Archive | August 2013

Installing an RPM under CentOS from a local repository

The problem with the standard -Uvh install of an RPM is that it doesn’t resolve any dependencies.  For example, the iperf package from:

ftp.pbone.net iperf-2.0.5-5.3.i686.rpm

needs a boatload of other packages.  You could add the dependencies one at a time, but you’d be doing that all afternoon.  Using yum and a local repository will do the heavy lifting.

  • Create a directory for you local repository, e.g. /root/repo.
  • Put a copy of the RPM into that directory.
  • Fix the ownership and files permissions if root doesn’t own the repository directory:
    # chown -R root.root /root/repo
    
  • Install the createrepo package if not installed yet, and then run:
    # createrepo /root/repo
    # chmod -R o-w+r /root/repo
    
  • Make a repository configuration file in /etc/yum.repos.d/, e.g. /etc/yum.repos.d/my.local.repo containing:
    [local]
    name=My local repository
    baseurl=file:///root/repo
    enabled=1
    gpgcheck=0
    
  • Install the package (iperf in this case) using:
    # yum install iperf
    
  • Once the local repository is setup, you can add other RPMs to the repository directory without need to rerun the repository creation or configuration steps.
Advertisements

Startup script in Fedora 19

In /etc/systemd/system/<x>.service:

[Unit]
Description=What the script will do

[Service]
Type=oneshot
ExecStart=/bin/sh -c ‘/full/path/to/script.sh’

[Install]
WantedBy=multi-user.target
EOF

Then systemctl enable <x>.service

Building MPTCP iproute

You built a new Multi-Path TCP kernel from https://github.com/multipath-tcp/.  Guess what?  You didn’t get matching tools like a revised “ip” to go with it.  Here’s how to build them and get them to a target Fedora 19+ system:

  1. git clone –depth=1 git://github.com/multipath-tcp/iproute-mptcp.git
  2. yum install libdb-devel  this is needed for Berkley DB support
  3. cd iproute-mptcp
  4. make
  5. scp ./etc/iproute2/* <dest>:/etc/iproute2
  6. cd ip
  7. scp ifcfg ip routef routel rtacct rtmon rtpr <dest>:/sbin
  8. cd ../tc
  9. scp tc <dest>:/sbin

Compacting a Linux VM disk

This only works for dynamic disks.

  1. cd to /
  2. dd if=/dev/zero of=ZERO bs=1M
  3. rm ZERO
  4. cd to /boot and repeat

The dd copies blocks of zeros in 1M chunks to a file named ZERO.  The idea is to go to different mount points and zero out unused space.  Only blocks with zero in them are compacted.

As an alternative to using dd, Ben Armstrong suggests:

cat /dev/zero > zero.dat ; sysnc ; sleep 1 ; sync ; rm zero.dat

  1. Shutdown the vm
  2. Vboxmanage modifyhd /fullpath/to/the.vdi –compact

Vboxmanage is in the “\Program Files\Oracle\VirtualBox” directory.

For Hyper-v, you need the PowerShell Hyper-v GUI Management tools installed.  Then run:

Optimize-VHD -Path /fullpath/to/the.vdi -Mode Full

Mounted disks can’t be fully compacted, but mounting the disk as read-only allows a subset of compaction options.

Building a CentOS 6.4 module

  1. Install necessary tools.
    • yum groupinstall "Development Tools
    • yum install rpm-build redhat-rpm-config asciidoc hmaccalc perl-ExtUtils-Embed xmlto
    • yum install binutils-devel elfutils-libelf-devel newt-devel python-devel zlib-devel
  2. Get the kernel headers.
    • yum install kernel-devel
  3. Create a build tree and get the kernel source
  4. Unpack the source files
    • cd ~/rpmbuild/SPECS
    • rpmbuild -bp --target=$(uname -m) kernel.spec
  5. The source tree will be under ~/rpmbuild/BUILD/kernel*/linux*/
  6. Prepare the kernel
    • cd ~/rpmbuild/BUILD/kernel-2.6.32/linux-2.6.32.`uname -m`
    • cp /boot/config-`uname -r` .config
    • make oldconfig
    • make prepare
    • make modules_prepare
  7. Note: make modules_prepare will not build a Module.symvers file. If you need module versioning then the kernel needs to be built.  See http://wiki.centos.org/HowTos/Custom_Kernel
  8. Change directory to the module you want to build
  9. Build the module
    • make -C /lib/modules/`uname -r`/build M=`pwd` modules
  10. Copy the .ko to /lib/modules/`uname -r`/extra on the target system
  11. Update the dependencies
    • depmod -a
  12. Use modprobe to load the module. To display info about a loaded module use modinfo

OpenVPN on CentOS

  1. wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    rpm -Uvh epel-release-6-8.noarch.rpm
  2. yum install openvpn -y
  3. Easy-rsa isn’t included in OpenVPN anymore.  This is from http://safesrv.net/install-openvpn-on-centos/ –
    Download easy-rsa from below:
    wget https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-2.2.0_master.tar.gz
    Extract the package:
    tar -zxvf easy-rsa-2.2.0_master.tar.gz
    Copy to the OpenVPN directory:
    cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/
    Open up with vi or other favorite editor /etc/openvpn/easy-rsa/2.0/vars and edit the below line:
    Change:
    export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
    To:
    export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnfNext change the KEY_COUNTRY through KEY_OU values at the end of the file.Save and exit
  4. From same 2.0 directory as var, cp openssl-1.0.0.cnf openssl.cnf
  5. Build the CA, previous changes should be defaults to questions:
    source ./vars
    ./clean-all
    ./build-ca
  6. Create server certificate, answering yes to commit:
    ./build-key-server server
  7. Generate Diffie Hellman key exchange files:
    ./build-dh
    cd keys
    cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
  8. Generate client certificates:
    cd ..
    ./build-key <client name>
  9. Get ca.crt, and <client name>.crt/key to OpenVPN client
  10. cp /usr/share/doc/openvpn-*/samples/sample-config-files/server.conf /etc/openvpn
  11. vi /etc/openvpn/server.conf and set the “local” ip for OpenVPN to listen on.  Uncomment the user and group nobody lines.
  12. service openvpn start
    chkconfig –level 3 openvpn on
  13. modify iptables rules for listening to port 1194 TCP:
    iptables -A INPUT -i eth0 -p tcp --dport 1194 -j ACCEPT
    iptables -A OUTPUT -o eth0 -p tcp --dport 1194 -j ACCEPT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

    Next you need to allow certain traffic going through the tunnel.  For no restrictions use:

    iptables -A INPUT -i tun0 -j ACCEPT
    iptables -A OUTPUT -o tun0 -j ACCEPT
    iptables -A FORWARD -o tun0 -j ACCEPT

ZeroShell in Hyper-V

Getting ZeroShell installed into a VM is a bit of a trick:

  1. download the 2.0 RC2 .iso and corresponding 2GB .img.gz file from http://www.zeroshell.org/download/#
  2. Make a .iso file from the .img.gz.  I used ImgBurn for this.
  3. Make a new VM with 2 GB hard disk, and add a 2nd CD-ROM
  4. Put the RC2 .iso on CD-ROM1 and the .iso from step 2 on CD-ROM2
  5. Boot the VM
  6. Select ‘S’ to get to the shell prompt
  7. Make a mount point for CD-ROM2 with mkdir /mnt/cdrom
  8. Mount CD-ROM2 with mount /dev/sr1 /mnt/cdrom
  9. Copy the .img into the disk with gunzip -c /mnt/cdrom/ZeroShell-2.0.RC2-IDE-USB-SATA-Disk-2GB.img.gz > /dev/sda
  10. Shutdown the VM with halt
  11. Remove the .isos from the VM
  12. Boot up the VM