20141021

DELETE tun interfaces

A quick note on killing a bug in a previous recipe and deleting protocol 41 tunnel interfaces in linux.

datun is an interface used as one of the edges in a 6in4 tunnel set with
ip tunnel add datun mode sit remote 192.0.2.49 local 198.51.100.50 ttl 64 
ip link set datun up


seen as
# ifconfig datun
datun Link encap:IPv6-in-IPv4 


and taken down with
# ip link set datun down
at the 6in4 tunnels to the IPv6 Internet how-to, even in places we needed to delete the tunnel instead of putting it down, causing all kinds of errors and confusion.

To delete a tunnel interface.
ip tunnel del datun


To restart the 6in4 tunnel it may be easier and better to destroy it and set it again.
# ip tunnel del datun
# /etc/network/if-up.d/ipv6-tunnel.sh




delete tun interface

20141020

tripwire notes

Yet another tripwire ( as in the open source file integrity checker for Unix Systems ) how-to for debian , like tripwire ... but, hopefully, easier to follow.

Assuming you trust your repositories, your distribution, etc
# apt-get install tripwire
and then click the no, no, and OK buttons.

Ideally, the tripwire binaries and the tripwire database are stored in a read only medium that can be mounted as read-write for updates. I would use an SD card or some other medium that I can set "mechanically" to read-only. Some administrators put the binaries and the DB in an NFS.I think that putting the binaries and the DB in an NFS would increase the attack surface. If you are not in the mood or do not have the resources to take the extra steps to secure further the integrity of the tripwire binaries and the tripwire DB at least save copies of the files and their cryptographically secure checksums in other hosts.

In debian the tripwire binaries are statically linked and located in /usr/sbin and the DB is located in /var/lib/tripwire.
# sha256sum /usr/sbin/tripwire |tee ~/twsums
0e4791bb58dfc4095dba902621b72111d61bf1838d77aff4ae00d3c7432d5739  /usr/sbin/tripwire
# sha256sum /usr/sbin/tw* |tee -a ~/twsums
bc01ac66aa421d2e5324983150bea573b2e2d3ee004293501b0dcc4ce1560898  /usr/sbin/twadmin
e1b097eaf28f3ec54114cba7cc82a1ab4122a9fb82590422d9820711c884e5e9  /usr/sbin/twprint
# sha256sum /usr/sbin/siggen |tee -a ~/twsums 
e5e72b264f9b4fa86aa88e0f893b6031457e30b510f28bcb31ea1296b38566bd  /usr/sbin/siggen


Tripwire uses $HOSTNAME a lot in the configuration and policy files. Make sure that you are happy with hostname, if not change the hostname before continuing the tripwire configuration.

Create a site key.
# cd /etc/tripwire/
# twadmin --generate-keys --site-keyfile site.key
# chmod 400 site.key
The site key is used to secure the integrity of the tripwire configuration files.

Create a local key.
# twadmin --generate-keys --local-keyfile `hostname`-local.key
# chmod 400 *cal.key
The local key is used to protect the integrity of the local tripwire database.

Create and sign tw.cfg --the tripwire configuration file.
# stor twcfg.txt
# vi twcfg.txt 
# twadmin --create-cfgfile --cfgfile tw.cfg --site-keyfile site.key twcfg.txt
Please enter your site passphrase: 
Wrote configuration file: /etc/tripwire/tw.cfg


Create and sign tw.pol --the tripwire policy file.
# stor twpol.txt
# vi twpol.txt
# twadmin --create-polfile --cfgfile tw.cfg --site-keyfile site.key twpol.txt
Please enter your site passphrase: 
Wrote policy file: /etc/tripwire/tw.pol


Make the policy and configuration files readable and writable only by the root user.
# chmod 600 *txt
# chmod 600 *cfg
# chmod 600 *pol


Initialize the tripwire database.
# tripwire --init
Please enter your local passphrase: 
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
# ...
Wrote database file: /var/lib/tripwire/anaxagoras.twd
The database was successfully generated.


Test that tripwire can send email.
# tripwire --test --email example@example.net


Check integrity and produce report.
# tripwire --check


View report.
# twprint -m r --twrfile /var/lib/tripwire/report/hostname-latest.twr |less


It is highly unlikable that you are using all the files in the "Root config files" rulename in the debian default twpol.txt. Also you may want to adjust the "Devices & Kernel information" rulename since /proc (meaning recursive /proc/*) may be too much to track in normal servers.

Adjust the tripwire policy and initialize a new tripwire database.
# stor twpol.txt
# vi twpol.txt
# twadmin -m P -S site.key twpol.txt 
# tripwire --init


Check for integrity, create a report and OK changes if any.
Once the editor opens look for [x] and delete the x if you are not OK with that change.
# tripwire --check --interactive
Integrity check complete.
Please enter your local passphrase: 
Wrote database file: /var/lib/tripwire/anaxagoras.twd


You may enter an `interactive` mode from a report as well. eg:
# tripwire --update --twrfile /var/lib/tripwire/report/hostname-date-time.twr
and again look for [x] and delete the x if you are not OK with that change.

Email alerts.
To email an alert we need to add an emailto definition to at least one rulename.
So we need to update the tripwire policy. eg:
#
# Critical Libraries
#
(
  rulename = "Root file-system libraries",
  severity = $(SIG_HI),
  emailto = root,
  emailto = systembot@ares.ipduh.rox
)
{
        /lib                    -> $(SEC_BIN) ;
}

If /lib is changed an alert will be sent to root and systembot@ares.ipduh.rox.


Check integrity, produce report and email alerts.
# tripwire --check --email-report


The debian package sets a cronjob that creates reports and emails alerts daily.
#!/bin/sh -e

tripwire=/usr/sbin/tripwire

[ -x $tripwire ] || exit 0

umask 027

$tripwire --check --quiet --email-report


View the tripwire database.
# twprint -m d --print-dbfile |less


View tripwire information for a file eg:/var/test
# twprint -m d --print-dbfile /lib/test


The system used in this how-to.
ii  tripwire                           2.4.2.2-2                     amd64        file and directory integrity checker
# cat /etc/issue /etc/debian_version 
Debian GNU/Linux 7 \n \l

7.6





Links:
The Design and Implementation of Tripwire: A File System Integrity Checker





Tripwire how-to

20141018

apache disable SSLv3

Notes on disabling SSLv3 in apache.

Test if SSLv3 is available.
$ openssl s_client -connect ipduh.com:443 -ssl3


In Debian SSLv2 is disabled by default but SSLv3 is available.

# grep SSLProtocol /etc/apache2/mods-available/ssl.conf
SSLProtocol all -SSLv2


To disable SSLv3 add '-SSLv3' in /etc/apache2/mods-available/ssl.conf
# vi /etc/apache2/mods-available/ssl.conf


If you are using SSL Virtual Hosts you may need to add
SSLProtocol All -SSLv2 -SSLv3
in each VirtualHost definition.

Restart Apache
# /etc/init.d/apache2 restart


Test again if SSLv3 is disabled.
$ openssl s_client -connect ipduh.com:443 -ssl3
CONNECTED(00000003)
140330958718632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
140330958718632:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:




apache disable SSLv3

20141017

libguestfs notes

Libguestfs basics.

Install.
# apt-get install libguestfs-tools 
# apt-get install guestfish



guestfish

The libguestfs Filesystem Interactive SHell.

An example: explore, read and write to disk image file within the libguestfs VM.
# guestfish --rw -a /home/vm/anaxagoras.qcow2
> run
 100% ⟦▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓⟧ 00:00
> list-filesystems
/dev/vda1: ext4
/dev/vda2: unknown
/dev/vda5: swap
> mount /dev/vda1 /


Add a file to the disk image file system.
> touch /etc/guestfish_play
> edit /etc/guestfish_play
> quit
#



virt-cat

Display files in a virtual machine.

eg:
# virsh list
 Id    Name                           State
----------------------------------------------------
 9     anaxagoras                     running

# virt-cat anaxagoras /etc/issue
Debian GNU/Linux 7 \n \l
# virt-cat anaxagoras /etc/hostname
anaxagoras




guestmount

Mount a guest filesystem on the host using FUSE and libguestfs

Install
# apt-get install guestmount


Mount rw a filesystem contained in a disk image file.
# mkdir /mnt/anax
# guestmount -a /home/vm/anaxagoras.qcow2 -m /dev/vda1 --rw /mnt/anax/


# cat /mnt/anax/etc/guestfish_play
hi
# echo "hi kosme" > /mnt/anax/etc/guestfish_play
# mv /mnt/anax/etc/guestfish_play /mnt/anax/etc/guestmount_play
# umount /mnt/anax


guestmount is and looks traditionally-scriptable. However, guestfish is as or more scriptable. Also, libguestfs has cute C , Perl and Python APIs.


virt-df

List free space on virtual filesystems.
# virt-df anaxagoras
Filesystem                           1K-blocks       Used  Available  Use%
anaxagoras:/dev/sda1                  19751804     840608   17907832    5%



virt-filesystems

List filesystems, partitions, block devices, LVM in a virtual machine or a disk image file.

eg:
# virt-filesystems --long --parts --blkdevs -a /home/vm/anaxagoras.qcow2 -h
Name       Type       MBR  Size  Parent
/dev/sda1  partition  83   19G   /dev/sda
/dev/sda2  partition  05   1.0K  /dev/sda
/dev/sda5  partition  82   880M  /dev/sda
/dev/sda   device     -    20G   -



or

# virt-filesystems --long -h --all -a anaxagoras.qcow2 
Name       Type        VFS      Label  MBR  Size  Parent
/dev/sda1  filesystem  ext4     -      -    19G   -
/dev/sda2  filesystem  unknown  -      -    1.0K  -
/dev/sda5  filesystem  swap     -      -    880M  -
/dev/sda1  partition   -        -      83   19G   /dev/sda
/dev/sda2  partition   -        -      05   1.0K  /dev/sda
/dev/sda5  partition   -        -      82   880M  /dev/sda
/dev/sda   device      -        -      -    20G   -



virt-list-filesystems

List filesystems in a virtual machine or disk image.

eg:
# virt-list-filesystems anaxagoras.qcow2 
/dev/sda1
# virt-list-filesystems anaxagoras
/dev/sda1






virt-resize

Resize a virtual disk image file.

Eg: Expand the 20GB anaxagoras qcow2 disk image file to a 30GB qcow2 disk image file.
# truncate -r anaxagoras.qcow2 anaxagoras30G.qcow2
# truncate -s +10G anaxagoras30G.qcow2
# virt-resize --expand /dev/sda1 anaxagoras.qcow2 anaxagoras30G.qcow2 
Examining anaxagoras.qcow2 ...
**********

Summary of changes:

/dev/sda1: This partition will be resized from 19.1G to 29.1G.  The 
    filesystem ext4 on /dev/sda1 will be expanded using the 'resize2fs' 
    method.

/dev/sda2: This partition will be left alone.

**********
Setting up initial partition table on anaxagoras30G.qcow2 ...
Copying /dev/sda1 ...
 100% ⟦▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓⟧ 00:00
Copying /dev/sda2 ...
 100% ⟦▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓⟧ 00:00
Expanding /dev/sda1 using the 'resize2fs' method ...

Resize operation completed with no errors.  Before deleting the old 
disk, carefully check that the resized disk boots and works correctly.

Test resized image.
# cd /etc/libvirt/qemu/
# stor anaxagoras.xml
# virsh
virsh # edit anaxagoras
virsh # define anaxagoras.xml
virsh # start anaxagoras
virsh # quit
# ssh anaxagoras
root@anaxagoras:~# df -h
Filesystem                                              Size  Used Avail Use% Mounted on
rootfs                                                   29G  822M   27G   3% /
udev                                                     10M     0   10M   0% /dev
tmpfs                                                   202M  172K  202M   1% /run
/dev/disk/by-uuid/8ca4bd34-120c-45ff-bd0b-86d8de552d10   29G  822M   27G   3% /
tmpfs                                                   5.0M     0  5.0M   0% /run/lock
tmpfs                                                   579M     0  579M   0% /run/shm


More virt-.* tools.
virt-alignment-scan    virt-filesystems       virt-ls                virt-tar-in
virt-cat               virt-format            virt-make-fs           virt-tar-out
virt-clone             virt-host-validate     virt-pki-validate      virt-viewer
virt-convert           virt-image             virt-rescue            virt-win-reg
virt-copy-in           virt-inspector         virt-resize            virt-xml-validate
virt-copy-out          virt-install           virt-sparsify          
virt-df                virt-list-filesystems  virt-sysprep           
virt-edit              virt-list-partitions   virt-tar               


The system used.
# cat /etc/debian_version /etc/issue
7.6
Debian GNU/Linux 7 \n \l





libguestfs basics

20141014

mount qcow disk image files

Notes on mounting qcow disk image files.
Use this method to mount qcow2 disk image files you trust.

Load the network block device -- nbd -- module with partition support.
# modprobe nbd max_part=8


See - list nbd devices.
# ls /dev/nbd*
/dev/nbd0  /dev/nbd10  /dev/nbd12  /dev/nbd14  /dev/nbd2  /dev/nbd4  /dev/nbd6 /dev/nbd8
/dev/nbd1  /dev/nbd11  /dev/nbd13  /dev/nbd15  /dev/nbd3  /dev/nbd5  /dev/nbd7 /dev/nbd9


Make sure that the qcow2 disk image is not used by a virtual machine.

Connect a qcow2 disk image to the Qemu Disk Block Device Server.
# qemu-nbd -c /dev/nbd0 /home/vm/anaxagoras.qcow2


List nbd0* devices
# ls /dev/nbd0*
/dev/nbd0  /dev/nbd0p1 /dev/nbd0p2  /dev/nbd0p5


Mount partitions.
# mkdir /mnt/imgs
# mount /dev/nbd0p1 /mnt/imgs/


Check mounted partition.
# ls /mnt/imgs/
bin   dev  home        lib    lost+found  mnt  proc  run   selinux  sys  usr  vmlinuz
boot  etc  initrd.img  lib64  media   opt  root  sbin  srv     tmp  var


Unmount and Clean up.
# umount /dev/nbd0p1
# mount |grep nbd
#


Disconnect from the Qemu Disk Block Device Server.
# qemu-nbd -d /dev/nbd0
# ls /dev/nbd0*
/dev/nbd0


Unload nbd.
# modprobe -r nbd


The system used.
# cat /etc/debian_version /etc/issue
7.6
Debian GNU/Linux 7 \n \l

# uname -r
3.2.0-4-amd64




Mount qcow2 files in the host



20141013

debian on debian KVM II

An attempt to simplify an older debian on debian KVM how-to.

The system.
# cat /etc/debian_version /etc/issue
7.6
Debian GNU/Linux 7 \n \l

# uname -r
3.2.0-4-amd64
# grep "model\ name" /proc/cpuinfo -m1
model name : Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
# egrep "vmx|svm" /proc/cpuinfo -c
4


Install qemu-kvm, libvirt-bin and virtinst
# apt-get update
# apt-get install qemu-kvm libvirt-bin virtinst


Create a bridge (containing) to the host's physical interface

Create a debian guest that uses a virtual interface attached to a bridge interface named b0.
# mkdir /home/vm
# virt-install --connect qemu:///system -n anaxagoras -r 2048 -vcpus=1 --disk path=/home/vm/anaxagoras.qcow2,size=20 -c /insigdato/OS.iso/debian-7.6.0-amd64-netinst.iso --vnc --noautoconsole --os-type linux --description anaxagoras --network=bridge:b0 --hvm


To console into the new KVM guest from another host
( assuming you are working on a remote host ).

Find out where the KVM guest VNC console socket is in the KVM host.
# netstat -putan|grep kvm
tcp        0      0 127.0.0.1:5900          0.0.0.0:*               LISTEN      7499/kvm        



Set up SSH socket forwarding in another host
$ ssh -lroot -L 5900:localhost:5900 192.0.2.29
where 192.0.2.29 is the KVM_host IP address.

and console into the forwarded socket.
$ vncviewer localhost
5900 is the default port. For ports above 5900 use port_number-5900 to find out the vncviewer `port`.



Install.





I don 't like vnet0, vnet1 etc and prefer better names for the virtual interfaces attached to the bridge b0. To give a more descriptive name to the virtual interface and possibly circumvent a few issues I had in previous versions of virtinst and libvirt.
# virsh
virsh # edit anaxagoras
add
<target dev='anaxagoras'/>
in <interface ...     --Naming, the second toughest problem in CS :)

Set the KVM guest to autostart.
virsh # autostart anaxagoras
Domain anaxagoras marked as autostarted


and start it.
virsh # start anaxagoras
Domain anaxagoras started


List running guests.
virsh # list 
 Id    Name                           State
----------------------------------------------------
 2     anaxagoras                     running

virsh # exit



Inspect the ethernet bridge.
# brctl show
bridge name bridge id         STP enabled interfaces
b0          8000.40167e6d6745 yes         anaxagoras
                                          eth0










bridged KVM guest how-to



20141012

bridging for kvm

A basic layer 2 bridging how-to for virtualization like KVM in debian.

Many times, in KVM hosts we need to bridge the host's physical network interface with the virtual network interfaces used by the KVM guests.

Install the bridge utilities
# apt-get install bridge-utils


List network interfaces
# ip a|grep ":\ "
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN 
2: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


Inspect the ethernet bridge(s)
# brctl show
bridge name bridge id  STP enabled interfaces
# 
None yet.

Create a bridge instance that you can access from an interface named b0.
# brctl addbr b0


Show bridge
# brctl show
bridge name bridge id  STP enabled interfaces
b0  8000.000000000000 no  


You may add the physical interface(s) to the bridge.
# brctl addif b0 eth0
However, do not try it if you are working on a remote host.
See below how to adjust the interfaces file instead.

Delete b0
# brctl delbr b0


Adjust /etc/network/interfaces to create a "persistent" bridge and restart networking.
# vi /etc/network/interfaces
# /etc/init.d/networking restart


An example /etc/network/interfaces file where the host has the IP address 192.0.2.29/25 and the interface to the bridge is called b0.
auto lo
iface lo inet loopback


auto eth0
iface eth0 inet manual

auto b0
iface b0 inet static
 address 192.0.2.29
 netmask 255.255.255.128
 network 192.0.2.0
 broadcast 192.0.2.127
 gateway 192.0.2.10
 dns-nameservers 192.0.2.4
 dns-search ipduh.rocks
        bridge_ports eth0
        bridge_stp on           #spanning tree 
        bridge_waitport 0       #no delay before a port becomes available
        bridge_fd 0             #no forwarding delay
        bridge_maxwait 0



Inspect bridge.
# brctl show
bridge name bridge id         STP enabled interfaces
b0          8000.40167e6d6745 yes         eth0


List network interfaces.
# ip a|grep ":\ "
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN 
2: eth0:  mtu 1500 qdisc pfifo_fast master b0 state UP qlen 1000
4: b0:  mtu 1500 qdisc noqueue state UP 


Add a KVM host (anaxagoras) and inspect the bridge.
# brctl show
bridge name bridge id         STP enabled interfaces
b0          8000.40167e6d6745 yes         anaxagoras
                                          eth0



The system used.
# cat /etc/issue /etc/debian_version 
Debian GNU/Linux 7 \n \l

7.6
# uname -r
3.2.0-4-amd64







L2 bridging for KVM

20141009

directadmin mysql open files limit

directadmin mysql open_files_limit notes

The directadmin `root` mysql password is called da_admin and you may find its password at
# ls -l /usr/local/directadmin/conf/mysql.conf
-r-------- 1 diradmin diradmin 30 Nov  5  2013 /usr/local/directadmin/conf/mysql.conf
# cat /usr/local/directadmin/conf/mysql.conf


Log in to the mysql server
# mysql -u da_admin -p 
Enter password:


Find out current open files limit
mysql> show variables like 'open%';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| open_files_limit | 1024  |
+------------------+-------+
1 row in set (0.00 sec)

mysql> exit;
Bye


Set limit to 10240
# echo "open_files_limit = 10240" >> /etc/my.cnf


Restart the mysql daemon
# /etc/init.d/mysqld restart


Check new open_files_limit
# mysql -u da_admin -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.5.9 MySQL Community Server (GPL)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like 'open%';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| open_files_limit | 10240 |
+------------------+-------+
1 row in set (0.00 sec)

mysql> exit
Bye
# 




directadmin mysql open_files_limit

20141007

Files as storage devices for KVM guests

A note on adding extra raw files for extra storage to KVM guests.



Create the "empty" "image" 1GB file named vm4_xtra.img
# dd if=/dev/zero of=/home/vm/vm4_xtra.img bs=1M count=1024


For larger files you would not want to use dd. Use fallocate instead eg:
# fallocate -l 50G vm4_xtra.img


Backup KVM host configuration
# cd /etc/libvirt/qemu/
# stor vm4.xml 
devz:vm4.xml is at ./stor/vm4.xml.0


Add the new virtual drive to the KVM guest configuration. eg:
 
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw'/>
      <source file='/home/vm/vm4_xtra.img'/>
      <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='1' unit='0'/>
   </disk>

  


Redefine KVM guest
# virsh
virsh # define /etc/libvirt/qemu/vm4.xml 
Domain vm4 defined from /etc/libvirt/qemu/vm4.xml


Start KVM guest
virsh # start vm4
Domain vm4 started
virsh # quit


Log into the KVM guest and list drives
# fdisk -l
The new virtual HD should be /dev/sdb

Partition /dev/sdb
# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x54ac0969.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-2097151, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151): 
Using default value 2097151

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 83

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.


Format
# mkfs.ext4 /dev/sdb1


Adjust root reserved blocks percentage
# tune2fs -m 0 /dev/sdb1
tune2fs 1.42.5 (29-Jul-2012)
Setting reserved blocks percentage to 0% (0 blocks)


Mount
# mkdir /vm4_xtra
# mount /dev/sdb1 /vm4_xtra/


Adjust fstab
# echo "/dev/sdb1  /vm4_xtra  ext4  defaults  0  2" >> /etc/fstab


The system used
# cat /etc/issue /etc/debian_version
Debian GNU/Linux 6.0 \n \l

6.0.7
# uname -r
2.6.32-5-amd64






adding file storage devices in KVM guests