qemu/kvm libvirt and trim with Fedora 25


after more then 10 years of using VMWare Workstation (Starting with VMWare Workstation 5). I’m in the process of moving to KVM/libvirt, but I want to use qcow2 with trim support.

I’m using Fedora 25 with virt-manager to create my virtual machines. A lot of pages describe that very well like Chris Irwins. But I found another problem.

To support trim you need to make sure you have at least 2.1, but I want the latest version 2.7. This it the default, so normally you don’t need to change this with virsh edit DOMAIN:

<type arch='x86_64' machine='pc-i440fx-2.7'>hvm</type>

One parameter that you need to change manually (and that can not be done with virt-manager) tells qemu that the discard/trim should be forwarded to the underlying image.It looks like this:

<driver name='qemu' type='qcow2' discard='unmap'/>

All of this can be found on the Internet. A problem that I faced with RHEL7 and others is that virt-manager creates the disc-controller as a antique LSI/NCR controller and that RHEL7 does not support this. To fix this you have to this model to the scsi controller:

<controller type='scsi' index='0' model='virtio-scsi'>

With this RHEL7, Windows 10 and FreeBSD 11 Machines can be configured to run with trimming there images them self.

To migrate you Windows 10 from “libvirt” auf “libvirt-scsi” is quite easy. Add a new libvirt-scsi Disc to an existing Installation. Install the driver for libvirt-scsi, reboot. Now you system supports this driver. After the this reboot, shutdown the machines again and change the disc type of all discs to libvirt-scsi like above and reboot again. Your system should start up with it’s libvirt-scsi enabled disc.

To run the trim command to cleanup unused space, run this in an Admin PowerShell:

Optimize-Volume -DriveLetter c -ReTrim -Verbose

Rinse and repeat for all disc letters.

As always no warranty that this does not break you system.

Posted in Fedora, Linux, Uncategorized | Tagged | Comments Off on qemu/kvm libvirt and trim with Fedora 25

Citrix Reciever and SELinux

Hi Internet,

sorry for the longtime being absent from this blog. But marriage and a child takes time and the blog was the first to go. But I will restart writing blog posts today with a project I started a couple of days ago.

Selinux and the Citrix Reciever

I have to use the Citrix Reciever to access the Citrix farm in our company. This is the only way to access the company network remotely. But I don’t like to run it as unconfined_t on my Fedora 25. So I sat down and created a selinux modules to limit the access of this close source software on my system. In the process I found that it tries to read the mozilla profile and other stuff that I didn’t like and I therefore disabled this. The code is available on GitHub. Simply install the citrix reciever with the rpm from the Citrix website.

This is only a fast and dirty solution. If you want to clean in up, I look forward to it. If I have time I will clean in up, but maybe someone is faster then me (aka. has more sparetime) ūüėČ

I will not give ANY waranty. If it breaks for you it is your problem.

After the installation of Citirx you can run it like this.

sudo dnf install make selinux-policy-devel
git clone https://github.com/JensKuehnel/selinux-citrixreciever.git
cd selinux-citrixrecievermakesudo 
make load
sudo restorecon -Rv /opt/Citrix/

It works for me, if you run into any problems tell me. I have a dontaudit rule against accessing mozilla_home_t. It still runs perfectly for me.

Next things on my selinux list is tlp-thinkpad. To put selinux rule in for tlp to run with akmod-acpi_call from the TLP Website.

Posted in Fedora, Linux | Tagged , | Comments Off on Citrix Reciever and SELinux

We need 64bit, everywhere!

Just bought a new 8TB disk drive. Following my standard procedures I run a badblock -w against the disk as burn in test. Running on Fedora 20 on x86_64 I was surprised to see this:

badblocks -v -v -w /dev/sdf
 badblocks: Value too large for defined data type invalid end block (7516192768): must be 32-bit value


lvcreate -L 1G --type thin-pool --thinpool thin_pool $VG
lvcreate -T $VG/thin_pool -V 4T -n thinvol
badblocks -v -v -w /dev/$VG/thin_pool


badblock -v -v -w -b 4096 /dev/$VG/thin_pool
Posted in Enterprise Linux, Fedora, Linux | Tagged | Comments Off on We need 64bit, everywhere!

my T-Shirt

root is god
selinux is blasphemy

Posted in Enterprise Linux, Fedora, Linux | Tagged | 2 Comments

yum vs. dnf

Sorry for the long silence. I will try to post more often from now on.
I playing around with dnf, which is the package manager that should replace yum in the future and had some very nice insight.

[root@mysystem ~]# date ; yum clean all
Do 25. Sep 17:51:06 CEST 2014
Geladene Plugins: auto-update-debuginfo, fastestmirror, langpacks, ps, refresh-
                : packagekit, remove-with-leaves, rpm-warm-cache, show-leaves,
                : versionlock
Quellen werden aufgeräumt:adobe-linux-x86_64 fedora fedora-HandBrake
                        : fedora-chromium-stable logstash-1.4
                        : mbooth-eclipse-luna rpmfusion-free
                        : rpmfusion-free-updates rpmfusion-nonfree
                        : rpmfusion-nonfree-updates updates
Cleaning up everything
[root@mysystem ~]# date ; yum update
Do 25. Sep 17:51:13 CEST 2014
Geladene Plugins: auto-update-debuginfo, fastestmirror, langpacks, ps, refresh-
                : packagekit, remove-with-leaves, rpm-warm-cache, show-leaves,
                : versionlock
adobe-linux-x86_64                                          |  951 B  00:00     
fedora/20/x86_64/metalink                                   |  33 kB  00:00     
fedora                                                      | 3.8 kB  00:00     
fedora-HandBrake                                            | 2.9 kB  00:00     
fedora-chromium-stable                                      | 3.4 kB  00:00     
logstash-1.4                                                | 2.5 kB  00:00     
mbooth-eclipse-luna                                         | 3.0 kB  00:00     
rpmfusion-free                                              | 3.3 kB  00:00     
rpmfusion-free-updates                                      | 3.3 kB  00:00     
rpmfusion-nonfree                                           | 3.3 kB  00:00     
rpmfusion-nonfree-updates                                   | 3.3 kB  00:00     
updates/20/x86_64/metalink                                  |  15 kB  00:00     
updates                                                     | 4.9 kB  00:00     
(1/8): fedora-HandBrake/20/x86_64/primary_db                |  10 kB  00:00     
(2/8): fedora/20/x86_64/group_gz                            | 394 kB  00:00     
(3/8): mbooth-eclipse-luna/20/x86_64/primary_db             | 148 kB  00:00     
(4/8): updates/20/x86_64/group_gz                           | 395 kB  00:00     
updates/20/x86_64/primary_db   FAILED                                          
http://mirror.1000mbps.com/fedora/linux/updates/20/x86_64/repodata/189bd24ec8b2062a45dbc5e01c213249a1f8be9a9f699195f832cc93b6394c0d-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found
Anderer Spiegelserver wird versucht.
updates/20/x86_64/primary_db   FAILED                                          
http://mirror2.hs-esslingen.de/fedora/linux/updates/20/x86_64/repodata/189bd24ec8b2062a45dbc5e01c213249a1f8be9a9f699195f832cc93b6394c0d-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found
Anderer Spiegelserver wird versucht.
(5/8): logstash-1.4/primary_db                              |  17 kB  00:00     
(6/8): fedora-chromium-stable/20/x86_64/primary_db          |  29 kB  00:00     
(7/8): updates/20/x86_64/primary_db                         |  12 MB  00:04     
(8/8): fedora/20/x86_64/primary_db                          |  18 MB  00:04     
(1/11): rpmfusion-free-updates/20/x86_64/group_gz           | 1.6 kB  00:00     
(2/11): rpmfusion-free-updates/20/x86_64/primary_db         | 348 kB  00:00     
(3/11): rpmfusion-nonfree/20/x86_64/group_gz                | 1.0 kB  00:00     
(4/11): rpmfusion-nonfree-updates/20/x86_64/group_gz        | 1.0 kB  00:00     
(5/11): rpmfusion-nonfree/20/x86_64/primary_db              | 137 kB  00:00     
(6/11): rpmfusion-nonfree-updates/20/x86_64/primary_db      | 107 kB  00:00     
updates/20/x86_64/updateinfo   FAILED                                          
http://mirror2.hs-esslingen.de/fedora/linux/updates/20/x86_64/repodata/418dbd12af6795571f815b836aada093514abb1e7293fccfbed97c63ad70de16-updateinfo.xml.gz: [Errno 14] HTTP Error 404 - Not Found
Anderer Spiegelserver wird versucht.
(7/11): rpmfusion-free/20/x86_64/group_gz                   | 1.6 kB  00:00     
updates/20/x86_64/pkgtags      FAILED                                          
http://mirror.1000mbps.com/fedora/linux/updates/20/x86_64/repodata/3a810fcd709a53bec6270b989c4799367c19b85c0d35112cc0835ce7479e078b-pkgtags.sqlite.gz: [Errno 14] HTTP Error 404 - Not Found
Anderer Spiegelserver wird versucht.
(8/11): rpmfusion-free/20/x86_64/primary_db                 | 445 kB  00:00     
updates/20/x86_64/updateinfo   FAILED                                          
http://mirror.1000mbps.com/fedora/linux/updates/20/x86_64/repodata/418dbd12af6795571f815b836aada093514abb1e7293fccfbed97c63ad70de16-updateinfo.xml.gz: [Errno 14] HTTP Error 404 - Not Found
Anderer Spiegelserver wird versucht.
updates/20/x86_64/pkgtags      FAILED                                          
http://mirror2.hs-esslingen.de/fedora/linux/updates/20/x86_64/repodata/3a810fcd709a53bec6270b989c4799367c19b85c0d35112cc0835ce7479e078b-pkgtags.sqlite.gz: [Errno 14] HTTP Error 404 - Not Found
Anderer Spiegelserver wird versucht.
(9/11): adobe-linux-x86_64/primary                          | 1.2 kB  00:00     
(10/11): updates/20/x86_64/updateinfo                       | 1.4 MB  00:00     
(11/11): updates/20/x86_64/pkgtags                          | 1.2 MB  00:00     
Determining fastest mirrors
 * fedora: be.mirror.eurid.eu
 * rpmfusion-free: download1.rpmfusion.org
 * rpmfusion-free-updates: download1.rpmfusion.org
 * rpmfusion-nonfree: download1.rpmfusion.org
 * rpmfusion-nonfree-updates: download1.rpmfusion.org
 * updates: fedora-mirror01.rbc.ru
adobe-linux-x86_64                                                          2/2
No packages marked for update

So, yum tells me no update available.

[root@mysystem ~]# date ; dnf clean all
Do 25. Sep 17:51:06 CEST 2014
Quellen werden aufgeräumt:logstash-1.4 mbooth-eclipse-luna
                        : rpmfusion-free-updates fedora-HandBrake
                        : rpmfusion-nonfree-updates rpmfusion-free
                        : adobe-linux-x86_64 fedora rpmfusion-nonfree
                        : fedora-chromium-stable updates
Alles wird aufgeräumt
[root@mysystem ~]# date ; dnf update 
Do 25. Sep 17:51:13 CEST 2014
logstash repository for 1.4.x packages        251 kB/s | 364 kB     00:01    
The eclipse-luna Software Collection for Fedo 6.9 MB/s | 388 kB     00:00    
RPM Fusion for Fedora 20 - Free - Updates     6.2 MB/s | 389 kB     00:00    
Open source multiplatform video transcoder     58 kB/s | 6.5 kB     00:00    
RPM Fusion for Fedora 20 - Nonfree - Updates  3.1 MB/s | 106 kB     00:00    
RPM Fusion for Fedora 20 - Free               7.1 MB/s | 487 kB     00:00    
Adobe Systems Incorporated                    3.1 kB/s | 1.8 kB     00:00    
Fedora 20 - x86_64                            3.1 MB/s |  36 MB     00:11    
RPM Fusion for Fedora 20 - Nonfree            5.9 MB/s | 289 kB     00:00    
Builds of the "stable" tag of the Chromium We  82 kB/s | 241 kB     00:02    
Fedora 20 - x86_64 - Updates                   10 MB/s |  26 MB     00:02    
Abhängigkeiten sind aufgelöst.
Installieren    2 Packages
Aktualisieren  80 Packages
Entfernen       4 Packages

and dnf tells me my updates are ready to install! Guest I should start using dnf from now on.

Posted in Fedora, Linux, Uncategorized | Tagged | 3 Comments

Bachelor Thesis: Centralized and structured log file analysis with Open Source and Free Software tools

After a lot of hard work I finished my bachelor thesis end of August and gave my colloquium end of September. Because of all the other stuff going on in my life I just have now time to upload my thesis.

I’m interested in log file analysis for a long time, but in the last years a lot has happened in this area. Here the abstract:

This thesis gives an overview on the Open Source and Free Software tools available for a centralized and structured log file analysis. This includes the tools to convert unstructured logs into structured log and different possibilities to transport this log to a central analyzing and storage station. The different storage and analyzing tools will be introduced, as well as the different web front ends to be used by the system administrator. At the end different tool chains will be introduced, that are well tested in this field.

Because of the time delay, some infos are already dated, but only two things, as fas as I know:

1. Graylog2 has now a new version available in Beta.

2. logstash has release a new version 1.2.1

I will keep this updated over time here on the blog, so have a look from time to time. If you find any problem, please inform me here at the blog or via mail:¬† “logfiles jens.kuehnel.org” (add the @ at the right place).

The URL of the Thesis is at: http://www.kuehnel.org/bachelor.pdf

Have a log of fun and tell me what you think.

Posted in Enterprise Linux, Fedora, Linux, logs | Tagged , | 1 Comment

note to self: Fedora minimal Installation and virt-manager

If you need to install virt-manager on a Fedora/Red Hat minimal installation, add the following packages:

yum install xorg-x11-fonts-Type1 xorg-x11-xauth libvirt-daemon-kvm libvirt virt-manager qemu-kvm qemu-kvm-tools
Posted in Uncategorized | Tagged | Comments Off on note to self: Fedora minimal Installation and virt-manager

Very simple time sync sollution for Satellite


because I don’t want to create a Google Account, here my comment to the blogpost¬†Time on Computers, NTP, Certificates, etc from .

The simplest method is to put the following line into the pre script:

hwlock --systohc

On the Satellite this commands are necessary:

yum install -y xinetd
chkconfig time-stream on
chkconfig time-dgram on
Posted in Uncategorized | Tagged | 2 Comments

uptime madness, or why do you need to reboot just because you replace the harddiscs?

I just got an new HP Microserver for a customer. I only had two 500GB disc available and installed Centos onto it. But now the 4* 3TB discs have arrived and I need to move everything from the 2 small discs to the new large discs.

Of course I could do a reboot, boot into a rescue CD and copy the data, but I don’t want to boot! Why no reboot? because I can! ūüôā

I installed Centos onto the 2 disc with md0 as a 500MB RAID1 containing /boot, and md1 as a RADI1 containing the rest of the discs hosting a LVM Physical Volume.

This configuration is not guaranteed to work with every setup. Booting with a Bios from a GPT Partition should not work. It works on a HP Microserver, but it does not work on a Asus Motherboard I tried it as well. Of course as always: If you follow this setup and it breaks, eats you data, your homework or you cat. It is you own fault, don’t blame me!

1.) I started by stopping the RAID for sdb to remove this disc.

mdadm -f /dev/md0 /dev/sdb1
mdadm -r /dev/md0 /dev/sdb1
mdadm -f /dev/md1 /dev/sdb2
mdadm -r /dev/md1 /dev/sdb2

2. I removed the disc from the machine and put it into a USB/SATA Converter, and put it back into the RAID. Nowadays it’s very fast because the RAID detects what is still in sync. I feared a long wait to sync 500GB over USB, but is was done in seconds instead. Nice!

mdadm -a /dev/md0 /dev/sdb1
mdadm -a /dev/md1 /dev/sdb2

3. Next I removed the remaining disc from the RAID and remove it from the case. Now you have a backup disc in case something goes wrong now!

mdadm -f /dev/md0 /dev/sda1
mdadm -r /dev/md0 /dev/sda1
mdadm -f /dev/md1 /dev/sda2
mdadm -r /dev/md1 /dev/sda2

4. Now I plugged in the 4 new 3TB hard discs. I run the usual badblocks -v -v -w on it, before I installed it. Create on every disc 2 partitions and mark them as Linux SW RAID.

parted -s -- /dev/sda \
mklabel gpt \
mkpart boot-raid ext2 1M 525M \
toggle 1 raid \
mkpart lvm-raid ext2 525M -1 \
toggle 2 raid

5. Add the 500MB partitions to md0. Remove the old Partition from the USB-Disk and extend the RAID from a 2 disc RAID1 to a 4 disc RAID1.

mdadm -a /dev/md0 /dev/sda1
mdadm -a /dev/md0 /dev/sdc1
mdadm -a /dev/md0 /dev/sdd1
mdadm -a /dev/md0 /dev/sde1
mdadm -f /dev/md0 /dev/sdb1
mdadm -r /dev/md0 /dev/sdb1
mdadm -G -n 4 /dev/md0

6. Create a new RAID. Is use RAID 5 named /dev/md2 and create a Physical Volume on it.

mdadm -C -n 4 -l 5 /dev/md2 /dev/sda2 /dev/sdc2 /dev/sdd2 /dev/sde2
pvcreate /dev/md

7. Extend the existing Volume Group to /dev/md2 and move all Data from md1 to md2. Remove md1 from the Volume Group when done and destroy md1.

vgextend vg_name /dev/md2
pvmove /dev/md1 /dev/md2
vgreduce vg_name /dev/md1
mdadm -S /dev/md

8. The hardest stop is to make the boot possible. You need to get the UUID of the new RAID1 and add that to the grub.conf. Also you need to update your mdadm.conf  and recreate your initramfs. Finally you need to install grub again onto the new sda.

mdadm -D /dev/md2 | grep UUID | sed -e 's/UUID : //'
#add resulting UUID with rd_MD_UUID= to all kernels
mdadm --examine --scan >> /etc/mdadm.conf
dracut -f /boot/initramfs-$(uname -r).img $(uname -r)
grub-install /dev/sda

9. reboot.

Wait, why reboot now, when I tried not to reboot? Because sooner or later you have to reboot and I want to now know if that will work.

Posted in Enterprise Linux, Fedora, Linux | Tagged | 1 Comment

Thank you Seth Vidal, my first ansible playbook

I was shocked when I heard about Seth Vidal’s death. Of course I use yum daily, but it brought tears to my eyes, when I was reading my¬† “my TODO List after a install” and realized that Seth was one of two people who responded. Thanks Seth, I will remember you.

So in reference to him, here my first ansible playbook:

- hosts: all
  user: root
  - name: make sure eth0 starts at boot
    lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp=^ONBOOT= line=ONBOOT=yes backup=yes

  - name: put ssh-key in
    authorized_key: user=root key="{{lookup('file', '~/.ssh/id_dsa.pub') }}" manage_dir=yes

  - name: get epel-repo rpm RHEL6
    get_url: dest=/tmp/epel-release.rpm  url=http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
    when: ansible_os_family == 'RedHat' and ansible_lsb.major_release|int == 6
  - name: get epel-repo rpm RHEL5
    get_url: dest=/tmp/epel-release.rpm  url=http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
    when: ansible_os_family == 'RedHat' and ansible_lsb.major_release|int == 5

  - name: install epel-repo rpm
    yum: pkg=/tmp/epel-release.rpm state=installed

  - name: install my packages
    yum: pkg={{ item }} state=installed
    when: ansible_os_family == 'RedHat' and ansible_lsb.major_release|int == 6
#       - mmv 
       - policycoreutils-python
       - mod_ssl
       - screen
       - policycoreutils-python 
       - iotop 
       - yum-plugin-ps 
       - yum-cron   
       - iptraf 
       - acpid 
       - man 
       - bind-utils 
       - vim-enhanced 
       - nc 
       - zip 
       - unzip 
       - wget 
       - etckeeper 
       - links 
       - screen 
       - yum-utils 
       - lsof 
       - bash-completion 
       - ddrescue 
       - dos2unix 
       - dstat 
       - lftp 
       - links 
       - hdparm 
       - smartmontools 
       - jwhois 
       - kexec-tools 
       - mc 
       - mcelog 
       - memtest86+ 
       - mtr 
       - nmap 
       - ntp 
       - openssh-server 
       - pbzip2 
       - rng-tools 
       - sysstat 
       - vconfig 
       - vlock 
       - lzop 
       - atop 
       - mosh

  - name: activate autoupdate
    service: enabled=yes state=started name=yum-cron

  - name: initialize etckeeper
    command: /usr/bin/etckeeper init creates=/etc/.git/description
  - name: make first commit
    command: /usr/bin/etckeeper commit -m "init" creates=/etc/.git/COMMIT_EDITMSG
Posted in Enterprise Linux, Fedora, Uncategorized | Tagged | 1 Comment