Category Archives: How to

Raspberry Pi ntp server gps

raspberry pi ntp server gps

RASPBERRY PI NTP SERVER GPS
RASPBERRY PI NTP SERVER GPS

You need:

stty -F /dev/ttyAMA0 raw 9600 cs8 clocal -cstopb

test gps

cat /dev/ttyAMA0

gpsmon

gpsmon
gpsmon

(eg, remove console=ttyAMA0,115200 and if there, kgdboc=ttyAMA0,115200) /boot/cmdline.txt

dwc_otg.lpm_enable=0 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait

Install ntp package

apt-get install ntp gpsd

/etc/default/gpsd

# Default settings for the gpsd init script and the hotplug wrapper.

# Start the gpsd daemon automatically at boot time
START_DAEMON="true"

# Use USB hotplugging to add new USB devices automatically to the daemon
USBAUTO="false"

# Devices gpsd should collect to at boot time.
# They need to be read/writeable, either by user gpsd or the group dialout.
DEVICES="/dev/ttyAMA0"

# Other options you want to pass to gpsd
GPSD_OPTIONS="-b -n"

/lib/systemd/system/gpsd.service

#ExecStart=/usr/sbin/gpsd -N $GPSD_OPTIONS $DEVICES
ExecStart=/usr/sbin/gpsd -N -b -n /dev/ttyAMA0

/usr/local/bin/leap-seconds.sh

#!/bin/sh
cd /etc/ntp
wget https://www.ietf.org/timezones/data/leap-seconds.list &> /dev/null
service ntp restart &> /dev/null

/etc/cron.d/ntp

0 0 31 6,12 * root /usr/local/bin/leap-seconds.sh
mkdir /etc/ntp

download the leap-seconds.list the first time

/usr/local/bin/leap-seconds.sh

/etc/ntp.conf

driftfile /var/lib/ntp/ntp.drift
leapfile /etc/ntp/leap-seconds.list

# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# pool
server 0.ch.pool.ntp.org iburst
server 1.ch.pool.ntp.org iburst
server 2.ch.pool.ntp.org iburst
server 3.ch.pool.ntp.org iburst


# HW GPS
server 127.127.28.0 iburst
fudge 127.127.28.0 flag1 1 flag2 0 time2 0.600 refid GPS

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page 
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
restrict 172.23.0.0 mask 255.255.0.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

Tricks:

query and synchronize against a pool

ntpdate -q 0.ch.pool.ntp.org 1.ch.pool.ntp.org

/etc/udev/rules.d/99-com.rules
KERNEL==”ttyAMA0″, SYMLINK+=”gps0″
KERNEL==”pps0″, SYMLINK+=”gpspps0″

The NTP status codes that ntpq is showing you are on this list, yours is showing an “*” which means you aren’t using the PPS, just the serial output of the GPS chip. You might want to look into that as the PPS is probably going to give you better time accuracy.

o = pps peer
* = sys peer
# = too distant
+ = selected
x = false ticker
– = discarded

[![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT)

How to grow RAID+LUKS+lvm+xfs

How to grow RAID+LUKS+lvm+xfs
clone partition table, add disk to mdraid, resize mdraid, cryptsetup and Volume Group

luks
luks

If you like to add a new disk to mdadm raid, you should clone the partition layout.

sgdisk -R /dev/sdY /dev/sdX
sgdisk -G /dev/sdY

The first command copies the partition table of sdX to sdY (be careful not to mix these up). The second command randomizes the GUID on the disk and all the partitions. This is only necessary if the disks are to be used in the same machine, otherwise it’s unnecessary.

Add new disks to raid:

mdadm --add /dev/sdb1 

Grow the raid:

mdadm --grow --raid-devices=9 --backup-file=/tmp/grow_md2.bak /dev/md2

Information of reshape:

cat /proc/mdstat                                                                                                                                                                                                                                                                                     
Personalities : [raid1] [raid6] [raid5] [raid4] [linear] [multipath] [raid0] [raid10] 
md1 : active raid1 sdg4[5] sdh4[4] sdi4[3] sdj4[1]
      927603520 blocks super 1.2 [4/3] [UUU_]
      	resync=DELAYED
      
md0 : active raid1 sdg2[5] sdi2[0] sdh2[4] sdj2[1]
      976320 blocks super 1.2 [4/3] [UUU_]
      	resync=DELAYED
      
md2 : active raid6 sdg5[10](S) sdi5[8] sdj5[9] sdh5[11] sdd1[3] sdb1[0] sdf1[5] sdc1[2] sde1[4] sda1[1]
      20510934528 blocks super 1.2 level 6, 512k chunk, algorithm 2 [10/9] [UUUUUUUU_U]
      [====>................]  reshape = 20.2% (592765952/2930133504) finish=3123.9min speed=12469K/sec
      
unused devices: 

Speed up the rebuild or reshape:

If you only have 1000, you should set to a higher value.

cat /proc/sys/dev/raid/speed_limit_min                                                                                                                                                                                                                                                           
1000

Set the speed_limit_min to 50000.

echo 50000 > /proc/sys/dev/raid/speed_limit_min

Resize the partition with parted:

parted /dev/md2 resizepart

Resize the LUKS partition:

cryptsetup resize cryptvg

Show the status from the LUKS partition:

cryptsetup status cryptvg

Show the status from the physical volume:

pvdisplay

Resize the physical volume

pvresize /dev/mapper/cryptvg 

Show the status from the volume group:

vgs

Resize the xfs filesystem:

xfs_growfs /dev/cryptvg/test

Tricks

Detail information of the mdadm raid.

mdadm --detail /dev/md1

If you have a problem with the raid:

mdadm --stop /dev/md2
mdadm --assemble /dev/md2  /dev/sdh5 /dev/sdb1 /dev/sde1 /dev/sdc1 /dev/sdf1 /dev/sdd1 /dev/sda1 /dev/sdi5 /dev/sdg5
mdadm --run /dev/md2

If it now work, force:

mdadm --assemble --run --force  /dev/md2 /dev/sdb1 /dev/sde1 /dev/sdc1 /dev/sdf1 /dev/sdd1 /dev/sda1 /dev/sdi5 /dev/sdg5 /dev/sdh5

Disk status

mdadm --examine /dev/sd*

HHVM Nginx Ubuntu with multiple Site

HHVM Nginx Ubuntu with multiple Site

To run HHVM on Nginx with Ubuntu 14.04 and multiple Site per Server you can use this Howto. I work with Nginx variables, this make it easy to have short Nginx configs.

First step is to install HHVM on the server

sudo apt-get install software-properties-common

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
sudo add-apt-repository 'deb http://dl.hhvm.com/ubuntu trusty main'
sudo apt-get update
sudo apt-get install hhvm

Now you get the following information

********************************************************************
* HHVM is installed.
* 
* Running PHP web scripts with HHVM is done by having your webserver talk to HHVM
* over FastCGI. Install nginx or Apache, and then:
* $ sudo /usr/share/hhvm/install_fastcgi.sh
* $ sudo /etc/init.d/hhvm restart
* (if using nginx)  $ sudo /etc/init.d/nginx restart
* (if using apache) $ sudo /etc/init.d/apache restart
* 
* Detailed FastCGI directions are online at:
* https://github.com/facebook/hhvm/wiki/FastCGI
* 
* If you're using HHVM to run web scripts, you probably want it to start at boot:
* $ sudo update-rc.d hhvm defaults
* 
* Running command-line scripts with HHVM requires no special setup:
* $ hhvm whatever.php
* 
* You can use HHVM for /usr/bin/php even if you have php-cli installed:
* $ sudo /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60
********************************************************************

Now run the install script

sudo /usr/share/hhvm/install_fastcgi.sh
sudo /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60

So now you have install the HHVM. Now you must setup the multiple instances.

sudo cp /etc/init.d/hhvm /etc/init.d/hhvm_www_safematix_com
sudo cp /etc/default/hhvm /etc/default/hhvm_www_safematix_com
sudo cp /etc/hhvm/server_www_canus_at.ini /etc/hhvm/server_www_safematix_com.ini

Now you must edit the configs.

/etc/init.d/hhvm_www_safematix_com

sudo vi /etc/init.d/hhvm_www_safematix_com
...
NAME=hhvm_www_safematix_com
...
PIDFILE=/var/run/hhvm/pid_$NAME

/etc/default/hhvm_www_safematix_com

## This is a configuration file for /etc/init.d/hhvm.
## Overwrite start up configuration of the hhvm service.
##
## This file is sourced by /bin/sh from /etc/init.d/hhvm.

## Configuration file location.
## Default: "/etc/hhvm/server.ini"
## Examples:
##   "/etc/hhvm/conf.d/fastcgi.ini" Load configuration file from Debian/Ubuntu conf.d style location
CONFIG_FILE="/etc/hhvm/server_www_safematix_com.ini"

## User to run the service as.
## Default: "www-data"
## Examples:
##   "hhvm"   Custom 'hhvm' user
##   "nobody" RHEL/CentOS 'www-data' equivalent
RUN_AS_USER="www_safematix_com"
RUN_AS_GROUP="www_safematix_com"

## Add additional arguments to the hhvm service start up that you can't put in CONFIG_FILE for some reason.
## Default: ""
## Examples:
##   "-vLog.Level=Debug"                Enable debug log level
##   "-vServer.DefaultDocument=app.php" Change the default document
#ADDITIONAL_ARGS=""

## PID file location.
## Default: "/var/run/hhvm/pid"
#PIDFILE="/var/run/hhvm/pid"

/etc/hhvm/server_www_safematix_com.ini

; php options

pid = /var/run/hhvm/pid_www_safematix_com

; hhvm specific 

hhvm.server.port = 9001
hhvm.server.type = fastcgi
hhvm.server.default_document = index.php
hhvm.log.use_log_file = true
hhvm.log.file = /var/log/hhvm/error_www_safematix_com.log
hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc

Now edit the nginx settings

location ~ \.(hh|php)$ {
    fastcgi_keep_conn on;
    fastcgi_pass   127.0.0.1:$siteport;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

vhost config

server {
	listen [2a01:4f8:210:3101::12]:443 ssl spdy;
	listen 443 ssl spdy;
	spdy_headers_comp 5;

	server_name www.safematix.com safematix.com;

	root /srv/www/www_safematix_com/htdocs;
	index index.php index.html index.htm;

	access_log   /srv/www/www_safematix_com/log/www.safematix.com_ssl.access.log;
        error_log    /srv/www/www_safematix_com/log/www.safematix.com_ssl.error.log;

        ssl_certificate /etc/nginx/ssl/safematix/www.safematix.com.crt;
        ssl_certificate_key /etc/nginx/ssl/safematix/www.safematix.com.key;

        ssl_dhparam /etc/nginx/ssl/safematix/www.safematix.com-dhparam.pem;

	set $siteport 9001;

	include global/ssl.conf;
	include global/restrictions.conf;
	include global/wordpress.conf;
	include global/php.conf;
}

Now enable HHVM at boot and reload service

sudo update-rc.d hhvm_www_safematix_com defaults
sudo service hhvm_www_safematix_com start
sudo service nginx reload

 

 

 

External Links:
https://github.com/facebook/hhvm/wiki/Prebuilt-packages-on-Ubuntu-14.04
https://github.com/facebook/hhvm/wiki/Getting-Started
https://kinsta.com/blog/real-world-wordpress-benchmarks-with-php5-5-php5-6-php-ng-and-hhvm/
http://webdevstudios.com/2014/07/17/setting-up-wordpress-nginx-hhvm-for-the-fastest-possible-load-times/

Nginx global config

Nginx global config for you sites-enabled in Ubuntu / Debian.

Every time when you have the same config per vhost then it is better to work with global settings.

Here is an example with the SSL config in Nginx. When you have one global config it is easy to don’t forget something.

/etc/nginx/global/ssl.conf

	ssl on;

	ssl_trusted_certificate /etc/nginx/ssl/ca.pem;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:10m;

	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.4.4 8.8.8.8 valid=300s;
	resolver_timeout 10s;

	add_header Strict-Transport-Security max-age=63072000;
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
	ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
	add_header Strict-Transport-Security max-age=15768000; # six months
	# use this only if all subdomains support HTTPS!
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

/etc/nginx/sites-enabled/www_safematix_com

server {
	listen [2a01:4f8:210:3101::12]:443 ssl spdy;
	listen 443 ssl spdy;
	spdy_headers_comp 5;

	server_name www.safematix.com safematix.com;

	root /srv/www/www_safematix_com/htdocs;
	index index.php index.html index.htm;

	access_log   /srv/www/www_safematix_com/log/www.safematix.com_ssl.access.log;
        error_log    /srv/www/www_safematix_com/log/www.safematix.com_ssl.error.log;

        ssl_certificate /etc/nginx/ssl/safematix/www.safematix.com.crt;
        ssl_certificate_key /etc/nginx/ssl/safematix/www.safematix.com.key;

        ssl_dhparam /etc/nginx/ssl/safematix/www.safematix.com-dhparam.pem;

	set $siteport 9001;

	include global/ssl.conf;
	include global/restrictions.conf;
	include global/wordpress.conf;
	include global/php.conf;
}

HP Proliant PXE boot multible NICs

HP Proliant PXE boot multible NICs. If you have a server with more than one NIC and you like to boot not only from the first interface. Then you must turn this on in the Bios and in the NIC firmware.

Press F9 during POST to get into the system BIOS menu (ROM-Based Setup Utility).

XrKyJ

Follow the menus from System Options > Embedded NICs > NIC X Boot Options.
Select the NIC you wish to boot from and flip the Network Boot flag.

xwlFJ

Now you must enable PXE Boot also in the interface firmware. Wait for the message and press strg + s.

Screenshot - 01282015 - 04:07:20 PM

Now you are in the firmware setting menu. Enable PXE on the interface you like.

Screenshot - 01282015 - 04:18:02 PM

Nginx 1.7 Ubuntu 14.04

Nginx 1.7 ubuntu 14.04
nginx

When you have Nginx 1.7 you can also use SPDY 1.3 and other cool features.

To install Nginx 1.7 on a Ubuntu 14.04 Linux. You can use this:

curl http://nginx.org/keys/nginx_signing.key | apt-key add -
echo -e "deb http://nginx.org/packages/mainline/ubuntu/ `lsb_release -cs` nginx\ndeb-src http://nginx.org/packages/mainline/ubuntu/ `lsb_release -cs` nginx" > /etc/apt/sources.list.d/nginx.list

Update source and install or upgrade Nginx:

aptitude update
aptitude install nginx
aptitude dist-upgrade

When you use php, add this to /etc/nginx/fastcgi_params :

# add for nginx 1.7
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

 

Links: http://nginx.org/en/linux_packages.html#stable

Nginx worker_connections exceed open file resource

Nginx worker_connections exceed open file resource
nginx

When you restart the nginx service and you see this meassage then you have a problem with the file limits.

root@web01:/var/log/nginx# service nginx restart

* Restarting nginx nginx nginx: [warn] 4096 worker_connections exceed open file resource limit: 1024
 nginx: [warn] 4096 worker_connections exceed open file resource limit: 1024

You can set in manual

ulimit -n 65536

When you like to see the open files limit you can see it with

root@web01:/var/log/nginx# ulimit -n
65536

You can also see all limits with

root@web01:/var/log/nginx# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 256697
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 256697
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

On Ubuntu and Debian you can set the limits in /etc/security/limits.conf with

* soft nofile 65536
* hard nofile 65536

Nginx client intended to send too large body

If you look in the error log from your site

2015/01/25 13:01:31 [error] 7477#0: *11490 client intended to send too large body: 1424254 bytes, client: 2a02:168:66b9:0:dc3c:5449:d617:86f6, server: www.safematix.com, request: "POST /wp-admin/async-upload.php HTTP/1.1", host: "www.safematix.com", referrer: "https://www.safematix.com/wp-admin/post-new.php"

Open the nginx.conf and edit the http tag

 vi /etc/nginx/nginx.conf
 http {
 client_max_body_size 50M;
 ...
 ...
 }

It is also possible to put the settings per location tag.

location {
 client_max_body_size 50M;
 ...
 ...
 }

Don’t forget the reload from the nginx service.

service nginx reload