Month: January 2011

Increasing VM Size

There are a number of ways to increase the hard-disk size of a VM once it is provisioned, without rebuilding the VM. The chief way of doing it is via LVM and I love it.

My setup uses KVM on the host with all disk images stored in a LVM pool. In each VM, the main hard-disk is also using LVM as well, which is perfect.

To increase the size of the VM, I do this:

  1. Stop the VM.
    Just so I don’t screw anything up accidentally, I will stop the VM.
  2. Extend the volume in the host.
    This increases the size of the disk on the host:
    lvextend -L+10G /dev/lvmpool0/volumename
  3. Startup the VM.
    It should reflect the new disk size. Check this by using fdisk or similar tool.
  4. Partition the empty space.
    Preferably, use a Logical partition. Remember to set the partition type to ‘8E’ for Linux LVM.
  5. Reboot the VM.
    To ensure the disk changes are read. VMs sometimes have issues with this.
  6. Create the new PV.
    Ready the new partition:
    pvcreate /dev/hdaX
  7. Extend the VG to this PV.
    This will append the PV to the existing VG instead of creating a new VG:
    vgextend vgname /dev/hdaX
  8. Find out the amount of free space.
    This is needed for the next step. vgdisplay will show the amount of Free PE.
  9. Extend the Logical Volume in this VG.
    The VG can be extended to any size, or up to the maximum free space above:
    lvextend -l + XXXX /dev/vgname/lvname
  10. Resize the File System.
    This is the final step to using the new disk:
    resize2fs /dev/vgname/lvname

Streamyx Modem Hack

I recently installed a new Streamyx package at my office. It came with a free Riger WL108 modem which was quite limited. The configuration options available were appalling and the security of the device was non-existent. It was just using WEP and it took me under 2-minutes to crack the keys.

However, what is not often documented is that the modem is capable of much more as there is a hidden administrative function. Just login to the modem as tmadmin:tmadmin and the system will expose all sorts of goodies.

Wireless Security
Look under Wireless – Security and we can enable WPA2, both the PSK and EAP versions are available. I set mine to PSK as I wanted to use it as a public access wifi for authorised personnel.

DMZ
Look under Advanced Setup – NAT – DMZ Host and we can specify a DMZ host to use. I love this option as it will allow me to remotely login to my office network and access certain services from anywhere in the world. This will be very useful as a VPN entry for road-warriors.

Dyamic DNS
Look under Advanced Setup – DNS – Dynamic DNS and we can configure it to talk to any of the dynamic DNS services available. As my office network is on a dynamic IP, this will be handy to access my office network using a domain name instead.

There is a lot more stuff that can be configured and a lot of capabilities are actually built into the modem, just not enabled nor accessible from the regular user access menu.

So, I was able to get a lot of advanced features working without going out to buy a new modem. I was actually contemplating this and am glad that I will be able to save up the RM100 or so instead.

Freeradius, OpenLDAP, DD-WRT

I had the reason to set up the wireless network in my office recently. Since this is an office network, I decided to put it on the right path, even if I was the only one using the wireless at the moment.

I started with setting up a public WEP network. This was for the use of guests to the office and is considered as part of the RED zone in my firewall settings. Then, I wanted to set up a GREEN wireless zone and felt that WPA-EAP was the best way to go for an enterprise class installation.

Since all my back-end infrastructure is Debian based, I decided to go with whatever was in the box – Freeradius and OpenLDAP. OpenLDAP was easy to setup as I have configured many LDAP servers in the past. It was fairly straight-forward. Then, came the Freeradius settings.

The default installation of Freeradius has actually got almost everything done. All I had to do was to configure the LDAP module and voila. It works! (with some minor caveats). With the default PEAP-MSCHAPv2 setup, all LDAP passwords must be stored in clear-text, which kind of sucked. So, I decided to go with TTLS-PAP instead, which allowed the passwords to be stored in any form, including the Salted-SHA1 encoding I had chosen for my LDAP.

ldap {
server = "localhost"
identity = ""
password =
basedn = ""
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
password_attribute = userPassword
set_auth_type = no
}

For the DD-WRT settings, I had to configure Freeradius to accept connections from a new client with a shared secret. Then, I configured DD-WRT with the shared secret to connect to the radius server. Done.

#replace with DD-WRT IP
client 10.X.X.X {
secret =
shortname =
}

I have been using it for several days and I have to say that it has been pretty decent so far. I have no complaints.