Raid0 Recovery Scenario – Part 1

Posted on 2011/10/17 by raphi

Situation

Well, just got 2 harddisks in for recovery. The PC manufacturer apparently decided to have 2 harddisks in a RAID0, but now since one of the harddisks failed, there was no way to simply get the data back. As you might know, RAID0 sucks! If you only have one drive working, you might be able to find some headers of a JPG for example, but when you try to view it, you’ll notice that only parts of the image are intact. This is because of the striping, which stores a block (usually sth like 64K, 128K) on disk0 and the next block is on disk1. So one disk is useless for sure!

fixing the harddrives

First of all I wanted to get an image (using ddrescue) of both disks. Disk0 went through smoothly, so I had the image within a blink of an eye.. Disk1 was a bit more of a hassle, it initially didn’t want to initialize properly (clickin’).. Since I’ve had two identical harddrives (in terms of firmware, model etc.) I’ve simply swapped the ECB among them, and voila, disk1 was also spinning up and spitting out the data! :-D nice! So let’s proceed with the 2 disk-images.

rebuilding the raid0

Now that I’ve got the disks imaged, I can start to first rebuild the RAID0 part. My plan was to get rid of the RAID0, which was 2x 500GB, and rebuild it to a single drive with 1TB.
First looking for something pre-built software to do this part, I started using ‘pyraid’, which is able to recover RAID0 and RAID5. Soon after, I’ve noted that the performance is not what I expected, so according to my calculations, it would have taken several days to ‘rebuild’ the drive.
Bash is my friend, it was up to me to quickly put a few lines together to get this job done. 

#!/bin/bash
OUTPUT=/dev/sdc ## the target device
BLOCKSIZE=128k ## or stripesize, however you call it
echo -n >mass-dd.sh
for i in $(seq 0 3815553); do

    INPUT=/dev/loop0 ## raid0 disk1
    INPUTsector=$i
    OUTPUTsector=$(($INPUTsector*2))
    echo "sudo dd if=$INPUT bs=$BLOCKSIZE skip=$i seek=$OUTPUTsector count=1 of=$OUTPUT conv=notrunc 2>/dev/null" >>mass-dd.sh

    INPUT=/dev/loop1 ## raid0 disk2
    INPUTsector=$i
    OUTPUTsector=$(($INPUTsector*2+1))
    echo "sudo dd if=$INPUT bs=$BLOCKSIZE skip=$i seek=$OUTPUTsector count=1 of=$OUTPUT conv=notrunc 2>/dev/null" >>mass-dd.sh

done

This script is just a quick helper, which will write to a file called ‘mass-dd.sh’, which then contains all the dd calls to rebuild the raid. Afterwards use one of these lines to start rebuilding:

## start rebuilding
$ cat mass-dd.sh | sh
## resume rebuilding at a known point
$ grep -A 500000000 'skip=3751208' mass-dd.sh | sh

## start rebuilding with several threads, might give a performance improvement, can't say.. Needs GNU Parallel installed
$ cat mass-dd.sh | parallel -k -j 4 sh {}
$ grep -A 500000000 'skip=3751208' mass-dd.sh | parallel -k -j 4 sh {}

## only read from one input-file at a time, might increase the performance (can also be run using GNU Parallel)
$ grep /dev/loop0 mass.sh | sh
$ grep /dev/loop1 mass.sh | sh

So, that’s it for part one, haven’t finished part two yet. Next one will have the details about fixing the logical part with the partition-table and filesystem.

Cheers,
Raphi

Posted in data recovery | Tagged , , , , , , , , | 1 Comment

Show ‘HTTP://’ prefix in Firefox 7

Posted on 2011/10/04 by raphi

..freshly upgraded to Firefox 7, but apparently the ‘HTTP://’ is gone in the addressbar. If you’re looking under ‘Options’ to get it activated again, you’re wrong. So quickly the steps to re-enable it again:

  • open firefox
  • browse to ‘about:config’
  • search for ‘browser.urlbar.trimURLs’
  • change the value to ‘false’

That’s it already!

Cheers,
Raphi

BTW, why would somebody want a ‘feature’ like that…? tzzzz… :-D

Posted in tech | Tagged , , , | Leave a comment

Windows 2008 Server password reset

Posted on 2011/07/05 by raphi

..Stupid password restrictions on Windows machines.. ;-) Just booted up a test Windows ADS Server in a VM where I couldn’t remember the password. The 12345 didn’t work because I couldn’t set it to that initially… :-p
Anyway, a quick research revealed that there’s a nice ‘hook’ where I could sneak in.. In Windows there’s the ‘magnify.exe’ which is just perfect to get replaced by a cmd.exe. As the magnify.exe can be loaded on the login screen, we can do just everything if we do this.
OK, let’s start:

  • Boot the Windows Server using a Linux Live-CD (I recommend to have a look at http://grml.org/
  • mount your Windows Partition using NTFS-3G
  • move the file ‘magnify.exe’ to ‘magnify.old’ in C:\Windows\System32 (of course the path in Linux differs)
  • copy the file ‘cmd.exe’ to ‘magnify.exe’ in C:\Windows\System32
  • Unmount it again and reboot again into your windows
  • As soon as you’ve got the logon screen, you can click on the ‘easy access’ tools. Enable the ‘magnifier’ there and press apply
  • Now you should get a new cmd
  • in the cmd enter ‘net user /domain’ and press enter (replace user/password accordingly, also /domain is only required for domaincontrollers — example ‘net user Administrator blabla /domain’)
  • Reboot (don’t try to login yet!) and then login as usual

That’s it, now you’ve got your password reset. If you like you can remove the cmd.exe and put the original magnifier back in place. Same procedure but in reverse :-D

Notes

Cheers,
Raphi

Posted in tech | Tagged , , , , | 2 Comments

Syslog Monitoring

Posted on 2011/05/31 by raphi

I just was recently looking for a method to monitor a syslog server. But as per design, syslog works using UDP, so there’s no real indication that a simple syslog message has made it through successfully. As I wanted to have this service monitored by Nagios, I was looking for something, but seems like nobody cares about syslog :-D
On the syslog boxes, I have mysql databases keeping their content, so I can generate a syslog Message, wait a moment, and then check if the entry exists now in the mysql DB.
The result is the script below. It’s rather messy, but works just fine :-D

You can call it like that:

./checksyslog.sh MYSQLUSER MYSQLPASSWORD SYSLOGSERVER

#########################################################
# Author:        Raphael Hoegger
# Source:        http://blog.pfuender.net/?p=410
# License:       This file is licensed under the GPL v2.
# Latest change: 2011.04.29 15:04:33
# Version:       1.00
#########################################################

## Server-Settings
SyslogServer=$3
SyslogPort=514
MysqlServer=$3
MysqlUser=$1
MysqlPassword=$2
MysqlDatabase=syslog
MysqlColumn=Message
MysqlTable=radius

## Syslogmessage settings
rand=$RANDOM
timestamp=$(date +%s)
date=$(date +"%b %d %k:%M:%S")
Hostname=$(hostname)
EventSource="check_logserver"
Message="Syslog UDP Monitoring"
MessageID="$rand-$timestamp"

## Nagios Exitcodes
ERROK=0
ERRWARNING=1
ERRCRITICAL=2
ERRUNKNOWN=3

## Generate a test syslogmessage
printf "<182>$date $hostname $EventSource[$$]: $Message $MessageID\n" | netcat -u -w 1 -p 5514 $SyslogServer $SyslogPort ## as a normal user we can't bind to 514..
if [ $? -ne 0 ] ; then
  printf "Syslog-Send failed\n"
  ErrorSyslog=1
fi

sleep 5 ## wait before checking mysql..

## Check for the mysql entry
SQLQuery="select count($MysqlColumn) as \"\" from $MysqlTable where Message=\"$Message $MessageID\""
EntryCount=$(mysql -N --batch -u $MysqlUser -p$MysqlPassword -h $MysqlServer -D $MysqlDatabase -e "$SQLQuery" 2>/dev/null)
if [ $? -ne 0 ] ; then
  printf "MySQL failed\n"
  ErrorMysql=1
fi

if [ "$EntryCount" -eq 1 -a "$ErrorMysql" -eq 0 -a "$ErrorSyslog" -eq 0  ] ; then echo "UP, RTT=${SECONDS}s" ; Errorcode=$ERROK
  else echo "DOWN" ; Errorcode=$ERRCRITICAL
fi

exit $Errorcode

If somebody wants to rewrite the code, feel free to do so! ;-)

Cheers,
Raphi

Posted in tech | Tagged , , , , , , | Leave a comment

VMware ESXi 4.0 – 4.1 Update

Posted on 2011/04/27 by raphi

I’ve just had a VMware ESXi 4.0 in front of me, which needed an upgrade. Not a big deal if you’re able to find the right KB articles on their website…
OK, so here are the steps to upgrade a VMware ESXi 4.0 to a VMware ESXi 4.1 Update.

  • Download and install the VMware Vsphere CLI
  • Fire up a ‘cmd’
  • Navigate to the ‘bin’ folder of your vSphere CLI Installation (cd “C:\Program Files (x86)\VMware\VMware vSphere CLI\bin”)
  • Put the ESXi Server in Maintenance Mode
  • Adjust & Execute the command below according to your environment
  • Reboot the ESXi Server
  • Get the ESXi Server out of the Maintenance Mode
vihostupdate.pl --server 192.168.1.100 --username root --password password -i -b "C:\upgrade-from-esxi4.0-to-4.1-update01-348481.zip"

Notes

  • To monitor the progress of the installation, just connect through the vSphere GUI and watch the progressbar at the bottom. Please note, this only worked on some machines for me, not all!
  • This procedure has been done on a Win7 64bit.
  • The ‘–verbose’ parameter isn’t useful at all.. It doesn’t show a progress-bar or similar, it’s just a dump of the XML’s sent over the line..

That’s it already!

Cheers,
Raphi

Posted in tech | Tagged , , , | Leave a comment