd.conf' -> `/etc/ietd.conf'
`etc/initiators.allow' -> `/etc/initiators.allow'
`etc/initiators.deny' -> `/etc/initiators.deny'
`doc/manpages/ietadm.8' -> `/usr/share/man/man8/ietadm.8'
`doc/manpages/ietd.8' -> `/usr/share/man/man8/ietd.8'
`doc/manpages/ietd.conf.5' -> `/usr/share/man/man5/ietd.conf.5'
install: creating directory `/usr/share/doc/iscsitarget'
`ChangeLog' -> `/usr/share/doc/iscsitarget/ChangeLog'
`COPYING' -> `/usr/share/doc/iscsitarget/COPYING'
`README' -> `/usr/share/doc/iscsitarget/README'
`README.vmware' -> `/usr/share/doc/iscsitarget/README.vmware'
root@fs:/usr/local/src/iscsitarget-0.4.15#
make install
Now configure :
root@fs:/usr/local/src/iscsitarget-0.4.15# grep -v '#' /etc/ietd.conf
Target iqn.2007-06.com.vsa-services:fs.lvdevvm
Lun 0 Path=/dev/vgfsmd1/lvdevvm,Type=fileio
Alias lvdevvm
/etc/init.d/iscsi-target start
We continue configuring the "client" First conduct a scan:
root@dev:/var/vm# iscsiadm --mode discovery --type sendtargets --portal 10.1.2.8
10.1.2.8:3260,1 iqn.2007-06.com.vsa-services:fs.lvdevvm
root@dev:/var/vm#
Add this target to the open-iscsi DBM database so that it is available upon subsequent restarts/reboots:
root@dev:/var/vm# iscsiadm -m node -o new -n lvfsdevvm -p 10.1.2.8 -T iqn.2007-06.com.vsa-services:fs.lvdevvm
new iSCSI node record added
root@dev:/var/vm# ls
At this stage, we have created a local definition of the iSCSI device which looks like:
root@dev:/var/vm# cat /etc/iscsi/nodes/iqn.2007-06.com.vsa-services:fs.lvdevvm/10.1.2.8\,3260
node.name = iqn.2007-06.com.vsa-services:fs.lvdevvm
node.transport_name = tcp
node.tpgt = -1
node.active_conn = 1
node.startup = manual
node.session.initial_cmdsn = 0
node.session.auth.authmethod = None
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 10
node.session.err_timeo.reset_timeout = 30
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 0
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.conn[0].address = 10.1.2.8
node.conn[0].port = 3260
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.active_timeout = 5
node.conn[0].timeo.idle_timeout = 60
node.conn[0].timeo.ping_timeout = 5
node.conn[0].timeo.noop_out_interval = 0
node.conn[0].timeo.noop_out_timeout = 0
node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072
node.conn[0].iscsi.HeaderDigest = None,CRC32C
node.conn[0].iscsi.DataDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
root@dev:/var/vm#
Now login to the iSCSI portal as follows, after which we can "see" the SCSI device:
root@dev:/var/vm# iscsiadm -m node -l -p 10.1.2.8 -T iqn.2007-06.com..vsa-services:fs.lvdevvm
root@dev:/var/vm# fdisk -l
Disk /dev/sda: 36.7 GB, 36703934464 bytes
255 heads, 63 sectors/track, 4462 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 1216 9767488+ 83 Linux
/dev/sda2 1217 1459 1951897+ 82 Linux swap / Solaris
/dev/sda3 1460 2432 7815622+ 83 Linux
/dev/sda4 2433 4462 16305975 83 Linux
Disk /dev/sdb: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk /dev/sdb doesn't contain a valid partition table
root@dev:/var/vm#
/dev/sdb is the 100GB iSCSI device. We can install GPFS or create partitions using fdisk and format with ext3 and use it! For example:
root@dev:/var/vm# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.
The number of cylinders for this disk is set to 13054.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help): p
Disk /dev/sdb: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-13054, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-13054, default 13054):
Using default value 13054
Command (m for help): p
Disk /dev/sdb: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 13054 104856223+ 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
root@dev:/var/vm# partprobe
apt-get -y xfsprogs
root@dev:/var/vm# mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1 isize=256 agcount=16, agsize=1638378 blks
= sectsz=512 attr=0
data = bsize=4096 blocks=26214048, imaxpct=25
= sunit=0 swidth=0 blks, unwritten=1
naming =version 2 bsize=4096
log =internal log bsize=4096 blocks=12799, version=1
= sectsz=512 sunit=0 blks
realtime =none extsz=4096 blocks=0, rtextents=0
root@dev:/var/vm# sync
root@dev:/var# mount /dev/sdb1 vm
root@dev:/var# df -hl|grep vm
/dev/sdb1 100G 544K 100G 1% /var/vm
root@dev:/var#
USB Storage (Thumbdrives etc)
Linux handles USB disks via the SCSI storage subsystem. In the following screenshots, "k4test" is the user who is NOT logged into the console but would like to use the thumbdrive. 1. Insert the USB thumbdrive. 2. Check linux system messages as follows:
anand@laptop-aries5672:~$ dmesg|tail
[15104.472000] sdb: Write Protect is off
[15104.472000] sdb: Mode Sense: 0b 00 00 08
[15104.472000] sdb: assuming drive cache: write through
[15104.476000] SCSI device sdb: 1967104 512-byte hdwr sectors (1007 MB)
[15104.476000] sdb: Write Protect is off
[15104.476000] sdb: Mode Sense: 0b 00 00 08
[15104.476000] sdb: assuming drive cache: write through
[15104.476000] sdb:
[15104.600000] sd 2:0:0:0: Attached scsi removable disk sdb
[15104.600000] sd 2:0:0:0: Attached scsi generic sg2 type 0
anand@laptop-aries5672:~$
So I know that my 1GB USB drive is sdb (or /dev/sdb) and has NO partitions on it
anand@laptop-aries5672:~$ fdisk -l /dev/sdb
Disk /dev/sdb: 1007 MB, 1007157248 bytes
31 heads, 62 sectors/track, 1023 cylinders
Units = cylinders of 1922 * 512 = 984064 bytes
Device Boot Start End Blocks Id System
3. Oops, when I plug it in, it is auto mounted!
anand@laptop-aries5672:~$ df -h|grep sdb
/dev/sdb 1.3G 4.1M 1.3G 1% /media/disk
anand@laptop-aries5672:~$
4. If I am not the console user, I cannot unmount and remount since I do not own the device: see below: Switch to another user ID:
anand@laptop-aries5672:~$ su - k4test
Password:
Try to unmount: ERROR!
k4test@laptop-aries5672:~$ pumount /media/disk
Error: device /dev/sdb was not mounted by you
k4test@laptop-aries5672:~$ logout
Unmount as ROOT: OK! (sudo elevates my normal account to rootly powers)
anand@laptop-aries5672:~$ sudo umount /media/disk
Password:
anand@laptop-aries5672:~$ df -h|grep sdb
anand@laptop-aries5672:~$
Now USB drive can be mounted by you as below:
k4test@laptop-aries5672:~$ pmount -s /dev/sdb usbdisk
k4test@laptop-aries5672:~$ ls -l /media/usbdisk/
total 4104
-rwx------ 1 k4test k4test 274432 2007-09-13 09:44 pscp.exe
-rwx------ 1 k4test k4test 282624 2007-09-13 09:44 psftp.exe
-rwx------ 1 k4test k4test 454656 2007-09-13 09:44 putty.exe
-rwx------ 1 k4test k4test 1733901 2007-09-13 09:44 winscp382setup.exe
-rwx------ 1 k4test k4test 1453056 2007-09-13 09:44 winscp402.exe
k4test@laptop-aries5672:~$
# You can unmount too:
k4test@laptop-aries5672:~$ pumount /media/usbdisk
k4test@laptop-aries5672:~$
o On Linux, not just devices, but even directories can be mounted on other directories, using the bind option:
mount --bind /var/home /home
Or from /etc/fstab:
/var/home /home none bind 0 0
o If LVM performance is bad, try setting a larger ReadAhead (from beowulf ml)
blockdev --setra 8192 /dev/${volumegroup}/${logical_volume}
Logical Volume management commands
Resizing an existing LVM volume is covered in a RedHat Knowledgebase article http://kbase.redhat.com/faq/FAQ_96_4842.shtm
# Create a physical volume for LVM:
pvcreate -v /dev/hdd
# create one or more volume groups:
vgcreate -v vg00 /dev/hdd
# start creating logical volumes:
lvcreate -L 5G -n lv00 vg00
# view PV info:
pvscan
# view volume group information:
root@c00:~# vgscan
Reading all physical volumes. This may take a while...
Found volume group "vg00" using metadata type lvm2
root@c00:~# lvscan
ACTIVE '/dev/vg00/lv00' [5.00 GB] inherit
The created volume can be formatted and used as usual.
mkfs.ext3 /dev/vg00/lv00
mount /dev/vg00/lv00 /data00
BLKID
If you are using Ubuntu Edgy and later, you will see that Ubuntu uses disk UUID and not /dev/hda1 etc to mount the filesystems.
You can use "blkid" command to view the unique ID assigned to HDD partitions by Linux, see example below:
haridwar:/usr/src/xen-3.0.2-2# blkid
/dev/sda1: UUID="397f2930-7b6f-4084-8a07-cee1d35dcb91" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda2: UUID="b90ff46e-9505-4ce5-a23d-cb3f2e178189" SEC_TYPE="ext2" TYPE="ext3" /dev/sda5: TYPE="swap" /dev/md0: UUID="397f2930-7b6f-4084-8a07-cee1d35dcb91" SEC_TYPE="ext2" TYPE="ext3"
FDISK:
Note that with newer kernels, the kernel keeps an in-memory copy of partition table. When fdisk is used to edit the partition table, run: partprobe to update the kernel copy. Else kernel will complain!
Mounting remote filesystems with SSHFS
If you do not like NFS, you can install sshfs (apt-get install sshfs) and mount remote filesystems tunneled via SSH. SSHFS is a FUSE filesystem program. See example below:
sshfs 10.1.2.4:/home fileserver/home
anand@ariesduo:~/sshfs$ ls -l fileserver/home/
total 88
drwxrwxr-x 1 1001 users 4096 2006-09-12 12:16 admin
drwxr-xr-x 1 root root 4096 2006-11-06 20:10 backups
-rw-r--r-- 1 root root 132 2006-09-04 12:48 du.txt
drwxr-xr-x 1 root root 4096 2006-09-05 11:03 localsysbackups
drwxr-xr-x 1 root root 49152 2005-12-17 01:43 lost+found
anand@ariesduo:~/sshfs$
MATLAB NETCDF Quickstart
This document explains how to open and read a NETCDF file from MATLAB. Please note that MATLAB r2008 or later comes pre-built with NETCDF support.
Please check http://www.mathworks.com/access/helpdesk/help/techdoc/ref/f16-6011seg02.... or just google "netcdf matlab site:mathworks.com"
First, get a NETCDF file
[anand@leo ~]$ ls -lh atm.nc
-rw-r--r-- 1 anand anand 63M Feb 24 11:08 atm.nc
[anand@leo ~]$
Use a command on the linux prompt and check the structure and variables in the file:
[anand@leo ~]$ ncdump -h atm.nc
netcdf atm {
dimensions:
lon = 198 ;
lat = 93 ;
level = 18 ;
time = UNLIMITED ; // (4 currently)
variables:
float lon(lon) ;
lon:long_name = "Longitude" ;
lon:units = "degrees_east" ;
lon:actual_range = 88.5609f, 141.7089f ;
float lat(lat) ;
lat:long_name = "Latitude" ;
lat:units = "degrees_north" ;
lat:actual_range = -12.18246f, 12.44604f ;
float level(level) ;
level:long_name = "Height_Index" ;
level:units = "level" ;
level:actual_range = 1050.f, 0.f ;
double time(time) ;
time:long_name = "Time" ;
time:units = "hours since 1900-1-1 00:00:0.0" ;
time:actual_range = 885696., 885714. ;
float U(time, level, lat, lon) ;
U:long_name = "Zonal Wind" ;
U:units = "m/s" ;
U:missing_value = -1.e+30f ;
float V(time, level, lat, lon) ;
V:long_name = "Meridional Wind" ;
V:units = "m/s" ;
V:missing_value = -1.e+30f ;
float OMEGA(time, level, lat, lon) ;
OMEGA:long_name = "Omega" ;
OMEGA:units = "hPa" ;
OMEGA:missing_value = -1.e+30f ;
float TK(time, level, lat, lon) ;
TK:long_name = "Temperature" ;
TK:units = "K" ;
TK:missing_value = -1.e+30f ;
float QD(time, level, lat, lon) ;
QD:long_name = "Mixing Ratio" ;
QD:units = "kg/kg" ;
QD:missing_value = -1.e+30f ;
float QC(time, level, lat, lon) ;
QC:long_name = "Cloud Mixing Ratio" ;
QC:units = "kg/kg" ;
QC:missing_value = -1.e+30f ;
float RH(time, level, lat, lon) ;
RH:long_name = "Relative Humidity" ;
RH:units = "fraction" ;
RH:missing_value = -1.e+30f ;
float HGT(time, level, lat, lon) ;
HGT:long_name = "Geopotential Height" ;
HGT:units = "m" ;
HGT:missing_value = -1.e+30f ;
float TH(time, level, lat, lon) ;
TH:long_name = "Potential Temperatur" ;
TH:units = "K" ;
TH:missing_value = -1.e+30f ;
float TD(time, level, lat, lon) ;
TD:long_name = "Dew Point Temperatur" ;
TD:units = "K" ;
TD:missing_value = -1.e+30f ;
float VOR(time, level, lat, lon) ;
VOR:long_name = "Vorticity (Horizonta" ;
VOR:units = "m/s" ;
VOR:missing_value = -1.e+30f ;
float DIV(time, level, lat, lon) ;
DIV:long_name = ;
DIV:units = "m/s" ;
DIV:missing_value = -1.e+30f ;
float PS(time, lat, lon) ;
PS:long_name = "Surface Pressure" ;
PS:units = "hPa" ;
PS:missing_value = -1.e+30f ;
float RT(time, lat, lon) ;
RT:long_name = "Total Precip" ;
RT:units = "mm/day" ;
RT:missing_value = -1.e+30f ;
float TGRND(time, lat, lon) ;
TGRND:long_name = "Ground Temperature" ;
TGRND:units = "K" ;
TGRND:missing_value = -1.e+30f ;
float SMT(time, lat, lon) ;
SMT:long_name = "Total Soil Water" ;
SMT:units = "mm" ;
SMT:missing_value = -1.e+30f ;
float RB(time, lat, lon) ;
RB:long_name = "Base Flow" ;
RB:units = "mm/day" ;
RB:missing_value = -1.e+30f ;
float SLP(time, lat, lon) ;
SLP:long_name = "Sea Level Temperatur" ;
SLP:units = "hPa" ;
SLP:missing_value = -1.e+30f ;
// global attributes:
:domxmin = 88.5609f ;
:domxmax = 141.7089f ;
:domymin = -12.18246f ;
:domymax = 12.44604f ;
:domzmin = 1050.f ;
:domzmax = 0.f ;
}
Start MATLAB:
[anand@leo ~]$ matlab -nodisplay -nojvm
< M A T L A B (R) >
Copyright 1984-2009 The MathWorks, Inc.
Version 7.8.0.347 (R2009a) 64-bit (glnxa64)
February 12, 2009
To get started, type one of these: helpwin, helpdesk, or demo.
For product information, visit www.mathworks.com.
>>
Open the NETCDF File:
>> ncid=netcdf.open('atm.nc','NOWRITE')
ncid =
10
>>
Try some queries:
>> [ndims,nvars,ngatts,unlimdimid] = netcdf.inq(ncid)
ndims =
4
nvars =
22
ngatts =
6
unlimdimid =
3
>>
Get the name of the first variable.
>> [varname, xtype, varDimIDs, varAtts] = netcdf.inqVar(ncid,0);
>> varname
varname =
lon
>> xtype
xtype =
5
>> varDimIDs
varDimIDs =
0
>> varAtts
varAtts =
3
>>
Get variable ID of the first variable, given its name.
>> varid = netcdf.inqVarID(ncid,varname);
>> varid
varid =
0
Get the value of the first variable, given its ID.
>> data = netcdf.getVar(ncid,varid)
data =
88.5609
88.8307
89.1005
89.3703
89.6400
89.9098
90.1796
Also try:
>> varid = netcdf.inqVarID(ncid,'lat');
>> data = netcdf.getVar(ncid,varid);
>> data
data =
-12.1825
We have contributed to FLOSS (Free / Libre' Open Source Software) in a variety of ways. Some of those include:
Some of the slides and media are available online for download.
A: Please see the documentation section of our website for SGE basic usage & introduction (OpenOffice presentation)
Q: A node is inaccessible since it is flagged as "in Error" state. See example below. How to fix?
A: Ensure that the underlying problem has been solved (eg: hardware problem, network problem), then:
[root ~]# qstat -f|more queuename qtype used/tot. load_avg arch states ---------------------------------------------------------------------------- all.q@c00 BIP 0/2 0.00 lx24-amd64 ---------------------------------------------------------------------------- all.q@c02 BIP 0/2 0.00 lx24-amd64 E ---------------------------------------------------------------------------- all.q@c03 BIP 1/2 1.00 lx24-amd64
Issuing "qmod -c all.q@c02" will clear the error state and make the node available for further job runs.
[root@ ~]# qmod -c all.q@c02 root@clu1 changed state of "all.q@c02" (no error) [root@ ~]# qstat -f|more queuename qtype used/tot. load_avg arch states ---------------------------------------------------------------------------- all.q@c00 BIP 0/2 0.00 lx24-amd64 ---------------------------------------------------------------------------- all.q@c02 BIP 0/2 0.00 lx24-amd64
http://gridengine.info/articles/2006/09/19/sge-gets-registered-iana-port-numbers Please use the following section in your /etc/services:
sge_qmaster 6444/tcp Grid Engine Qmaster Service sge_qmaster 6444/udp Grid Engine Qmaster Service sge_execd 6445/tcp Grid Engine Execution Service sge_execd 6445/udp Grid Engine Execution Service
See http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html Assuming a homogeneous cluster, On your master, run: qconf -mconf and change the SGE defaults from:
qlogin_command telnet qlogin_daemon /usr/sbin/in.telnetd rlogin_daemon /usr/sbin/in.rlogind
Delete these lines and add the following:
rsh_daemon /usr/sbin/sshd -i rlogin_daemon /usr/sbin/sshd -i qlogin_daemon /usr/sbin/sshd -i rsh_command /usr/bin/ssh rlogin_command /usr/bin/ssh qlogin_command /var/sge/ql.sh
where ql.sh is the qlogin_wrapper script and looks like this:
#!/bin/sh HOST=$1 PORT=$2 /usr/bin/ssh -X -p $PORT $HOST
Note that ql.sh must be available at the same pathname for all nodes and upon saving the config, it is active immediately. Ensure that the users' ssh key pairs and authorized_keys have been prepared to accept passwordless logins from any-to-any node. Here's a sample session:
-sh-3.00$ source /var/sge/vmx86/common/settings.sh
-sh-3.00$ qstat -f
queuename qtype used/tot. load_avg arch states
----------------------------------------------------------------------------
all.q@cos43x86-c00 BIP 0/1 0.02 lx24-x86
----------------------------------------------------------------------------
all.q@cos43x86-c01 BIP 1/1 0.05 lx24-x86
43 0.55500 QLOGIN demo00 r 06/13/2006 22:41:51 1
----------------------------------------------------------------------------
all.q@cos43x86-c02 BIP 1/1 0.03 lx24-x86
45 0.55500 QLOGIN demo00 r 06/13/2006 22:42:15 1
-sh-3.00$ qlogin
Your job 46 ("QLOGIN") has been submitted
waiting for interactive job to be scheduled ...
Your interactive job 46 has been successfully scheduled.
Establishing /var/sge/ql.sh session to host cos43x86-c00 ...
Last login: Mon Jun 12 17:25:08 2006 from cos43x86-c01
-sh-3.00$
The following failed since telnet-server is not running on the compute node:
-bash-3.00$ qlogin
Your job 12 ("QLOGIN") has been submitted
waiting for interactive job to be scheduled ...
Your interactive job 12 has been successfully scheduled.
Establishing telnet session to host c02 ...
Trying 192.168.230.12...
Connected to c02 (192.168.230.12).
Escape character is '^]'.
Connection closed by foreign host.
telnet exited with exit code 1
-bash-3.00$
[root@accdemo ~]# ssh head Last login: Thu Oct 12 19:57:46 2006 [root@head ~]# uname -a Linux head 2.6.9-42.EL #1 Tue Aug 15 09:30:48 BST 2006 x86_64 x86_64 x86_64 GNU/Linux [root@head ~]# qhost HOSTNAME ARCH NCPU LOAD MEMTOT MEMUSE SWAPTO SWAPUS ------------------------------------------------------------------------------- global - - - - - - - c00 lx24-amd64 1 - 119.4M - 256.0M - c01 lx24-amd64 1 - 88.0M - 256.0M - c02 lx24-amd64 1 0.08 119.4M 19.4M 256.0M 0.0 [root@head ~]# qconf -de c01 Host object "c01" is still referenced in cluster queue "all.q". [root@head ~]# qconf -mhgrp "@allhosts" root@head modified "@allhosts" in host group list [root@head ~]# qconf -shgrp "@allhosts" group_name @allhosts hostlist c00 [root@head ~]# qconf -de c01 root@head removed "c01" from execution host list [root@head ~]# qhost HOSTNAME ARCH NCPU LOAD MEMTOT MEMUSE SWAPTO SWAPUS ------------------------------------------------------------------------------- global - - - - - - - c00 lx24-amd64 1 - 119.4M - 256.0M - c02 lx24-amd64 1 0.07 119.4M 19.4M 256.0M 0.0 [root@head ~]#
[root@head ~]# qconf -mhgrp "@allhosts" root@head modified "@allhosts" in host group list [root@head ~]# qconf -shgrp "@allhosts" group_name @allhosts hostlist c00 c01 c02 [root@head ~]# ssh c01 "/etc/init.d/sgeexecd stop ; /etc/init.d/sgeexecd start" Shutting down Grid Engine execution daemon starting sge_execd [root@head ~]# qhost HOSTNAME ARCH NCPU LOAD MEMTOT MEMUSE SWAPTO SWAPUS ------------------------------------------------------------------------------- global - - - - - - - c00 lx24-amd64 1 - 119.4M - 256.0M - c01 lx24-amd64 1 0.10 88.0M 18.0M 256.0M 0.0 c02 lx24-amd64 1 0.03 119.4M 19.3M 256.0M 0.0 [root@head ~]#
[root@shark IBQ]# qconf -shgrpl @allhosts @ibhosts [root@shark IBQ]# qconf -shgrp @ibhosts group_name @ibhosts hostlist shark-c00 shark-c01 shark-c02 shark-c03 shark-c04 shark-c05 shark-c06 \ shark-c07 shark-c08 shark-c09 shark-c10 shark-c11 shark-c12 shark-c13 \ shark-c14 shark-c16 shark-c17 shark-c18 shark-c19 shark-c20 shark-c21 \ shark-c22
[root@shark IBQ]# qconf -spl lam-eth make mpich-eth mpich-ib [root@shark IBQ]# qconf -sp mpich-ib pe_name mpich-ib slots 999 user_lists NONE xuser_lists NONE start_proc_args /var/sge/mpi/startmpi.sh -catch_rsh $pe_hostfile stop_proc_args /var/sge/mpi/stopmpi.sh allocation_rule $fill_up control_slaves TRUE job_is_first_task FALSE urgency_slots min [root@shark IBQ]#
[root@shark IBQ]# cat IBQ qname ib.q hostlist @ibhosts seq_no 0 load_thresholds np_load_avg=4 suspend_thresholds NONE nsuspend 1 suspend_interval 00:05:00 priority 0 min_cpu_interval 00:05:00 processors UNDEFINED qtype BATCH INTERACTIVE ckpt_list NONE pe_list mpich-ib rerun FALSE slots 0,[shark-c00=2],[shark-c01=2], \ [shark-c02=2],[shark-c03=2], \ [shark-c04=2],[shark-c05=2], \ [shark-c06=2],[shark-c07=2], \ [shark-c08=2],[shark-c09=2], \ [shark-c10=2],[shark-c11=2], \ [shark-c12=2],[shark-c13=2], \ [shark-c14=2],[shark-c15=2], \ [shark-c16=2],[shark-c17=2], \ [shark-c18=2],[shark-c19=2], \ [shark-c20=2],[shark-c21=2], \ [shark-c22=2] tmpdir /tmp shell /bin/sh prolog NONE epilog NONE shell_start_mode posix_compliant starter_method NONE suspend_method NONE resume_method NONE terminate_method NONE notify 00:00:60 owner_list NONE user_lists NONE xuser_lists NONE subordinate_list NONE complex_values NONE projects NONE xprojects NONE calendar NONE initial_state default s_rt INFINITY h_rt INFINITY s_cpu INFINITY h_cpu INFINITY s_fsize INFINITY h_fsize INFINITY s_data INFINITY h_data INFINITY s_stack INFINITY h_stack INFINITY s_core INFINITY h_core INFINITY s_rss INFINITY h_rss INFINITY s_vmem INFINITY h_vmem INFINITY [root@shark IBQ]#
qconf -Aq IBQ
Commands:
By default and always, use the following submission command format. Especially if your script has #BSUB directives, please use:
bsub < script.txt
if not, optionally use:
bsub script.txt
List all (including, EXIT, DONE and RUN, PEND, SUSP status)
bjobs -a -u USERNAME
Sample script file:
#!/bin/sh#BSUB -q QNAME#BSUB -o %J.OUT#BSUB -e %J.ERR# BSUB -J JOBNAME#BSUB -W hh:mmmyexecutable myargs1 myarg2
My mail server can only relay mails for its own network and the office private net (on an NAT). So how do I relay mail when I am outside? Assuming the "outside" location allows ssh to my server, on the laptop, I run:
ssh -L 10025:indus:25 anand@indus
which connects port 10025 on the laptop to the port 25 (SMTP) on the server named indus
Now, I set my mail client to use SMTP server localhost, port 10025. The mail will be tunneled through SSH and relayed by indus. This can be somewhat automated to work from configuration files: [~/.ssh/config]
host indus localforward 10025 localhost:25
and ofcourse, KMail can use any preconfigured SMTP server to send email. Just click and hold down the send button. (Compare this with Outlook, :-) )
From ROCKS mailing list:
set tcpkeepalive to yes in /etc/ssh/sshd_config and restarted ssh with service sshd restart. If you are using the csh/tcsh shell, add this to your .cshrc
unset autologout
set | grep auto
you'll see
autologout 60
The problems you quote below are from a user coming in from a Windows box vs a Linux box. In that case, the difference is between a DISPLAY variable being set or not. Without a DISPLAY variable, the csh/tcsh is going to default to timing out after 60 minutes. When a DISPLAY variable is set, the autologout does not occur.
Is there any firewall in between? eg: cisco : ssh timeout 60
> What doess your ssh and sshd config file have for:
>
> ServerAliveInterval
> ServerAliveCountMax
> ClientAliveInterval
>
I had similar problems with ssh from my home network and we also had reports from users we have off campus that their ssh connections would freeze. Indeed, setting the above parameters solves the problems. I put this in my ~/.ssh/config:
ServerAliveCountMax 3
ServerAliveInterval 10
The downside is that you loose the network fault tolerance so minor glitches in the connectivity might disconnect you, but in general these parameters have solved the problem for us.
Yes, I know it is bad, but if you need it, it is possible and here is how: Cluster: x86, Centos4.4 1. Create /etc/ssh/ssh_known_hosts , I copied the file from /root/.ssh/ to /etc/ssh ( and I got it by running ssh-keyscan) 2. Create the user's .rhosts file as usual:
cat .rhosts head c00 c01 c02
Don't forget to
chmod 600 .rhosts
, otherwise causing unnecessary grief. (ps: 644 also works) 2. Edit /etc/ssh/sshd_config. Make the following changes:
# change hostbased auth to yes HostbasedAuthentication yes # we will maintain the central knownhosts in /etc/ssh so safe to ignore users version of the file IgnoreUserKnownHosts yes #read users .rhosts file, change from yes to no IgnoreRhosts no # the default sequence is pubkey,passwd,hostbased # so see the ssh_config to change the sequence PasswordAuthentication yes #If you wish turn off gssapi and x11 fwd GSSAPIAuthentication no X11Forwarding no
3. Edit /etc/ssh/ssh_config, make the following changes:
Host *
GSSAPIAuthentication no
HostbasedAuthentication yes
# next line is a new directive, not found in default ssh_config
EnableSSHKeysign yes
PreferredAuthentications hostbased,publickey,password,keyboard-interactive
NoHostAuthenticationForLocalhost yes
PasswordAuthentication yes
Setup /etc/hosts.equiv as usual.
cat /etc/hosts.equiv head c00 c01 c02
Propogate ssh_config, sshd_config, ssh_known_hosts, /etc/hosts hosts.equiv to all nodes and try logging in:
ssh node00 -v
Watch the messages and fix any problems reported (file permissions, etc)
Read the passwordless-keyless-rhosts based ssh auth. Do you still need to run rsh?
Think again. If yes, The following setup was tested on SUSE Linux. Install rsh client package Install rsh-server package
Edit /etc/xinetd.d/rsh change
disable=yes to no and
restart xinetd
Test rsh first. rsh localhost hostname
RSH fails for all users+root, from any host to any host, including localhost.
Create ~/.rhosts as follows: localhost root hostname-any root
Copy the file to all machines. Remember to restart nscd if running, else rsh fails with "permission denied" error.
Now, rsh works password-less for only root account between all machines. And rsh does not work for any normal user.
edit /etc/hosts.equiv add localhost remote-host1 remote-host2
Now rsh should work for any user. --- The following steps are unnecessary, but recommended by documentation at other sites---
edit /etc/hosts.allow add the following:
in.rshd : ALL : ALLOW
Ensure to append rsh to /etc/securetty on all nodes else "permission denied" messages will be returned
More notes: Change a line in
/etc/pam.d/rlogin to;
auth sufficient pam_securetty.so
by default it will be set to "required". rsh and rlogin are usually under xinetd control so you also need to add the -h flag on the server startup line to allow root rsh.
You should also restrict rsh and rlogin to your local cluster subnet with the "only_from" option.
Here's my rsh file in /etc/xinet.d
service shell {
socket_type = stream
protocol = tcp
flags = NAMEINARGS
wait = no
user = root
group = root
log_on_success += USERID
log_on_failure += USERID
only_from = 192.168.1.0/24
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.rshd -haL
disable = no
}
You could also put restrictions in /etc/hosts.allow and deny since xinetd will use tcp wrappers if it's configured
I am using a machine with Serial Port 0x3f8 (COM1) or /dev/ttyS0
create the following file:
# anand@megatron:~$ cat /etc/event.d/ttyS0
# tty1 - getty
#
# This service maintains a getty on tty1 from the point the system is
# started until it is shut down again.
start on stopped rc2
start on stopped rc3
start on stopped rc4
start on stopped rc5
stop on runlevel 0
stop on runlevel 1
stop on runlevel 6
respawn
exec getty -L 38400 ttyS0 vt102
Ubuntu does not use /etc/inittab for starting such services, rather, it uses UPSTART.
Following commands can be used to list, start and stop services.
initctl list
initctl start ttyS0
initctl stop ttyS0
root@megatron:~# initctl list
control-alt-delete (stop) waiting
logd (stop) waiting
rc-default (stop) waiting
rc0 (stop) waiting
rc1 (stop) waiting
rc2 (stop) waiting
rc3 (stop) waiting
rc4 (stop) waiting
rc5 (stop) waiting
rcS (stop) waiting
rcS-sulogin (stop) waiting
sulogin (stop) waiting
tty1 (start) running, process 6763
tty2 (start) running, process 5384
tty3 (start) running, process 5386
tty4 (start) running, process 5381
tty5 (start) running, process 5382
tty6 (start) running, process 5388
ttyUSB0 (stop) waiting
root@megatron:~# initctl stop ttyUSB0
initctl: Job not changed: ttyUSB0
root@megatron:~# initctl start ttyUSB0
ttyUSB0 (start) waiting
ttyUSB0 (start) starting
ttyUSB0 (start) pre-start
ttyUSB0 (start) spawned, process 24836
ttyUSB0 (start) post-start, (main) process 24836
ttyUSB0 (start) running, process 24836
Use minicom on another machine to login. Note that Root login will need appending ttyS0 to /etc/securetty. Nonroot user logins via serial should just work
Note: On the client side, the user should belong to dialout group
anand@megatron:~$ id anand
uid=731(anand) gid=731(anand)
groups=731(anand),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),
30(dip),44(video),46(plugdev),107(fuse),109(lpadmin),114(admin),121(kvm)
Also ensure that the device ownership and permissions are correct:
(group dialout should have read/write perms)
anand@megatron:~$ ls -l /dev/ttyUSB0
crw-rw---- 1 root dialout 188, 0 2008-11-04 18:09 /dev/ttyUSB0
Now, the final test:
bumblebee login: root
Password:
Last login: Tue Nov 4 12:53:31 SGT 2008 on ttyS0
Linux bumblebee 2.6.24-16-generic #1 SMP Thu Apr 10 13:23:42 UTC 2008 i686
root@bumblebee:~#
The following may help when a headless system needs to be controlled from just a serial console.
Setup Console Redirection from BIOS to serial port.
Setup GRUB to use serial port as Console:
Add the following at the top of the grub config file (common settings section)
serial --unit=0 --speed=38400 --word=8 --parity=no --stop=1 terminal --timeout=30 serial console
and append the following:
console=ttyS0,38400n8 console=tty0
to your active stanza (kernel line)
Connecting to a serial device such as network switch with a serial cable connected is quite simple:
screen /dev/ttyS0 9600
(source: Pete Savage's blog)
If it complains, you can try to remove the "proxyarp" option, or to use a lower baud rate - try 19200 and then 9600. If all goes well, try pinging. and verify that the ppp interface you are using is indeed ppp0. Then You run into problems if your kernel doesn't have ppp support, but usually standard distribution kernels do. Try a "modprobe ppp" if it fails.
If you are using a USB-Serial converter, plugin the USB device to your laptop. Insert appropriate USB modules (usb-ohci etc ) , usbserial, and the driver, for example pl2303. Your USB serial device should be mapped as /dev/ttyUSB0 ( SUSE ) or /dev/tts/USB0 (Gentoo)
Use this device name to configure minicom.
The focus here is not a "normal" setup of the switch , but strictly for HPC cluster usage. Note that randomly turning off options such as STP could cause havoc on a campus network! (but is safe in a single level HPC cluster private network)
Note that STP can be safely turned off only if the switch is exclusively for cluster usage. If the switch is connected to existing networks, please contact the site Network Engineer and check, get his approval first!
configure no spanning-tree exit Console#copy running-config startup-config Startup configuration file name []: startup Write to FLASH Programming. Write to FLASH finish. Success.
From the config menu:
ip http server ip http port 8000
console# configure console(config)# interface vlan 1 console(config-if)#ip address 10.10.1.254 255.255.255.0 exit ip default-gateway 10.10.1.1 copy running-config startup-config
(typically you need to know the switchport# connection to server#)
Console#show mac-address-table interface ethernet 1/2 Interface Mac Address Vlan Type --------- ----------------- ---- ----------------- Eth 1/ 2 00-14-5E-32-9A-46 1 Learned Console#show mac-address-table Interface Mac Address Vlan Type --------- ----------------- ---- ----------------- Eth 1/ 2 00-14-5E-32-9A-46 1 Learned Eth 1/22 00-14-5E-32-99-56 1 Learned Eth 1/47 00-14-5E-2B-9E-7F 1 Learned
Assume that you have downloaded the Ubuntu ISO image. And due to whatever reason, you cannot install it using a CDROM (eg: No CDROM drive, or it is just too much work to record a CD ;-)
So you decide to start installing Ubuntu or Kubuntu Linux from a USB thumbdrive. How can one boot from a USB thumbdrive? Read on.
What You Will Need:
In the following screenshots, /dev/sdb is the USB thumbdrive. See the confirmation below:
root@mkgg64:~# lsscsi
[0:0:0:0] cd/dvd MATSHITA DVD-R UJ-857D KBV9 /dev/scd0
[2:0:1:0] disk ATA SAMSUNG HM250JI HS10 /dev/sda
[9:0:0:0] disk USB007 mini-USB2BU 0.00 /dev/sdb
First step, wipe out the USB stick, create a DOS FAT16 filesystem
root@mkgg64:~# mkdosfs -I -F 16 /dev/sdb
mkdosfs 2.11 (12 Mar 2005)
root@mkgg64:~#
Mount the source ISO image and the target USB stick on some mount points.
root@mkgg64:~# mount -o loop,ro /home/nc/downloads/hardy-alternate-i386.iso /media/cdrom
root@mkgg64:~# mount /dev/sdb /mnt/home/nc/downloads/hardy-alternate-i386.iso
667M 667M 0 100% /media/cdrom0
/dev/sdb 984M 0 984M 0% /mnt
root@mkgg64:~#
Copy all the files on the CD to the USB stick, ignore any errors such as "Operation not permitted":
root@mkgg64:~# rsync -al /media/cdrom/ /mnt/
rsync: symlink "/mnt/ubuntu" -> "." failed: Operation not permitted (1)
rsync: symlink "/mnt/dists/stable" -> "hardy" failed: Operation not permitted (1)
rsync: symlink "/mnt/dists/unstable" -> "hardy" failed: Operation not permitted (1)
rsync: symlink "/mnt/install/netboot/pxelinux.0" -> "ubuntu-installer/i386/pxelinux.0" failed: Operation not permitted (1)
rsync: symlink "/mnt/install/netboot/pxelinux.cfg" -> "ubuntu-installer/i386/pxelinux.cfg" failed: Operation not permitted (1)
rsync error: some files could not be transferred (code 23) at main.c(977) [sender=2.6.9]
root@mkgg64:~#
Flush the RAM buffers and unmount the ISO image and USB drive
root@mkgg64:~# sync
root@mkgg64:~# umount /mnt/
root@mkgg64:~# umount /media/cdrom
root@mkgg64:~#
Now we need to make the USB drive bootable. For that we need syslinux package. If you do not have it, install it (ap-get install syslinux)
root@mkgg64:~# dpkg -l|grep syslinux
ii syslinux 1:3.36-4ubuntu5 Bootloader for Linux/i386 using MS-DOS flopproot@mkgg64:~# syslinux /dev/sdb
root@mkgg64:~# sync
Now, look at the file, /isolinux/isolinux.cfg in the ISO image, which normally defines the path to the kernel, initrd (drivers) etc. We will be lazy and just do no more work. ;-)
menu label ^Install Kubuntu
kernel /install/vmlinuz
append file=/cdrom/preseed/kubuntu.seed initrd=/install/initrd.gz quiet --
Note the above. Remove the USB drive, plug it into a USB port on the system where you want to install linux and power-on or reset the machine.
At the boot: prompt, type the following, the installer should bring up the familiar Kubuntu installer screen
boot: /install/vmlinuz initrd=/install/initrd.gz file=/preseed/kubuntu.seed
Cheapskate's web interface to SGE status:
Script: /var/www/cgi-bin/status.cgi
#!/bin/bash echo Content-type: text/html echo "" echo "<html><head><title>Cluster Status</title></head><body><pre>" source /opt/sge/CELLNAME/common/settings.sh /opt/sge/bin/lx24-amd64/qhost echo "</pre></body></html>"
x11vnc -display 0 -viewonly [-shared] -allow IPADDR -passwdfile ~/passfile.txt
On a Debian or Debian derivate such as Kubuntu, edit the following:
/etc/kde3/kdm/Xaccess, add a line with an asterisk on its own as follows:
|
Before: |
After: |
| #* #any host can get a login window
# |
#* #any host can get a login window * # # To hardwire a specific terminal to a specific host, you can
|
Edit /etc/kde3/kdm/kdmrc and change Xdmcp section from Enable=false to Enable=true
| Before | After |
|
[Xdmcp] Enable=false |
[Xdmcp] Enable=true |
No, restart KDM service :
/etc/init.d/kdm restart
You can login from a remote host , when the X server shows a login screen, Click Menu=>Remote Login. Enter the IP address or hostname in the Host: field and login with a valid userid/password combination.
The setup above is for demo purpose. It is very insecure. Once you get to this point, just add restrictions and note that X11 traffic is all unencrypted and can be sniffed easily by anyone.
XLive CD: Xwindow live CD for Windows desktops: ftp://ftp.ussg.indiana.edu/pub/xlivecd/xlivecd-20041201.iso http://xlivecd.indiana.edu/ Use just one keyboard and mouse to control your laptop and desktop at the same time: Install x2x on both machines. eg: apt-get install x2x On desktop: X -ac :0 & export DISPLAY=localhost:0 startkde & export DISPLAY=laptop:0 On laptop: From kde desktop, Open terminal x2x -west -to desktop:0
Nesting XWindows: sudo apt-get install xnest Xnest -ac :1 You should get a blank X win. This will be your DISPLAY #1. A client can set export DISPLAY=machine:1 and display into this window. See fluxbox running inside a window on KDE desktop
Remote X11 apps: On pc1: xhost +pc2 On pc2: export DISPLAY=pc1:0 xterm Xterm should be displayed on PC1 however it will consume computing resources from PC2 Remote X11 logins (XDMCP): Setup KDM or GDM to listen for XDMCP broadcasts. eg: edit /etc/kde3/kdm/kdmrc on Ubuntu Linux system running KDE.
PC_A wants to send its X display to PC_B On PC_B xhost +IP_PC_B On PC_A export DISPLAY=IP_PC_B:0.0 Open a ssh connection from PC_B to PC_A as follows: ssh -X IP_PC_B Any X program run on PC_A will send its graphical output to PC_B
startx -- -nolisten tcp
xhosts +local:
The X Window System doesn't really care if the X server and the X client run on the same machine. With a few configuration changes, you can easily run a remote X session on a local display.
XDMCP is the X Display Manager Control Protocol. In order to use it, you will have to login via a graphical login manager (GDM, KDM) on the machine which will act as the server (in X jargon, that's the client. Yeah, I know ...). I will assume that you're using the standard login manager on Mandrake Linux, KDM.
Configuration
Steps require 'root' privileges. Configuration has only to be done on the machine running the login manager.
Edit /etc/X11/xdm/xdm-config and put an exclamation mark in front of this line:
DisplayManager.requestPort: 0
Edit /etc/X11/xdm/Xaccess and remove the hash (#) in front of this line (if there is one):
* # any host can get a login window
Edit /usr/share/config/kdm/kdmrc and change
[Xdmcp]
Enable=false
to
[Xdmcp]
Enable=true
If you're using GDM, you can configure that in the advanced options field of gdm-config. Log out of your X session and log in again. Now go to the client machine, log into a console and run
X -broadcast
(notice that you can and should do this as non-root). The login screen of the remote machine running the display manager will come up and you can log in. All applications will run on the remote machine and the visuals will appear on the local machine via the network. To quit the session, log out and choose 'Close Connection' from the 'Menu' dropdown.
Since the local X server requires very little resources, this is a neat way to run a full blown graphical desktop on older machines.
Security
If it's simple, it's usually insecure. Same here. Only use XDMCP in trusted environments, there's no encryption whatsoever. XDMCP uses UDP port 177. Block that port in your firewall from all outside access (your firewall should block all non-needed ports by default, anyway ;-)). Check out more secure alternatives like tunneling X via ssh.
More information
Linux XDMCP HOWTO
Remote X Apps mini-HOWTO
man xdm
If you never want to run X programs on a remote machine to display on your local machine,then you may as well shut off this non-essential service
The -nolisten tcp is passed directly to the X Server. You may want to put this in a system startup file like /usr/X11R6/lib/X11/xinit/xserverrc or /etc/X11/xinit/xserverrc
The xhosts line means "trust all clients who are on local host". This is fine for a workstation with only one user, like a typical home machine.