debian housekeeping

script /common/scripts/

apt-get install deborphan debfoster

#apt-get remove –purge package
#apt-get clean

the later will clean the /var


will show files and libraries still left after the apt-get remove –purge, if you don’t recognize a library, keep it, later on, deborphan will give you a list of ‘orphaned’ libraries that are hanging with no use, and are safe to nuke.

if you make a mistake with debfoster, type ‘u’ and will ask you again if you want to keep it. When you are thru with it, invoke deborphan.


will give a list of libraries that are hanging just taking space, to get rid of them:

#deborphan | xargs apt-get -y remove –purge

when thru with that:

#apt-get clean

recently after a dist-ugrade to sid, it installed emacs21, i removed it, and debfoster found some files like emacsen, etc.

aptitude purge ~c
apt-get autoremove

Also you do not need the “remove” when doing apt-get remove –purge package, just apt-get purge package.

deborphan | xargs apt-get -y remove –purge

To remove all orphaned data packages run:

deborphan –guess-dev | xargs apt-get -y remove –purge

To see all the orphaned packages on your system run:

deborphan –guess-all

Hits: 6

Debian Upgrade 8 to 9

Note: Disable Network Bonding at switch and OS

# aptitude search '~o'

# apt-get update
# apt-get upgrade
# apt-get dist-upgrade

# dpkg -C

# apt-mark showhold

deb stretch main
deb stretch-updates main
deb stretch/updates main

# apt-get update

# apt list --upgradable

# apt-get upgrade
# apt-get dist-upgrade

# aptitude search '~o'
# aptitude purge ~o (removes obsolete packages)

# apt-get autoremove

Remove ^rc packages
# dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs sudo dpkg --purge

# reboot

GPS Time Server:
root@GPS2 /etc/udev/rules.d # cat 09.gps.rules
KERNEL==”ttyAMA0″, SYMLINK+=”gps0″
KERNEL==”pps0″, OWNER=”root”, GROUP=”tty”, MODE=”0777″, SYMLINK+=”gpspps0″

root@GPS2 /etc/udev/rules.d # /usr/sbin/ntpd –help
ntpd – NTP daemon program – Ver. 4.2.6p5

# NTP Boot Config
/etc/init.d/ntp stop
/bin/echo -e ‘$PMTK314,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0*29\r\n’ > /dev/ttyAMA0
/bin/sleep 30
/etc/init.d/ntp restart

# for more options see

root@GPS2 /common/home/cak/workntp # cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with “#” are ignored.


driftfile /var/log/ntpstats/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
filegen protostats file protostats type day enable
filegen sysstats file sysstats type day enable

fudge stratum 10
server mode 17 minpoll 3 maxpoll 3 prefer
fudge flag1 1 refid GPS2 time2 0.400

peer gps1.lan.side

# By default, exchange time with everybody, but don’t allow configuration.
restrict default nomodify noquery kod notrap

# Local users may interrogate the ntp server more closely.

root@hcst001:/etc/init.d# systemctl –failed –all
● apache2.service loaded failed failed The Apache HTTP Server
● atd.service loaded failed failed Deferred execution scheduler
● cron.service loaded failed failed Regular background program processing daemon
● ipmievd.service loaded failed failed IPMI event daemon
● rpcbind.service loaded failed failed RPC bind portmap service
● rsyslog.service loaded failed failed System Logging Service
● ssh.service loaded failed failed OpenBSD Secure Shell server
● systemd-modules-load.service loaded failed failed Load Kernel Modules
● rpcbind.socket loaded failed failed RPCbind Server Activation Socket
● syslog.socket loaded failed failed Syslog Socket

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

10 loaded units listed.
To show all installed unit files use ‘systemctl list-unit-files’.

root@hcst001:/etc/init.d# systemctl list-unit-files
proc-sys-fs-binfmt_misc.automount static
-.mount generated
boot.mount generated
dev-hugepages.mount static
dev-mqueue.mount static
media-cdrom0.mount generated
media-usb0.mount generated
media-usb1.mount generated
media-usb2.mount generated
NAS-backup.mount generated
NAS-log.mount generated
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
run-rpc_pipefs.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
acpid.path enabled
systemd-ask-password-console.path static
systemd-ask-password-wall.path static
acpid.service disabled
apache-htcacheclean.service disabled
apache-htcacheclean@.service disabled
apache2.service enabled
apache2@.service disabled
apt-daily-upgrade.service static
apt-daily.service static
atd.service enabled
auth-rpcgss-module.service static
autovt@.service enabled
bind9-pkcs11.service disabled
bind9-resolvconf.service disabled
bind9.service enabled
bootlogd.service masked
bootlogs.service masked
bootmisc.service masked
checkfs.service masked
checkroot-bootclean.service masked
checkroot.service masked
console-getty.service disabled
console-setup.service enabled
container-getty@.service static
cron.service enabled
cryptdisks-early.service masked
cryptdisks.service masked
dbus-org.freedesktop.hostname1.service static
dbus-org.freedesktop.locale1.service static
dbus-org.freedesktop.login1.service static
dbus-org.freedesktop.network1.service disabled
dbus-org.freedesktop.resolve1.service disabled
dbus-org.freedesktop.timedate1.service static
dbus.service static
debug-shell.service disabled
dm-event.service disabled
emergency.service static
fail2ban.service enabled
fancontrol.service enabled
fuse.service masked
getty-static.service static
getty@.service enabled
halt.service masked
hddtemp.service generated
hostname.service masked
hwclock.service masked
ifup@.service static
inetd.service generated
initrd-cleanup.service static
initrd-parse-etc.service static
initrd-switch-root.service static
initrd-udevadm-cleanup-db.service static
ipmidrv.service generated
ipmievd.service disabled
irqbalance.service enabled
keyboard-setup.service enabled
killprocs.service masked
kmod-static-nodes.service static
kmod.service static
lm-sensors.service enabled
lvm2-lvmetad.service disabled
lvm2-lvmpolld.service disabled
lvm2-monitor.service enabled
lvm2-pvscan@.service static
lvm2.service masked
mdadm-raid.service generated
mdadm.service generated
memcached.service generated
module-init-tools.service static
motd.service masked
mountall-bootclean.service masked
mountall.service masked
mountdevsubfs.service masked
mountkernfs.service masked
mountnfs-bootclean.service masked
mountnfs.service masked
networking.service enabled
nfs-blkmap.service disabled
nfs-common.service masked
nfs-config.service static
nfs-idmapd.service static
nfs-kernel-server.service enabled
nfs-mountd.service static
nfs-server.service enabled
nfs-utils.service static
nmbd.service enabled
ntp.service generated
openipmi.service generated
phpsessionclean.service static
portmap.service enabled
postfix.service enabled
postfix@.service disabled
procps.service static
quotaon.service static
rc-local.service static
rc.local.service static
rc.service masked
rcS.service masked
reboot.service masked
rescue.service static
rmnologin.service masked
rpc-gssd.service static
rpc-statd-notify.service disabled
rpc-statd.service disabled
rpc-svcgssd.service static
rpcbind.service enabled
rsync.service enabled
rsyslog.service enabled
samba-ad-dc.service masked
samba.service masked
screen-cleanup.service masked
sendsigs.service masked
serial-getty@.service disabled
single.service masked
smartd.service enabled
smartmontools.service enabled
smbd.service enabled
snmpd.service enabled
ssh.service enabled
ssh@.service static
sshd.service enabled
stop-bootlogd-single.service masked
stop-bootlogd.service masked
sudo.service disabled
syslog.service enabled
systemd-ask-password-console.service static
systemd-ask-password-wall.service static
systemd-backlight@.service static
systemd-binfmt.service static
systemd-exit.service static
systemd-fsck-root.service static
systemd-fsck@.service static
systemd-fsckd.service static
systemd-halt.service static
systemd-hibernate-resume@.service static
systemd-hibernate.service static
systemd-hostnamed.service static
systemd-hwdb-update.service static
systemd-hybrid-sleep.service static
systemd-initctl.service static
systemd-journal-flush.service static
systemd-journald.service static
systemd-kexec.service static
systemd-localed.service static
systemd-logind.service static
systemd-machine-id-commit.service static
systemd-modules-load.service static
systemd-networkd-wait-online.service disabled
systemd-networkd.service disabled
systemd-poweroff.service static
systemd-quotacheck.service static
systemd-random-seed.service static
systemd-reboot.service static
systemd-remount-fs.service static
systemd-resolved.service disabled
systemd-rfkill.service static
systemd-suspend.service static
systemd-sysctl.service static
systemd-timedated.service static
systemd-timesyncd.service enabled
systemd-tmpfiles-clean.service static
systemd-tmpfiles-setup-dev.service static
systemd-tmpfiles-setup.service static
systemd-udev-settle.service static
systemd-udev-trigger.service static
systemd-udevd.service static
systemd-update-utmp-runlevel.service static
systemd-update-utmp.service static
systemd-user-sessions.service static
udev.service static
umountfs.service masked
umountnfs.service masked
umountroot.service masked
urandom.service static
user@.service static
x11-common.service masked
xinetd.service generated
machine.slice static
system.slice static
user.slice static
acpid.socket enabled
dbus.socket static
dm-event.socket enabled
lvm2-lvmetad.socket enabled
lvm2-lvmpolld.socket enabled
rpcbind.socket enabled
ssh.socket disabled
syslog.socket static
systemd-fsckd.socket static
systemd-initctl.socket static
systemd-journald-audit.socket static
systemd-journald-dev-log.socket static
systemd-journald.socket static
systemd-networkd.socket disabled
systemd-rfkill.socket static
systemd-udevd-control.socket static
systemd-udevd-kernel.socket static
dev-disk-by\x2duuid-ec862752\x2d373a\x2d475f\x2da7de\x2debc8e0941802.swap generated static static static static static disabled static static disabled static static static disabled static static static static static static static disabled static static static static static static enabled static static static disabled static disabled static enabled disabled static disabled disabled static static static static disabled static static static static static static static static static static static static static static
apt-daily-upgrade.timer enabled
apt-daily.timer enabled
phpsessionclean.timer enabled
systemd-tmpfiles-clean.timer static

279 unit files listed.

Hits: 5

Debian Squeeze 802.3ad

Debian Lenny and Squeeze
2x Realtek 8169
1x Reaktek 8169, 1x nForce
D-Link DGS-1210-24 Rev. A

cat /proc/net/bonding/bond0

mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)
One slave interface is active at any time. If one interface fails, another interface takes over the MAC address and becomes the active interface. Provides fault tolerance only. Doesn’t require special switch support.

mode=2 (balance-xor)
Tranmissions are balanced across the slave interfaces based on ((source MAC) XOR (dest MAC)) modula slave count. The same slave is selected for each destination MAC. Provides load balancing and fault tolerance.

mode=3 (broadcast)
Transmits everything on all slave interfaces. Provides fault tolerance.

mode=4 (802.3ad)
This is classic IEEE 802.3ad Dynamic link aggregation. This requires 802.3ad support in the switch and driver support for retrieving the speed and duplex of each slave.

mode=5 (balance-tlb)
Adaptive Transmit Load Balancing. Incoming traffic is received on the active slave only, outgoing traffic is distributed according to the current load on each slave. Doesn’t require special switch support.

mode=6 (balance-alb)
Adaptive Load Balancing – provides both transmit load balancing (TLB) and receive load balancing for IPv4 via ARP negotiation. Doesn’t require special switch support, but does require the ability to change the MAC address of a device while it is open.

Specifies the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The use_carrier option, below, affects how the link state is determined. See the High Availability section for additional information. The default value is 0.

bond-downdelay 200 : Set the time, t0 200 milliseconds, to wait before disabling a slave after a link failure has been detected. This option is only valid for the bond-miimon.

bond-updelay 200 : Set the time, to 200 milliseconds, to wait before enabling a slave after a link recovery has been detected. This option is only valid for the bond-miimon.

J.A. Sullivan on the debian-user list writes:

There are a couple of issues in bonding which can bite the unsuspecting (as they did me!). Round robin will load balance across multiple
interfaces but can produce serious issues with managing out of order TCP
packets. Thus, the performance gain decreases dramatically with the
number of interfaces. In other words, 2 NICs in RR mode will not give 2x the performance nor 3 NICs 3x performance. I do not recall the exact
numbers off the top of my head but averages are something like:
2 NICs – 1.6x performance
3 NICs – 1.9x performance

The other modes (other than failover) eliminate the out of order TCP
problem but do so at a cost. All traffic for a single traffic flow goes
across a single path. The most common way to identify a single traffic
flow is matching source and destination MAC addresses. Some bonding algorithms allow matches on layer 3 or even layer 4 data but, if the switch through which they flow only supports MAC to MAC flow assignments, it will all devolve to matching MAC addresses anyway.

So what is the practical outcome using non-RR bonding? You have only one
combination of source and destination MAC address for each socket, e.g.,
if you are measuring a single FTP connection, there is only one
combination of source and destination MAC address. Thus, no matter how
many NICs you have, all the traffic will flow across one combination of
NICs. You will see no performance improvement.

In fact, depending on how the MAC addresses are advertised from the
systems with multiple NICs, all traffic between two systems may flow
across the same pair of NICs even if there are multiple, different
traffic streams.

On the other hand, if you are using bonding to provide a trunk carrying
traffic from many different source and destination MAC address
combinations, each separate stream will be limited to the maximum of the
individual NICs but the aggregate throughput should increase almost
linearly with the number of NICs. Hope that helps – John


Hits: 2

Seagate ST32000542AS 2TB Setup

A lot of ST32000542AS drives come with the CC34 firmware. Apparently it has various known problems, one of which is an annoying click (click of death). The first thing you’ll want to do is upgrade the firmware to CC35. A Link to the instructions is in the references section below.

Once that is done, the next step, if it exists, is removing HPA from the drive.
You’ll know it has HPA enabled by running hparm. HPA results in less capacity and so it’s not a good thing in an array.

We’ll be using Debian 6.0 (squeeze).

hparm -N /dev/sdb

You should see a difference in the numbers here. I chose to take the highest number. This completely disables HPA.

hdparm -N p3907029168 /dev/sdb

Finally, we should end up with full usability of the drive.

fdisk -l /dev/sdb

Disk /dev/sdb: 2000.4 GB, 2000398934016 bytes
255 heads, 63 sectors/track, 243201 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/sdb doesn’t contain a valid partition table

Power cycle (not reboot) to confirm settings survive.

Updating the firmware on the drives:
Seagate 2TB ST32000542AS CC35 Firmware upgrade

Disabling HPA using hdparm:
unRAID Server Community parity

Hits: 3

Debian Squeeze iscsitarget

Since Debian squeeze doesn’t appear to include pre-built iscsitarget kernel modules, the iscsitartget-dkms must be installed. This is a source package and will install gcc etc to compile. It should compile automatically.

apt-get install iscsitarget-dkms

Here is a list of iscsi related packages I installed on my secondary NAS:
iscsitarget iSCSI Enterprise Target userland tools
iscsitarget-dkms iSCSI Enterprise Target kernel module source – dkms version
open-iscsi 2.0.871.3-2squeeze1 High performance, transport independent iSCSI implementation

I found this info in a bug report through google after I received a module not found error when issuing a /etc/init.d/iscsitarget restart

Hits: 3