MythTV PVR HDD Mirroring 2008/07/24
Host: n43 (mythtv)
- Two SATA 500GB drives sda sdb
- current production drive is sdb

Problem: I’ve done migrations of LVM2 volumes from 320GB SATA to 500GB SATA and added
a redundant 500GB SATA. Now I want to get software RAID 1 setup to protect the
root, swap and /storage filesystems from damage if/when one of the shiny new 500GB SATA
disks bite the dust.

Followed howtoforge.com linux_lvm_p1 (start of article) to free up sda from LVM
volume group VolGroup00 .. http://www.howtoforge.com/linux_lvm_p7

0. Did a file level backup to the fileserver:
[root@n59 20080724]# sshroot@192.168.1.2This e-mail address is being protected from spambots, you need JavaScript enabled to view it“tar cf – /lib” | dd of=mythtv-lib.tar
(repeat for /boot /storage /var /etc /home)

1. Free up sda2 LVM volume. I know this volume is not used anymore,
but it still has same-disk backup of /storage from when I was tweaking
MythTV.

[root@mythtv ~]# pvmove /dev/sda2
[root@mythtv ~]# vgreduce /dev/VolGroup00 /dev/sda2
[root@mythtv ~]# pvremove /dev/sda2

- now running on sdb only -

Setup RAID 1 mirroring (md)
–
2. Partition sda for mirroring (Auto RAID label)
[root@mythtv ~]# fdisk /dev/sda
<delete partitions>
<add primary 1 whole disk>
<set flag to fd – Auto RAID>

[root@mythtv ~]# fdisk -l

Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 19 152586 83 Linux
/dev/sda2 20 60801 488231415 fd Linux raid autodetect

Disk /dev/sdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 19 152586 83 Linux
/dev/sdb2 20 60801 488231415 8e Linux LVM

Notice that sdb is still using only LVM, not RAID.

Read the rest of this entry »

Add local redirection of low port to unpriv high port

Remove any existing entries:

iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025 2> /dev/null
iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080 2> /dev/null

Add new redirects:
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080

Map CIFS shares:

NET USE \\1.2.3.4 /USER:DOMAIN\USERID

NET USE

NET USE \\1.2.3.4 /DELETE

Alter boot time settings:

MSCONFIG

smbclient syntax:

# mount -t smbfs -o username=user,password=pass //server/sharepoint /mnt/localmntpoint

Escape admin shares:

//wfsnt55/c\$

LVM Notes

I wanted to upgrade the disks in my Linux PVR to a 1TB pair and thus had to migrate from one existing disk (/dev/sda) to the new (/dev/sdb):

1. Add new physical disk to system

2. Partition disk to have a linux LVM partition – use flag 0x8e

# fdisk /dev/sdb

3. Add to LVM

# pvcreate /dev/sdb2

4. Add physical LVM volume to a LVM volume group (VolGroup00)

# vgextend /dev/VolGroup00 /dev/sdb2

2. Move all lvm volumes off old lvm disk

# vgdisplay -v (look for old physical volume name)

# pvmove /dev/olddisk      # will move all physical extents from olddisk to any available pv in the vg

3. Remove old disk from vg

# vgreduce /dev/olddisk

4. Remove old disk from LVM

# pvremove /dev/olddisk

RAID Notes
Debian RAID setup on my PVR:
/dev/md0  /boot
/dev/hda1
/dev/hdb1
/dev/md1  /
/dev/hda2
/dev/hdb2
/dev/md2  swap
/dev/hda3
/dev/hdb3
/dev/md3  /data
/dev/hda4
/dev/hdb4

Show detail of RAID set:
# mdadm –detail /dev/md0

Detach mirror member:
- first mark member as bad (unless is really is bad, in which case it’ll already be marked faulty):
# mdadm –set-faulty /dev/md0 /dev/hdb1
- now remove it from the RAID1 set
# mdadm –remove  /dev/md0 /dev/hdb1

To reattach member (after partitioning, or if it’s the same disk):
# mdadm   /dev/md0  –add  /dev/hdb1
- to watch the progress on the resync, look at /proc/mdstat
# cat /proc/mdstat

I think now (2010/01/24) the faulty syntax is:

mdadm /dev/md0 –fail /dev/sdb1

then

mdadm /dev/md0 –remove /dev/sdb1

Crypto Filesystem Notes

Linux (2.6) crypto filesystems are supported via a loopback device. Various ciphers can be specified.  This example, default AES cipher is used and the disk partition is /dev/sdb1 – which is just setup as a normal Linux (0×83) partition.

1. Load the crypto filesystem module

modprobe cryptoloop


2. Start the crypto device (I’ll insert initialization instructions here later)

Note – you don’t need losetup, if the parameters are specified in fstab and mount does the startup. When losetup runs, it will prompt for the passphrase used to encrypt the partition. Once the crypto driver has the correct key to allow on the fly encryption/decryption, then processes that use the partition see cleartext (such as mount).

losetup -e aes /dev/loop0 /dev/sdb1 || exit 1
mount /bu


Running day-to-day with a Windows account that has Administrator privileges is a recipe for disaster.  Casual browsing of a website that is infected or inadvertent opening of infected attachments can result in an infection through the user’s Administrator privileges.  Something like 92% of Microsoft critical vulnerabilities announced in 2008 could have been mitigated by operating day-to-day as a normal user.  Splitting your accounts into a normal account and admin account is a good idea, but it can lead to some headaches when the normal user needs to run temporarily as Administrator.

Fortunately there are some work arounds that can be used to temporarily elevate the user’s privileges to Administrator.  Most of these involve the RUNAS command:

File explorer
If you’re running IE7 under WinXP, in order to run Windows Explorer with the runas command, it must be run as a separate process. A quick way to do this, without having to change your Folder Options settings, would be to run an instance of Explorer with the undocumented parameter /separate, like this:

runas /user:domain\username "explorer /separate"

Command Line Prompt
You can add a shortcut on the task bar with the following syntax to get an Administrator cmd prompt:

%windir%\system32\runas.exe /user:yourdomain\a-someuser cmd

yourdomain is the name of your AD domain if you have one, if not, leave it out.  a-someuser is a suggested naming convention for the Administrator account associated with the user named someuser.

As pointed out in many postings and sites, one can use tr to remove octal 015 (^M or CR)

tr -d '\015' < oldfile > newfile

Well, been working way too hard, so here’s a bit of a humour break.  The graph below shows the results of a user poll “What super-power do you wish you had”…

Thanks to Adam B for the tip!