Monthly Archives: May 2013

IPv6: RIPE reverse DNS delegation, tinydns PTR setup & classless delegation

Leave a reply

RIPE explains how to set up IPv6 reverse DNS delegation pretty good here but it can be a bit confusing at times. Basically you have to simply send something like that to auto-dbm@ripe.net if your allocation is 2b02:0b08::/32

domain: 8.0.b.0.2.0.b.2.ip6.arpa
descr: Reverse delegation for Something Inc.
admin-c: SMTH-RIPE
tech-c: SMTH-RIPE
zone-c: SMTH-RIPE
nserver: ns1.something.com
nserver: ns2.something.com
changed: someone@something.com 20130531
source: RIPE
mnt-by: SOMETHING-MNT
password: yourmntpasswd

ns1.something.com and ns2.something.com are only reachable via IPv4 at this time, but since most IPv6 hosts are hopefully dual-stacked, it shouldn’t matter. Before you tell RIPE to delegate to you, add something like this to tinydns:

Z8.0.b.0.2.0.b.2.ip6.arpa:ns1.something.com:dnsmaster.something.com:1:86400:86400:86401:86400:86400:
&8.0.b.0.2.0.b.2.ip6.arpa::ns1.something.com
&8.0.b.0.2.0.b.2.ip6.arpa::ns2.something.com

^1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.8.0.b.0.2.0.b.2.ip6.arpa:some-example-host.something.com

The above will set up tinydns to serve PTR requests for your allocation and also sets up an example PTR record for 2b02:0b08:0:1::1 resolving to some-example-host.something.com.

Now, let’s say you have a customer with his own /64 assignment and you want to forward PTR requests for his assignment to his DNS a.k.a. classless delegation. Then you would set up the following in tinydns:

&7.0.0.0.0.0.0.0.8.0.b.0.2.0.b.2.ip6.arpa::dns1.customer.com:3600
&7.0.0.0.0.0.0.0.8.0.b.0.2.0.b.2.ip6.arpa::dns2.customer.com:3600

That’s it. To confirm it’s working you can query your own tinydns:

# dig @ip-of-your-tinydns -x 2b02:0b08:0:7::0001

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.0.0.0.8.0.b.0.2.0.b.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
7.0.0.0.0.0.0.0.8.0.b.0.2.0.b.2.ip6.arpa. 3600 IN NS dns1.customer.com.
7.0.0.0.0.0.0.0.8.0.b.0.2.0.b.2.ip6.arpa. 3600 IN NS dns2.customer.com.

Quick copy & paste how-to: Install KVM on CentOS 6

Leave a reply


CentOS 6.7 64bit
ISO: ftp://ftp.hosteurope.de/mirror/centos.org/6.7/isos/x86_64/CentOS-6.7-x86_64-netinstall.iso

URL for netinstall: ftp://ftp.hosteurope.de/mirror/centos.org/6.7/os/x86_64

LVM vg: 100%

Host: lv_root / 200 GB

vi /etc/sysconfig/selinux
SELINUX=disabled

yum install wget screen lynx vim kvm libvirt python-virtinst qemu-kvm ncftp tigervnc tigervnc-server system-config-firewall-tui xterm twm bridge-utils virt-manager openssh-askpass openssh-clients dbus-python dbus

yum groupinstall Desktop

yum update

/etc/init.d/messagebus start

system-config-firewall-tui
-> disable firewall

vi /etc/sysconfig/vncservers
VNCSERVERS="10:root"
VNCSERVERARGS[10]="-geometry 1024x768"

vi /etc/ssh/sshd_config
Port 450
PermitRootLogin without-password

adduser admin
passwd admin

chkconfig rpcidmapd off
chkconfig rpcgssd off
chkconfig nfslock off
chkconfig netfs off
chkconfig rpcbind off
chkconfig dnsmasq off
chkconfig NetworkManager off
chkconfig messagebus off

vncpasswd

vi /root/.vnc/xstartup

#!/bin/sh
[ -r /etc/sysconfig/i18n ] && . /etc/sysconfig/i18n
export LANG
export SYSFONT
vncconfig -iconic &
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
OS=`uname -s`
if [ $OS = 'Linux' ]; then
case "$WINDOWMANAGER" in
*gnome*)
if [ -e /etc/SuSE-release ]; then
PATH=$PATH:/opt/gnome/bin
export PATH
fi
;;
esac
fi
if [ -x /etc/X11/xinit/xinitrc ]; then
exec /etc/X11/xinit/xinitrc
fi
if [ -f /etc/X11/xinit/xinitrc ]; then
exec sh /etc/X11/xinit/xinitrc
fi
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

chmod 755 /root/.vnc/xstartup

vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
# BROADCAST=x.x.x.x
# DNS1=x.x.x.x
# GATEWAY=x.x.x.x
HWADDR=00:25:90:38:66:c6
# IPADDR=x.x.x.x
# NETMASK=x.x.x.x
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
# DNS2=x.x.x.x
IPV6INIT=no
USERCTL=no
BRIDGE=br0

vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0
NM_CONTROLLED=no
BROADCAST=x.x.x.x
DNS1=x.x.x.x
GATEWAY=x.x.x.x
IPADDR=x.x.x.x
NETMASK=x.x.x.x
DNS2=x.x.x.x
IPV6INIT=no
USERCTL=no

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

In /etc/postfix/main.cf:
inet_protocols = ipv4

reboot

Add hostname to /etc/hosts

/etc/init.d/vncserver start

VNC connect to host:10

virt-manager:

localhost ->

1. Virtual Networks -> default -> Basic details: device: (or virbr0), Autostart: unchecked -> Apply

2. Storage -> + (add) -> logical, Name “vm-lvm” -> Build Pool: unchecked -> Source Name: name of existing LVM volume group -> Finish

Done!

How to: cgminer (Bitcoin, Litecoin etc.) + AMD Radeon driver install on CentOS

20 Replies

UPDATE 7/7/13: If you want to use Catalyst drivers version 12.8 you will find that X won’t start (error msg: /usr/lib/xorg/modules/drivers/fglrx_drv.so: undefined symbol: noXFree86DRIExtension) if you installed CentOS 6.4. Catalyst > 12.8 will work fine. To fix that, you can downgrade to the Xorg version that ships with CentOS 6.3:

yum --disablerepo=\* --enablerepo=C6.3\* downgrade xorg\*
(You may also need to do: yum remove xorg-x11-drv-modesetting)

Do this before you install Catalyst!
UPDATE END.

Here’s my how-to for cgminer / AMD Radeon drivers under CentOS 6.4, 32bit in this example. You can basically copy & paste every line and you should end up with a working mining rig.

Install required packages:

yum install wget system-config-firewall-tui openssh-clients kernel-devel-2.6.32-358.el6.i686 libcurl-devel ncurses-devel compat-libstdc++-33 screen xterm
yum groupinstall "X Window System" "Development tools"

Download and extract cgminer 3.7.2 – later versions don’t support GPU mining:

cd /root
wget http://ck.kolivas.org/apps/cgminer/3.7/cgminer-3.7.2.tar.bz2
tar xjvf cgminer-3.7.2.tar.bz2

Download AMD APP and ADL SDKs for cgminer compilation from:

AMD APP SDK: http://developer.amd.com/tools-and-sdks/heterogeneous-computing/amd-accelerated-parallel-processing-app-sdk/downloads
AMD ADL SDK: http://developer.amd.com/tools-and-sdks/graphics-development/display-library-adl-sdk

Install AMD APP SDK:

cd /opt
tar xvzf /root/AMD-APP-SDK-v2.8-lnx32.tgz
cd /
tar xvzf /opt/icd-registration.tgz
cd /opt
tar xvzf AMD-APP-SDK-v2.8-RC-lnx32.tgz
ln -s /opt/AMD-APP-SDK-v2.8-RC-lnx32/include/CL /usr/include
ln -s /opt/AMD-APP-SDK-v2.8-RC-lnx32/lib/x86/* /usr/lib/

Install AMD ADL SDK:

cd /root
mkdir ADL
mv ADL_SDK_5.0.zip ADL
cd ADL
unzip ADL_SDK_5.0.zip
cp include/*.h /root/cgminer-3.7.2/ADL_SDK

Build cgminer for Litecoin (with scrypt support):

cd /root/cgminer-3.7.2
CFLAGS="-O2 -Wall -march=native -I/opt/AMD-APP-SDK-v2.8-RC-lnx32/include" LDFLAGS="-L/opt/AMD-APP-SDK-v2.8-RC-lnx32/lib/x86" ./configure --enable-scrypt
make
make install (if you want to run the cgminer binary from everywhere)

Install fglrx AMD graphics card drivers:

AMD Catalyst driver (fglrx) from: http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspx

(e.g.

cd /root
wget http://www2.ati.com/drivers/linux/amd-catalyst-13.4-linux-x86.x86_64.zip

)

unzip amd-catalyst-13.4-linux-x86.x86_64.zip
chmod 700 amd-catalyst-13.4-linux-x86.x86_64.run
./amd-catalyst-13.4-linux-x86.x86_64.run --buildpkg RedHat/RHEL6
rpm -Uvh fglrx_p_i_c-12.104-1.i386.rpm

reboot

amdconfig --adapter=all --initial

If your mining rig is headless you can start X in a screen session:

screen
xinit

Detach screen session: CTRL+A+D

Create cgminer.sh and put this into the file:

export GPU_USE_SYNC_OBJECTS=1
export GPU_MAX_ALLOC_PERCENT=100
export DISPLAY=:0

cgminer --scrypt ...your parameters go here...

Make it executable:

chmod 700 cgminer.sh

Configure cgminer parameters as needed and start mining (./cgminer.sh). Done!

JunOS: Finding SNMP object identifiers for your Juniper device

Leave a reply

Step 1: Download the approriate MIBs from Juniper at this link.

Step 2: grep through the MIB .txt files for the string that you’re looking for, e.g. grep -i prefixes *.txt. This will give you some clues like:

mib-jnx-bgpmib2.txt: jnxBgpM2PrefixInPrefixes
mib-jnx-bgpmib2.txt: jnxBgpM2PrefixInPrefixesAccepted
mib-jnx-bgpmib2.txt: jnxBgpM2PrefixInPrefixesRejected
mib-jnx-bgpmib2.txt: jnxBgpM2PrefixOutPrefixes

Step 3: On your Juniper, walk through the SNMP object names until you found what you’re looking for:

admin@router> show snmp mib walk jnxBgpM2
[…]
jnxBgpM2PrefixOutPrefixes.0.1.1 = 10
jnxBgpM2PrefixOutPrefixes.1.1.1 = 10
jnxBgpM2PrefixOutPrefixes.2.2.1 = 1

(jnxBgpM2PrefixCountersTable instead of jnxBgpM2 works too and saves you some time – check e.g. http://www.oidview.com/mibs/2636/BGP4-V2-MIB-JUNIPER.html)

Step 4: Now, if you want to monitor two of these objects, for example 0.1.1 and 2.2.1 with e.g. MRTG, you cannot simply specify

Target[router_prefixout]: jnxBgpM2PrefixOutPrefixes.0.1.1&jnxBgpM2PrefixOutPrefixes.2.2.1:yourcommunity@router-ip-address:::::2

because that just won’t work. Don’t ask me why, I’m an SNMP n00b and I couldn’t care less about SNMP. :-) Instead you will need the object identifier, which for BGP you could find here: http://www.oidview.com/mibs/2636/BGP4-V2-MIB-JUNIPER.html respectively here at oidview.com for all Juniper MIBs: http://www.oidview.com/mibs/2636/md-2636-1.html. In that document you would search for object name jnxBgpM2PrefixOutPrefixes and you would find that 1.3.6.1.4.1.2636.5.1.1.2.6.2.1.10 is the corresponding object identifier. So, your final config will look like this:

Target[router_prefixout]: 1.3.6.1.4.1.2636.5.1.1.2.6.2.1.10.0.1.1&1.3.6.1.4.1.2636.5.1.1.2.6.2.1.10.2.2.1:yourcommunity@router-ip-address:::::2

JunOS: Make sshd listen on another port than 22

Leave a reply

There’s no setting in JunOS (M series) that makes it possible to move sshd to another port than 22 by default. Here’s a dirty workaround:

We want sshd to listen on port 450.

% grep 450 /etc/services
tserver         450/tcp
tserver         450/udp

Comment the lines starting with ssh in /etc/inetd.conf and add tserver instead with the same parameters:

# ssh stream tcp/rt=shared nowait/75/2 root /usr/sbin/sshd sshd -i -f /var/etc/sshd_conf
# ssh stream tcp6/rt=shared nowait/75/2 root /usr/sbin/sshd sshd -i -f /var/etc/sshd_conf
tserver stream tcp/rt=shared nowait/75/2 root /usr/sbin/sshd sshd -i -f /var/etc/sshd_conf
tserver stream tcp6/rt=shared nowait/75/2 root /usr/sbin/sshd sshd -i -f /var/etc/sshd_conf

Add your desired port to /var/etc/sshd_conf:

PermitRootLogin no
Protocol 2
Port 450

Then restart inetd:

kill -HUP PID_OF_INETD

Done. Changes will be lost on reboot or software upgrade. You could set up a cronjob to check and add the lines to inetd.conf / sshd_conf automatically if needed.