Home Linux Community Community Blogs

Community Blogs

fred woor's first blog.

Today , I begin write my blog.

I'm from china, a voip developer.

Using motavisita linux , and MTF for voice programming . 


Dual Mouse :D

Ah, this is life, I can use two mouses at ones, one on my table and one on my knee :D.

This way I don't need to stretch a lot, resulting with a healthy back.



This is my first entry to my blog. The site is really good. Thanks for everyone

Presto: Speed up your updates and save bandwidth

A little background information

Delta RPMs (DRPMs) are very similar to binary (regular) RPMs. The main difference is that DRPMs contain only the changes between two versions of an RPM package. This allows you to do full updates in a lot less time - Instead of downloading a full 10MB for an update where only 50kb of content changed, for example, you can now download only that 50kb of change and apply it to your system.

Presto is a project which brings deltarpm and yum together; In other words, letting you use yum to apply DRPMs.

Not only will you save on bandwidth since you're only downloading in the changes in a package, but you'll also cut down on the time it takes to download and apply the packages.

Installing yum-presto

The first step toward setting up Presto is installing the yum plugin:
yum -y install yum-presto
Configure the Updates repository

Next, we need to configure your updates repository to download deltarpm packages instead of the full ones.

Fedora 8 and newer
In the /etc/yum.repos.d/fedora-updates.repo file you'll find two lines that looks like this in the [updates] section:
Change it to:
The added mirror list will give yum a list of the Presto-enabled mirrors. Of course,if all the DRPM mirrors fail it will always drop back to the original mirror list.

Fedora 8 and 9 users only
2008/09/14: Because of the recent security issue with the Fedora repositories, it is required to change a second repositority configuration file. In the
/etc/yum.repos.d/fedora-updates-newkey.repo file, comment out the old mirrorlist just like above and add this line:

If you've previously followed this howto (pre-June 2008)
There's been an update by the presto team, so if you've followed this howto before June 2008, undo the changes then follow the section above.
In the /etc/yum.repos.d/fedora-updates.repo file you'll find two lines that looks like this in the [updates] section:
Remove the pound character to the start of the mirrorlist line so that it looks like this:
  • for i386 (32 bit users), remove the line:
  • for x86_64 (64 bit users), remove the line:

Fedora 7
In Fedora 7, the deprecated deltaurl= key is used. This sound bad, however it actually makes the configuration much easier! Simply add the following line to the /etc/yum.repos.d/fedora-updates.repo file just "mirrorlist=" line in the [updates] section:
  • for i386 (32 bit users), add:
  • for x86_64 (64 bit users), add:

That's it! Now run you can use yum or yumex as normal and benefit from the advantages of deltarpms.

Big Endian or Little Endian.

#include <stdio.h>

int w = 0x41000042;
int main()

if( 'A' == *(char*)&w ) {
printf("First char in integer is %c ", *(char*)&w);
printf(", so Big Endian\n");
} else {
printf("First char in integer is %c ", *(char*)&w);
printf(", so little endian\n");


Network Card Bonding On RedHat

In the following I will use the word bonding because practically we will bond interfaces as one. Bonding allows you to aggregate multiple ports into a single group, effectively combining the bandwidth into a single connection. Bonding also allows you to create multi-gigabit pipes to transport traffic through the highest traffic areas of your network. For example, you can aggregate three megabits ports into a three-megabits trunk port. That is equivalent with having one interface with three megabytes speed.

Where should I use bonding?

You can use it wherever you need redundant links, fault tolerance or load balancing networks. It is the best way to have a high availability network segment. A very useful way to use bonding is to use it in connection with 802.1q VLAN support (your network equipment must have 802.1q protocol implemented).

Diverse modes of bonding:

mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.
Prerequisites: * Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
* A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 802.3ad mode.

mode=5 (balance-tlb)
Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.
* Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.

mode=6 (balance-alb)
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server. Also you can use multiple bond interface but for that you must load the bonding module as many as you need.


In the /etc/modprobe.conf file add the following:

alias bond0 bonding
options bond0 miimon=80 mode=5

In the /etc/sysconfig/network-scripts/ directory create ifcfg-bond0:

IPADDR=(ip address)

Change the ifcfg-eth0 to:


Change the ifcfg-eth1 to:


That´s all! Now your trunk should be up and running!


Linux lvm - Logical Volume Manager

Create Partitions

For this Linux lvm example you need an unpartitioned hard disk /dev/sdb. First you need to create physical volumes. To do this you need partitions or a whole disk. It is possible to run pvcreate command on /dev/sdb, but I prefer to use partitions and from partitions I later create physical volumes.

[root@host]# fdisk /dev/sda

Create physical volumes

Use the pvcreate command to create physical volumes.

[root@host]# pvcreate /dev/sdb1
[root@host]# pvcreate /dev/sdb2

The pvdisplay command displays all physical volumes on your system.

[root@host]# pvdisplay

Alternatively the following command should be used:

[root@host]# pvdisplay /dev/sdb1

Create Virtual Group

At this stage you need to create a virtual group which will serve as a container for your physical volumes. To create a virtual group with the name "mynew_vg" which will include /dev/sdb1 partition, you can issue the following command:

[root@host]# vgcreate mynew_vg /dev/sdb1

To include both partitions at once you can use this command:

[root@host]# vgcreate mynew_vg /dev/sdb1 /dev/sdb2

Feel free to add new physical volumes to a virtual group by using the vgextend command.

[root@host]# vgextend mynew_vg /dev/sdb2

Create Logical Volumes

From your big cake (virtual group) you can cut pieces (logical volumes) which will be treated as a partitions for your linux system. To create a logical volume, named "vol01", with a size of 400 MB from the virtual group "mynew_vg" use the following command:

* create a logical volume of size 400 MB -L 400
* create a logical volume of size 4 GB -L 4G

[root@host]# lvcreate -L 400 -n vol01 mynew_vg

In this case you have created a logical volume with a size of 1GB and the name of vol02

[root@host]# lvcreate -L 1000 -n vol02 mynew_vg

Create File system on logical volumes

The logical volume is almost ready to use. All you need to do is to create a filesystem.:

[root@host]# mkfs.ext3 -m 0 /dev/mynew_vg/vol01

the -m option specifies the percentage reserved for the super-user, set this to 0 if you wish not to waste any space, the default is 5%.

Edit /etc/fstab

Add an entry for your newly created logical volume into /etc/fstab

/dev/mynew_vg/vol01 /home/foobar ext3 defaults 0 2

Mount logical volumes

Before you mount do not forget to create a mount point.

[root@host]# mkdir /home/foobar

Extend logical volume

The biggest advantage of logical volume manager is that you can extend your logical volumes any time you are running out of the space. To increase the size of a logical volume by another 800 MB you can run this command:

[root@host]# lvextend -L +800 /dev/mynew_vg/vol01

The command above does not actually increase the physical size of volume, to do that you need to:

[root@host]# resize2fs /dev/mynew_vg/vol01

Remove logical volume

The command lvremove can be used to remove logical volumes. Make sure that before you attempt to remove logical volumes your logical volume does not have any valuable data stored on it, moreover, make sure the volume is unmounted.

[root@host]# lvdisplay
[root@host]# lvremove /dev/mynew_vg/vol02


Centralized logging with syslong-ng over stunnel

Installing syslog-ng and stunnel

Login to the client and the server, download syslog-ng and stunnel and install them:

[root@host]# yum install -y openssl-devel glibc gcc glib2
[root@host]# wget
[root@host]# lynx
[root@host]# mkdir -p /usr/local/var/run/stunnel/
[root@host]# cd /usr/src
[root@host]# tar zxfv stunnel-4.26.tar.gz
[root@host]# cd stunnel-4.26
[root@host]# ./configure
[root@host]# make
[root@host]# make install
[root@host]# cd /usr/src/SYSLOG-NG
[root@host]# rpm -Uvh libdbi8-0.8.2bb2-3.rhel5.i386.rpm libdbi8-dev-0.8.2bb2-3.rhel5.i386.rpm libevtlog0-0.2.8-1.i386.rpm syslog-ng-2.1.3-1.i386.rpm

Creating the certificates

After the installation is complete login to your CA server and create the server and the client certificate. If you have more than one client that will log to the server you have to generate new client certificate:

[root@host]# cd /etc/pki/tls/certs
[root@host]# make syslog-ng-server.pem
[root@host]# make syslog-ng-client.pem

Place copies of syslog-ng-server.pem on all machines in /etc/stunnel with one important alteration. The clients only need the certificate section of syslog-ng-server.pem. In other words, remove the private key section from syslog-ng-server.pem on all clients.
Place every client's syslog-ng-client.pem in /etc/stunnel. For server, create a special syslog-ng-client.pem containing the certificate sections for all clients and place in /etc/stunnel. In other words, remove the private key sections from all syslog-ng-client.pem files and concatenate what is left to create server's special syslog-ng-client.pem.

note:It is very important that you put the server's short name when you're asked about the Common Name !

Creating the configuration files

Create the stunnel.conf configuration file in /etc/stunnel on the client:

[root@host]# vi /etc/stunnel/stunnel.conf

#foreground = yes
#debug = 7
client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
accept =
connect =

For syslog-ng.conf you can start with:

[root@host]# vi /etc/syslog-ng/syslog-ng.conf

options {long_hostnames(off);
source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();};
destination dest {file("/var/log/messages");};
destination stunnel {tcp("" port(514));};
log {source(src);destination(dest);};
log {source(src);destination(stunnel);};

Similarly stunnel.conf on the server can look like this:

[root@host]# vi /etc/stunnel/stunnel.conf

#foreground = yes
debug = 7
cert = /etc/stunnel/syslog-ng-server.pem
CAfile = /etc/stunnel/syslog-ng-client.pem
verify = 3
accept =
connect =

An example of syslog-ng.conf on the server:

[root@host]# vi /etc/syslog-ng/syslog-ng.conf

options { long_hostnames(off); sync(0); keep_hostname(yes); chain_hostnames(no); };
source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();};
source stunnel {tcp(ip("") port(514) max-connections(500));};
destination remoteclient {file("/var/backup/CentralizedLogging/remoteclients");};
destination dest {file("/var/log/messages");};
log {source(src); destination(dest);};
log {source(stunnel); destination(remoteclient);};

Starting syslog-ng and stunnel

Make sure syslog-ng is not running (it automatically start once you install it from the rpm's)

[root@host]# killall syslog-ng

Start syslong-ng BEFORE stunnel by running:

[root@host]# syslog-ng -f /etc/syslog-ng/syslog-ng.conf

Make sure it's running by checking the logs:

[root@host]# tail -f /var/log/messages

Start stunnel by running:

[root@host]# stunnel /etc/stunnel/stunnel.conf

Make sure stunnel is running by checking the logs:

[root@host]# tail -f /var/log/messages

If stunnel is not running you can uncomment the debug line in the stunnel.conf file, start stunnel again and check the logs for detailed description of the problem.

Final steps

Restart stunnel on the server for it to re-read the certificates file and accept the newly added clients:

[root@host]# killall stunnel stunnel /etc/stunnel/stunnel.conf

Make sure syslog-ng does not start (on client) through the init process:

[root@host]# chkconfig --level 2345 syslog-ng off

Edit /etc/rc.d/rc.local (on client) and add syslog-ng and stunnel:

[root@host]# vi /etc/rc.d/rc.local

echo "Starting syslog-ng ..."
syslog-ng -f /etc/syslog-ng/syslog-ng.conf
echo "Starting stunnel ..."
stunnel /etc/stunnel/stunnel.conf

To test the remote logging run on the client:

[root@host]# logger "Testing remote logging"

The message should appear on bu3 in /var/backup/CentralizedLogging/remoteclients

One alternative to syslog-ng is Splunk. You can always use Splunk along syslog-ng for indexing purpose


Configuring sudo: Explaination with an example

sudo is one of my favorite and important security tool.Its really comes handy when you need to give super user access to person other than you or your client.It gives them limited access to your box.

For Eg.:
If your client needs SSH access to restart the web server.It won't be wise to give away your root password, sudo is the best option.You don't need to have 100% trust with sudo as you would with su. After all, if you only want them able to restart the web server, what more should they be able to do? Should they be able to modify your Apache config files? Add new users? Restart your mail server? Absolutely not, they just can do is restart the web server.

Read more... Comment (0)

Installing Xen on RedHat

To install Xen, we simply run:

[root@host]# yum install kernel-xen xen

This installs Xen and a Xen kernel on our CentOS system. Afterwards, we can find our new Xen kernel (vmlinuz-2.6.18-8.1.4.el5xen) and its ramdisk (initrd-2.6.18-8.1.4.el5xen.img) in the /boot directory:

[root@host]# ls -l /boot/

Before we can boot the system with the Xen kernel, we must tell the bootloader GRUB about it. We open /boot/grub/menu.lst:

vi /boot/grub/menu.lst

and add the following stanza above all other kernel stanzas:

title CentOS (2.6.18-8.1.4.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-8.1.4.el5
/vmlinuz-2.6.18-8.1.4.el5xen ro
root=/dev/VolGroup00/LogVol00 module

Then change the value of default to 0:


The complete /boot/grub/menu.lst should look something like this:

# grub.conf generated by anaconda
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu
title CentOS (2.6.18-8.1.4.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-8.1.4.el5
/vmlinuz-2.6.18-8.1.4.el5xen ro root=/dev/VolGroup00/LogVol00
title CentOS (2.6.18-8.1.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-8.1.1.el5
ro root=/dev/VolGroup00/LogVol00
title CentOS (2.6.18-8.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro
initrd /initrd-2.6.18-8.el5.img

Afterwards, we reboot the system:

[root@host]# shutdown -r now

The system should now automatically boot the new Xen kernel. After the system has booted, we can check that by running

[root@host]# uname -r

[root@host]# uname -r

So it's really using the new Xen kernel!

We can now run

[root@host]# xm list

to check if Xen has started. It should list Domain-0 (dom0):

[root@host]# xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 350 1 r----- 94.4

CentOS comes with a nice tool called virt-install with which we can create virtual machines for Xen. To start it, we simply run

[root@host]# virt-install

The tools asks a few questions before it creates a virtual machine. I want to call my first virtual machine vm01, with 256MB RAM and a disk size of 4GB. I want to store it in the file /vm/vm01.img:

What is the name of your virtual machine? <-- vm01
How much RAM should be allocated (in megabytes)? <-- 256
What would you like to use as the disk (path)? <-- /vm/vm01.img
How large would you like the disk (/vm/vm01.img) to be (in gigabytes)? <-- 4
Would you like to enable graphics support? (yes or no) <-- no
What is the install location? <--

The question about the graphics support refers to the installer, not the virtual machine itself! It is possible to start a graphical installer, but you'd have to connect to it via VNC. It's easier to use the text installer - it offers the same options, so I choose the text installer.

As install location, you should specify a mirror close to you where the installer can download all files needed for the installation of CentOS 5.0 in our virtual machine. You can find a list of CentOS mirrors here:

After we have answered all questions, virt-install starts the normal CentOS 5.0 installer (in text mode) in our vm01 virtual machine. You already know the CentOS installer, so it should be no problem for you to finish the CentOS installation in vm01.

After the installation, we stay at the vm01 console. To leave it, type CTRL+] if you are at the console, or CTRL+5 if you're using PuTTY. You will then be back at the dom0 console.

virt-install has created the vm01 configuration file /etc/xen/vm01 for us (in dom0). It should look like this:

[root@host]# cat /etc/xen/vm01

# Automatically generated xen config file
name = "vm01"
memory = "256"
disk = [ 'tap:aio:/vm/vm01.img,xvda,w', ]
vif = [ 'mac=00:16:3e:13:e4:81, bridge=xenbr0', ]

uuid = "5aafecf1-dd66-401d-69cc-151c1cb8ac9e"
on_reboot = 'restart'
on_crash = 'restart'


[root@host]# xm console vm01

to log in on that virtual machine again (type CTRL+] if you are at the console, or CTRL+5 if you're using PuTTY to go back to dom0), or use an SSH client to connect to it.

To get a list of running virtual machines, type

[root@host]# xm list

The output should look like this:

[root@host]# xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 259 1 r----- 1906.6
vm01 3 255 1 ------ 137.9
[root@server1 xen]#

To shut down vm01, do this:

[root@host]# xm shutdown vm01

To start vm01 again, run

[root@host]# xm create /etc/xen/vm01

If you want vm01 to start automatically at the next boot of the system, then do this:

[root@host]# ln -s /etc/xen/vm01 /etc/xen/auto

Here are the most important Xen commands:

xm create -c /path/to/config - Start a virtual machine.
xm shutdown - Stop a virtual machine.
xm destroy - Stop a virtual machine immediately without shutting it down. It's as if you switch off the power button.
xm list - List all running systems.
xm console - Log in on a virtual machine.
xm help - List of all commands.

If you would like to use kickstart you can use virt-install on the command line like this:

[root@host]# virt-install -n hostname -r 4040 --vcpus=2 -f /domu/hostname \
-s 60 --nographics --os-type=linux --os-variant=centos5 -p -l \ -x \

If the server has more than one network interface make sure you add them all in the /etc/xen/vm01 file:

name = "pub1-53"
uuid = "d78d5d81-131a-6ec6-fbc3-ac2184a7cba7"
maxmem = 3968
memory = 3968
vcpus = 2
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ ]
disk = [ "tap:aio:/domu/pub1-53,xvda,w" ]
vif = [ "mac=00:16:3e:4c:cb:5c,bridge=xenbr0", "mac=00:16:3e:4c:cb:5d,bridge=xenbr1" ]

If you need to resize the file system on an instance shut down the XenU and run:

[root@host]# dd if=/dev/zero bs=1M count=1024 >> filesystem.image
[root@host]# e2fsck -f filesystem.image
[root@host]# resize2fs filesystem.image
[root@host]# e2fsck -f filesystem.image


Installing kernel source on CentOS/RedHat

1. Maybe you do not need the full kernel source

If you need to compile a kernel driver module, the chances are you do not really need the full kernel source tree. You might just need the kernel-devel package. (If, however, you are certain that the full source tree is required, please follow the instructions in Section 2.)

In CentOS-5, there are three kernel-devel packages available:

* kernel-devel (both 32- & 64-bit architectures)
* kernel-xen-devel (both 32- & 64-bit architectures)
* kernel-PAE-devel (32-bit architecture only)

In CentOS-4, there are four kernel-devel packages available:

* kernel-devel (both 32- & 64-bit architectures)
* kernel-smp-devel (both 32- & 64-bit architectures)
* kernel-xenU-devel (both 32- & 64-bit architectures)
* kernel-hugemem-devel (32-bit architecture only)
* kernel-largesmp-devel (64-bit architecture only)

If you are running the standard kernel (for example), you can install the kernel-devel package by:

[root@host]# yum install kernel-devel

You can use this command to determine the version of your running kernel:

[root@host]# uname -r

The result will look similar to this:


In this case, the xen kernel is installed and the way to install this specific kernel-devel package is:

[root@host]# yum install kernel-xen-devel

For more specific information about the available kernels please see the Release Notes:

*CentOS-5 i386 kernels
* CentOS-5 x86_64 kernels
* CentOS-4 (search for the heading kernel in the section Package-Specific Notes, sub-section Core, for more details.)

If your kernel is not listed by yum because it is in an older tree, you can download it manually from the CentOS Vault. Pick the version of CentOS you are interested in and then, for the arch, look in either the os/arch/CentOS/RPMS/ or the updates/arch/RPMS/ directories for the kernel[-type]-devel-version.arch.rpm

Once you have the proper kernel[-type]-devel-version.arch.rpm installed, try to compile your module. It should work this way. If it does not, please provide feedback to the module's developer as this is the way all new kernel modules should be designed to be built.

2. If you really need the full kernel source

If you really must have the kernel source tree, for whatever reason, it is obtainable.

2.1. CentOS 4 and 5

As root, install the packages rpm-build, redhat-rpm-config and unifdef:

[root@host]# yum install rpm-build redhat-rpm-config unifdef

* The latter package is only required for 64-bit systems.

As an ordinary user, not root, create a directory tree based on ~/rpmbuild:

[user@host]$ cd
[user@host]$ mkdir -p rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
[user@host]$ echo '%_topdir %(echo $HOME)/rpmbuild' > .rpmmacros

* You are strongly advised against package building as root.

Find the kernel source rpm in:

* Updates/SRPMS)

(Replace the "5" with a "4" for CentOS-4 kernels)

* (CentOS Vault)

(Pick either (version)/updates/SRPMS or (version)/os/SRPMS)

Once you have located the source file, you can install it by running, for example:

[user@host]$ rpm -ivh 2> /dev/null (for CentOS 5)

- or -

[user@host]$ rpm -ivh 2> /dev/null

(for CentOS 4)

note: Make sure you use -i instead of -U so that you don't upgrade already installed source three

Now that the source rpm is installed, unpack and prepare the source files:

[user@host]$ cd ~/rpmbuild/SPECS
[user@host SPECS]$ rpmbuild -bp --target=`uname -m` kernel-2.6.spec 2> prep-err.log | tee prep-out.log

The value of `uname -m` (note: back ticks (grave accents) not single quotation marks (apostrophies)) sets --target to the architecture of your current kernel. This is generally accepted and most people will have either i686 or x86_64.

The kernel source tree will now be found in the directory ~/rpmbuild/BUILD/.

Page 129 of 143

Upcoming Linux Foundation Courses

  1. LFD320 Linux Kernel Internals and Debugging
    03 Nov » 07 Nov - Virtual
  2. LFS416 Linux Security
    03 Nov » 06 Nov - Virtual
  3. LFS426 Linux Performance Tuning
    10 Nov » 13 Nov - Virtual

View All Upcoming Courses

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board