Category: Linux

Categories
Linux

inspect a systemd service

To inspect a systemd service, you need some handy commands.

Examine service names

First you have to get the correct service name you want to inspect. 

systemctl list-units --type=service

You can use grep to filter the list.

Gather information of service

You can show the current status of a service with:

systemctl status servicename

Then you can display all options that describe the service:

systemctl show servicename

And you can show all files which belongs to the service description:

systemctl cat servicename
Categories
Linux

disable shutdown, reboot or suspend temporarily in systemd

Sometimes you have some long running uninterruptible processes or tasks, which should not be terminated or killed under normal circumstances. For this problem systemd provides a simple solution to prevent the shutdown or reboot of a system

You just have to use systemd-inhibit for starting your process. As long as your process is running, systemd-inihibt will delay or block a shutdown or reboot task. The following operations can be inhibited:

  • shutdown
  • sleep
  • idle
  • handle-power-key
  • handle-suspend-key
  • handle-hibernate-key
  • handle-lid-switch

In default settings you would inhibit idle, sleep and shutdown.

You can view all current inhibits with:

systemd-inhibit --list

To block a shutdown while you are burning a CD, you would run:

systemd-inhibit wodim foobar.iso

You also can inhibit a specific behavior by time using the sleep command. To disable automatic sleep mode for one day, when you close the lid of your laptop, you would run:

systemd-inhibit --what=handle-lid-switch sleep 1d

Categories
Linux Networking

partial use of DNS in OpenVPN split-tunnel in Ubuntu

In Ubuntu 18.04 LTS my network configuration is setup by NetworkManager and DNS is provided by systemd. If you use a split-tunnel, which means you didn’t route all your traffic through the VPN connection, the DNS server announced by the VPN server will not be used in any situation.

To solve this issue, you can use the script update-systemd-resolved to automatically correct the DNS settings after OpenVPN connection.

As I wrote, NetworkManager didn’t support all OpenVPN options, you have to use openvpn directly and not via NetworkManager to use this solution.

Installation

First you have to save the script to your disk. I saved it in path /etc/openvpn/scripts/update-systemd-resolved.

Configuration

Then you have to modify your OpenVPN profile and add the following lines to the end:

dhcp-option DOMAIN-ROUTE myvpndomain.de.
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/scripts/update-systemd-resolved
up-restart
down /etc/openvpn/scripts/update-systemd-resolved
down-pre

This will run the update script after connection setup and before tear down. Additionally it will mark all DNS queries to myvpndomain.de to use the DNS server provided by the VPN tunnel and not the already defined DNS server.

To check if it is successful, you can run:

systemd-resolve --status

And the output should contain something like:

Link 34 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 10.10.20.1
          DNS Domain: ~myvpndomain.de

Link 3 (wlp4s0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.1
          DNS Domain: ~.
Categories
Linux

run custom script on USB connect in Linux

You can run custom scripts after you have connected a USB device to a Linux system. So you can then perform custom actions also only if a specific device was plugged in.

In modern Linux systems the udevd daemon is used to handle the devices. You can define rules for specific actions the udev should do.

First you have to gather some informations about your target device. You can use the command udevadm monitor to monitor udev events. Some useful commands are also:

CommandUsage
udevadm monitor -pview all events with full properties
udevadm monitor -p -s blockview all events with full properties of block subsystem related events

If your device is already connected, you can also query the attributes of an existing device using (for example disk /dev/sdb): udevadm info -a -n /dev/sdb

Here you should extract some unique attributes of your device.

To run your custom script or command you have to create such a rules file, for example /etc/udev/rules.d/10-myusbstick.rules, defining the match rules for your extracted attributes and the wanted action.

SUBSYSTEM=="block", ACTION=="add", ENV{DEVTYPE}=="partition", ATTRS{idProduct}=="441a", ATTRS{idVendor}=="0815", ATTRS{serial}=="123697755110", ENV{UDISKS_AUTO}="0", ENV{UDISKS_IGNORE}="1", RUN += "/usr/local/sbin/customscript.sh"

You should check that for every event the attributes are matching, the script will be started. So if your rule is too wide, you will call your script multiple times. You can use udevadm monitor to monitor the events and you also can use a simple debug script to get a feeling about the handling:

#!/bin/bash
echo "got event in pid: $$" >> /tmp/udevdebug.log
env >> /tmp/udevdebug-$$.log

The script will add an entry to the file /tmp/udevdebug.log with the own PID and will output the full environment, which contains all relevant variables from udevd, to an logfile.

Categories
Linux Networking

import OpenVPN connection into Linux NetworkManager

The most desktop oriented linux distributions uses NetworkManager for configuring the network interfaces. NetworkManager also supports VPN connections and so there is also a plugin for OpenVPN. To use it, you can use NetworkManager UI and setup your VPN connection or you can import a .ovpn file, also via console.

sudo nmcli connection import type openvpn file /home/frank/myconnectionprofile.ovpn

NetworkManager will parse the ovpn file and extract all known settings and convert it to an NetworkManager VPN profile. Unfortunately NetworkManager doesn’t support every OpenVPN directive, so it may not work. If this is the case you can only use openvpn directly to connect to the VPN.

openvpn myconnectionprofile.ovpn
Categories
Linux

setup custom .desktop-file

Gnome Desktop defines a file which describes an application. These description results in the icons and starters of applications in Gnome Desktop.

So if you want to add an custom application or an script as own application icon you have to write a custom .desktop file.

Your user specific .desktop-files are stored in ~/.local/share/applications.

Using gnome-desktop-item-edit

Gnome Desktop delivers a simple tool to create a desktop file called “gnome-desktop-item-edit”. You can use it from console:

mkdir -p ~/.local/share/applications
gnome-desktop-item-edit --create-new ~/.local/share/applications/myapp.desktop

Writing by hand

If you have special requirements, you will create your file by hand. Just open your favorite text editor and create a new .desktop file with for example the following content:

#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=true
Exec=/home/user/vpn.sh
Name=VPN
Icon=network-vpn

This will create an application icon which starts a custom script (/home/user/vpn.sh) in an own terminal window.

Icons can be found in directory /usr/share/icons or you can reference a full path to any icon file.

If you use Terminal=true, you will see that the running terminal window is matched to the normal terminal windows and not to your application icon. To solve this you can use a custom Window Manager class and start your script with gnome-terminal and your custom class.

#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Exec=gnome-terminal --class=VPNConnection --name=VPN -- /home/user/vpn.sh
Name=VPN
Icon=network-vpn
StartupWMClass=VPNConnection

More options and also a description of the here used ones can be found in the Desktop Entry Specification.

Categories
Linux

disable automount for specific USB devices in Linux

I had the problem that I don’t want to automount a specific USB device in Linux. I could switch whole automount off, but this was not what I wanted.

To achieve this, you can define a specific udev rule. Udev is the widely used daemon for handling devices of Linux kernels in user space.

First you need to know how to identify your device. So plug your USB stick in and view the device specific parameters. The following example assumes, that your USB stick is added as /dev/sdb.

sudo udevadm info -a -n /dev/sdb

You will see everything which is related to this USB device, so also USB hub, etc. So be careful to choose the correct attributes for further filtering.

Now you have to add a udev rule for your device. You should create a new rules file, for example in /etc/udev/rules.d/10-myspecialdevice.rules with the following content:

ATTRS{idProduct}=="449a", ATTRS{idVendor}=="0815", ATTRS{serial}=="foobar", ENV{UDISKS_AUTO}="0"

The first 3 ATTRS parts are your extracted attributes from the previous command. The last sets an environment variable UDISKS_AUTO which handles the automount behavior of Gnome. There are more variables, for example UDISKS_IGNORE=1 for hiding the device in Nautilus. The following overview can be found in the man pages via man udisks:

UDISKS_SYSTEM
If set, this overrides the value of the HintSystem property.

UDISKS_IGNORE
If set, this overrides the value of the HintIgnore property.

UDISKS_AUTO
If set, this overrides the value of the HintAuto property.

UDISKS_CAN_POWER_OFF
If set, this overrides the value of the CanPowerOff property.

UDISKS_NAME
The name to use for the device when presenting it in an user interface. This corresponds to the HintName property.

UDISKS_ICON_NAME
The icon to use for the device when presenting it in an user interface. If set, the name must adhere to the freedesktop.org icon theme specification[4]. This corresponds to the HintIconName property.

UDISKS_SYMBOLIC_ICON_NAME
The icon to use for the device when presenting it in an user interface using a symbolic icon. If set, the name must adhere to the freedesktop.org icon theme specification[4]. This corresponds to the HintSymbolicIconName property.

UDISKS_FILESYSTEM_SHARED
If set to 1, the filesystem on the device will be mounted in a shared directory (e.g. /media/VolumeName) instead of a private directory (e.g. /run/media/$USER/VolumeName) when the Filesystem.Mount() method is handled.

ID_SEAT
The physical seat the device is attached to. If unset or set to the empty string, “seat0” (the first seat) is assumed.

After you created your file you have to reload your rules:

sudo udevadm control --reload
Categories
Linux

cleanup Btrfs volumes

Sometimes your Btrfs disk can reported to be full or nearly full but you haven’t that amount of data saved on that volume.

To solve this you have to rebalance parts of your Btrfs volume. This is something like defragmentation. I had different parts, which needed rebalanced.

You can show currently used space with (/ is here mount path of your Btrfs volume):

btrfs filesystem df /

You will get something similar to this output:

Data, single: total=437.00GiB, used=388.76GiB<br>System, single: total=4.00MiB, used=64.00KiB<br>Metadata, single: total=6.01GiB, used=4.17GiB<br>GlobalReserve, single: total=512.00MiB, used=0.00B

The difference between total and used can be freed. For metadata you have to call:

btrfs balance start -m /

And for Data you have to call:

btrfs balance start -dusage=90 -v /

The option -dusage=90 filters all data blocks which are maximum filled by 90 %. Pay attention that a full rebalance could took some time and uses many IO resources, because everything would be rewritten. So you should start with lower values and rerun with large values if there was not freed enough space.

You can also combine -m and -dusage=90 into one task.

A long running rebalancing can be monitored with:

btrfs balance status /
Categories
Linux

limit or pause resync of mdadm

If you have a running resync job of mdadm this job can impact your normal operations a lot under different circumstances. You can limit the resync throughput with two kernel variables:

  • /proc/sys/dev/raid/speed_limit_min
  • /proc/sys/dev/raid/speed_limit_max

You can set here the minimum and maximum bandwidth in kibibytes per second(1024 Bytes).

Unfortunately you cannot set 0 to pause the resync. But you can set it to 1 kibibyte per seconds. This is nearly zero and is enough to be nearly pause.

But pay attention! If you raid is not sync you risk data loss.