newspaint

Documenting Problems That Were Difficult To Find The Answer To

Monthly Archives: March 2015

How Can I Access a Block Device Such as CDROM In LXC?

In Ubuntu Trusty Tahr 14.04.2 LTS I created a default LXC container:

lxc-create -t ubuntu -n cdlxc -- -r trusty

I wanted to be able to access my CDROM device /dev/cdrom from my container. I gleaned what I needed from this (https://wiki.archlinux.org/index.php/Linux_Containers#Cgroups_device_configuration) link.

First I needed to find out what the major and minor version numbers were of the block device I wanted to access:

# ls -al /dev/cdrom
lrwxrwxrwx 1 root root 3 Mar 29 12:32 /dev/cdrom -> sr0
# ls -al /dev/sr0
brw-rw---- 1 root cdrom 11, 0 Mar 29 12:32 /dev/sr0

Note that my CDROM device here appears to be /dev/sr0 and that the first character of the directory attributes is b indicating a block device. Next see the numbers after the user and group – 11, 0 – these are the major and minor version numbers of the device.

With this in mind I need to alter my container’s config file. So I opened up /var/lib/lxc/cdlxc/config and added the lines:

# devices - set profile to allow mounting block devices (constrained by default)
lxc.aa_profile = lxc-container-default-with-mounting

# lxc.cgroup.devices.allow = typeofdevice majornumber:minornumber rwm
lxc.cgroup.devices.allow = b 11:* rwm

The lxc.aa_profile setting controls generally what your container can get away with. If you want to be able to directly access block devices you have to give it a less strict profile than is the default.

The lxc.cgroup.devices.allow controls what devices you may access from your container. In this case I want to allow it access to block devices with major number 11 and a minor number of anything (but I could have set it to zero to match my CDROM device from above only). Major number 11 is allocated to SCSI CD-ROM devices – the minor number indicates which CDROM device.

Finally I started my container. Then inside my container, as root, I issued the command:

# mknod -m 666 /dev/cdrom b 11 0

… noting the major and minor numbers of the block device from earlier (11 0). Now I could access my CDROM drive:

# cdparanoia -vsQ
cdparanoia III release 10.2 (September 11, 2008)

Using cdda library version: 10.2
Using paranoia library version: 10.2
Checking /dev/cdrom for cdrom...
        Testing /dev/cdrom for SCSI/MMC interface
                SG_IO device: /dev/cdrom

CDROM model sensed sensed: HL-DT-ST DVDRAM GTA0N LC00

Checking for SCSI emulation...
        Drive is ATAPI (using SG_IO host adaptor emulation)

Checking for MMC style command set...
        Drive is MMC style
004: Unable to read table of contents header

Unable to open disc.  Is there an audio CD in the drive?

Success!

Adding Static Leases to LXC in Ubuntu Trusty Tahr 14.04.2 LTS

If you want to have more control over DHCP in the default LXC installation in Ubuntu Trusty Tahr then you can edit the file /etc/default/lxc-net to suit you.

It is recommended that you uncomment the line:

LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf

…because the /etc/lxc/dnsmasq.conf file is where you will add static lease configuration information later.

Note that you do not need to make any changes to /etc/init/lxc-net.conf as the settings in /etc/default/lxc-net will take preference.

Next you will want to find the MAC addresses of your LXC containers:

# grep lxc.network.hwaddr /var/lib/lxc/*/config
/var/lib/lxc/lxctutorial/config:lxc.network.hwaddr = 00:16:3e:32:9a:a4
/var/lib/lxc/webserver/config:lxc.network.hwaddr = 00:16:3e:0c:5b:1b
/var/lib/lxc/mailserver/config:lxc.network.hwaddr = 00:16:3e:ca:cb:02

Then assign them the static addresses you want them to have in /etc/lxc/dnsmasq.conf e.g.:

# static leases
# dhcp-host=[][,id:|*][,set:][,][,][,][,ignore]
dhcp-host=00:16:3e:32:9a:a4,10.0.3.123,lxctutorial-lxc,7200
dhcp-host=00:16:3e:0c:5b:1b,10.0.3.124,webserver-lxc,7200

Now you need two steps to make sure this takes effect:

stop lxc-net
echo "" >/var/lib/misc/dnsmasq.lxcbr0.leases # erase current leases
start lxc-net

Installing Xubuntu 14.04 Trusty On ZFS With LUKS Encryption

Aim

The aim was to get ZFS installed on a Linux system with 2 large spinning hard drives both encrypted with ZFS on top with ZFS filesystems mounted at / and /var with a swap volume. The /boot partition would be on its own USB drive.

Target ZFS setup

Target ZFS setup

Health Warning

This took me over 10 hours to get right. Most of the parts were available at other sites as linked throughout this article. But little things – like getting multiple LUKS disks mounted before ZFS – was very difficult to solve. When I say take snapshots take snapshots to save yourself a world of delays when something goes wrong.

Also note that ZFS appears, initially, to take excessively long times to write many small files. The time it takes to install a linux-headers package can be between five and ten minutes.

Installation

Preparatory

I downloaded the Xubuntu 14.04 Truty Tahr desktop image (torrent index) and used Unetbootin to install it as an ISO image on an 8GB USB flash drive (with a 4GB working area).

Then I booted my server into “Try Xubuntu without installing” from the grub boot menu on the USB flash drive.

Once the desktop had loaded I opened a terminal window and became root by simply typing sudo bash.

Next I installed ZFS by following the instructions at this page:

# apt-add-repository --yes ppa:zfs-native/stable
# apt-get update
# apt-get install debootstrap ubuntu-zfs

Boot USB Formatting

I followed the instructions at this blog post to format my boot USB drive.

Hard Drive Encryption

Following the instructions at this blog post I set off to encrypt my two spinning hard drives.

My two hard drives were located at /dev/sda and /dev/sdb. To set up the encryption:

# cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha256 /dev/sda
# cryptsetup luksOpen /dev/sda crypt1

# cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha256 /dev/sdb
# cryptsetup luksOpen /dev/sdb crypt2

Note that aes-xts-plain64 should be used for drives exceeding 2TB in size, aes-xts-plain is adequate for drives less than 2TB. Note that aes-xts-plain can still be used for drives exceeding 2TB but numbers will roll over due to the 32-bit counter used.

Also sha256 is the default preference now instead of sha1 for the hash.

Creating zpool

Next I set up the zpool mirroring the encrypted devices:

# zpool create -o ashift=12 rpool mirror /dev/mapper/crypt1 /dev/mapper/crypt2
# zpool list
# zpool status rpool

Note! The Linux boot process requires the root pool to be named rpool – I tried something different in spite of reading warnings and in the end I had to rename my pool on boot into the new system. So call it something else if you want – but you will end up in a BusyBox console eventually and have to import your pool as name rpool.

Creating Filesystems

# zfs create rpool/ROOT
# zfs create rpool/VAR
# zfs set compression=lz4 rpool/ROOT
# zfs set compression=lz4 rpool/VAR
# zfs create -V 32G -b 4096 \
        -o compression=off \
        -o primarycache=metadata -o secondarycache=none \
        -o sync=always \
        rpool/SWAP

Base Installation

First unmount the ZFS pool and map the target mount points of the filesystems. Then export the pool so we can re-import it at a different location.

# zfs unmount -a
# zfs set mountpoint=/ rpool/ROOT
# zfs set mountpoint=/var rpool/VAR
# zpool set bootfs=rpool/ROOT rpool
# zpool export rpool

You can find what zfs pools are available to import:

# zpool import
   pool: rpool
     id: 15624077173946208759
  state: ONLINE
 action: The pool can be imported using its name or numeric identifier.
 config:

        rpool       ONLINE
          mirror-0  ONLINE
            crypt1  ONLINE
            crypt2  ONLINE

Import the ZFS pool into a mounted location:

# zpool import -R /mnt/rpool rpool

Also mount the USB stick boot partition:

# mkdir /mnt/rpool/boot
# mount /dev/sdc1 /mnt/rpool/boot

Finally do the bootstrap which will download and install a base system (this will take several minutes, if it is exceeding ten and approaching twenty then maybe you accidentally started writing to your flash drive instead of your mounted ZFS filesystem):

# debootstrap trusty /mnt/rpool
.
.
I: Base system installed successfully.

You may want to take a snapshot of this install given it took such a long time!

# zfs snapshot rpool/ROOT@after-base-install
# zfs snapshot rpool/VAR@after-base-install
# zfs list -t snapshot
NAME                            USED  AVAIL  REFER  MOUNTPOINT
rpool/ROOT@after-base-install      0      -   136K  -
rpool/VAR@after-base-install       0      -  54.9M  -

Base Cleanup

Edit the hostname:

# echo "bigguns" >/mnt/rpool/etc/hostname

Also add the line to /etc/hosts:

127.0.1.1 bigguns     # or whatever hostname you chose

Now we need to set up the /mnt/rpool/etc/fstab file with the location of the USB boot stick. First we need to find the ID of the USB boot stick:

# blkid
/dev/sdc1: LABEL="usb_boot" UUID="3a12cd22-2280-4913-8662-bf4321db5423" TYPE="ext4"
/dev/sdc2: LABEL="USB_FAT32" UUID="1357-C12F" TYPE="vfat"

Then take the UUID of the boot partition and add to the /mnt/rpool/etc/fstab file:

/dev/disk/by-uuid/3a12cd22-2280-4913-8662-bf4321db5423 /boot/grub auto defaults 0 1

We will also need to set up LUKS. Make a note of the encrypted devices:

# blkid |grep LUKS
/dev/sda: UUID="e61cb221-08e6-48e1-bd41-1b157751b444" TYPE="crypto_LUKS"
/dev/sdb: UUID="6c8b8364-7a5b-492e-9cee-474fa1ba3fd2" TYPE="crypto_LUKS"

Add these to /mnt/rpool/etc/crypttab:

#                 
crypt1 UUID=e61cb221-08e6-48e1-bd41-1b157751b444 none luks
crypt2 UUID=6c8b8364-7a5b-492e-9cee-474fa1ba3fd2 none luks

Chroot

This section is taken largely from this page.

Prepare virtual filesystems from LiveCD into new system:

# mount --bind /dev  /mnt/rpool/dev
# mount --bind /dev/pts  /mnt/rpool/dev/pts
# mount --bind /proc /mnt/rpool/proc
# mount --bind /sys  /mnt/rpool/sys
# chroot /mnt/rpool /bin/bash --login

Install PPA support in the chroot environment:

# locale-gen en_US.UTF-8 # always add this even if you want another language
# locale-gen en_GB.UTF-8
# apt-get update
# apt-get install ubuntu-minimal software-properties-common

Install cryptsetup or you may not be able to unlock your disks the next boot:

# apt-get install cryptsetup

Symlink your LUKS container devices. Without this update-grub will complain that it cannot find the canonical path and error. This tip found at this page.

# ln -s /dev/mapper/crypt1 /dev/crypt1
# ln -s /dev/mapper/crypt2 /dev/crypt2

Assure that future kernel updates will succeed by always creating the symbolic link:

# echo 'ENV{DM_NAME}=="crypt1", SYMLINK+="crypt1"' > /etc/udev/rules.d/99-local-crypt.rules
# echo 'ENV{DM_NAME}=="crypt2", SYMLINK+="crypt2"' >> /etc/udev/rules.d/99-local-crypt.rules

Add the following lines to /etc/fstab:

/dev/mapper/crypt1 / zfs defaults 0 0
/dev/mapper/crypt2 / zfs defaults 0 0
/dev/zvol/rpool/SWAP none swap defaults 0 0

Install ZFS into the chroot environment:

# apt-add-repository --yes ppa:zfs-native/stable
# apt-get update
# apt-get install ubuntu-zfs
# apt-get install grub2-common grub-pc
# apt-get install zfs-initramfs
# apt-get dist-upgrade

Add boot=zfs to grub:

# vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="boot=zfs nosplash"

Reinstall grub, but before you do ensure you have an image installed (e.g. linux-image-generic and linux-image-headers) otherwise update-initramfs will silently do nothing and grub will have nothing to boot. The headers are necessary otherwise apt-get will complain about unconfigured packages. Not pretty but has to be done to make the dependencies happy.

# apt-get install --no-install-recommends linux-image-generic linux-headers-generic

At this point let’s take another snapshot!

# zfs snapshot rpool/ROOT@before-bootstrap
# zfs snapshot rpool/VAR@before-bootstrap

Also note that update-initramfs isn’t quite intelligent enough to figure out that you need two encrypted disks to be unlocked before the mirror can be available to ZFS. To that end we need to update a hook named cryptroot. Edit the file /usr/share/initramfs-tools/hooks/cryptroot and in the function get_root_device() comment out the return in the loop:

while read device mount type options dump pass; do
  if [ "$mount" = "/" ]; then
    device=$(canonical_device "$device") || return 0
    echo "$device"
    #return -- COMMENT OUT THIS LINE
  fi
done

Now you can run update-initramfs.

# update-initramfs -c -k all
# update-grub
# grub-install /dev/sdc

Set a root password for the new system:

# passwd root

Reboot

Exit out of chroot:

# exit

Unmount and export zpool or system may fail to start.

# umount /mnt/rpool/boot
# umount /mnt/rpool/dev/pts
# umount /mnt/rpool/dev
# umount /mnt/rpool/proc
# umount /mnt/rpool/sys
# zfs umount -a
# zpool export rpool

And reboot.

# shutdown -r now

Building libtorrent-rasterbar with Boost not detected error

So you’re using Debian Wheezy or Ubuntu Lucid and you get the following error:

checking for boostlib >= 1.36... configure: We could not detect the boost libraries (version 1.36 or higher). If you have a staged boost library (still not installed) please specify $BOOST_ROOT in your environment and do not give a PATH to --with-boost option.  If you are sure you have boost installed, then check your version number looking in . See http://randspringer.de/boost for more documentation.
checking whether the Boost::System library is available... no

You know you’ve got the Boost libraries of version 1.40 or so installed. So what’s going on? The clue is in config.log:

cc1plus: error: unrecognized command line option "-ftemplate-depth=120"

The fix? Edit your configure file and comment out the line:

#CXXFLAGS="$CXXFLAGS -ftemplate-depth=120"

… and re-configure. This issue was discovered with libtorrent-rasterbar-0.16.19.

Canon MF8540Cdn Power Switch Autoshutdown

Out of the box the Canon MF8540Cdn laser printer has a possibly irritating feature. After four hours of inactivity it physically flips the power switch off on the side of the printer.

If you want to stop this automatic shutdown of the printer, however, you can set the printer to never power off by visiting the menu, navigating to Timer Settings, then Auto Shutdown Time, then set the shutdown timer to zero (never turn off).

Here is a step by step guide:

1. Press the menu button

Press the menu button

Press the menu button

2. Navigate using the up/down arrows to Timer Settings and press OK

Navigate to Timer Settings and press OK

Navigate to Timer Settings and press OK

3. Navigate using the up/down arrows to Auto Shutdown Time and press OK

Navigate to Auto Shutdown Time and press OK

Navigate to Auto Shutdown Time and press OK

4. Using the up/down arrows set the counter to zero and press the right hand button under the screen labelled Apply by the screen

Set the counter to zero and press the button under the Apply label on the screen

Set the counter to zero and press the button under the Apply label on the screen

You may want to physically power off the printer, count slowly to 15, then switch the printer back on in case the settings only take effect on power-up.

Putting CyanogenMod 12 Onto Samsung Galaxy Tab Pro 8.4

The official instructions for this are at CyanogenMod’s wiki. However there are reports that Heimdall does not work on latest tablets with the following error:

Downloading device's PIT file...
ERROR: Failed to send request to end PIT file transfer!

Instead, following the links provided in this XDA thread, one can download a toolkit from autoroot.chainfire.eu for the SM-T320 model. After extracting this and running the tool (on Windows) Odin3-v3.07.exe you click on the “PDA” button and open the .tar.md5 file included in the package. On holding down the VOLUME DOWN key when powering-on the tablet you will see the following screen at which it is okay to proceed to send the loaded .tar.md5 file to the tablet.

Samsung Pro Tab 8.4 Custom OS Load Screen

Samsung Pro Tab 8.4 Custom OS Load Screen

Next download a recovery which can be found at this XDA thread. Reboot the device holding the VOLUME DOWN key again and use the Odin3 tool again but this time loading the recovery .tar.md5 file.

Finally reboot into recovery by holding the VOLUME UP key on power-up. Then you can sideload the CyanogenMod zip from ADB by selecting “Install from zip” then select loading from sideload. If you see the option “Apply update from ADB” then you have got the stock recovery and not the CyanogenMod recovery installed.

One problem is that, annoyingly, on first boot into CyanogenMod 12 the modal dialog box “Unfortunately, Email Has Stopped” keeps coming over and over and over and you have you just keep clicking “OK” and trying to quickly hit the “next” key through the default options in between until you get to the default screen. At which point deleting the Email client is probably the best thing to do.