Hetzner, Debian, KVM and IPv6 3

Well, I’ve had my share of troubles with Hetzner, Debian, KVM and IPv6 addresses. After figuring out how to get around the IPv6 neighbor stuff (npd6 for teh win!), I battled with the problem that after restarting (rebooting/resetting – doesn’t really matter) a domain it’s IPv6 address would no longer work.

Well, today I decided to take a closer look. After the reboot, the guest comes up with this:

A quick peek into ip 6 neigh show reveals this:

At this point I had no idea were to look (I haven’t used IPv6 much), so thanks to a friend I ended up googling whatever dadfailed meant … as it turns out dadfailed indicates that a duplicate address had been detected. A short peek into kern.log/dmesg fuelled that idea:

So, I went on googling IPv6, KVM and duplicate address, and guess what .. I don’t seem to be the only one that has this issue … I haven’t found the root cause of this, but I have a quick fix … I usually don’t assign duplicate IPv6 addresses to multiple domains (each domain has it’s on block of IPv6 addresses), so I ended up writing a short puppet class, that’ll disable the Duplicate Adress Detection for all my KVM guests!

vmware-config-tools.pl finished with “Could not find Parent Node”

Well, today I encountered a old problem (or so I thought). Basically a specific udevadm version causes the vmware-config-tools.pl script to error out like this:

 

I’ve had encountered this before in the past, and before there was some explanation on the VMware forums, which I couldn’t locate. Lucky me, the VMware Tools updater keeps modified versions of vmware-tools-config.pl around. So I ended up creating this short diff, so that I may find it in the future – if I still need it:

 

DiskStation 213+: LAN throughput

Well, I’ve been moving stuff to my archive NAS, and in case anyone is wondering – the DS213+ actually nearly gets to the 1GE transmission limit… It’s near the CPU limit then anyhow, but … :)

 

DiskStatin Resource Monitor

XenServer 6.0.2: Fixing Root-Disk-Multipathing with Boot-from-SAN

As the title pretty much tells, I’ve been working on fixing the Root-Disk-Multipathing feature of our XenServer installations. Our XenServer boot from a HA-enabled NetApp controller, however we recently noticed that during a controller fail-over some, if not all, paths would go offline and never come back. If you do a cf takeover and cf giveback in short succession, you’ll end up with a XenServer host that is unusable, as the Root-Disk would be pretty much non-responsive.

Guessing from that, there don’t seem to be that many people using XenServer with Boot-from-SAN. Otherwise Citrix/NetApp would have fixed that by now…. Anyhow, I went around digging in our XenServer’s. What I already did, was adjust the /etc/multipath.conf according to a bug report (or TR-3373). For completeness sake I’ll list it here:

And as it turns out, this is the reason why we’re having such difficulties with the Multipathing. The information in TR-3373 is a bunch of BS (no, not everything but a single path is wrong, the getuid_callout) and thus the whole concept of Multipathing, Failover and High-Availibility (yeah, I know – if you want HA, don’t use XenServer :P) is gone.

NGINX reverse proxy for Synology DiskStation 8

Well, I’ve been tinkering with NGINX for a while at home, up till now I had a somewhat working reverse proxy setup (to access my stuff, when I’m not at home or away).

What didn’t work so far was the DSM web interface. Basically, because the interface is using absolute paths in some CSS/JS includes, which fuck up the whole interface.

After some googling and looking through the NGINX documentation I thought “Why don’t I create a vHost for each application that is being served by the reverse proxy?”.

And after looking further into the documentation, out came this simple reverse proxy statement:

And as you can see, it works:

Synology DSM via NGINX

Synology DSM via NGINX

OpenWRT on DIR-615 H1 – Port mappings

Well, I’ve been fiddling with OpenWRT to replace my crappy Vodafone Easybox 602. Up till now I had DD-WRT on the DIR-615’s (yes, two) however recently (I think due to the Synology DiskStation in combination with a WDS setup) I had to filter SSDP broadcasts storms (which in turn kill the Easybox), which isn’t quite so easy on DD-WRT, but rather easy on OpenWRT.

Today I went thinking about VLAN-Tagging and stuff, and I had to figure out the physical to logical port mapping for the DIR-615. So let’s run swconfig dev rt305x show on the DIR-615 after plugging in the RJ45 cable to a port.

Out came this nifty table, which’ll hopefully help me, wrapping my head around this whole VLAN thing.

physical port CPU WAN WLAN LAN 1 LAN 2 LAN 3 LAN 4
logical port 6* 5 4 3 2 1 0

Keep in mind, the CPU port (or the backplane port, connected with 1000 Base-T FD) is by default in both VLANs as a tagged port.

sa-learn, dovecot virtual users and virtual user configs 2

Well, I wanted independent SpamAssassin Bayes databases per user (different users, different preferences). For that, RoundCube already set up the Junk folder. However, I wanted the ability (for myself, as well for my other users) to individually mark messages as either Spam or Ham.

RoundCube: Inbox view

RoundCube: Inbox view

 

 

Now, as I said before I wanted a trivial way to mark messages as Spam or Ham (without using the command line each time).

RoundCube: Adjusted Inbox View

RoundCube: Adjusted Inbox View

Now, that was the mailbox setup part. Now we do have to do some command line foo (yeah, it’s still necessary) to actually learn the mails as spam or ham. First we need a script, which scans the Maildir for each domain/user separately, and then creates the bayes database.

This script is based on work from nesono and workaround.org. Anyhow, the script will scan each user folder (you might need to adjust the MAIL_DIR and SPAMASS_DIR variable, depending on where your MAIL_DIR is located.

Next, we need to adjust the SPAMD options to use the virtual-config-dir (that’s the SPAMD name for this).

As you can see, I basically appended the following to the OPTIONS variable: –virtual-config-dir=/var/lib/spamassassin/%d/%l -x -u mail

Now, here’s a couple of pointers:

–virtual-config-dir=pattern
This option specifies where per-user preferences can be found for virtual users, for the -x switch. The pattern is used as a base pattern for the directory name. Any of the
following escapes can be used:

%u — replaced with the full name of the current user, as sent by spamc.
%l — replaced with the ‘local part’ of the current username. In other words, if the username is an email address, this is the part before the “@” sign.
%d — replaced with the ‘domain’ of the current username. In other words, if the username is an email address, this is the part after the “@” sign.
%% — replaced with a single percent sign (%).

-u username, –username=username
Run as the named user. If this option is not set, the default behaviour is to setuid() to the user running “spamc”, if “spamd” is running as root.

Note: “–username=root” is not a valid option. If specified, “spamd” will exit with a fatal error on startup.

Now, only a small adjustment is still needed. In order for the inbound mails to be scanned with the per-user db’s, you need to adjust postfix’s master.cf file, to run spamc with the per-user db.

After that’s done (and a restart of postfix, spamassassin and dovecot) you should be the proud owner of a per-user dovecot/postfix/spamassassin implementation.

Postfix, soft_bounce=yes and redelivering mails

Well, I’m setting up spam/virus filter at the moment. Somewhere I found, that when doing so one should enable soft_bounce=yes in your /etc/postfix/main.cf. Now, once I finished setting up my mailing setup, I wanted to manually force the delivery.

Now, if you fixed the mail delivery, you just need to enter the following:

However if you want to delete the mail from the postfix queue:

Tiny Tiny RSS init-script for multiple instances on Debian Wheezy 2

Well, I have a bunch of Tiny Tiny RSS instances running on my webhost, and I wanted a init-script that starts the update-daemons for all instances.

Now, there’s already a bunch of init scripts for Debian around (1, 2) however none of them were to my liking or did what I wanted it to do. So I ended up (yeah, I know *again*) rewriting them.

Debian: dmesg output contains “Error: Driver ‘pcspkr’ is already registered, aborting…”

Well, I recently prepared a bunch of Debian KVM guests, and today I got annoyed (basically because logwatch complains about it …) by this pesky error message on each startup. What causes this is error is really simple.

Udev loads the PC speaker driver (pcspkr) and then (for whatever reason) tries to load the alsa-module for the PC speaker (snd_pcsp). And the second one, basically fails. All we need to do, is create a blacklist.conf and add the latter one to it.