piece of a steel mind - valqk /steamroller/ :-)

1. Fetch the pkgsrc:

1.1. SUP way:
sup -v /path/to/your/supfile.

and this is short sample supfile:
nbsd# cat /root/sup-current
current release=pkgsrc host=sup2.fr.NetBSD.org hostbase=/home/sup/supserver \
base=/usr prefix=/usr backup use-rel-suffix compress delete

1.2. CVS way:
$ export CVSROOT="anoncvs@anoncvs.NetBSD.org:/cvsroot"
$ export CVS_RSH="ssh"
To fetch a specific pkgsrc stable branch from scratch, run:

$ cd /usr
$ cvs checkout -r pkgsrc-20xxQy -P pkgsrc
Where pkgsrc-20xxQy is the stable branch to be checked out, for example, “pkgsrc-2009Q1”

This will create the directory pkgsrc/ in your /usr/ directory and all the package source will be stored under /usr/pkgsrc/.

To fetch the pkgsrc current branch, run:

$ cd /usr
$ cvs checkout -P pkgsrc


2. Update the pkgsrc repository:

2.1. SUP way

sup -v /root/sup-current

2.2. CVS way:

$ export CVSROOT="anoncvs@anoncvs.NetBSD.org:/cvsroot"
$ export CVS_RSH="ssh"
$ cd /usr/pkgsrc
$ cvs update -dP

When updating pkgsrc, the CVS program keeps track of the branch you selected. But if you, for whatever reason, want to switch from the stable branch to the current one, you can do it by adding the option “-A” after the “update” keyword. To switch from the current branch back to the stable branch, add the “-rpkgsrc-2009Q3” option.



3. Updating a package:

cd /usr/pkgsrc/package/
make update

4. Update packages on remote server. If you have them already installed - check which one is for update:
security checks:
/usr/sbin/pkg_admin -K /var/db/pkg fetch-pkg-vulnerabilities

then do:
pkg_add -uu http://pkgserver/path/to/Pkg.tgz

this will update the package form remote with all dependent packages!

some links:
http://imil.net/pkgin/

http://pkgsrc.se/pkgtools/pkg_rolling-replace

http://wiki.netbsd.org/tutorials/pkgsrc/pkg_comp_pkg_chk/


To install packages directly from an FTP or HTTP server, run the following commands in a Bourne-compatible shell (be sure to su to root first):

# PATH="/usr/pkg/sbin:$PATH"
# PKG_PATH="ftp://ftp.NetBSD.org/pub/pkgsrc/packages/OPSYS/ARCH/VERSIONS/All"
# export PATH PKG_PATH
# pkg_add package.

OR directly:

# pkg_add http://...../

Here I'll post all the 'cheatsheets' (cheat sheets) - Documents with VERY useful information.
These are sort of a quick howto's.

Regular Expressions Cheat Sheet (V2) (source)
PHP Cheat Sheet (V2) (source)

A colleague of mine spent some time and was able to make DomPDF library to run with almost ALL UTF-8 alphabets displayed.
Until now I was using TCPDF. It supports UTF-8 from a lot of time, but has crappy way of generating documents - VERY simple HTML support and A LOT of calls to internal methods so you can documents looks like the HTML page.

As far he explained to me the problem was generating proper fonts.

DomPDF with UTF-8 Support

UPDATE: Because if the memory MONSTER that DomPDF is (30pages table eat up about 1.5Gigs! GEE!!!) We are now using wkhtmltopdf. It's AMAZING fast and keeps the memory footprint low (same page that took about 2-3min and 1.5Gigs ram for dompdf wkthml uses about 100-200mb and 20-40sec.)
The funny thing is that it's webkit based and renders PERFECTLY everything on each page I've tested with.
It's simply SWEET!

Install Xen:

#> aptitude install xen-hypervisor-4.0-amd64 linux-image-xen-amd64 xen-tools

Sqeeuze use Grub 2 - the defaults are wrong for Xen.
Xen hypervisor should be the first entry, so you should do this:

#> mv /etc/grub.d/10_linux /etc/grub.d/100_linux

After that disable the OS prober, so that you don’t have entries for virtual machines installed on a LVM partition.

#> echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub
#> update-grub2

Xen tries to save-state the VM’s when doing Dom0 shutdown.
This save/restore has never been successful for me, so I disable it in /etc/default/xendomains to make sure machines gets shut down too:

XENDOMAINS_RESTORE=false
XENDOMAINS_SAVE=""

Enable the network bridge in /etc/xen/xend-config.sxp (uncomment existing line).
I also set some other useful params (for me):

(network-script network-bridge)
(dom0-min-mem 128)
(dom0-cpus 1)
(vnc-listen '127.0.0.1')
(vncpasswd '')


Add independent wallclocl in sysctl dom0

#> echo xen.independent_wallclock=1 >> /etc/sysctl.conf

and also in the domUs. Setup ntpdate update at 1hour for example in domUs.
This will save you a lot of clocksync headachecs.

Config /etc/xen-tools/xen-tools.conf contains default values the xen-create-image script will use. Most important are:

# Virtual machine disks are created as logical volumes in volume group universe (LVM storage is much faster than file)
lvm = vg001

install-method = debootstrap

size = 20Gb # Disk image size.
memory = 256Mb # Memory size
swap = 4Gb # Swap size
fs = ext3 # use the EXT3 filesystem for the disk image.
dist = `xt-guess-suite-and-mirror --suite` # Default distribution to install.

gateway = 1.2.3.4
netmask = 255.255.255.0

# When creating an image, interactively setup root password
passwd = 1

# I think this option was this per default, but it doesn't hurt to mention.
mirror = `xt-guess-suite-and-mirror --mirror`

mirror_squeeze = http://ftp.bg.debian.org/debian/

# let xen-create-image use pygrub, so that the grub from the VM is used, which means you no longer need to store kernels outside the VM's. Keeps this very flexible.
pygrub=1

scsi=1

Script to create vms (copied from http://blog.bigsmoke.us/):

#!/bin/bash

dist=$1
hostname=$2
ip=$3

if [ -z "$hostname" -o -z "$ip" -o -z "$dist" ]; then
echo "No dist, hostname or ip specified"
echo "Usage: $0 dist hostname ip"
exit 1
fi

# --scsi is specified because when creating maverick for instance, the xvda disk that is used can't be accessed.
# The --scsi flag causes names like sda to be used.
xen-create-image --hostname $hostname --ip $ip --vcpus 2 --pygrub --dist $dist


Usage of the script should be simple. When creating a VM named ‘host’, start it and attach console:

xm create -c /etc/xen/host.cfg

You can go back to Dom0 console with ctrl-].
Place a symlink in /etc/xen/auto to start the VM on boot.

As a sidenote: when creating a lenny, the script installs a xen kernel in the VM.
When installing maverick, it installs a normal kernel.
Normals kernels since version 2.6.32 (I believe) support pv_ops, meaning they can run on hypervisors like Xen’s.

1. Create lvm partition. (sdaXX)
# fdisk /dev/sda
and then create 1 partition for root, swap and the rest for home.
2. Create physical extend.
# pvcreate /dev/sda3
3. Create logical volume
# lvcreate -n crypted-home -L 200G vg0
(you can leave free space if you want to be able to add additional partitions later)
4. Install needed tools
# aptitude -y install cryptsetup initramfs-tools hashalot lvm2
# modprobe dm-crypt
# modprobe dm-mod
5. Check for bad blocks (optional)
# /sbin/badblocks -c 10240 -s -w -t random -v /dev/vg0/crypted-home
6. Setup crytped home partition with luks
# cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/vg0/crypted-home
enter uppercase YES!!

7. Open the created crypted partition
# cryptsetup luksOpen /dev/vg0/crypted-home home
8. Create filesystem on the crypted home device
# mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/home
9. Mount and copy home files.
# mount -t ext3 /dev/mapper/home /mnt
# cp -axv /home/* /mnt/
# umount /mnt
10. Setup the system to open/mount crypted home.
Insert in /etc/fstab :
#
/dev/mapper/home /home ext3 defaults 1 2

After that, add an entry in /etc/crypttab:

#
home /dev/vg0/crypted-home none luks

Ubuntu encrypted home - lvm way Posted by valqk in *nix at 14:15
Comments (0) Trackbacks (0)

1. Fetch/Update the OS sources.
refs: NetBSD Docs (and NetBSD guide ; Fetching sources)

Fetch the source if you don't have it:

$ cd /usr
$ export CVS_RSH=ssh 
$ cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot co -r netbsd-5-0-2 -P src

Update the source if you already have it:

$ cd /usr/src
$ export CVS_RSH=ssh 
$ cvs update -dP

If you are fetching the sources from scratch use:

$ cd /usr
$ export CVS_RSH=ssh 
$ cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot co -r netbsd-5-1 -P src

Hint: If you are using 5-0 and want to update to 5-1, use

$ cvs update -r netbsd-5-1 -dP

2. Create obj dir and build the tools:

$ mkdir /usr/obj /usr/tools
$ cd /usr/src
$ ./build.sh -O /usr/obj -T /usr/tools -U -u tools

3. Compile brand new userland:
NetBSD page says: Please always refer to build.sh -h and the files UPDATING and BUILDING for details - it's worth it, there are many options that can be set on the command line or in /etc/mk.conf.

$ cd /usr/src
$ ./build.sh -O ../obj -T ../tools -U distribution

4. Compile brand New Kernel:

$ cd /usr/src
$ ./build.sh -O ../obj -T ../tools kernel=

is a Kernel options file located in: /usr/src/sys/arch/amd64/conf/

I have XEN3_DOMU there that holds all my xen kernels compile options.
You can also find GENERIC and others there.

5. Install Kernel

Installing the new kernel (copy it in Dom0), rebooting (to ensure that the new kernel works) and installing the new userland are the final steps of the updating procedure:

$ cd /usr/obj/sys/arch/`uname -m`/compile/XEN3_DOMU/
$ scp netbsd Dom0 machine...

Go and change the kernel in the Dom0 to load the new one.
reboot the machine.

Or on native machines:

$ cd /usr/src
$ su
# mv /netbsd /netbsd.old
# mv /usr/obj/sys/arch/`uname -m`/compile/KERNEL/netbsd /
# shutdown -r now

6. Install new userland and reboot again to be sure it'll work.
Afrer we've rebooted we are sure all new calls in the new userland will be handled by the new kernel.
Now we'll install the new userland.

$ cd /usr/src
$ su
# ./build.sh -O ../obj -T ../tools -U install=/ 
#reboot

7. Build a complete release so we can copy it on all other machines and upgrade with sysinst.

$ ./build.sh -O ../obj -T ../tools -U -u -x release

The resulting install sets will be in the /usr/obj/releasedir/ directory.



When you've tested on the package server. Install/update on all other machines.


1. Make a backup
2. Fetch a new kernel and the binary sets from the release dir and store them /some/where/
3. Install the kenrel (in XEN dom0)!
4. Install the sets except etc.tzg and xetc.tgz!!

   # cd /
   # pax -zrpef /some/where/set.tgz
   # ...
   # ...

5. Run etcupdate to merge important changes:

   # cd /
   # etcupdate -s /some/where/etc.tgz -s /some/where/xetc.tgz

6. Upgrade finished, time to reboot.

NetBSD OS update/upgrade quick howto. Posted by valqk in NetBSD at 15:55
Comments (0) Trackbacks (0)

Long time no write.

I'm trying to migrate all of my freebsds to xen+netbsd. (I gave up of this OS. You can't release STABLE that's not that stable. It's a long story but in shor, I've had a sleepless night after deploying a production. The problem - when it gets real world load it hangs with kernel panic and no auto reset about every 5-15mins. WTF? Devs asked me for a dump and told me that maybe they will find the problem. Sorry. That's sux and is not an option for a production used by thousands of people. Goodbye FreeBSD (for at least 5 years).

After successfully running xen for some time, it's time to think of automated backup, that cares for everything instead of writing short shells to do each xen backup.
I've made a quick search and found this xenBackup script that almost suits my needs.
I didn't like that it mounted lvm read only and didn't use snapshots.
The second thing I disliked was that is used to work only with lvms and I do have a sparse xen images (for small machines that don't need quick disk access and have only 1-2 services running in memory).

I've modified the script and now the xenBackup script supports:
- creating backup from lvm snapshots
- creating backup from disk.img file
- dynamic determination of the disk type and path ($hostname-disk for lvms and disk.img for sparse) (BE WARNED: only -disk and .disk will be backed up!)

I'm using tar, so I didn't tested with rsync and rdiff-backup.
I'm using snapshots. Never tested with readonly lvm mounted.

so, here is the code:

#!/bin/sh
#
#   Copyright John Quinn, 2008
#   Copyright Anton Valqkoff, 2010
#
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program.  If not, see .

#
# xenBackup - Backup Xen Domains
#
#             Version:    1.0:     Created:  John D Quinn, http://www.johnandcailin.com/john
#             Version:    1.1:     Added file/lvm recognition. lvm snapshot:  Anton Valqkoff, http://blog.valqk.com/
#

# initialize our variables
domains="null"                           # the list of domains to backup
allDomains="null"                        # backup all domains?
targetLocation="/root/backup/"                    # the default backup target directory
mountPoint="/mnt/xen"                    # the mount point to use to mount disk areas
shutdownDomains=false                    # don't shutdown domains by default
quiet=false                              # keep the chatter down
backupEngine=tar                         # the default backup engine
useSnapshot=true                        # create snampshot of the lvm and use it as backup mount.
rsyncExe=/usr/bin/rsync                  # rsync executable
rdiffbackupExe=/usr/bin/rdiff-backup     # rdiff-backup executable
tarExe=/bin/tar                      # tar executable
xmExe=/usr/sbin/xm                       # xm executable
lvmExe=/sbin/lvm
mountExe=/bin/mount
grepExe=/bin/grep
awkExe=/usr/bin/awk
umountExe=/bin/umount
cutExe=/usr/bin/cut
egrepExe=/bin/egrep
purgeAge="null"                          # age at which to purge increments
globalBackupResult=0                     # success status of overall job
#valqk: xm list --long ns.hostit.biz|grep -A 3 device|grep vbd -A 2|grep uname|grep -v swap|awk '{print $2}'

# settings for logging (syslog)
loggerArgs=""                            # what extra arguments to the logger to use
loggerTag="xenBackup"                    # the tag for our log statements
loggerFacility="local3"                  # the syslog facility to log to

# trap user exit and cleanup
trap 'cleanup;exit 1' 1 2

cleanup()
{
   ${logDebug} "Cleaning up"
   #check if file or lvm.if lvm and -snap remove it.
   mountType=`${mountExe}|${grepExe} ${mountPoint}|${awkExe} '{print $1}'`;
   [ -f ${mountType} ] && mountType="file";
   cd / ; ${umountExe} ${mountPoint}
   if [ "${mountType}" != "file" ] && [ "${useSnapshot}" = "true" ]; then
      #let's make sure we are removing snapshot!
      if [ `${mountExe}|${grepExe} -snap|wc -l` -gt 0 ]; then
         ${lvmExe} lvremove -f ${mountType}
      fi
   fi


   # restart the domain
   if test ${shutdownDomains} = "true"
   then
      ${logDebug} "Restarting domain"
      ${xmExe} create ${domain}.cfg > /dev/null
   fi
}

# function to print a usage message and bail
usageAndBail() {
   cat << EOT
Usage: xenBackup [OPTION]...
Backup xen domains to a target area. different backup engines may be specified to
produce a tarfile, an exact mirror of the disk area or a mirror with incremental backup.

   -d      backup only the specified DOMAINs (comma seperated list)
   -t      target LOCATION for the backup e.g. /tmp or root@www.example.com:/tmp
           (not used for tar engine)
   -a      backup all domains
   -s      shutdown domains before backup (and restart them afterwards)
   -q      run in quiet mode, output still goes to syslog
   -e      backup ENGINE to use, either tar, rsync or rdiff
   -p      purge increments older than TIME_SPEC. this option only applies
           to rdiff, e.g. 3W for 3 weeks. see "man rdiff-backup" for
           more information

Example 1
   Backup all domains to the /tmp directgory
   $ xenBackup -a -t /tmp

Example 2
   Backup domain: "wiki" using rsync to directory /var/xenImages on machine backupServer,
   $ xenBackup -e rsync -d wiki -t root@backupServer:/var/xenImages

Example 3
   Backup domains "domainOne" and "domainTwo" using rdiff purging old increments older than 5 days
   $ xenBackup -e rdiff -d "domainOne, domainTwo" -p 5D

EOT

   exit 1;
}

# parse the command line arguments
while getopts p:e:qsad:t:h o
do     case "$o" in
        q)     quiet="true";;
        s)     shutdownDomains="true";;
        a)     allDomains="true";;
        d)     domains="$OPTARG";;
        t)     targetLocation="$OPTARG";;
        e)     backupEngine="$OPTARG";;
        p)     purgeAge="$OPTARG";;
        h)     usageAndBail;;
        [?])   usageAndBail
       esac
done

# if quiet don't output logging to standard error
if test ${quiet} = "false"
then
   loggerArgs="-s"
fi

# setup logging subsystem. using syslog via logger
logCritical="logger -t ${loggerTag} ${loggerArgs} -p ${loggerFacility}.crit"
logWarning="logger -t ${loggerTag} ${loggerArgs} -p ${loggerFacility}.warning"
logDebug="logger -t ${loggerTag} ${loggerArgs} -p ${loggerFacility}.debug"

# make sure only root can run our script
test $(id -u) = 0 || { ${logCritical} "This script must be run as root"; exit 1; }

# make sure that the guest manager is available
test -x ${xmExe} || { ${logCritical} "xen guest manager (${xmExe}) not found"; exit 1; }

# assemble the list of domains to backup
if test ${allDomains} = "true"
then
   domainList=`${xmExe} list | cut -f1 -d" " | egrep -v "Name|Domain-0"`
else
   # make sure we've got some domains specified
   if test "${domains}" = "null"
   then
      usageAndBail
   fi

   # create the domain list by mapping commas to spaces
   domainList=`echo ${domains} | tr -d " " | tr , " "`
fi

# function to do a "rdiff-backup" of domain
backupDomainUsingrdiff() {
   domain=$1
   test -x ${rdiffbackupExe} || { ${logCritical} "rdiff-backup executable (${rdiffbackupExe}) not found"; exit 1; }

   if test ${quiet} = "false"
   then
      verbosity="3"
   else
      verbosity="0"
   fi

   targetSubDir=${targetLocation}/${domain}.rdiff-backup.mirror

   # make the targetSubDir if it doesn't already exist
   mkdir ${targetSubDir} > /dev/null 2>&1
   ${logDebug} "backing up domain ${domain} to ${targetSubDir} using rdiff-backup"

   # rdiff-backup to the target directory
   ${rdiffbackupExe} --verbosity ${verbosity} ${mountPoint}/ ${targetSubDir}
   backupResult=$?

   # purge old increments
   if test ${purgeAge} != "null"
   then
      # purge old increments
      ${logDebug} "purging increments older than ${purgeAge} from ${targetSubDir}"
      ${rdiffbackupExe} --verbosity ${verbosity} --force --remove-older-than ${purgeAge} ${targetSubDir}
   fi

   return ${backupResult}
}

# function to do a "rsync" backup of domain
backupDomainUsingrsync() {
   domain=$1
   test -x ${rsyncExe} || { ${logCritical} "rsync executable (${rsyncExe}) not found"; exit 1; }

   targetSubDir=${targetLocation}/${domain}.rsync.mirror

   # make the targetSubDir if it doesn't already exist
   mkdir ${targetSubDir} > /dev/null 2>&1
   ${logDebug} "backing up domain ${domain} to ${targetSubDir} using rsync"

   # rsync to the target directory
   ${rsyncExe} -essh -avz --delete ${mountPoint}/ ${targetSubDir}
   backupResult=$?

   return ${backupResult}
}

# function to a "tar" backup of domain
backupDomainUsingtar ()
{
   domain=$1

   # make sure we can write to the target directory
   test -w ${targetLocation} || { ${logCritical} "target directory (${targetLocation}) is not writeable"; exit 1; }

   targetFile=${targetLocation}/${domain}.`date '+%d.%m.%Y'`.$$.tar.gz
   ${logDebug} "backing up domain ${domain} to ${targetFile} using tar"

   # tar to the target directory
   cd ${mountPoint}

   ${tarExe} pcfz ${targetFile} * > /dev/null
   backupResult=$?

   return ${backupResult}
}

# backup the specified domains
for domain in ${domainList}
do
   ${logDebug} "backing up domain: ${domain}"
   [ `${xmExe} list ${domain}|wc -l` -lt 1 ] && { echo "Fatal ERROR!!! ${domain} does not exists or not running! Exiting."; exit 1; }

   # make sure that the domain is shutdown if required
   if test ${shutdownDomains} = "true"
   then
      ${logDebug} "shutting down domain ${domain}"
      ${xmExe} shutdown -w ${domain} > /dev/null
   fi

   # unmount mount point if already mounted
   umount ${mountPoint} > /dev/null 2>&1

   #inspect domain disks per domain. get only -disk or disk.img.
   #if file:// mount the xen disk read-only,umount sfter.
   #if lvm create a snapshot mount/umount/erase it.
   xenDiskStr=`${xmExe} list --long ${domain}|${grepExe} -A 3 device|${grepExe} vbd -A 2|${grepExe} uname|${grepExe} -v swap|${awkExe} '{print $2}'|${egrepExe} 'disk.img|-disk'`
   xenDiskType=`echo ${xenDiskStr}|${cutExe} -f1 -d:`;
   xenDiskDev=`echo ${xenDiskStr}|${cutExe} -f2 -d:|${cutExe} -f1 -d')'`;
   test -r ${xenDiskDev} || { ${logCritical} "xen disk area not readable. are you sure that the domain \"${domain}\" exists?"; exit 1; }
   #valqk: if the domain uses a file.img - mount ro (loop allows mount the file twice. wtf!?)
   if [ "${xenDiskType}" = "file" ]; then
      ${logDebug} "Mounting file://${xenDiskDev} read-only to ${mountPoint}"
      ${mountExe} -oloop ${xenDiskDev} ${mountPoint} || { ${logCritical} "mount failed, does mount point (${mountPoint}) exist?"; exit 1; }
      ${mountExe} -oremount,ro ${mountPoint} || { ${logCritical} "mount failed, does mount point (${mountPoint}) exist?"; exit 1; }
   fi
   if [ "${xenDiskType}" = "phy" ] ; then
      if [ "${useSnapshot}" = "true" ]; then
         vgName=`${lvmExe} lvdisplay -c |${grepExe} ${domain}-disk|${grepExe} disk|${cutExe} -f 2 -d:`;
         lvSize=`${lvmExe} lvdisplay ${xenDiskDev} -c|${cutExe} -f7 -d:`;
         lvSize=$((${lvSize}/2/100*15)); # 15% size of lvm in kilobytes
         ${lvmExe} lvcreate -s -n ${vgName}/${domain}-snap -L ${lvSize}k ${xenDiskDev} || { ${logCritical} "creation of snapshot for ${xenDiskDev} failed. exiting." exit 1; }
         ${mountExe} -r /dev/${vgName}/${domain}-snap ${mountPoint} || { ${logCritical} "mount failed, does mount point (${mountPoint}) exist?"; exit 1; }
      else
         ${mountExe} -r ${xenDiskDev} ${mountPoint}
      fi
   fi

   # do the backup according to the chosen backup engine
   backupDomainUsing${backupEngine} ${domain}

   # make sure that the backup was successful
   if test $? -ne 0
   then
      ${logCritical} "FAILURE: error backing up domain ${domain}"
      globalBackupResult=1
   else
      ${logDebug} "SUCCESS: domain ${domain} backed up"
   fi
     
   # clean up
   cleanup;
done
if test ${globalBackupResult} -eq 0
then
   ${logDebug} "SUCCESS: backup of all domains completed successfully"
else
   ${logCritical} "FAILURE: backup completed with some failures"
fi

exit ${globalBackupResult}

Just to blog this. I'll need it in future.
If you have svn repositories server and you are using svn+ssh for the checkout and all svn actions you will want users to have access to only predefined repos only and not to any shell or anything.
I've done this by doing symlinks in their homes and using ssh file that looks like this
authorized_keys:

command="svnserve -t --tunnel-user=user -r /home/user",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nz1...KEY HERE....

this way, you can lock them to use only svnserve and it will lock them to co only what's in their home dirs.

If you're not familiar with details - eg. how to generate keys, what is authorized_keys etc, I stole this from here: http://ingomueller.net/node/331 - read more there.

Of course you have to keep your snserve up to date and pray there are no vulns in it, otherwise users can hack you
But hey, you know the owners of the keys, don't you?
Got my pont?

Today I've noticed Roundcube has released a new version that finally has plugins support!
Grrrreaaat!

As expected in there is a change password plugin (with drivers supports) and some other that are pretty cool!
A list of plugins here: http://trac.roundcube.net/wiki/Plugin_Repository

Of course I've had some custom patching for my hosting users and now it's not working.
I've configured my change password plugin (which was the main showstopper for not upgrating to new roundcube) and the the little tiny hack for domain notification left.
I've decided to write a plugin that will do the job for me, so I can easily upgade after that.

Writing plugin isn't that hard at all. Here you can read more:
http://trac.roundcube.net/wiki/Doc_Plugins

also you can read plugins directory for more.

While creating my plugin I hit a problem and I've lost about 40 minutes searching for description and resolution.
The Resolutions was 5mins reading the class for temapltes but I thought I was wrong - no this is a mis-explanation in docs.
When you want to create a custom template you mkdir skins/default/templates and create/copy-modify html in it (I've copied login.html template).
Well all was fine while I've tried to show it.
Documentation is wrong.
When you call:

$rcmail->output->send('mytemplate');

you must actually call:

$rcmail->output->send('myplugin.mytemplate');
so the tpl class can understand this is a plugin and show your template and not search for default tpl.

Hope that helps someone.
Going to change/report this in docs now.
Oh. Symptoms are:

[12.Nov.2009 17:57:27 +0200]: PHP Error: Error loading template for logininfo in /var/www/roundcube/program/include/rcube_template.php on line 372 (GET /)

in your error log.

If your dojo based website breaks in IE browsers and not in others, with strange errors in dojo.js then you have to check VERY CAREFULLY for unclosed tags.

I've had this problem - didn't closed one (only one!) div inside a HTML markup node that used dojoType and viola - dojo threw a "NICE" js error in IE (you know how js is debuged in IE don't ya?)


So be very very careful when closing tags and using IE+dojo

IE8 and Opera 10 differs to ALL other browsers (FF3, Safari, Chrome, IE6, IE7) in positionin an absolute element inside a div.
If you have something like this:

....

If you don't put the right: 0px the element won't keep it's original position an will go to the left side of the div becase IE8 and Opera will put default left: 0px if nothing set.
All other browsers will keep a's original position (no left: 0px;)
hope that help to someone.
Keywords: IE8 Opera absolute positioning problem

Q: Why does Apache Web server in Debian has 'It works!' page as it's default host?
A: Because after you have setupped a complex VirtualHost configuration for half an hour or more (yesh, there can be such), it's nice to see that 'It worked!'
--answered by valqk.

You need to install 2 utils to monitor and query your smart array:

apt-get install arrayprobe cpqarrayd
the one is a daemon that logs events from the controller - cpqarrayd (thanks velin)
arrayprobe is the cli tool.

More links on the topic:
source I've got this from.
driver and utils page.

if you have faulty drive

hope that helps.