Pietro Abate homepage

Today I spent large part of the day to configure a vpn to access our servers. Instead of leaving port 22 wide open, I prefer to use a vpn to access the internal network and to do ordinary administration tasks. This way I'll also be able to use graphical tools that I don't feel like to use over the internet.

This is data related with a dell 2950 + md1000 that I'm configuring. /dev/sda is the onboad raid controller with 3 300G sas disks (raid5). /dev/sdb is the md1000 with 5 1T sata disk (raid5). First when configuring the md1000 you must create the logical volume from the bios. I've created a fairly standard raid5 array using with all disks.

The crude data without any optimization is as follows:

nc, TCP/IP swiss army knife, is an utility to transfer data across the network (actually is much more then that...). If you need to transfer large files inside you private network it might be a good idea to use nc, instead of heavier data transfer protocols (such as nfs, samba, ssh, http...)

Server side :

nc -vvn -l -p 3000 -w 3 | pv -b > outputfile


where -l says to listen and -p 3000 specifies the port.

Client side :


nc -vvn 192.168.0.5 3000 < inputfile


This is pretty straightforward.

To make the process a bit more human friendly I've used pv that is a small monitor the progress to show how much data has been transfered.

This is a small recipe to resize a disk image. In this case I wanted to make it bigger.

create a sparse file :

dd if=/dev/zero of=xen.img bs=1k count=1 seek=30M


copy the old file system to the sparse file:

dd if=old-xen.img of=xen.img conv=notrunc


now we resize the fs (reiserfs in this case)

resize_reiserfs xen.img


and we can happily mount it.

mount -o loop xen.img test/


now we have a bigger fs !

# df -h
Filesystem Size Used Avail Use% Mounted on
/home/xen.img 30G 338M 30G 2% /home/test


If I don't trust a stranger to wonder inside my house, why should I allow a closed source program to access my home directory ? Apart from the paranoia and conspiracy implications I decided to spend some time learning how to chroot skype (and iceweasel for that matter, since I don't really trust javascript, flash and the mozilla plugin model) in a chroot.

I started from this article :
http://www.debian-administration.org/articles/566

This recipe didn't work out of the box. This is mine:

Now step by step:
First we install the software. I'm working on a debian unstable...

There are many many howto on the net regarding this topic. Here I'll not give another howto, but just a list of mistakes I've done today. I hope this will same some time to others.

openssl certs

This week I spent some time configuring nagios to track our infrastructure, including web services and hardware.

Nagios is an interesting piece of software. It's very flexible and kinda easy to setup. I've to say that the documentation is not particularly well written. However sites like http://www.nagiosexchange.org/ make like very easy. Setting it up on debian is pretty straightforward.

Well today I tried to understand why our production server (shame shame) has rebooted twice in a row in the last 3 days. The only visible problem in the logs is the infamous xen error : " xen_net: Memory squeeze in netback driver." . Googling around it seems kinda common and the recommended solution is to add dom0-min-mem to xend.conf and dom0_mem as a kernel option. I've done that and updated the xen hypervisor to the latest bakcported version. The machine is up and running and everything seems fine at the moment. I didn't touch the kernel.

If you manage a dell poweredge, it will come a time where you are curious to know about the health of your machine. These are few notes.

The first thing you will try is probably the dell management server. It's the usual java monster with web interface and all in it. I don't like it. So I installed openimpi and got the megacli bianry from the lsi website.

openimpi is easy: apt-get install opemimpi impitools

Then we need to load the impi kernel modules:

To generate a new key-pair on your local machine you run the following command:

ssh-keygen -t rsa

Then you can copy the key to the remote hosts with

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotehost

More info:

man ssh-agent
man ssh-add