ssh-agent via systemd

Main issue if you're not using desktop environment, how and when to start "ssh-agent" to store your ssh identity info. In case of full DE you have special daemon, like "gnome-keyring".

On the other hand there are a lot of custom hacks like "how to use ssh-agent with screen" or "using with xinitrc", etc.

Finally i've found that using ssh-agent with systemd is pretty useful. Example from arch wiki is not working for me (i assume for others also). I'm not using separate systemd socket and use additional SuccessExitStatus=2 parameter.

1) Create "~/.config/systemd/user/ssh-agent.service"

mkdir -p ~/.config/systemd/user
cat << EOF > ~/.config/systemd/user/ssh-agent.service
[Unit]
Description=ssh-agent

[Service]
ExecStart=/usr/bin/ssh-agent -d -a %t/ssh_auth_sock
SuccessExitStatus=2

[Install]
WantedBy=default.target
EOF

2) Start and enable ssh-agent service

systemctl --user daemon-reload
systemctl --user enable ssh-agent
systemctl --user start ssh-agent

3) Check that it works properly

ssh-add -l

OpenStack Horizon good catch

TL;DR

Wanna share my joy, i always want to finish _debugging_ with awesome oneline fix...this is it.

We'r doing multi-regional OpenStack across at least 7 datacenters. PKI tokens are really good for such kind of deployments.

- No token storage required. (except non-critical token hashes)
- Token verification without keystone

Unfortunately cons of this approach that token are pretty big ~8Kbytes. At least full catalog packed into token. Finally we'r using PKIZ (compressed PKI) to decrease the size (Backported to Icehouse from Juno).

All works like a charm...before today after adding one more region. We've noticed that Horizon stopped to show "Project" tab nor any additional tenants for user. From CLI all works perfectly.

Error:  Request attribute token must be less than or equal to 8192.

Finally found that we'r affected by this bug. Horizon while getting project list tries to send _full_ token instead of id (md5 hash) that's why token not fits into 8K.

The simplest workaround (not the solution) was to increase keystone "max_token_size". My challenge was to not finish on this easy workaround and continue to dig deeper.

P.S.: My uncompressed token was 8.5K (88 endpoints)
P.S.S.: Large OpenStack community has it's benefits: in 80% cases someone already plunged into your issue and filled a bug .

Updating BIOS with USB stick on Thinkpad (Linux)

Basically Lenovo supports two ways of upgrading BIOS: Windows upgrade utility or burning ISO to CD.
I don't have nor Windows nor CD-ROM on my laptop.

Idea is to prepare bootable USB stick from the ISO.

1) Get the BIOS Update Bootable CD from http://support.lenovo.com (In my case for T530)
2) Convert ISO to img. This is most important step because. Based on manual from thinkwiki.org i'd used
"geteltorito" script for convertation. This script supports special harddisk emulation (BootMediaType=4) ISO format.

wget http://userpages.uni-koblenz.de/~krienke/ftp/noarch/geteltorito/geteltorito
chmod +x geteltorito
./geteltorito -o bios.img ~/Downloads/g4uj25us.iso

3) dd image onto USB stick. ( CAREFUL: Use real path to USB instead of /dev/sdX )

sudo dd if=bios.img of=/dev/sdX bs=512K

4) Boot from USB and follow the instructions. Also please read official readme before doing any flashing. (i.e. for T530)

NOTES:
- Make sure USB booting enabled in BIOS. "Config --> USB --> USB UEFI BIOS support" should be "Enabled"
- After updating firmware i've plunged into issue with not workable "brightness control" keys. Solution: add kernel paramenter acpi_osi="!Windows 2012"

Webex on Arch (64bit)

The main aim of this post just to help with installing webex on 64bit Arch by this method. Unfortunately package is outdated. Latest [Nov 12] version of archive could be found here.

So to build from sources:

wget https://www.dropbox.com/s/jsrbs07t5545x03/firefox32-20141112-1.src.tar.gz?dl=1 -O firefox32-20140714-1.src.tar.gz
tar xf firefox32-20140714-1.src.tar.gz && cd firefox32
sudo makepkg -s
sudo pacman -U firefox32-20140714-1-x86_64.pkg.tar.xz

To start 32-bit firefox:

firefox32

AAAhhh! Recovering after "dd"!!!

dd if=/dev/zero of=/dev/sda bs=1M

Yeeeah, i did it on my laptop (F**n copy-pasting):

Ctrl+C after 1sec and ~700MB zeroed. Perfect evening!!!

But system is still alive. So no problem, let's start:

#0 I'm lucky, because 700MB equal "sda1 (/boot) + part of sda2 (old Ubuntu partition, i don't need it). My root (sda5 with Arch) not affected. I need to recover partition table itself and "/boot".

#1 Old partition table still in memory
cat /proc/partitions                                                                                                                                                              [23:32:52]
major minor  #blocks  name

 179        0    1966080 mmcblk0
 179        1    1965952 mmcblk0p1
   8        0  488386584 sda
   8        1     194560 sda1
   8        2  195221504 sda2
   8        3     976896 sda3
   8        4          1 sda4
   8        5  104856576 sda5
   8        6  187133976 sda6
 254        0   36700160 dm-0
 254        1   31457280 dm-1
 254        2   31457280 dm-2
 254        3   20971520 dm-3

#2 Recreating same partition table with fdisk
fdisk /dev/sda

"o"   create a new empty DOS partition table
"n"   add a new partition. For Last sector use +<BLOCKs from /proc/partitions>

After double (or more) checking:
"w"   write table to disk and exit

#3 recovering /boot
unmount /boot
mkfs.ext2 /dev/sda1
mount /boot
WARN: Special for Arch only (https://wiki.archlinux.org/index.php/syslinux)
pacman -U /var/cache/pacman/pkg/linux-3.13.8-1-x86_64.pkg.tar.xz
pacman -U /var/cache/pacman/pkg/syslinux-6.02-8-x86_64.pkg.tar.xz
syslinux-install_update -i -a -m
vim /boot/syslinux/syslinux.cfg <-- Set right root partition to sda5

That's it. And KISS for everyone.