1Mar/150
migrating from openrc to systemd
# remove blocking package, systemd provides the functionality. emerge -C sys-fs/udev openrc netifrc virtual/service-manager sysvinit # comment out service manager and openrc from your @system set, defined in /usr/portage/profiles/base/packages # add systemd to use flags emerge -av systemd emerge -av virtual/udev virtual/libudev # set kernel options& recompile Gentoo Linux ---> Support for init systems, system and service managers ---> [*] systemd # to kernel command line: init=/usr/lib/systemd/systemd hostnamectl set-hostnamecat /etc/locale.conf # LANG="en_US" localectl set-locale LANG=en_US localectl set-keymap us
28Feb/150
install gentoo from liveCD
suppose we booted up for a liveCD/USB
#mount the destination device, DEV mount DEV /mnt/gentoo cd /mnt/gentoo wget http://mirror.mdfnet.se/gentoo/releases/amd64/autobuilds/current-stage3-amd64-nomultilib/stage3-amd64-20150226.tar.bz2 tar xjpf stage3* cd / mkdir -p /mnt/{dev,proc,sys} mount -t proc proc /mnt/gentoo/proc mount --rbind /dev /mnt/gentoo/dev mount --rbind /sys /mnt/gentoo/sys cp -L /etc/resolv.conf /mnt/gentoo/etc/ chroot /mnt/gentoo /bin/bash source /etc/profile emerge-webrsync eselect profile list passwd #timezone cp /usr/share/zoneinfo/Europe/Oslo /etc/localtime echo "Europe/Oslo" > /etc/timezone emerge --config timezone-data # glibc will generate lang files according to: nano locale.gen locale-gen eselect locale list # check /etc/fstab
28Feb/150
ZFS dataset hierarchy on a single user machine
# the pool zpool create -o ashift=12 -O mountpoint=none -O atime=off -O snapdir=visible rpool /dev/mapper/crypt_zfs # Create filesystems: rootfs, var and home # rootfs and home has 2 copy of each file as a mirror in single dev. zfs create -o copies=2 -o compress=lz4 -o mountpoint=/ rpool/rootfs zfs create -o copies=2 -o compress=lz4 -o mountpoint=/home rpool/home # var is not a child of rootfs and the zfs daemon will mount it # after systemd creates it, leading to a: cannot mount /var, # dir already exists error. see link[1] zfs create -o compress=lz4 -o quota=20G -o mountpoint=legacy rpool/var # on the second thought, copies=2 makes more sence than quota zfs create -o copies=2 -o compress=lz4 -o mountpoint=legacy rpool/var # /etc/fstab should be this line only: rpool/var /var zfs defaults 0 0 # var has 2 children with no compression zfs create -o compress=off -o mountpoint=/var/portage/distfiles rpool/var/portage_distfiles zfs create -o compress=off -o mountpoint=/var/portage/packeges rpool/var/portage_packages # swap check blocksize with: getconf PAGESIZE, default is 4K zfs create -V 4G -b 4K rpool/swap mkswap -f /dev/zvol/rpool/swap swapon /dev/zvol/rpool/swap # snapshot of rootfs before sysupdates # snapshot of home regularly # reset var to initial (right after bootstrap) snapshot when it's too big zfs umount -a zpool set bootfs=rpool/rootfs rpool zpool export rpool zpool import -R /mnt/rpool rpool chroot /mnt/rpool # install...
TODO: making rootfs readonly and mounting it readwrite only at system updatws.
28Feb/150
gentoo gcc optimalization – make.conf
edit you /etc/portage/make.conf
# chost [4] # 64bit intel processors are AMD64 or x86_64, IA64 is for ithanium CHOST="x86_64-gentoo-linux-gnu" # CPU arch # use gcc to detech your arch: gcc -c -Q -march=native --help=target | grep march CFLAGS="-march=broadwell -O2 -pipe -fomit-frame-pointer" CXXFLAGS="${CFLAGS}" # emerge -1v app-portage/cpuinfo2cpuflags # cpuinfo2cpuflags CPU_FLAGS_X86="mmx mmxext sse sse2 sse3" USE="${CPU_FLAGS_X86} ..." # N = #CPUs + 1 or just #CPUs, see link[3] # interl 5y10 has 2 cores (x2 hyper threading): MAKEOPTS="-j4" ABI_X86="64" # debug symbols stripped FEATURES="splitdebug" #misc: # accept all unstable packages too ACCEPT_KEYWORDS="~amd64" # accept all licenses ACCEPT_LICENSE="*" # x11-base/xorg-drivers VIDEO_CARDS="intel i965" INPUT_DEVICES="evdev keyboard mouse mutouch virtualbox synaptics" # pick the highest if possible PYTHON_TARGETS="pypy python3_4" RUBY_TARGETS="ruby22"
[1] Gentoo wiki: http://wiki.gentoo.org/wiki/GCC_optimization
[2] Look up your CPU architecture https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/i386-and-x86-64-Options.html#i386-and-x86-64-Options
[3]https://blogs.gentoo.org/ago/2013/01/14/makeopts-jcore-1-is-not-the-best-optimization
[4]http://wiki.gentoo.org/wiki/CHOST
26Feb/150
gentoo packages after minimal install
# step zero: update gentoo #first step emerge -av eix gentoolkit # networking emerge -av iw dhcpcd wpa_supplicant iwl7265-ucode # kernel update gentoo-sources zfs cryptsetup staticpgp (gnupg) genkernel-next # misc emerge -av vim genlop parted # X i3 i3lock i3status dmenu mesa xorg-server # everyday vlc libreoffice mupdf thunderbird firefox #develop kdevelop cmake lcov valgrind gdb # monitor pciutils sysstat htop util-linux usbutils iotop acpi
23Feb/150
monitoring I/O
With iostat
, which is in the gentoo package: app-admin/sysstat
.
$ iostat -dm 2 Linux 3.15.6-gentoo () 02/23/15 _x86_64_ (12 CPU) Device: tps MB_read/s MB_wrtn/s MB_read MB_wrtn sda 144.86 9.30 8.70 40364 37740 sdb 0.03 0.00 0.00 3 0 sdc 9.13 0.00 1.07 0 4636
16Feb/150
zfs backup to file
#create snapshot zfs snapshot POOL/FS@DESCRIPTION #list snapshots zfs list -t snapshot #save zfs send SNAPSHOT | xz --threads=12 --verbose > FILE.img.xz #restore xz --threads=12 --decompress --verbose FILE.img.xz -c | zfs receive POOL/NEW_FS
15Feb/150
LUKS with remote header, encrypted key
# create encrypted key export GPG_TTY=$(tty) dd if=/dev/urandom bs=8388607 count=1 | gpg --symmetric --cipher-algo AES256 --output KEY.gpg # allocate empty file for hader with size truncate -s 2M HEADER.img #encrypt # NOTE: the LUKS header will be overriden with mkfs gpg --decrypt KEY.gpg | cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash sha512 --header HEADER.img --key-file - luksFormat DEV #check result (instead of DEv it is the header) cryptsetup luksDump HEADER.img #add fallback password if the KEYFILE is lost (to the header not to DEV) mkfifo /tmp/gpgpipe gpg --decrypt KEYFILE | cat - >/tmp/KEYFILE2 cryptsetup --key-file /tmp/KEYFILE2 luksAddKey HEADER.img rm -vf /tmp/KEYFILE2 #open gpg --decrypt KEY.gpg | cryptsetup --header HEADER.img --key-file - open DEV enc # and close cryptsetup close enc
15Feb/150
block device from file
Mounting a loopback device.
In the kernel config, CONFIG_BLK_DEV_LOOP
needs to be set.
# Check the used devices: losetup -a # Create the file dd if=/dev/zero of=FILENAME bs=1024k count=MEGABYTES # Attach loopback device to file losetup /dev/loopN FILENAME # Creating filesystem on device mkfs.ext3 /dev/loopN # Mounting dev mount /dev/loopN MOUNTPOINT # umount umount MOUNTPOINT # detach losetup -d /dev/loopN