29 May 2016

Extending LVM volume

An LVM setup on a physical disk helps to increase the logical volume size in case it is almost full. Steps to be able to extend a logical volume, when there is free space on the physical volume:

  1. Unmount the volume
  2. Check if there is free space on physical volume (if no, need to add physical volume and extend group first)
  3. Extend logical volume using $> sudo lvextend -L+10G /dev/gp02/virtual
  4. Run fsck on logical volume: $> sudo e2fsck -f /dev/gp02/virtual
  5. Extend the file system on the logical volume: $> sudo resize2fs /dev/gp02/virtual
  6. Mount the logical volume: $> sudo mount -t auto /dev/gp02/virtual /virtual
Where:
/dev/gp02/virtual - is the logical volume
-L+10G - adds 10 GiB to the logical volume

In case there is no free space left on the physical volume, one needs to add a new physical volume to the group and then extend the logical volume.

References:
LVM HowTo [tldp.org]
Debian LVM [debian.org]
Working with LVM [debian-administration.org]

18 May 2016

pfSense 2.3.1 available.....almost

Warning: Upgrade your firewall after having a proper plan and back out option. As a minimum a snapshot before starting work and backup of the firewall configuration is recommended.


Did a Xenserver setup in the last few days with a pfSense 2.3 instance running on it. After finishing another VM and configuring the setup, what appears on pfSense administration page?


All issues marked for the 2.3.1 release had been closed recently, but didn't know that the update will appear out of the blue without any announcement on the pfSense blog!

Update 1


Tried to upgrade pfSense to 2.3.1.....
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Upgrading pkg... failed.
Failed

Need to wait a bit I think...

Update 2

Seems things are not ready yet
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-core/meta.txz: Connection reset by peer
repository pfSense-core has no meta file, using default settings
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-core/packagesite.txz: Connection reset by peer
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0/meta.txz: Connection reset by peer
repository pfSense has no meta file, using default settings
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0/packagesite.txz: Connection reset by peer
Unable to update repository pfSense
Failed


Update 3

Still got the first error above when trying to upgrade via console. Blog has a detailed post about the release now.

Update 4

Went to pfSense forums and noticed others are having similar issues. Need to wait for mirrors to synchronize as one of the packages is not there yet!

root: pfSense-upgrade -d
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Upgrading pkg...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
        pkg: 1.6.2 -> 1.7.2_2 [pfSense]

The process will require 91 KiB more space.
2 MiB to be downloaded.
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0/All/pkg-1.7.2_2.txz: Not Found

Final update

Apparently, pfSense was not looking in the right place and was looking in the 2.3.0 folders. Waited for another half an hour and tried again and it downloaded the correct information and was able to find all packages needed for upgrade. 2.3.1 is up and running. Verifying functionality before deleting snapshot.

15 April 2016

pfSense upgrade - "can't find kernel" error

I had pfSense 2.2.4 running as a virtual machine and noticed that version 2.3 was finally released. Broadly, pfSense 2.3 has a complete redo of the webGUI using bootstrap, and the backend system is completed based on FreeBSD. The new web interface is clean, modern and "easier" on the eyes to say the least. Being based on FreeBSD, future upgrades will be much easier as individual packages can be upgraded. For more details about the new release: see the introductory video, or read the links in the release announcement.

In my virtual instance of pfSense, I have just 1 GB of disk space and was using 512MB RAM. On trying to do the upgrade via GUI, it ended up with an error:

Can't find 'kernel'
Error while including /boot/menu.rc. in the line:
Menu-display
\
Can't load 'kernel'


This happened primarily because of my choice of disk space. During the upgrade, the download of the new version was about 200 MB. After the downloaded ended the system was using close to 90% disk space and after reboot there seems to have been some data loss.

So, be careful, do a backup or a snapshot of the VM before attempting the upgrade (good practice for any upgrade). If your disk space is not enough, add some more before upgrading.

Happy firewalling.

6 January 2016

Fido! Fix your loop

Log-in in to a Fido account and you will see links to do a private chat if you have questions. On clicking, it takes you to a page with options to contact them depending on your relationship with them (see partial screenshot below):
 When you click on the "Customers" section, you end up on a page with different ways to contact them. What does the option for Live Chat say? It tells you to go back and login to your "My Account" i.e. back from where you started?
If this was going on for my car's gas tank, it would be so much different! But Fido, stop this run around. This is not the way to keep your current customers when there are better options available in the market!

21 December 2015

Debian/Apt and disk space

For a few days I was getting the following error when trying to do an apt-get update on my Debian/Stretch machine

~$ sudo apt-get update
Get:1 http://mirror.csclub.uwaterloo.ca stretch InRelease [200 kB]
Ign http://mirror.csclub.uwaterloo.ca stretch InRelease                       
Ign http://mirror.csclub.uwaterloo.ca stretch Release.gpg                     
Get:2 http://security.debian.org stretch/updates InRelease [62.8 kB]
Ign http://security.debian.org stretch/updates InRelease
Ign http://security.debian.org stretch/updates Release.gpg
Ign http://security.debian.org stretch/updates Release
Get:3 http://security.debian.org stretch/updates/main i386 Packages/DiffIndex [1,554 B]
Ign http://security.debian.org stretch/updates/main i386 Packages/DiffIndex
Get:4 http://security.debian.org stretch/updates/main Translation-en [14 B]
Get:5 http://security.debian.org stretch/updates/main i386 Packages [32 B]
Get:6 http://security.debian.org stretch/updates/main i386 Packages [32 B]
Ign http://security.debian.org stretch/updates/main Translation-en_CA
Ign http://security.debian.org stretch/updates/main Translation-en
Err http://security.debian.org stretch/updates/main i386 Packages
  404  Not Found [IP: 128.31.0.63 80]
Hit http://mirror.csclub.uwaterloo.ca stretch Release
Get:7 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages/DiffIndex [16.6 kB]
Ign http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages/DiffIndex
Get:8 http://mirror.csclub.uwaterloo.ca stretch/main Translation-en [4,902 kB]
Get:9 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages [7,440 kB]
Get:10 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages [7,440 kB]
Err http://mirror.csclub.uwaterloo.ca stretch/main Translation-en_CA
  Bad header line [IP: 129.97.134.71 80]
Err http://mirror.csclub.uwaterloo.ca stretch/main Translation-en
  Bad header line [IP: 129.97.134.71 80]
Err http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages
  Bad header line [IP: 129.97.134.71 80]
W: Failed to fetch http://security.debian.org/dists/stretch/updates/main/binary-i386/Packages  404  Not Found [IP: 128.31.0.63 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/i18n/Translation-en_CA  Bad header line [IP: 129.97.134.71 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/i18n/Translation-en  Bad header line [IP: 129.97.134.71 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/binary-i386/Packages  Bad header line [IP: 129.97.134.71 80]

E: Some index files failed to download. They have been ignored, or old ones used instead.


Trying to rule out problems due to network, I verified the the URL giving the error 404 in the browser and it worked fine. Then I checked my disk space as it was usually the culprit before I rebuilt the OS on a 80GB HDD (earlier the OS was in 4GB!). The /var partition was indeed used 100%. Applying the usual trick of apt-get clean did release much space!

On closer investigation, I noticed the kern.log and syslog files in /var/log/ were huge (kern.log 3.6GB, syslog 248 MB). The kern.log and syslog had error/warning splattered repeatedly such as:
Dec  1 07:36:00 imlee kernel: [1155666.501321] nouveau E[  PGRAPH][0000:01:00.0]  NOTIFY nsource: STATE_INVALID nstatus: INVALID_STATE BAD_ARGUMENT

Reducing the size of kern.log/syslog to 0 fixed the apt-get issue!The Debian/Stretch machine is uptodate again.

10 November 2015

Facebook & privacy

Facebook & privacy: something that comes up in the new often. Anyone who knows a little about how Facebook "makes" money, would say that these words are a perfect example of antonyms!
BBC reporting on another challenge Facebook is facing in Belgium due to its practices related to how they use cookies for users (even users who are not logged in to Facebook). A quote from the full article:

They conducted a series of tests including one where they did a Google search for the term facebook data policy. It led them to the Facebook data policy page which placed the datr cookie on their browser.

They then visited a Belgian website related to prostate cancer treatment which includes a Facebook like button and found that the datr cookie was sent to Facebook.

There was no formal notice regarding any cookie being stored.


Even without using cookies, a user's browsing habits can be tracked as web browsers can be identified by various ways to render each user's browser (and hence browsing trail) to be unique. To read more about this read Panopticlick.

To keep such sites from harnessing your data, here are some options:
  1. Use Tor Browser when possible
  2. Use Firefox with plugins*: Adblock Edge, Privacy Badger, HTTPS Everywhere, and NoScript.
  3. Use Firefox with above plugins in a Linux VM

* - the list of plugins is not at all exhaustive, you are advised to do your research and choose which ones are required for your case

14 October 2015

CloudATclost.com VM 60% off

Ordered a "one-time" billing VM from cloudatcost.com today. It was their Developer 2 setup. Currently the site shows 50% off i.e. $35 instead of $70. I just happened to view their member page and saw a post about 60% off using code CAC606060 valid for only 9 Oct 2015.

I tried it and the Dev 2 setup one-time fee came out to $28. Enjoy the extra 10% off while it works.

Enabling HTTPS for blog

Just noticed that https was available for blogger.com blogs. It has been enabled. Use url: https://ksvichaar.blogspot.com as there is no automatic redirect from http:// (yet).

Note: there might still be mixed content on the blog, it will be updated as time permits.