Sometimes the version of a package available on CentOS is too old and you really want the latest but you don’t want to manually update it by compiling from source and tracking the upstream. Fortunately there are people that does this for you. Head over to the IUS Community Project and install their RPMs.
Tag: linux
Create LVM thin provisioning with SSD cache
Awesome LVM setup for my VMs
I recently built a new home server and I wanted to use LVM thin provisioning backed by a nvme cache. This is basicly just a snippet from my command history.
[Update: I later found out that libvirt doesn’t seem to support LVM thin provisioning. Dang it! Guess I’ll have to do just SSD caching then]
Setup
/dev/sda 2TB WDC Black harddrive
/dev/sdb 2TB WDC Black harddrive
/dev/nvme0n1 256GB Intel 600p SSD
A bunch of RAID1 devices on sda and sdb. Of concern here is:
/dev/md125 1.9TB RAID1 mirror of /dev/sda5 + /dev/sdb5
Machine is called virt1 and runs CentOS 7
Create LVM thin pool
Create Physical Volumes
pvcreate /dev/md125
pvcreate /dev/nvme0n1
Create Volume Group vg_virt1 on big RAID volume
vgcreate vg_virt1 /dev/md125
Create Thin Pool tp_vmpool on all available space in vg_virt
lvcreate -l100%FREE –thinpool tp_vmpool vg_virt1 –verbose
Volumes can now be created in vg_virt/tp_vmpool
Connect LVM Cache (dm-cache)
Extend Volume Group with SSD
vgextend vg_virt1 /dev/nvme0n1
Create a cache pool out of the free space
lvcreate –type cache -L 238G -n lv_virt1_cachepool /dev/vg_virt1/tp_vmpool /dev/nvme0n1
(the 238G was the effective space – 1% or something like that. It may work with -l100%FREE too)
Tunnel only specific applications through VPN
A mission of trance
Say you are on a mission. A mission to spread your trance music. So you create a software for this trance mission. And for fun you call it transmission. This software is run in the background. This is called daemonizing in Linux. So you obviously call the executable for this software transmission-daemon. And to keep it from taking over your system you have it running as a dedicated user called transmission.
Evil corp wants you dead
Not all people like your trance music and try to shut you down. So naturally you want to mask your transmission-daemon behind a VPN service. But to not reveal that it is you who are running the transmission you only want the transmission traffic to exit via the VPN tunnel and the rest of your traffic to exit via your normal way.
Our setup
In this example we are using Azire VPN provider. We have our transmission-daemon running on Fedora Linux 24. We will be using OpenVPN for the tunneling. So sign up for a VPN and get the ovpn-file.
Install all the things
# dnf install openvpn transmission-daemon
Yup that’s it
Configure OpenVPN
Copy your ovpn file to /etc/openvpn and name it AzireVPN-SE.conf. It is important that the file ends with .conf.
I added these lines to the end of that file
auth-user-pass /etc/openvpn/Azire.auth route-nopull script-security 2 up /etc/openvpn/up.sh down /etc/openvpn/down.sh inactive 300
I created a file with our username on the first line and our password on the second line. The file was named /etc/openvpn/Azire.auth. Remember to chown it to 0600.
I created /etc/openvpn/up.sh with the contents of this snippet.
Also a matching /etc/openvpn/down.sh with the contents of this snippet.
Configure services
We want openvpn to start transmission-daemon when the tunnel is up. So disable the system service so it isn’t started when the machine starts.
# systemctl disable transmission-daemon.service
Create a AzireVPN-service by creating a special symlink of the openvpn unit file, reloading systemd and enabling the service
# cd /etc/systemd/system # ln -s '/lib/systemd/system/openvpn@.service' \ 'openvpn@AzireVPN-SE.service' # systemctl daemon-reload # systemctl enable openvpn@AzireVPN-SE.service
You should now be able to start and stop your tunnel (and thus also transmission-daemon) with
systemctl start openvpn@AzireVPN-SE.service systemctl stop openvpn@AzireVPN-SE.service
Keep the motor running
Sometimes the tunnel goes down and the transmission-daemon with it. You can have systemd restart it when that happens by editing /lib/systemd/system/openvpn@.service and adding the following line to the [Service] section
Restart=on-failure
Probably should be done with an override.
Happy trancing.
One-liner of the day: Get your primary IP address
Get the IP adress of the interface where the default route is
ifconfig $( ip route | grep ^default | awk '{ print $NF }' ) | grep "inet " | awk '{ print $2 }'
Rescan disk in Linux
When adding disks or enlarging existing disk in our VMs I use this twoliner to trigger a rescan of disks:
for i in /sys/class/scsi_host/host*/scan ; do echo "- - -" >$i ; done for i in /sys/class/scsi_disk/*/device/rescan ; do echo "1" >$i ; done
Installing Graylog on CentOS 7
Graylog is a nice log server. The documentation of its installation procedure is not as nice yet. Here is my log of how we installed it at work.
HandBrake RPM for Fedora 13
First attempt at installing HandBrake 0.9.4 for Fedora 12 on Fedora 13 failed. I checked out the latest source from Subversion and built it to some RPM packages. Seems to work ok.
Check it out at my RPM repository (be kind)
[edit] Updated to svn 3364. Check out my Twitter for more news about this.
[edit] I now get my HandBrake RPMs from negativo17.org
Correct ProxyPass to Tomcat
Finally… someone looked it up and got it right.
Really quick boot
I’ve been setting up a new server for my parents and boy is it fast. And by fast I mean fast bootup. This untweaked server does it from power up to login prompt in just over 16 seconds. So I’ve stripped a few services I didn’t need but the important ones are there; acpid, crond, rsyslog, sshd and something called udev-post
Auto detecting monitors in Linux
When using an external monitor to my laptop I have set my X to enable TwinView and have the larger external display be primary display left of the laptop display. But when I am away from home and does not have external monitor connected the nv driver does not detect that and still set up TwinView as before leaving much of the desktop out of display. To remedy this I have made two xorg.conf, one for single display and one for dual.
I have copied these manually before when I’m switching. Now I have something slightly better. I start X, run xrandr, capture its output and copy one of the configs depending on what’s in the output. This is how I do it
rm -f /tmp/xrandr /tmp/nullconf
/usr/bin/xinit /usr/bin/xrandr -q -- /usr/bin/X -config /tmp/nullconf -quiet >/tmp/xrandr 2>/dev/null
if grep -q '^DVI.* connected' /tmp/xrandr ; then
cp -f /etc/X11/xorg.conf.dual /etc/X11/xorg.conf
else
cp -f /etc/X11/xorg.conf.single /etc/X11/xorg.conf
fi
rm -f /tmp/nullconf
My external monitor is detected as a DVI and the internal as LVDS