Posts from 2016-08

ipv6 adressing

posted on 2016-08-30 12:59

Since I forget this time after time, so here are some notes.

  • An ipv6 address has 128 bit max.
  • Eight field with 16 bits each.
  • Leading zeroes may be omitted.
  • One list of consecutive zeroes may be omitted.
  • Put them in square brackets when having to specify ports: [1:2:3:4:5:6:7:8]:443
  • Customers get /48 from their ISP.
  • Hosts use /64 networks, which is the subnet size to use for everything, don't go smaller or larger.
  • ::/0 eqals 0.0.0.0/0

Some prefix examples:

  16   32   48   64   80   96  112  128
0001:0002:0003:0004:0005:0006:0007:0008

0001:0002:0003:0004:0005:0006:0007:0008

0001::/16
0001:0002::/32
0001:0002:0003::/48
0001:0002:0003:0004::/64
0001:0002:0003:0004:0005:/80
0001:0002:0003:0004:0005:0006:/96
0001:0002:0003:0004:0005:0006:0007::/112
0001:0002:0003:0004:0005:0006:0007:0008/128

0001:0002:0003:0004:0005:0006:0007:0008 = 1:2:3:4:5:6:7:8

1000:2000:3000:4000:5000:6000:7000:8000 = 1000:2000:3000:4000:5000:6000:7000:8000

apache mod_pagespeed installation on debian 8

posted on 2016-08-29 09:36

In short for x86_64:

wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
dpkg -i mod-pagespeed-stable_current_amd64.deb
service apache2 restart

proxmox nat howto

posted on 2016-08-29 08:29

Network Adress Translation in combination with port forwarding lets you access a VM of a proxmox instance via the IP of the hypervisor itself. A second bridge is added for creating the internal network, and the hypervisor is configurated to forward packets destined to a certain port to the VM on the internal network. The added bridge is called vmbr1 here, and this was added to our networking config.

This is just an excerpt of the relevant part of the /etc/network/interfaces file there:

auto vmbr1
iface vmbr1 inet static
    address  10.0.2.1
    netmask  255.255.255.252
    bridge_ports none
    bridge_stp off
    bridge_fd 0

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s 10.0.2.0/30 -o eth0 -j MASQUERADE
    post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 10.0.2.2:22

    post-down iptables -t nat -D POSTROUTING -s 10.0.2.0/30 -o eth0 -j MASQUERADE
    post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 10.0.2.2:22 

This is the network configuration for the VM in question:

auto eth0
iface eth0 inet static
    address 10.0.2.2
    netmask 255.255.255.252
    gateway 10.0.2.1

As soon as the bridge on the HV is started, the masqerading and port forwarding rules are added, they are removed again when the interface gets disabled.

reinstalling gentoo

posted on 2016-08-24 21:47

The last post already told the reason for this one. Also the prerequisites were described there.

This installation takes place from within another running system on the same computer. After the partitions/luks/lvs/filesystem stuff was done, now the files will be copied and set up.

Now mount your root partition cd into there.

getting the files

get download link:

Go to https://www.gentoo.org/downloads/ and choose your download. Likely you want the stage3 tarball for AMD64.

Use links or lynx if you don't have access to a graphical browser.

Otherwise:

wget http://distfiles.gentoo.org/releases/amd64/autobuilds/20160818/stage3-amd64-20160818.tar.bz2
tar xjvpf stage3-amd64-20160818.tar --xattrs

fix make.conf

As an editor you can use what you want, after chrooting into your new environment, you likely only have nano.

(Remember, you are still in / of your new gentoo installation where you just unpacked your files.)

vim etc/portage/make.conf

Here's a diff:

root@zen:/mnt/gentoo/etc/portage# diff -u make.conf{,.original}
--- make.conf   2016-08-24 22:55:05.809203312 +0200
+++ make.conf.original  2016-08-24 22:53:38.197198629 +0200
@@ -2,9 +2,8 @@
 # built this stage.
 # Please consult /usr/share/portage/config/make.conf.example for a more
 # detailed example.
-CFLAGS="-march=native -O2 -pipe"
+CFLAGS="-O2 -pipe"
 CXXFLAGS="${CFLAGS}"
-MAKEOPTS="-j4"
 # WARNING: Changing your CHOST is not something that should be done lightly.
 # Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
 CHOST="x86_64-pc-linux-gnu"

prepare to chroot!

cd /mnt/gentoo
cp -L /etc/resolv.conf etc/resolv.conf
mount -t proc proc ./proc
mount -t sysfs /sys ./sys
for i in dev dev/pts run; do mount --rbind /$i ./$i; done

If you use a non-gentoo livedisk, or want systemd (god forbid), have a look at the gentoo installation wiki, you may need additional steps then.

Since I have an UEFI based setup and need, due to the crypted setup, an extra boot, both the EFI partition and /boot need to be mounted, too:

mount /dev/sdXM boot
mount /dev/sdXL boot/efi

chroot . /bin/bash
. /etc/profile
export PS1="(chroot) $PS1"

configure the package manager

Now lets deal with portage:

emerge-webrsync
eselect news read

If you actually do this, sometimes there is useful information. In my case, it hints on how to set cpu USE flags.

emerge -alv gentoolkit
equery uses ffmpeg | grep cpu_flags
cat /proc/cpuifo | grep flags | uniq

Now both outputs can be compared. Easier is this:

emerge -alv app-portage/cpuid2cpuflags
cpuinfo2cpuflags-x86 >> /etc/portage/make.conf

Now lets set the profile and update:

eselect profile list
eselect profile set 6 # kde without systemd
emerge -alv --update --deep --newuse @world

Use all available USE flags:

sed -i 's/^USE/#&/' /etc/portage/make.conf'
emerge --info | grep ^USE >> /etc/portage/make.conf

To lower compile time and startup times, remove the USE flags which you won't need by prepending a minus sign. I don't bother with that for now.

timezone

echo 'Europe/Berlin' > /etc/timezone
emerge --config timezone-data

configure locale

vim /etc/locale.gen

There I uncomment my en_US and de_DE for both ISO 8859-1 and utf8.

locale-gen
eselect locale list
eselect locale set 8
env-update
. /etc/profile
export PS1="(chroot) $PS1"

fix fstab

blkid
vim /etc/fstab

configure the kernel

I will use genkernel and not configure the kernel by myself here.

emerge -alv gentoo-sources
emerge -alv genkernel

luks and lvm and partitioning and filesystem from the shell

posted on 2016-08-24 20:58

Don't overwrite your devices via cp. But we've all been there, done that.

If you don't want to reinstall 'just because', an idea might be to use testdisk depending on what you did.

Getting nice partition layout I tend to use parted (see below), for creating partitions cgdisk (for GPT stuff) or cfdisk (for MBR creation only IIRC) are decent choices.

Back on topic.

preparation

Partitions were still present in my cause, so no need create them anew.

If you have to, do parted /dev/sda p and parted /dev/sdX u b p and use your phone to make photos, in case you have to redo something.

luks

Create and open the cryptocontainer to hold the complete partition, wherein the LVM and your filesystems will lie.

cryptsetup --cipher=aes-xts-plain64 luksFormat /dev/sdXN --force-password
cryptsetup open /dev/sdXN sdXN_crypt

Did you really type an uppercased YES when you were promted? The password you were prompted for is the one you will have to enter in the future.

In case you did something wrong:

cryptsetup close
cryptsetup erase /dev/sdaX

Then start by recreating the container. Did you really type an uppercased YES when you were promted?

lvm2

After the crypto device was opened, you can reference it through the device mapper. Now create the physical volume (PV), volume group (VG) and logical volumes (LV's) where your system will be installed later on:

pvcreate /dev/mapper/sdXN_crypt
vgcreate `hostname` /dev/mapper/sdXN_crypt
lvcreate -L 2G -n swap `hostname`
lvcreate -l 100%FREE -n root `hostname`

Here is a catch: I did not have to recreate a separate /boot partition, as I already had one. If you don't create one first. It has to be located outside the crypto container, else you won't be able too boot after your installation.

If something went wrong, here's how to delete things, too. Choose what you need in particular:

pvremove /dev/sdXN_crypt
vgremove `hostname`
lvremove /dev/`hostname`/<LVname>

filesystems and swap

Create swap:

mkswap /dev/mapper/`hostname`-swap

Create root filesystem:

mkfs -t ext4 /dev/mapper/`hostname`-root

This is pretty much it. From here on you can chroot or do whatever else you want.

Maybe you only want the container for data but for installing a system on there. In that case not calling the LV 'root' and omitting the swap partition up there would have been a wise choice.

postgres introduction

posted on 2016-08-24 10:50

Client is run through the postgres system user named 'postgres'. Homedir is /var/lib/postgresql usually.

Connection info

.my.cnf equivalent is the .pgpass in postgres user homedir, containing the following syntax:

hostname:port:database:username:password

Command history

For .mysql_history equivalent, see .psql_history in postgres user homedir (/var/lib/postgres/.psql_history).

Apostrophe's usage

  • use single ones for strings/values
  • use double ones for objects (user-/table-/dbnames... )

Most important shell commands

  • createdb DATABASE
  • dropdb DATABASE
  • createuser ROLE
  • dropuser ROLE
  • psql ## as user 'postgres'
  • su -c psql postgres ## invoking the CLI as any user
  • postgres=# grant all privileges on database DATABASE to USER;

As postgres user:

  • psql -c 'SQL_STATEMENT' = mysql -e 'SQL_STATEMENT' with .my.cnf
  • psql DATABASE # open client and connects to database

psql cli commands

help = shows help howto
\h = show help for sql commands
\h create role; = show help on CREATE ROLE command

\c DATABASE = "use DATABASE"
\? = show pg shortcuts
\l = "show databases;"
\d = show tables/views/sequences
\dt = "show tables;"
\du = show roles (users)
\dp = show privileges

mytop

There exists an equivalent called pgtop. Package on debian is called pgtop, too.

Usage:

su - postgres
pg_top

User management

Postgres user management differs in that there are 'roles'. These can be tweaked to work like users or like groups.

$ sudo postgres
$ createuser my-user
$

Main use cases

Create db with corresponding user:

createdb DATABASENAME
createuser DATABASENAME
su -c psql DATABASENAME postgres
grant all privileges on DATABASE to USER;
\q

Change password:

su -c psql postgres
alter role DATABASE with password 'PASSWORD';
\q

roccat kova buttons in linux

posted on 2016-08-23 11:00

This was tested on debian 8 and seems to work so far.

echo "deb http://ppa.launchpad.net/berfenger/roccat/ubuntu trusty main" > /etc/apt/sources.list.d/roccat.list
echo "deb-src http://ppa.launchpad.net/berfenger/roccat/ubuntu trusty main" > /etc/apt/sources.list.d/roccat.list
sudo roccatkovaplusconfig

My main problem was to fix the mousebuttons on the left side so the forward/backward-browser-history functions worked.

There is easyshift, which basically is a meta-button, usually on the left-backward button. It seems these can only be set onto the backwards buttons on the sides.

Setting the left side buttons to these did the trick:

  • Button 8 (Browser backward)
  • Button 9 (Browser forward)

Apply and exit.

linux create patches via diff and apply via patch

posted on 2016-08-22 19:14

Since I tend to forget this way too often...

create a patch

diff -u <file1> <file2> > <filename>.patch
diff -crB <file_or_folder_1> <file_or_folder_2> > <filename>.patch

test a patch

patch --dry-run <file> < <filename>.patch

apply a patch

patch -p0 <file> < <filename>.patch

-p0 strips no prefixes, -p1 strips the leftmost path folder, etc.

apply a patch and create backup of the original

patch -b -p0 <file> < <filename>.patch

Creates <file>.orig in the process.

reverse an applied patch

patch -R <file> < <filename>.patch

mysql 5.7 fix root user

posted on 2016-08-22 13:42

In mysql 5.7 the auth mechanism changed, documentation can be found in the official manual here.

Using the system root user (or sudo) you can connect to the mysql database with the mysql 'root' user via CLI. All other users will work, too.

In phpmyadmin, for example, however, all mysql users will work, but not the mysql 'root' user.

This comes from here:

$ mysql -Ne "select Host,User,plugin from mysql.user where user='root';"

+-----------+------+-----------------------+
| localhost | root | auth_socket           |
|  hostname | root | mysql_native_password |
+-----------+------+-----------------------+

To 'fix' this security feature, do:

mysql -Ne "update mysql.user set plugin='mysql_native_password' where User='root' and Host='localhost'; flush privileges;"

More on this can also be found here in the manual.

proxmox usb passthrough to VM

posted on 2016-08-17 09:35

This works while the VM is already running, no reboot needed.

Plug the USB device into your hypervisor.

lsusb to see if it's there:

root@server:~# lsusb
Bus 002 Device 002: ID 8087:8002 Intel Corp. 
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 003: ID 0557:2419 ATEN International Co., Ltd 
Bus 003 Device 002: ID 0557:7000 ATEN International Co., Ltd Hub
Bus 003 Device 004: ID 1058:25a2 Western Digital Technologies, Inc. 
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Here the Identifier is 1058:25a2.

Now qm list to discern your vm's id.

root@server:~# qm list
      VMID NAME                 STATUS     MEM(MB)    BOOTDISK(GB) PID       
     10280 vm_01                running    25600           5580.00 482591    
     10281 vm_02                running    6144             500.00 764248

Enter console via qm monitor <vmid>:

root@server:~# qm monitor 10280
Entering Qemu Monitor for VM 10280 - type 'help' for help
qm> 

There do info usbhost:

qm> info usbhost
  Bus 3, Addr 3, Port 12.1, Speed 1.5 Mb/s
    Class 00: USB device 0557:2419
  Bus 3, Addr 4, Port 1, Speed 480 Mb/s
    Class 00: USB device 1058:25a2, Elements 25A2
qm> 

Via the device identifier we know its bus 3 and port 1. Now attach it to the virtual machine:

qm> device_add usb-host,hostbus=3,hostport=1
qm> 

lsblk from within the VM shows me the plugged in harddisk.

cisco sg300 setup

posted on 2016-08-13 17:52

These are the notes for setting up a cisco sg300 10 port switch with vlans via the cli. It's the best cheap switch with managing that happens to have a CLI that is similar to the ones on the bigger switches from cisco, and it comes with a serial interface.

standard ip

Use this IP for acessing SSH or the webgui in your browser:

192.168.1.254

standard password

user: cisco
pass: cisco

serial connection

In case you need it because you cannot access the switch via IP any longer (scanning 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 sure takes too much time to be feasible...), use its serial interface.

baud:      115200 (if not set otherwise)
bits:      8
parity:    N
stopbits:  1
no flow control

To use it, connect a USB-to-Serial computer with your laptop and use putty/screen/minicom, depending on the OS you use.

foreword

First, all commands are abbreviated here. Use ? in the CLI if you want to know what you type here, use it alone, after some characters or as a parameter on its own after a command.

cisco devices have different modes, and you edit the configuration in RAM after you logged in. To change all possible settings, you have to go into configure mode (conf), and to save it, the volatile configuration has to be copied back to the flash memory (copy run start or wr).

In normal mode there just are not so many options. To jump back, exit. More on the modes later on.

Sadly, ctrl+d doesn't work, but ctrl-z is its substitute.

first steps (after logging in and likely changing the password)

'backspace' key:

ctrl + h

delete current line;

ctrl + u
ctrl + k

disable/enable the output paging bullshit: (You know screen's copy mode via ctrl+a,[ so PGUP and PGDN work?')

terminal datadump
terminal no datadump

enable / disable command history / set its maximum size:

terminal history
terminal no history
terminal history size 206

show current configuration:

show run

show current access methods:

show line

save the changes up until now:

# choose 'yes', of course, when being prompted
copy run start

# this also works but is deprecated
wr t

configuration

For ease of use, when configure mode is needed, all the steps are shown. You can stay in configure mode if you want and perform several steps at once if you please.

hostname:

conf t
hostname <my_new_hostname>
ctrl-z
copy run start

search domain

conf t
ip domain name <your_search_domain>
ctrl-z
copy run start

create a new user and revoke admin rights from the standard 'cisco' user:

conf t username <new_user> privilege 15 password <new_password> username cisco privilege 1 password <doesnt_matter_you_dont_need_it_anymore> ctrl-z copy run start

What this was actually about was using the different privilege modes present on cisco switches.

privilege level 1      = user mode, '>' prompt
privilege level 2 - 15 = privileged EXEC mode, '#' prompt
configure              = configure mode, '(config)' prompt

You can do fine-grained access-levelling, with commands available only at different privilege modes (i.e. 3, 6, 10, 14, 15, however you see it fitting), but we want to disable the basic account and create a new one.

Level 15 can do everything. Regular workflow is logging in, and using the enable password to elevate to administrator levels if need be.

Via enable <number> and disable <number> you can enter higher or lower privilege modes, compared to your current one that can be looked up via show privilege.

While in configure mode, you can enter sub-modes for some of the commands, ex, end and ctrl-z will work there, too.

set default gateway

conf t
ip default-gateway <your_gw_ip>
do copy run start

The do keyword lets you run EXEC keywords from within configure mode.

set default ip

debugging iptables with traced packets

posted on 2016-08-10 19:14

For debugging iptables (make all interactions of a packet in the netfilter chains visible via syslog!), tracing helps quite a bit.

prerequisite

modprobe ipt_LOG # this is for ipv3
modprobe ip6t_LOG # this is for ipv6

ICMP tracing

For tracing ICMP packets:

# IPv4
iptables -t raw -A OUTPUT -p icmp -j TRACE
iptables -t raw -A PREROUTING -p icmp -j TRACE
# IPv6
ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE
ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE
ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE
ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE

ping the destination server with its firewall from the source server and let run tail -f /var/log/syslog | grep TRACE in parallel.

UDP tracing with netcat

iptables -t raw -A PREROUTING -p udp -s 10.0.0.0/24 -j TRACE
iptables -t raw -A OUTPUT     -p udp -s 10.0.0.0/24 -j TRACE

Change 10.0.0.0/24 to the IP where your source server comes from.

On the destination server do:

nc -ulp 12345

On the source server do:

nc -u <dst_server_ip> 12345

and type a bit and hit enter.

Now you should see in /var/log/syslog on the destination server what happens to your packets.

iptables and netfilter chains diagram

posted on 2016-08-10 18:56

This is a NICE diagram I stumbled across here:

 +---------------------+                              +-----------------------+
 | NETWORK INTERFACE   |                              | NETWORK INTERFACE     |
 +----------+----------+                              +-----------------------+
            |                                                    ^
            |                                                    |
            |                                                    |
            v                                                    |
 +---------------------+                                         |
 | PREROUTING          |                                         |
 +---------------------+                                         |
 |                     |                                         |
 | +-----------------+ |                                         |
 | | raw             | |                                         |
 | +--------+--------+ |                                         |
 |          v          |                                         |
 | +-----------------+ |                              +----------+------------+
 | | conn. tracking  | |                              | POSTROUTING           |
 | +--------+--------+ |                              +-----------------------+
 |          v          |                              |                       |
 | +-----------------+ |                              | +-------------------+ |
 | | mangle          | |                              | | source NAT        | |
 | +--------+--------+ |                              | +-------------------+ |
 |          v          |                              |          ^            |
 | +-----------------+ |                              | +--------+----------+ |
 | | destination NAT | |                              | | mangle            | |
 | +-----------------+ |                              | +-------------------+ |
 +----------+----------+  +------------------------+  +-----------------------+
            |             | FORWARD                |             ^
            |             +------------------------+             |
            v             |                        |             |
     +-------------+      | +--------+  +--------+ |             |
     | QOS ingress +----->| | mangle +->| filter | |------------>+
     +------+------+      | +--------+  +--------+ |             |
            |             |                        |             |
            |             +------------------------+             |
            |                                                    |
            |                                                    |
            v                                                    |
 +---------------------+                              +----------+------------+
 | INPUT               |                              | OUTPUT                |
 +---------------------+                              +-----------------------+
 |                     |                              |                       |
 |  +---------------+  |                              |  +-----------------+  |
 |  | mangle        |  |                              |  | filter          |  |
 |  +-------+-------+  |                              |  +-----------------+  |
 |          v          |                              |          ^            |
 |  +---------------+  |                              |  +-------+---------+  |
 |  | filter        |  |                              |  | destination NAT |  |
 |  +---------------+  |                              |  +-----------------+  |
 +----------+----------+                              |          ^            |
            |                                         |  +-------+---------+  |
            |                                         |  | mangle          |  |
            |                                         |  +-----------------+  |
            |                                         |          ^            |
            |                                         |  +-------+---------+  |
            |                                         |  | conn. tracking  |  |
            |                                         |  +-----------------+  |
            |                                         |          ^            |
            |                                         |  +-------+---------+  |
            |                                         |  | raw             |  |
            |                                         |  +-----------------+  |
            |                                         +-----------------------+
            v                                                    ^
+----------------------------------------------------------------+------------+
|                             LOCAL PROCESS                                   |
+-----------------------------------------------------------------------------+

mysql: extract table dump from database dump

posted on 2016-08-10 09:08

Usually complete databases are dumped via mysqldump so you get a consistent backup. Dumping table after single table would only work if the database were made read-only during the backup, and is too much of a hazzle normally.

To restore a single table but not the whole database, the regular approach is to restore the dump to new database, and only dump the table you need.

However with huge dumps like 1GB and bigger this becomes cumbersome. Since a mysql dump are just all the SQL statements in plaintext, you can easily strip all other information via sed from the dump file:

sed -n -e "/DROP TABLE.*`my_table_i_want`/,/UNLOCK TABLES/p" mysql_dump_file.sql > my_table_i_want.sql

This will restore all necessary information for the table my_table_i_want from the dumpfile mysql_dump_file.sql into file my_table_i_want.sql.

cisco sg300 upload new firmware via xmodem

posted on 2016-08-07 09:30

After a reset a sg300 did not want to boot, both slices were corrupt. The result was an endless boot loop, where it'd try downloading the firmware but without success.

Using minicom the upload was easy:

  • Turn off switch.
  • If you use an USB-to-serial adapter with a nullmodem cable, most likely the interface is /dev/ttyUSB0. Look through your devices under /dev, in case it is /dev/ttyUSB1
  • minicom -s and setup everything.
  • baud rate 115200 (instead of the usual 9600 with most cisco devices), 8N1 (8 bits, no parity, 1 stop bit), no hardware or software flow control
  • minicom -D /dev/ttyUSB0
  • start switch, press ESC when prompted
  • ctrl-a, s and choose xmodem
  • navigate to the file, or choose the [Goto] menu at the bottom
  • Space to select the file, Enter.

A window like this should pop up and the upload should begin:

+-----------[xmodem upload - Press CTRL-C to quit]------------+                                                                 
|Sending sx300_fw-14502.ros, 57760 blocks: Give your local XMO|                                                                 
|DEM receive command now.                                     |                                                                 
|                                                             |                                                                 
|                                                             |                                                                 
|                                                             |                                                                 
|                                                             |                                                                 
|                                                             |                                                                 
+-------------------------------------------------------------+   

After the upload is finished, the switch should successfully reboot again and be factory reset.

mysql 5.7 reset root password

posted on 2016-08-04 14:04

Resetting the mysql root password changed with version 5.7, along with quite some other stuff.

If you have further trouble logging in with the local root account itself, these steps should fix all the problems.

  • stop mysql server (service mysql stop or ps aux | grep mysql to determine the PID and then kill -9 PID)
  • mysqld_safe --skip-grant-tables
  • mysql -Ne "UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE User = 'root';" to fix the root PW not working
  • mysql -Ne "UPDATE mysql.user SET authentication_string=password('YOURNEWPASSWORD') WHERE user='root';"
  • killall -9 mysqld_safe
  • service mysql start

linux p2v via rsync

posted on 2016-08-03 13:09

To virtualize an existing and running linux system via rsync, install a fresh linux system. (Or do just the partitioning of the disk of the VM which you want the system to run on afterwards.) It helps to just use a single partition for /, otherwise you have to sync the mountpoints individually. In that case, create a script, in case you have to redo the data sync. (Which is likely to happen.)

If you installed a complete system first, you might consider backup up its /etc/fstab, in case you do not want to fix it afterwards by hand, but just copy-pasting the config back.

Also, if you did not install a complete linux installation on the destination VM, you will have to fix the bootmanager (read: grub2 nowadays) after the initial sync. If you did a complete install, just exclude /boot from rsync.

Boot from a live disk like GRML and mount your partition(s) where you want the data to end up(s) where you want the data to end up.

cd into the folder where you mounted the destination system's / to in your live-disk.

Then:

rsync -av --delete --progress --exclude=/dev --exclude=/sys --exclude=/proc --exclude=/mnt --exclude=/media--exclude=/boot <source-server>:/* .

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, 16.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, PS1, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, cmd, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fakeroot, fbsd, fdisk, fedora, file, files, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, gitbucket, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, make-jpkg, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, python3, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, ubuntu16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh


Unless otherwise credited all material Creative Commons License by sjas