Category Archives: linux

Fedora EC2 HVM AMI

In this blog post, I am going to tell you how to setup a Fedora HVM Image from the official Fedora PV Image on Amazon EC2. In general, this basically covers how to convert a PV image into a HVM image for AWS EC2. This works for fedora, but might not work for other OSes.

I assume you know about AWS, EC2, AMI, HVM and PV. Amazon has been steadily pushing towards using HVM. With the latest round of launches on July 1, 2014, Amazon now shows only HVM Images by default when you go to launch an instance. You now have to search for PV images. One benefit of using HVM images is better access to underlying hardware resources which gives benefits such as enhanced networking.

Fedora has official Amazon AWS EC2 AMIs available at However presently it only has para-virtualized (PV) Images.

I have been working extensively on AWS EC2 for the last few weeks and have realized that for best performance, we should be using HVM images.

For this particular project, I was interested in the multiqueue block layer, which was introduced in kernel 3.13.

The first step is to spin up an instance from the existing PV AMI. Its not completely necessary, since you just need the snapshot of the AMI. However I created an instance as I needed to make some changes to the image. The existing AMI available from Fedora has Kernel 3.10. So, I had to do a yum upgrade to get the latest available kernel 3.15.

After launching the instance from PV and making changes as per your needs (in my case, sudo yum upgrade -y), create a new AMI using AWS tools or web console, whatever way you are comfortable with.

For the rest of the steps, you need to setup EC2 API tools or the EC2 Command line Tools. I use EC2 CLI Tools.

After the AMI is ready, find the snapshot id used by the above AMI under EC2 > Elastic Block Store > Snapshot in EC2 Console.

or if you have the ec2 api tools setup:

ec2-describe-images ami-id_of_above_created_ami

and find the snapshot id for the ami. It would be something like snap-a12b34cd .

Once you have the snapshot id, you can register a new AMI using the above snapshot.

To register a new HVM AMI using the above snapshot, you need to use the cli/api tools since AWS still doesn’t have this in the webconsole (it might come soon).

ec2-register -a x86_64 -d '3.15.7-200.fc20.x86_64' -n 'Fedora_20_HVM_AMI' --sriov simple --virtualization-type hvm -s snap-b44feb18 --root-device-name /dev/sda1


-d is AMI description
-n is AMI name
-s is snapshot id from step 3.
-a is architecture
–virtualization-type is required for making it hvm
–sriov is for enabling enhanced networking , though it might be redundant, not sure.

This would register/create a new HVM AMI based on the snapshot created by the PV Image.

So, in this blog, we discussed how you can convert an existing PV AMI into an HVM AMI, specifically, how to create a fedora HVM AMI from the official PV AMI.

PS: I have made my Fedora HVM AMI public in the east region. So just search for Fedora and you will find it. Feel free to create AMIs of your own and/or copy it over to other regions.

PPS: Wanna know which cool place do I work where we end up playing with the state of the art latest technologies, be it kernels or the latest SSDs? Hit over to to join the team!

How to earn Fedora Badges?

Fedora recently launched, a recognition system that awards badges based upon certain activities that you do within the Fedora Infrastructure Environment.

I have recently been working with the Fedora Infrastructure and came to know about the badges. Needless to say I was excited and wanted some of my own.

First step to be a part of the Fedora infrastructure is to have a Fedora Account System account. You can signup for it at

Once you have created your account, you should add a secret question to your account. This will earn you

Adding your timezone to your account profile earns you the

By adding your ssh or GPG key to your account, you can earn the

Accepting the FPCA (Fedora Project Contributor Agreement) earns you the

To earn the , you need to create your User twiki page on the Fedora twiki. Mine is at

Editing 10 times on the Fedora twiki earns you the

Participating in one of the Fedora meetings in #fedora-meeting in earns you a!

This is a brief overview of how to earn some of the badges. I will be updating soon with more badges and more details on the the steps mentioned above.

You can see all the badges at

And the badges I have earned so far at :

screen vertical split rpm

I ve been using screen with vertical split for sometime now. And whenever I move my workspace to a new environment, its a fight to get either a build or a rpm with vertical split.

Recently I moved to centos 6.3 for my workspace usage and used the following rpm for install with glibc < 2.12

how to add AAAA record (or ipv6 record) to your rackspace dns

UPDATE: Don’t bother setting it up if you are only using the rackspace cloud server. Their DNS doesn’t support ipv6 yet and apparently won’t propagate the AAAA records yet :! Thats kinda funny since they do have load balancer services on ipv6 now. Waiting on some response/confirmation from Waz mentioned in the post. I ve moved my DNS back to my domain registrator, GoDaddy.

I was earlier hosting with slicehost and their dns was a smooth drive when it came to adding any DNS entries.

I then moved to their parent company rackspace as they had cheaper plans. Slicehost was slated to move to same plans but some time down the year.

Anyways, after I moved to rackspace, I decided to add the IPv6 domain back to my server. In slicehost it was pretty simple, but in rackspace, oh no!

The rackspace DNS is still in primitive era. Recently they have announced overhaul of their entire DNS but its yet stuck in the last mile deliverable, i.e, a working GUI.

Add to that, their “beta” API docs (I didn’t know for a while what’s in beta, the API or the docs :P ).

Anyways, my first attempt to use the GUI was faced with continuous failure :!


After a quick chat with their customer care, I was pointed to their DNS API. Apparently AAAA support is not in GUI yet.

Ok, now lets give it a try.

Documentation is always a pain, but I guess when your moolah depends upon that, it should be better. Now I am usually pretty good at RTFM, but this time it was simply not happening. Rackspace needs to spruce up that documentation a lot!

Anyways, now that we are done with a rather length prelude to the actual subject, lets get on the real topic. How to add a AAAA
record to your rackspace in case the GUI is failing.

First, you’ll need a firefox plugin called restclient. That’s cause the return error messages from rackspace are quite uninformative and it becomes difficult to change your curl command or php script based on a vague 403 or a 500.

First step:

Get your rackspace API Key.
For this, you first need to login to your rackspace account and get the API key. Its located under “Your account” section

Click on Show Key to show your key. Or you can generate a new API key on that page using Generate new key.

Second step:
Get an authetication token.
Now getting the API key is half the part of getting your authentication token. Your API key is not your authentication token.
You use the API key to generate your Authentication token using the rackspace REST webservices.

The Rackspace authentication webservices accepts the parameters using headers only. And sends the output also in headers.

Before we get the token, you need to findout if you are a US user or a UK user :!

quoting the API doc

To access the Authentication Service, you must know whether your account is US-based or UK-based:

US-based accounts authenticate through

UK-based accounts authenticate through

Your account may be based in either the US or the UK; this is not determined by your physical location but by the location of the Rackspace retail site which was used to create your account:

If your account was created via, it is a US-based account.

If your account was created via http:/, it is a UK-based account.

Once you ve found your endpoint, (mine is US), you can start to get your Auth token.

A simple way for those familiar with command line is to use curl:

curl -I -H 'X-Auth-User:yourRackspaceLogin' -H 'X-Auth-Key:YOUR-API-KEY-HERE' ''

If you are a UK customer, the respective DNS API endpoint for UK is:

Or for those not aware of it, you can use the firefox plugin we installed earlier.

Open the plugin from the tools menu under firefox. I am on mac. So choose the respective menu for your platform.

Select the RestClient.

Select GET method. Put the url as your endpoint that you found above. Click on Add Header

Name – X-Auth-User
Value – yourRackspaceLogin

Add another header
Name – X-Auth-Key

After adding these two header, hit send, and if all goes fine, you should get a green (204) response.

A http 204 response means that the server successfully processed the request, but is not returning any content. Like I said earlier, this part of transaction, i.e, getting the auth token is done entirely using headers only.

The output for curl method would be something like this:

HTTP/1.1 204 No Content
Server: Apache/2.2.13 (Red Hat)
vary: X-Auth-Token,X-Auth-Key,X-Storage-User,X-Storage-Pass
Cache-Control: s-maxage=17404
Content-Type: text/xml
Date: Sun, 25 Sep 2011 04:14:17 GMT
Connection: Keep-Alive

The value for both X-Auth-Token and X-Storage-Token are same, so nothing to worry about about duplicates.

Notice the “588177” in the X-Server-Managerment-Url above. Make a note of your corresponding value. This is your server id that you’ll need in further DNS API calls as well. We will call it YOUR_SERVER_ID for the purpose of rest of this blog.

Third Step:
Get the Domain ID

Now we need to get the Domain ID of your domain tied to your server. I had two domains listed with my server. You can have one or multiple such domains listed with your server.

The curl command would be:

curl -H 'X-Auth-Token:YOUR-AUTH-TOKEN' ''

Output is something like:


You can do the same using the RestClient. Find the url in the curl command above , and change the header to that under -H.

The “id” part in the output is the one that we need. We will call it YOUR_DOMAIN_ID for the purpose of rest of this blog.

Once you ve the id, you are ready to create the records. This is the place where I used RestClient the most. As the curl errors were random and so not descriptive. Ranging from

Warning: You can only select one HTTP request!

which I think was some issue with the curl format of payload or combination of options to the usual 500 :!

Fourth and Final step:

Lets create the AAAA DNS record!

Ok, so to create the records, the required info can be put using XML or JSON. I used JSON.

The url is

change the format to POST.

And to add a AAAA record, create a JSON payload like this:

"records" : [ { "name" : "", "type" : "AAAA", "data" : "2001:470:1f06:b8c::2"
}, { "name" : "", "type" : "NS", "data" : "", "ttl" : 3600
}, { "name" : "", "type" : "NS", "data" : "", "ttl" : 3600

Change the with your domain/subdomain requirements and the data to your required ipv6. Let the NS data as it is. (I assume you want to add it to your rackspace dns.)

Put the above JSON payload in the Request Body of the RestClient. I had removed the newlines in the actual JSON. Please put your entire JSON in a single line if you face any issues.

And click Send.

Hopefully you should get a GREEN 204 response. This is a asynchronous request to the DNS API. So you can check the status of your this request using the url:

Remember, every call to the rackspace DNS API need to include the X-Auth-Token header.

Default output/input format is JSON. XML is also available. Please read up the Doc on how to get XML, I didn’t try it.

I hope this works for most of you who need it. Leave a comment if you face any issues. Would be great if someone can provide curl requests for delivering the JSON/XML payload in the POST request!

Before I end the post, I should mention my other attempts of getting the help from the rackspace guys.

I posted a pic to my twitpic account while I contacted the rackspace live chat for the first time. I had put this pic up there as a quick way of sharing it with the customer care person.

Couple of hours later, when I went back to twitter to complain about my failure to create the AAAA record, I found that @rackspace had replied with a support email address. twitter at rackspace dot com.

I immediately sent a mail to the aforesaid mail, to which I got a reply. I had already found the RestClient API and managed to get the records added. Had a pleasant conversation with “Waz”, a rackspace engineer or a racker! Raised a ticket about GUI visibility about visibility of the records added through API. Got the response that the AAAA and TXT records dont show up in the GUI yet. These will be visible when the new DNS GUI is generally available.

So overall, a pleasant experience. Looking forward to native ipv6 support soon!

How to enable WOL on Dell Inspiron 1420 with Fedora/Linux

I use my laptop (dell Inspiron 1420) as a server for remote access from office. Even at home, my primary laptop is my mac. I just let my dell run all the time as I don’t know when I would need/want to access that from office.

I wanted to enable WOL or Wake Up on Lan so that I could start my laptop from office if required. Even though it says “Wake Up on Lan”, it can be started from internet as well.

First place to start was to enable the WOL option in BIOS. And lo.. it wasn’t there.. ! So, does my NIC card doesn’t support WOL ?

But a quick probe using ethtool showed WOL was indeed supported on my card.

[root@mouthwa init.d]# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes

Now the next line, Wake-on: d means that WOl was disabled. To enable WOL, use:

ethtool -s eth0 wol g

Now this change is not persistent, i.e, it will be gone in the next reboot.
So to make it persisten, I put a file in /etc/init.d/

cat /etc/init.d/wol
#wake on lan
ethtool -s eth0 wol g

Do a chmod +x on the file.

Now check which all devices are allowed to wake up your system in the OS:

[root@mouthwa init.d]# cat /proc/acpi/wakeup
Device S-state Status Sysfs node
PCI0 S5 *disabled no-bus:pci0000:00
PCIE S4 *disabled pci:0000:00:1e.0
USB1 S0 *disabled pci:0000:00:1d.0
USB2 S0 *disabled pci:0000:00:1d.1
USB3 S0 *disabled pci:0000:00:1d.2
USB4 S0 *disabled pci:0000:00:1a.0
USB5 S0 *disabled pci:0000:00:1a.1
EHC2 S0 *disabled pci:0000:00:1a.7
EHCI S0 *disabled pci:0000:00:1d.7
AZAL S3 *disabled pci:0000:00:1b.0
RP01 S3 *disabled pci:0000:00:1c.0
RP02 S3 *disabled pci:0000:00:1c.1
RP03 S3 *disabled
RP04 S3 *disabled pci:0000:00:1c.3
RP05 S3 *disabled
RP06 S5 *disabled pci:0000:00:1c.5
LID S3 *enabled
PBTN S4 *enabled
MBTN S5 *disabled

I need to find out which of the above is my NIC card and enable wake up for that.

[root@mouthwa init.d]# lspci -tv
-[0000:00]-+-00.0 Intel Corporation Mobile PM965/GM965/GL960 Memory Controller Hub
+-01.0-[01]—-00.0 nVidia Corporation G86 [GeForce 8400M GS]
+-1a.0 Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #4
+-1a.1 Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #5
+-1a.7 Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #2
+-1b.0 Intel Corporation 82801H (ICH8 Family) HD Audio Controller
+-1c.1-[0c]—-00.0 Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection
+-1c.5-[09]—-00.0 Broadcom Corporation NetLink BCM5906M Fast Ethernet PCI Express
+-1d.0 Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #1
+-1d.1 Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #2
+-1d.2 Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #3
+-1d.7 Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #1
+-1e.0-[03]–+-01.0 Ricoh Co Ltd R5C832 IEEE 1394 Controller
| +-01.1 Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter
| +-01.2 Ricoh Co Ltd R5C592 Memory Stick Bus Host Adapter
| -01.3 Ricoh Co Ltd xD-Picture Card Controller
+-1f.0 Intel Corporation 82801HEM (ICH8M) LPC Interface Controller
+-1f.1 Intel Corporation 82801HBM/HEM (ICH8M/ICH8M-E) IDE Controller
+-1f.2 Intel Corporation 82801HBM/HEM (ICH8M/ICH8M-E) SATA AHCI Controller
-1f.3 Intel Corporation 82801H (ICH8 Family) SMBus Controller

Notice the 1c.5 in front of my LAN card in the lspci output above. Look for the same number in the /proc/acpi/wakeup and I find that my card is RPC06!

Now to enable the wakeup for my card, a simple echo will do:

[root@mouthwa init.d]# echo RP06>/proc/acpi/wakeup
[root@mouthwa init.d]# cat /proc/acpi/wakeup |grep RP06
RP06 S5 *enabled pci:0000:00:1c.5

So there you are, WOL is enabled!
However, it can wake up only from certain states, not all at the moment.

So, the best way to switch off the laptop so that it can be woken from LAN is

[root@mouthwa init.d]# pm-suspend-hybrid

What it does is that the system does everything it needs to hibernate, but suspends instead of shutting down. This means that your computer can wake up quicker than for
normal hibernation if you do not run out of power, and you can resume even if you run out of power.
Most of the above was sourced from here.

Now, the script to wake up from internet.

I got it from here:

Also, If you dont want to or dont have a place to run scripts, you can use online services like:

Ofcourse, you need to know your MAC address, your router address and the subnet.
Keep subnet as in the depicus page if you have one public ip and the router allots private ips using DHCP. (This is true for most of the routers).

And now, I can happily power down my laptop and wake it up when required! #FTW

New malware attack hits facebook through chat!

I just got pings from three of my friends over facebook chat, all of them containing the same message

Hey, check out this girl, lol, she must be out of her mind for making that video!:

Well, so lets see where does the link take us..

anshup@listsettle-lm: ~$ curl -I
HTTP/1.1 301 Moved
Server: nginx
Date: Sat, 19 Mar 2011 09:35:54 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _bit=4d8478fa-003c1-04438-d8ac8fa8;;expires=Thu Sep 15 05:35:54 2011;path=/; HttpOnly
Cache-control: private; max-age=90
MIME-Version: 1.0
Content-Length: 116

As expected, the first bitly link is a proper redirect to some site. Now lets see what the second link has.

anshup@listsettle-lm: ~$ curl -I
HTTP/1.1 302 Found
Date: Sat, 19 Mar 2011 09:36:04 GMT
Server: Apache
Connection: close
Content-Type: text/html

Hmm, another redirect to same site, not bad.

anshup@listsettle-lm: ~$ curl -I
HTTP/1.1 200 OK
Date: Sat, 19 Mar 2011 09:36:11 GMT
Server: Apache
Connection: close
Content-Type: text/html

anshup@listsettle-lm: ~$ curl
<script type=’text/javascript’>top.location.href = ‘';</script>

Now here is the bad part!
As you see in the last output, its merely a trick to directly access your facebook credentials as if you approved it (thats my assumption, am not sure what it does and am not going to find that out right now.

What I am surprised at is that facebook uses a non salted/non nounced url for such requests.. :!
Definitely you know better facebook :)

lets see how fast it spreads and what all comes out of it!

Lets see a lil about the domain.

anshup@listsettle-lm: ~$ whois
Domain ID:D36666838-LRMS
Created On:05-Feb-2011 19:58:43 UTC
Last Updated On:06-Feb-2011 10:32:05 UTC
Expiration Date:05-Feb-2012 19:58:43 UTC
Sponsoring Inc. (R171-LRMS)
Registrant ID:CR74380736
Registrant Name:Matej Kalanj
Registrant Organization:
Registrant Street1:Marohniceva 18
Registrant Street2:
Registrant Street3:
Registrant City:Rijeka
Registrant State/Province:Primorsko goranska
Registrant Postal Code:51000
Registrant Country:HR
Registrant Phone:+385.955533376
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Admin ID:CR74380738
Admin Name:Matej Kalanj
Admin Organization:
Admin Street1:Marohniceva 18
Admin Street2:
Admin Street3:
Admin City:Rijeka
Admin State/Province:Primorsko goranska
Admin Postal Code:51000
Admin Country:HR
Admin Phone:+385.955533376
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Billing ID:CR74380739
Billing Name:Matej Kalanj
Billing Organization:
Billing Street1:Marohniceva 18
Billing Street2:
Billing Street3:
Billing City:Rijeka
Billing State/Province:Primorsko goranska
Billing Postal Code:51000
Billing Country:HR
Billing Phone:+385.955533376
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Tech ID:CR74380737
Tech Name:Matej Kalanj
Tech Organization:
Tech Street1:Marohniceva 18
Tech Street2:
Tech Street3:
Tech City:Rijeka
Tech State/Province:Primorsko goranska
Tech Postal Code:51000
Tech Country:HR
Tech Phone:+385.955533376
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:

Hmmm, so a site registered in croatia. Interesting.

Starting programs on a remote linux desktop

This was something that I was looking for a long time and finally found while looking for a completely different thing altogether!
Agreed I always wanted this only for mischief :P Basically what I wanted was to fire up any GUI so that it would show on a remote desktop and not on my local display. clearly I didn’t want vnc or ssh -XCYP.

What I needed was this:

ssh -X host
export DISPLAY=:0

and then I can run any gui and it will open on the remote desktop.
would make things look like some hacky mischief ;)

okay, another thing I learnt was how to start and stop gnome screensaver remotely.

so instead of doing a killall -9 screensaver, you can do
gnome-screensaver-command -d

So there are things that are still fun!
Gosh, do I miss college!

IANA IPv4 Exhaustion

* IANA IPv4 Exhaustion

At a ceremony held on 3 February, 2011 the Internet Assigned
Numbers Authority (IANA) allocated the remaining last five /8s of
IPv4 address space to the Regional Internet Registries (RIRs) in
accordance with the Global Policy for the Allocation of the
Remaining IPv4 Address Space. With this action, the free pool of
available IPv4 addresses is now fully depleted. To read the full
text of this announcement please go to:

* World IPv6 Day

Facebook, Google (NASDAQ: GOOG) and Yahoo (NASDAQ: YHOO), websites
with more than one billion combined visits each day, are joining
major content delivery networks Akamai (NASDAQ: AKAM) and
Limelight Networks (NASDAQ: LLNW), and the Internet Society, for
the first global-scale trial of the new Internet Protocol, IPv6.
On June 8, 2011, dubbed World IPv6 Day, participants will enable
IPv6 on their main services for 24 hours. Cisco, Juniper,
Hurricane Electric, and Bing have also announced their

Hurricane Electric’s open letter to Hurricane Electric Customers,
Partners and Managers of Interconnected Networks about World IPv6

At Hurricane Electric, every day is an IPv6 day.

* IPv6 Deployment Growth
The global IPv6 routing table has passed 4000 IPv6 prefixes.

Of the 36820 networks in the world running BGP, the number running
IPv6 has increased to 3107, or 8.4 percent.


* Hurricane Electric Updated Network Map
We’ve continued to expand our network.

Updated Network Map:

Hurricane Electric now has over 6000 BGP sessions with over 1600
IPv4 and IPv6 networks at 45 different exchange points in North
America, Europe, and Asia.

Nexus S India Launch

UPDATES: Flipkart announces estimated launch date as april first week!
Nexus S is the second generation of pure android phone developed by Google. This time the manufacturer they chose is Samsung. The first version (Nexus One) was developed in association with HTC. The major difference between Nexus and other android phones is the absence of any manufacturer add on. So what you see on a Nexus phone is pure android, as Google developed it.

Nexus S in India is rumored to be launched on February 13th, 2011. april first week!

As of date, two online retailers, infibeam and flipkart have listed it on their sites with coming soon tag.
Infibeam has listed the phone at INR. 24,000 while flipkart which traditionally has better/lesser price has not listed any price yet. INR. 27999. This price is comparable (or even lesser depending upon the conversion rate) to its US price of $529.99

Keep tuned for more info as it pours in.

“Isolinux.bin missing or corrupt” when booting from USB

I was trying it out to boot from USB using fedora for a friends laptop. On booting I saw the above error.

And found the answer at:

dd if=[name of iso] of=/dev/sdc

NOT /dev/sdc1 and before removing the usb stick type into terminal:

eject /dev/sdc

sdc being whatever your usb stick device is
this will ensure that all the data is written to the stick before removal.

Voila! It worked. Like the next comment says in the above post, indeed, so stupid of me :P