Category Archives: Linux

RedHat Gripes

Linux

Lately we are looking at groupware options, and have been looking at Scalix and Zimbra. We may need the features in the proprietary versions of these products, unfortunately.

So I downloaded an evaluation copy of Scalix.

They say they support RedHat and SuSE. Fine, I think, I’ll just alien the RPMs to debs and be happy.

Not so fast. They have a whole proprietary install system. They check for /etc/redhat_release or /etc/SuSE_release (or something like that) and do different things depending on what is there. Ugh. Why can’t these proprietary vendors just target LSB? The differences seem mostly related to init anyway.

So I touch /etc/SuSE_release into existence, run the installer again. It complains that DISPLAY is not set. UGH. I log in with ssh forwarding, to root (sigh), and run it again.

Now it complains that the SuSE_release file doesn’t contain a valid release. I google a bit, but the file format doesn’t seem to be documented anywhere. I extract it from an RPM somewhere, but no luck.

So, I figure at this point, let’s try an actual RPM distro. I’m running this in a Xen domain anyway, so it should be no big deal, right?

I think CentOS will be a good choice. It’s RHEL with the non-free stuff stripped out. And they support RHEL and don’t need any non-free stuff. I google, and find instructions for installing via rpmstrap for Xen uses.

Let me say, rpmstrap is not nearly the nice tool that cdebootstrap is. rpmstrap totally hosed the networking on the Xen host machine, requiring me to reboot to get it back to proper state. The resulting install wouldn’t boot, either — I later found out that, even though I listed explicit devices in /etc/fstab like usual, it requires labels on all my partitions to boot. Ugh. There are a host of other problems with the rpmstrap-installed chroot, and it’s broken beyond my ability to repair due to problems with the rpm database.

So then I downloaded the “Server” CD for CentOS, which is supposed to have just the stuff a person would need for a server, and leave off all the graphical tools, multimedia, etc. I fired up VMware and did an install. Then I booted Debian From Scratch in VMware and used tar and netcat to copy the installed image over to Xen.

I got it booting fairly easily. But now I start to remember why I had this instinctive gag reflex last time I used RHEL.

First off, the network configuration, by default, is tied to the MAC address of your ethernet card. So if you replace your Ethernet card, your network is broken by default.

Then, there’s the way the network is brought up. It uses arping as part of its procedure to bring up a NIC. If it sees a reply anywhere on the network with the IP you’re trying to assign, it leaves the NIC half-up — it’s been ifconfig’d up, but without an IP. So that’s right, if somebody happens to have a rogue device plugged in at the moment your server boots, your server will come up without a network configured. This is *Enterprise* Linux and it’s pulling this sort of thing. Terrible design.

Next, there’s the way the network is *configured*. There are commands such as system-config-network-tui, -gui, -cmd, -druid, etc. I go for -tui. to start with. It’s a dialog-like interface, and asks the basics like IP address, etc. It doesn’t have any way to configure more than one Ethernet card that I can tell. And some of the settings — like nameserver — apparently require you to press F12 to visit. But the program doesn’t recognize F12 as sent by an xterm, so it doesn’t work.

All the other options require X. So, I reluctantly ssh -X into it as root and run system-config-network-gui. It doesn’t work — complains it can’t find DISPLAY. Strange, I think; DISPLAY is set properly to localhost:whatever. It turns out that /etc/hosts is empty by default, so the thing can’t resolve localhost! Argh. I add a line to /etc/hosts and it fires up.

This tool works decently. I save, uncheck the tie to a MAC address box, and exit. I then think it might be good to fire it up again and see what it did. I try running it again, and get the same error about DISPLAY. The stupid tool blew away /etc/hosts and replaced it with an empty file! This is NOT what I would expect from an Enterprise Linux. You don’t blow away a config file the administrator touched without asking, EVER.

Next, I figure, let’s try installing the XFS tools so I can switch the root filesystem to xfs. I start with “yum update”, which doesn’t quite do what I expect. (It is more like apt-get update && apt-get -u dist-upgrade) So I hit Ctrl-C, but — surprise — IT DOESN’T WORK. I press it a few more times, and it seems to just make the downloader cycle through mirrors because of a “download error”. So I hit Ctrl-Z and kill %1. I have my prompt, but it’s STILL DOWNLOADING STUFF and spewing all over my console. Ugh.

I finally use ps and kill -9 and eventually get it killed off. Stupid thing.

I don’t understand why anybody would want to use RedHat Enterprise Linux in an enterprise. It seems more suited to a hobbyist system at home. From reading some forums, it seems there are quite a few people out there using Debian for enterprise systems for similar reasons.

So now, maybe I’ll have the chance to actually try Scalix.

(BTW, our intern got Zimbra installed on Debian just fine, so that’s a plus for it.)

Multipath is working

Linux

Yesterday, we got multipath working with our HP MSA1500cs SAN. We have a fully redundant setup with redundant controllers, fibre channel switches, and two FC controllers per host.

We had been having a lot of trouble getting things to work right with active/passive controllers. We could get failover to work in some cases, but getting everything to communicate correctly in the event of a failure was difficult, since every machine would have to flip over to the passive controller simultaneously.

With a firmware upgrade, the MSA 1500cs can support active/active controllers. With the dual-active setup, both controllers are active simultaneously and both are valid paths.

Despite HP support’s indications to the contrary, HP does have information on using built-in multipathd in Linux instead of their proprietary multipath solution. It’s document c00635587, part AA-RW8RA-TE.

We’ve configured multipathd.conf like this:

      path_grouping_policy  multibus
      path_checker              tur
      failback                  immediate
      no_path_retry             60
      path_selector             "round-robin 0"

Just put that in your default block and it should work.

Hello, ext3. Goodbye, reiser4.

Linux, ,

So I’ve been trying out various filesystems over the past few months, by converting a few machines to them and using them on a daily basis.

I’ve found that reiser3, JFS, and XFS are all risky and actually corrupt data on crashes. JFS also has a few weird bugs that make the kernel oops, and sometimes cause filesystem corruption. All of the above also have starvation issues, where one IO-intensive process can dramatically slow down everything on the system (by a factor of 100 or more).

Reiser4 has proven better — only one small issue that I can recall. But it’s got a huge problem: no ability to resize a Reiser4 partition. That is rather ridiculous these days, and really reduces the utility of LVM. (Hans says he’ll make it resizable when someone pays.)

So I’ve tried out ext3 again, for the first time in a few years. I’m using data=ordered,commit=300 (or 600 on some machines), which still makes it safer than the other journaled filesystems.

And I must say that it is impressive. The old bottlenecks that I was used to were gone. The thing is reliable and fast, and scales well. I’m going to move everything back to ext3.

So why do Hans’s benchmarks show reiser4 being better? For one thing, most benchmarks measure throughput, not response time, so things like starvation don’t cause black marks in them. Most of them don’t even use multiple processes to simulate real-world activity anyway. Plus, ext3’s default mount options (commit=5, for instance) are much more conservatve than other filesystem’s. To get a fair test, one should increase that commit= number on ext3.

Here’s another discussion about ext3.

Linux, Bluetooth and Mobile Phones

Hardware, Linux

I got my first Bluetooth-enabled mobile phone this week, a Motorola v551. I’ve been playing with the Linux utilities for working with mobile phones and have assembled some links. Most of the pages out there seem focused on SMS features of a mobile, or using a mobile phone for Internet access for a Linux box. I’m interested in neither, and care more about phone book syncing and transferring files back and forth between the phone itself and a PC.

There seems to be quite a community built around hacking Motorola phones as well. The Hofo Guide is the authoritative resource.

HowardForums.Com is also a great site.

Quick and Easy IPv6 for Debian

Linux, ,


A lot of people have asked about IPv6 in Debian. There have been some instructions floating around, but all of them I’ve seen are overly complex. Here’s how to set up your own 6to4 tunnel in about 5 minutes (assuming your kernel is IPV6-ready), without the need of freenet6 or any other tunnel broker. You need only a real IP address (static is best) and a basic understanding of IPv6 to proceed. This article will configure your host or your router.




These instructions set you up with 6to4, which requires no outside tunnel broker. However, there are not many 6to4 routers out there. If you are connecting to other non-6to4 sites, chances are god that performance will not be good. This is not a flaw in IPv6 itself. I suggest setting up 6to4 first, since it is fairly easy; once you have it working, then move on to others if you like.



First, you need to obtain an IPV6-ready kernel. I strongly recommend 2.6.1 or above if possible. Check the IPv6 kernel system check page to make sure your kernel is IPV6-ready, and for info on compiling a new kernel if not. In addition to basic IPv6, I also recommend that you compile in IPv6 netfilter support.


Next, you need to add a tunnel to your /etc/network/interfaces file. First, you will need to know your public IP address in IPv4. It will look something like 10.20.30.40. Next, you need to get that in IPv6 notation. Here’s a quick shell script to do that:




#!/bin/sh

printf “2002:%x%02x:%x%02x::\n” `echo $1 | sed ‘s/\./ /g’`


Just run that with your IP address as an argument. In this example, for 10.20.30.40, the result is 2002:a14:1e28::. This is your prefix. All your IP addresses will begin with that. Please see the link above for more on IPv6 addressing if you don’t understand the “::” part of this.


Now, you have all the information to create your own IPv6 tunnel. Edit /etc/network/interfaces and add these lines:




iface sit1 inet6 v4tunnel

        address 2002:a14:1e28::2

        netmask 64

        endpoint any

        local 10.20.30.40

        up ip -6 route add 2000::/3 via ::192.88.99.1 dev sit1

        down ip -6 route flush dev sit1

	up /etc/network/ipv6rules.sh

	ttl 64


The address line contains the IPv6 address you calculated above, followed by a “2”. The local line contains your local IP address. Now bring up the link with ifup sit1. You should now be able to run ping6 www.ipv6.org and get results back. If you don’t have ping6 on your system, install the iputils-ping package. If this works, add sit1 to the auto line in /etc/network/interfaces.


The /etc/network/ipv6rules.sh is a little script that closes off some ports to your system. If you don’t want to use it, delete that “up” line. Here’s one version that I recommend:




#!/bin/bash

ip6tables -F

ip6tables -I INPUT -i sit+ -p tcp –syn -j DROP

ip6tables -I FORWARD -i sit+ -p tcp –syn -j DROP

ip6tables -I INPUT -i sit+ -p udp \! –dport 32768:60999 -j DROP

ip6tables -I FORWARD -i sit+ -p udp \! –dport 32768:60999 -j DROP

ip6tables -I INPUT -i sit+ -p tcp –dport 22 -j ACCEPT

ip6tables -I FORWARD -i sit+ -p tcp –dport 22 -j ACCEPT

# Uncomment the following lines if this is a router

#echo 0 > /proc/sys/net/ipv6/conf/all/autoconf

#echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra

#echo 0 > /proc/sys/net/ipv6/conf/all/accept_redirects

#echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

#echo 0 > /proc/sys/net/ipv6/conf/all/router_solicitations


This script will close off incoming TCP connections, and UDP connections to low UDP ports, except for TCP to port 22 (ssh).


If you are setting up a host, you’re done. If this is a router, read on…


Router Configuration


If you’re setting up a router, there are a couple more quick steps. First, you need to configure your ethernet interface for ipv6. Insert a clause like this in /etc/network/interfaces:




iface eth0 inet6 static

        address 2002:a14:1e28:1::1

        netmask 64


Of course, replace the first first part of “address” with your real IPv6 address. (Note the added “:1::1” after the address.) Now run ifdown eth0; ifup eth0 to make the changes take effect.


Next, apt-get install radvd and edit /etc/radvd.conf. It should end up looking like this:




interface eth0

{

   AdvLinkMTU 1480;

   AdvSendAdvert on;

   prefix 2002:a14:1e28:1::1/64

   {

   };

};


Mind the semicolons (and lack thereof); radvd is picky. Now /etc/init.d/radvd restart and use ps to make sure it’s running. radvd is similar to dhcp for IPv6, but a lot easier.


At this point, your IPv6 network is ready. All clients on your network that are IPv6 capable should automatically assign themselves an IPv6 address and be ready to go. For Debian clients, all you need is IPv6 support in your kernel; you do not need to do anything on them at all.


Revisions


  • Added a note about performance (1/19/2003 7PM). Suggested by Jeroen Massar.

  • Adjusted netmasks and router subnet (1/20). Suggested by Jeroen Massar.

  • Added ttl 64 (1/20). Adapted from a suggested from Thomas Habets.

  • Corrected sit0 to read sit1