Automatic VLC Start at System Boot Time

Last week we installed a machine with VLC for centralized music playback in our room. Now, everybody can start or stop music streams via the build-in HTTP interface of VLC.

To start VLC automatically at boot time we wrote the following start script:

#!/bin/sh
# Start/stop the vlc daemon.
#

PLAYLIST="/usr/share/vlc/playlist.pls"

case "$1" in
start)
       PROC=$(ps -ef|grep "vlc -I http"|grep -v grep|wc -l)
       if [ $PROC -eq 0 ]
       then
         sudo -u vlc /usr/bin/vlc -I http --http-host 0.0.0.0:8000 $PLAYLIST 1>/dev/null 2>&1 &
         echo "VLC started"
       else
         echo "There is still a vlc process running..."
         exit 1
       fi
       ;;

stop)
       PROC=$(ps -ef|grep "vlc -I http"|grep -v grep|awk '{print $2}')
       for TMP in $PROC
       do
         logger "Killed VLC - PID $TMP"
         kill -9 $TMP 1>/dev/null 2>&1
       done
       echo VLC killed
       ;;

restart)
       $0 stop
       $0 start
       ;;

reload|force-reload)
       $0 stop
       $0 start
       ;;
*)      log_action_msg "Usage: /etc/init.d/vlc {start|stop|restart|reload|force-reload}"
       exit 2
       ;;
esac
exit 0

For security reasons we run VLC as a non-root user. To change the user id we are using sudo inside the start script.

Sun Fire X4450 - A really good beer warmer!

This week I have got borrowed a Sun Fire X4450 system as Sun Ray machine for a Debian GNU/Linux training. The course participants can start Debian Lenny inside a VirtualBox VM but for this a powerful x86 machine is required.

The Sun Fire X4450 supports up to 24 cores on 4 sockets and up to 256 GB RAM (But our machine has only 32 GB). The 2RU case can home 8 SAS disk drives in maximum.

After we had put the machine in our 19" rack we saw that the X4450 can also be used as a really good beer warmer, because the serverroom is also our beer invetory. As a demonstration I upload this screen shot of our temperature monitoring.

Debian Lenny on Cobalt Raq XTR Howto

Today I will show you how to install Debian Lenny on old Cobalt RAQ XTR hardware.

The Cobalt RAQ is a pentium 3 based 1 HE server. There are some specifies with this hardware, which make the install process a litte bit complicated.

There is no real BIOS on the RAQ rater it is using a small Linux on a rom for bootup. The Linux on the rom can boot different locations like the disks or via NFS.

Also the installation must be made over a network connection because the RAQ does not have a vga connector. For this we require a PC with a preinstalled Debian Lenny OS.

You also need a serial nullmodem cable between your desktop pc and the cobalt box. The right settings for this connection are 115200 8N1. For example you can use minicom or cu as your terminal software. If you can see many cryptic output in minicom during the cobalt startup, the connection will be ok.

1 Setup DHCP and NFS boot

To be able to work on the RAQ we will boot a Linux environment over NFS (We do not really boot a kernel via NFS, but we import a new root path for the rom kernel this way). We use this later to upgrade the rom and to install our OS on the disk.

First we require some additional packages

desktop:/# apt-get install debootstrap nfs-user-server dhcp3-server minicom cu

We start with installing a old debian sarge environment into the directory /nfsroot-x86. The name of this directory is important, because the rom kernel uses it. It is also important is that we install the old sarge distribution, because later we use the 2.4 rom-kernel with this environment. I also tried Lenny at this point, but it caused a kernel panic during the cobalt boot. I think that has something to do with the way the binaries were compiled.

desktop:/# mkdir /nfsroot-x86
desktop:/# debootstrap --arch i386 sarge /nfsroot-x86 http://archive.debian.org/debian-archive/
desktop:/# echo 'deb http://archive.debian.org/debian-archive sarge main' > /nfsroot-x86/etc/apt/sources.list
desktop:/# chroot /nfsroot-x86
desktop:/# passwd root
desktop:/# apt-get install ssh joe
desktop:/# exit

Because the RAQ does not own a vga interface, we need to enable a getty on the serial line. For this edit /nfsroot-x86/etc/inittab:

#1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
T1:23:respawn:/sbin/getty -L ttyS0 115200 vt100

Next we edit the network configuration. For this edit /nfsroot-x86/etc/network/interfaces:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp

Edit /nfsroot-x86/etc/fstab (but do not forget to change the ip to your desktop pc ip):

192.168.1.10:/nfsroot-x86 / nfs defaults 0 0
proc /proc proc defaults 0 0

Our Sarge environment shoud be finish, now. Next we edit the dhcpd configuration file /etc/dhcp3/dhcpd.conf:

authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
host cobalt {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address 192.168.1.20;
option routers 192.168.1.1;
next-server 192.168.1.10;
option root-path "/nfsroot-x86";
option host-name "cobalt1";
}
}

We also need to export the /nfsroot-x86 directory. For this edit /etc/exports:

/nfsroot-x86 *(rw,no_root_squash,no_subtree_check)

Finally we have to restart the services:

desktop:/# /etc/init.d/nfs-user-server restart
desktop:/# /etc/init.d/dhcpd restart

Now, boot your Cobalt RAQ. During startup press the S button until you get into the menu. In this menu choose boot from net. Your cobalt shoud get an IP from your DHCP ans mount the NFS export. You should now be able to get a shell via SSH, now.

2 Flash The Boot Rom

First you have to download the new rom and the flashutils package. You can find both at http://sourceforge.net/project/showfiles.php?group_id=83123. For the XTR download the cobalt-2.10.3-ext3-1M.rom (You can also download the cobalt-2.10.3-xfs-1M.rom if you prefer XFS).

Extract the flashutils-file into the /nfsboot-x86 directory and copy the rom image into the new folder:

desktop:/# cd /nfsroot-x86
desktop:/nfsroot-x86/# tar xvzf romutils-1.0.tar.bz2
desktop:/nfsroot-x86/# mv cobalt-2.10.3-ext3-1M.rom romutils

Now we can use this tools on the Cobalt to upgrade the rom. At this stage you can damage your Cobalt. DO NOT POWER OF YOUR COBALT UNTIL THE FLASH PROCESS HAS FINISHED. If there are any errors until the flash process, do not power off your machine. Insted repeat the flash process until it worked without errors.

cobalt:/# cd romutils
cobalt:/romutils/# ./flashtool -v -r > backup.rom
cobalt:/romutils/# ./flashtool -v -w cobalt-2.10.3-ext3-1M.rom

After the flashing process has finished, reboot the cobalt (net boot again).

3 Install Lenny To The Disk

Now we need a second chroot environment for the Lenny system. We install it into the /nfsroot-x96 directory, so that we can access it from the cobalt.

desktop:/# mkdir /nfsroot-x86/lenny-root
desktop:/# debootstap --arch i386 lenny /nfsroot-x86/lenny-root/ http://ftp.debian.org/debian
desktop:/# cp /etc/apt/sources.list /nfsroot-x86/lenny-root/etc/apt/
desktop:/# cp /nfsroot-x86/etc/inittab /nfsroot-x86/lenny-root/etc/inittab
desktop:/# cp /nfsroot-x86/etc/network/interfaces /nfsroot-x86/lenny-root/etc/network/interfaces
desktop:/# chroot /nfsroot-x86/lenny-root/
desktop:/# apt-get update
desktop:/# apt-get install openssh-server joe linux-image
desktop:/# cd /boot
desktop:/boot/# ln -s vmlinuz-2.6.26-1-686 vmlinux.bz2
desktop:/boot/# ln -s initrd.img-2.6.26-1-686 initrd.img
desktop:/boot/# exit

The Cobalt rom kernel looks for a file named vmlinux.bz2 in the / or the /boot directory. So make sure that there is such a file, or a symlink with that name. For creating a customized kernel take a look at http://wiki.parvi.org/index.php/Cobalt_Kernel_Patch.

Now think about your futuere partitioning of your harddisks. Because we need to setup the /nfsroot-x86/etc/fstab file:

proc /proc proc defaults 0 0
/dev/hde1 / ext3 errors=remount-ro 0 1
/dev/hde2 none swap sw 0 0

As you can see, the naming of the devices does not start at A, it is starting at E!

Let us switch to the cobalt console again. We can start to do the partitioning stuff, now. Simply start fdisk /dev/hde and edit your partiton like this:

Device Boot Start End Blocks Id System
/dev/hde1 1 25189 12695224+ 83 Linux
/dev/hde2 25190 26500 660744 82 Linux swap / Solaris

Choose the sizes of your partitions like your preferences. After finishing the partitioning stuff, we can create the ext3 filesystem and prepare the swap partition.

cobalt:/# mkfs -t ext3 /dev/hde1
cobalt:/# mkswap /dev/hde2

Now mount the local disk and copy the Lenny environment to the disk:

cobalt:/# mount -t ext3 /dev/hde1 /mnt
cobalt:/# cd /lenny-root
cobalt:/lenny-root/# cp -a * /mnt/
cobalt:/# unmount /mnt
cobalt:/# reboot

Switch to your serial console now. During the startup you could see a message like "syncing disks". From now, press the space button multiple times until you are in the boot menu.

Type the following commands:

# boot
# set-boot-dev hde1
# set-root-dev hde1
# main
# bfd

At this point you should have a working Debian Lenny system on your cobalt.

4 Disclaimer And Ressources

Please notice that I wrote this howto at 2pm after figuring out the hole installation procedure. So it may be possible that the discription above includes some mistakes. All damages caused by this installation procedure are at your own risk.

You can find further information on this topic at the following locations. There are also some information how to create a specially patched kernel for your RAQ:

http://www.timntina.com/debian-cobalt-kernel-compile
http://www.timntina.com/debian-sarge-cobalt-install
http://wiki.parvi.org/index.php/Cobalt_Kernel_Patch
http://wiki.parvi.org/index.php/RaQ_Installation_Guide
http://braggtown.com/qubuntu.html
http://www.cobaltfaqs.com



How to resize NTFS partitions

Christmas brougth an new laptop with a preinstalled Windows XP. Because windows is only usefull for games but not for work, it was necessary to resize the NTFS partition to create space for an later Linux or OpenSolaris installation.

Because Windows XP is not able to resize it's own partitions I had to look for a third party software to do the resize. First I found all this well known commercial stuff like Paragon Partition Manager but they simply cost to much money for resizing this partition only once.

After a while, I found the Gnome Partition Manager (aka gparted). This tool allows you to add, delete, move and resize a lot of different types of partitions.

Using gparted is very simple. First download the gparted-ISO-image from the website and burn it on to an cd. This cd is bootable. After booting your computer from the cd you can directly start editing your partitions via a nice graphical user interface.

All in all a very nice and simple to use tool for doing all this partitioning stuff.

Encrypting your /tmp partition

In my last post I explained how to encrypt the SWAP partition. Today I'm going to show how to encrypt the /tmp partition. First of all it is necessary to install the cryptsetup tool.

apt-get install cryptsetup

Let us assume that /dev/sda7 should become our encrypted /tmp partition. We will start and write a lot of random data into this partition. This will protect against some kind of cryptoanalysis attacks.

dd if=/dev/urandom of=/dev/sda7

Depending on the size of your /tmp partition you should go and drink one or more coffees. This step will take some time.

Next we setup the cryptography device using cryptsetup:

cryptsetup --key-file /dev/urandom --key-size 128 create ctmp /dev/hda7

Finnaly we modify /etc/crypttab and /etc/fstab:

/etc/crypttab:
ctmp /dev/sda7 /dev/urandom tmp,chiper=aes-cbc-essiv:sha256,size=128,hash=ripemd160

/etc/fstab:
/dev/mapper/ctmp none ext2 nodev,nosuid 0 2

Now restart your computer and your /tmp partition should be encrypted.

Encrypting your SWAP partition

Today I started playing with file system encryption. Mostly all people are aware of the necessity of encrypting their data partitions. But there are some simple side channel attacks to avoid this security feature.

Many applications write temporary data into the /tmp directory. So there is a high chance that an attacker can find secret information simply by looking into /tmp. Another possibility is grepping the swap partition for secret information (maybe by using a linux live cd. Otherwise the data would be overwritten during the boot sequence).

I will show how simple it is to fend such an side channel attack on the swap partition. Maybe I will write a post about encryption of data and /tmp partitions in the future, but at the moment my solution isn't as perfect as it should be and it still needs to be optimized.

Now, let's start encrypting the swap partition. We assume that your swap partition is /dev/sda3. Please fit this to your systems configuration otherwise you can loose some data.

At the first, you have to install the necessary deb packages:

apt-get install cryptsetup

Next edit the file /etc/crypttab:

cryptoswap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=128,hash=ripemd160

Now remove the old entry for the swap partition from /etc/fstab and insert the following:

/dev/mapper/cryptoswap none swap sw 0 0

Thats all. Now reboot your system and in the future your swap partition should be encrypted.

OpenSSH Visual Host Key

The new OpenSSH 5.1p1 offers a new feature called visual host key. The idea of this feature is that our brain is better in remembering images than in remembering text. So this new feature tries to visualize the host key to make it more appreciable to our brain.

To enable this feature simply add the following lines to your ~/.ssh/config:

Host *
VisualHostKey yes