Category Archives: Linux


I’m finally jumping in on the Docker bandwagon and it is pretty exciting.  Here’s how I did a quick trial of it to make it work.

Install OS

I could do this in my AWS account, or I can do it with my local private cloud.  So many options these days.  I installed the latest Ubuntu 14.04 Trusty server on my local cloud.  It probably would have been just as easy to spin it up on AWS.

I had to get my proxy set up correctly before I could get out to the Internet.  This was done by editing /etc/apt/apt.conf.  I just added the one line:

Acquire::http::Proxy "";

Configure for Docker

I followed the docker documentation on this.  Everything was pretty flawless.  I ran:

sudo apt-get update 
sudo apt-get install
sudo ln -sf /usr/bin/ /usr/local/bin/docker
sudo sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/ 
source /etc/bash_completion.d/
sudo apt-key adv --keyserver hkp:// --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

sudo sh -c "echo deb docker main > /etc/apt/sources.list.d/docker.list"

sudo apt-get update
sudo apt-get install lxc-docker

sudo docker run -i -t ubuntu /bin/bash 

That last command had problems. The error I got said:

2014/10/30 15:08:42 Get dial tcp connection timed out

This is because I need to put a proxy on my docker configuration. A quick google, search lead me to do:

sudo vim /etc/default/docker

I added my proxy host

export http_proxy=""


sudo docker run -i -t ubuntu /bin/bash

And I see a ton of stuff get downloaded. Looks like it works!

Now I have docker on my VM.  But what can we do with it?  Containers are used for applications. Creating a python application would probably be a good start. I searched around and found a good one on Digital Ocean’s site.

sudo docker run -i -t -p 80:80 ubuntu /bin/bash

I like how it showed how to detach: CTRL-P and CTRL-Q. To reattach:

sudo docker ps

Get the image ID, then reattach

sudo docker attach

Docker is one of many interesting projects I’ve been looking at lately. For my own projects, I’ll be using Docker more for easing deployment. If you saw from my article yesterday, I’ve been working on public clouds as well as internal clouds. Connecting those clouds together and letting applications migrate between them is where I’ll be spending a few more hours on this week and next.

IP Masquerading (NAT in Red Hat)

In my lab I have a server that is dual homed.  It is connected to the outside network on one interface (br0) and the internal network (br1) is connected to the rest of my VM cluster.

I want the VMs to be able to get outside.  So the way I did that (on RedHat) was to create a few IP table rules.  I’ve been doing this for 10+ years now, but keep forgetting syntax.

So here it is:

# iptables -A FORWARD -i br1 -j ACCEPT
# iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

Then, of course, you have do enable forwarding in the /etc/sysctrl.conf

net.ipv4.ip_forward = 1

Finally, run

sysctl -p

for those changes to take effect.

Installing Cisco DCNM on Red Hat Linux

DCNM is Cisco’s GUI for managing MDS and Nexus products.  It’s pretty great for getting a visual of how things are configured and performing.

I thought I would go into a little more detail than I’ve seen posted online about installing DCNM on RedHat Linux.  In this example we’ll be installing two servers.  One server will be our app server and the other one will be our Postgres database server.  You can do it all in just one server, but where is the fun in that?

1. Download binaries

From Cisco’s homepage, click support.  In the ‘Downloads’ section start typing in ‘Data Center Network’.  (DCNM showed no results when I tried it) You’ll see the first entry is Cisco Prime DCNM as shown below.


We will be using DCNM 6.3.2 since its the latest and works great.  We need to download 2 files.



The installer is really all you need, but its kind of nice to use the silent installer to script the installation process.

2.  Initial VM installation

Using the release notes as our guide as well as other installation instructions we will be creating two VMs with the following characteristics:

Processors 2 x 2GHz cores
Memory 8GB (8096MB)
Storage 64-100GB


For this installation, we’re just doing this as a test, so you may need more space.  Also, notice that in the release notes it states that when doing LAN and SAN monitoring with DCNM you need to use an Oracle Database.  A Postgres Database is supported on just SAN for up to 2000 ports or just LAN for up to 1000 ports.

Create these VMs.  I’m using KVM but you can use vSphere or Hyper-V.

3.  Operating System Installation 

The installation guides show that RHEL 5.4/5.5/5.6/5.7/6.4 (32-bit and 64-bit) are supported.  I’m using RHEL 6.5 x86_64.  It comes by default with PostgreSQL 8.4.  So I might be living on the edge a little bit, but I had 0 problems with the OS.

I installed two machines:


During the installation, I changed 2 things, but other than setting up the network I accepted the defaults with nearly everything.

3.1 dcnm-app

I set up as a Desktop as shown below.



3.2 dcnm-db

Set up as a Database server as shown below


4. Operating System Configuration

There are several quick things to do to get this up and running.  You probably have OS hardening procedures at your organization, but this is howI did it to get up and running.   Do the following on both servers.

4.1 Disable SELinux

Does anybody besides Federal agencies use this?  Edit /etc/sysconfig/selinux.

Change the line to be:


This then requires a reboot.

4.2 Disable iptables

Yeah, I’m just closing the firewall.  There are some ports pointed out in the installation guide you can use to create custom firewalls, but I’m just leaving things wide open.

service iptables stop
chkconfig --del iptables

4.3 Enable YUM

If you set your server up with the RedHat network then you are ready to go.  I’m just going to keep it local bro!  I do this by mounting an expanded RedHat installation media  via NFS.  Here’s how I do it:

mkdir /media/rhel6.5

If you are cool then you can put it in /etc/fstab so it persists.

I then created the file /etc/yum.repos.d/local.repo.  I edited it to look like the below:

name=Red Hat Enterprise Linux $releasever - $basearch - Source

4.4 Install additional RPMs as needed

One that you will need on dcnm-app is glibc.i686

yum -y install glibc.i686

5. Database Installation on dcnm-db

This step is only needed on dcnm-db.  Using the info from the database installation guide we are using Postgres.  If you followed above like I did then you should just be able to see all the postgres RPMs installed.

If not, then you can install them all with

yum -y groupinstall 'PostgreSQL Database Server'

Next, start up the data base:

service postgresql initdb
service postgresql start

With the default installation of Postgres on RedHat, a user named postgres is created who pretty much does everything. We use him to configure the database.

su - postgres
created dcmdb
createuser -P -s -e dcnmuser

5.1 Postgres Config

Postgres on RHEL6.5 doesn’t accept network connections by default.  That makes it more secure.  To enable our App server to connect to it, we need to change two files.


Modify this file by adding the IP address for it to listen on.  By default its set to only listen for connections on ‘localhost’.
Change this line:

listen_addresses = 'localhost'         # what IP address(es) to listen on;

To look like this:

listen_addresses = ','

Or you can just make it ‘*’ (that says: listen on every interface). In my case this works because my Database servers IP address is, so I’m listening on eth0 and the local interface.


Modify this file by adding in a line for our DCNM user.  At the bottom of the file I added this line:

host    dcmdb       dcnmuser          md5

Once those two files are changed, restart postgres.

service postgresql restart

Now you should be ready to rock the Database server. We’ll check it in a minute. Now lets go over to the app server.

6.  Configure the App Server

You need to login via either VNC or on the console for XWindows.  VNC is probably the easiest way to see it remote.

yum -y install tigervnc-server

Start the VNC server and then you can VNC into it.

service vncserver start

You’ll then need to copy the dcmn installer that you downloaded from Cisco in step 1 as well as the properties file that you downloaded.  I put mine in the /tmp directory.  Change this to be an executable by running:

chmod 755 /tmp/dcnm-installer*

6.1 Modify the

The dcnm-silent-installer-properties file is a zip file.  When expanded it has a directory called Postgres+Linux.  In this directory is the file we will use for our installation.  For the most part, I left it alone.  I just changed a few of the entries:

USE_EXISTING_DB=FALSE  # ! make sure you add this!
#USE_EXISTING_DB=TRUE  # ! comment this out!

#------------Use Existing Postgres--------------


With that, we are ready to run!

7. Install DCNM

On the App server, we finally run:

dcnm-installer-x64-linux.6.3.2.bin -i silent -f /tmp/

If all goes well, you should be able to open a browser to dcnm-app and see the Cisco login screen.


Configure VMware from scratch without Windows

One of the things that bugs me about vCenter (still) is that it is still very tied to the Windows operating system.  You have to have Windows to set it up and trying to go about without Windows is still somewhat difficult.  In my lab I’m trying to get away from doing Windows.  I have xCAT installed to PXEboot UCS Blades to do what I want.  Its great, and its automated.  But when I installed 8 nodes to be ESXi hosts I quickly realized I needed vCenter to demonstrate this and use this as others would.

That requires vCenter.  VMware has had the vCenter appliance out for a few years now.  It runs on SLES and comes preconfigured.  The only problem is installing it when you have no vCenter client because today those clients are only made for the Windows Operating system.  How to get around this?

ovftool was the thing I found that did the job for me.  I found the link by reading the ever prolific Virtual Ghetto post on deploying ovftool on ESXi.  Since I had Linux, installing ovftool on the ESXi host wasn’t necessary for me.  Instead I just installed it on my Linux server (with some trouble since it deploys this stub and you have to make sure you don’t modify the file).

I ran the command:

ovftool -ds=NFS1 VMware-vCenter-Server-Appliance-5.0.5201-1476389_OVF10.ova vi://root:password@node01

After that, I watched my DHCP server and saw that it gave the vCenter appliance the IP address of  Hopefully you have DHCP or you might be hosed.

Then after finding the docs, I intuitively opened my web browser to (everyone knows that port number right?) I then logged in with user ‘root’ and password ‘vmware’ and started the auto setup.  After changing the IP address and restarting the appliance I was pretty golden.

Once configured, log into the appliance at and then be stoked that you have flash player already installed and that it works.  Oh you didn’t have flash player installed on your linux server?  That sucks, I didn’t either.  Guess that’s another hoop we have to jump through. But wait, then you find that Flash 11.2.0 is the last Flash that has been released for Linux.  Guess what?  VMware requires Flash version 11.5.  Nice.

At this point I just copied a Windows VM that I had laying around and started managing it from there.  The moral of the story is that you can’t do a Windows free VMware environment.  Sure, I could have done fancy scripting and managed it all remotely with some of their tools, but if I’m going to be doing all that, why should I pay for VMware?  I’d be better off just doing straight native KVM.  YMMV.

FCoE with UCS C-Series

I have in my lab a C210 that I want to turn into an FCoE target storage.  I’ll write more on that in another post.  The first challenge was to get it up with FCoE.  Its attached to a pair of Nexus 5548s.  I installed RedHat Linux 6.5 on the C210 and booted up.  The big issue I had was that even though RedHat Linux 6.5 comes with the fnic and enic drivers, the FCoE never happened.  It wasn’t until I installed the updated drivers from Cisco that I finally saw a flogi.  But there were other tricks that you had to do to make the C210 actually work with FCoE.


The first part to start is looking in the CIMC (with the machine powered on) and configure the vHBAs. From the GUI go to:

Server -> Inventory

Then on the work pane, the ‘Network Adapters’ tab, then down below select vHBAs.  Here you will see two vHBAs by default.  From here you have to set the VLAN that the vHBA will go over.  Clicking the ‘Properties’ on the interface you have to select the VLAN.  I set the MAC address to ‘AUTO’ based on a TAC case I looked at, but this never persisted.  From there I entered the VLAN.  VLAN 10 for the first interface and VLAN 20 for the second interface.  This VLAN 10 matches the FCoE VLAN and VSAN that I created on the Nexus 5548.  On the other Nexus I creed VLAN 20 to match FCoE VLAN 20 and VSAN 20.

This then seemed to require a reboot of the Linux Server for the VLANs to take effect.  In hindsight this is something I probably should have done first.

RedHat Linux 6.5

This needs to have the Cisco drivers for the fnic.  You might want to install the enic drivers as well.  I got these from  I used the B series drivers and it was a 1.2GB file that I had to download all to get a 656KB driver package.  I installed the kmod-fnic- RPM.  I had a customer who had updated to a later kernel and he had to install the kernel-devel rpm and recompile the driver.  After it came up, it worked for him.

With the C210 I wanted to bond the 10Gb NICs into a vPC.  So I did an LACP bond with Linux.  This was done as follows:

Created file: /etc/modprobe.d/bond.conf

alias bond0 bonding
options bonding mode=4 miimon=100 lacp_rate=1

Created file: /etc/sysconfig/network-scripts/ifcfg-bond0


Edited the /etc/sysconfig/network-scripts/ifcfg-eth2


Edited the /etc/sysconfig/network-scripts/ifcfg-eth3


Next restart the network and you should have a bond. You may need to restart this after you configure the Nexus 5548 side.

service network restart

Nexus 5548 Top
Log in and create VPCs and stuff.  Also don’t forget to do the MTU 9000 system class.  I use this for jumbo frames in the data center.

policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo

One thing that drives me crazy is that you can’t do sh int po 4 to see that the MTU is 9000. From the documents, you have to do

sh queuing int po 4

to see that your jumbo frames are enabled.

The C210 is attached to ethernet port 1 on each of the switches.  Here’s the Ethernet configuration:

The ethernet:

interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 1,10
spanning-tree port type edge trunk
channel-group 4

The port channel:

interface port-channel4
switchport mode trunk
switchport trunk allowed vlan 1,10
speed 10000
vpc 4

As you can see VLAN 10 is the VSAN. We need to create the VSAN info for that.

feature fcoe
vsan database
vsan 10
vlan 10
fcoe vsan 10

Finally, we need to create the vfc for the interface:

interface vfc1
bind interface Ethernet1/1
switchport description Connection to NFS server FCoE
no shutdown
vsan database
vsan 10 interface vfc1

Nexus 5548 Bottom
The other Nexus is similar configuration.  The difference is that instead of VSAN 10, VLAN 10, we use VSAN20, VLAN 20 and bind the FCoE to VSAN 20.  In the SAN world, we don’t cross the streams.  You’ll see that the VLANS are not the same in the two switches.

Notice that in the below configuration, VLAN 20 nor 10 is defined for through the peer link so you’ll only see VLAN 1 enabled on the vPC:

N5k-bottom# sh vpc consistency-parameters interface po 4

Type 1 : vPC will be suspended in case of mismatch

Name Type Local Value Peer Value
————- —- ———————- ———————–
Shut Lan 1 No No
STP Port Type 1 Default Default
STP Port Guard 1 None None
STP MST Simulate PVST 1 Default Default
mode 1 on on
Speed 1 10 Gb/s 10 Gb/s
Duplex 1 full full
Port Mode 1 trunk trunk
Native Vlan 1 1 1
MTU 1 1500 1500
Admin port mode 1
lag-id 1
vPC card type 1 Empty Empty
Allowed VLANs – 1 1
Local suspended VLANs – – -

But on the individual nodes you’ll see that the VLAN is enabled in the VPC. VLAN 10 is carrying storage traffic.

# sh vpc 4

vPC status
id Port Status Consistency Reason Active vlans
—— ———– —— ———– ————————– ———–
4 Po4 up success success 1,10


How do you know you succeeded?

N5k-bottom# sh flogi database
vfc1 10 0x2d0000 20:00:58:8d:09:0f:14:c1 10:00:58:8d:09:0f:14:c1

Total number of flogi = 1.

You’ll see the login. If not, then try restarting the interface on the Linux side. You should see a different WWPN in each Nexus. Another issue you might have is that the VLANS may be mismatched, so make sure you have the right node on the right server.

Let me know how it worked for you!

MediaWiki Installation on RedHat 5.5

In modern data center things like IPs, user accounts, passwords, and such that you used to keep in Excel spreadsheets should be rolled into the management tools.  That way, you always have the most current information.  Static word, excel and the like are old news.  Today you can see those things start to get rolled up into vCloud Director, OpenStack and others.  But for now, most people are still doing Excel spreadsheets.

This is stupid.  Please, At least use a wiki.  Catch up to 2005.

Media Wiki is one that I’ve used for years.  Its easy to install and do stuff and the syntax doesn’t take too long to learn.

Here’s how I set it up:

1.  Download Media Wiki on your Linux Server

Go to Media Wiki and download the latest stable.

cd /var/www/html
rm -rf *
tar zxvf media*
mv mediawiki-1.21.1/* .
rm -rf mediawiki-1.21.1

2.  Installing the Linux Environment

Get PHP and mysql installed on your server.  My server is a Red Hat 5.5 (yes, old )  virtual machine that I’ve had for about 2 years.  I haven’t updated to 6.x.  The easiest thing to do would be to install a new server.  CentOS 6.4 might be good, but a challenge every now and then is fun, yeah?  So to get it working, you have to have at least php 5.3.x.  To update I had to just update my OS.  Since I didn’t get my subscription set up right with Red Hat, I just figured I’d use CentOS to update.  That was pretty easy.  I just did this:

rpm -ql -p centos-release-5-9.el5.centos.1.x86_64.rpm # just to see what was in it, yep, its got the repo!
rpm -Uvh centos-release-5-9.el5.centos.1.x86_64.rpm centos-release-notes-5.9-0.x86_64.rpm # install repos

From here, I removed my older versions of php. This is just:

rpm -qa | grep mysql
rpm -qa | grep php

Then I used some:

yum -y remove

Then I updated everything:

yum -y update

This took a while. Finished, came back. Everything updated. Now I installed the right packages:

yum -y install php53 php53-mysql msyql-server php53-xml

There may have been several other RPMs that you’ll need as dependencies, but that should get you started. That’s how we got up. Don’t forget to now enable mysql and restart apache:

service httpd restart
service mysqld restart
chkconfig –level 345 httpd on
chkconfig –level 345 mysqld on

3.  Configuring via the Web Interface

Once there, go to http://<yourserver>/

You should see:

4.  Creating Content

Going to the next page it’ll start asking you questions and eventually you’ll have yourself a wiki setup.  The thing I first started looking at doing was adding a table for IP addresses.  It ended up looking like this:

This is good and helps us to know where things are.  I started to create several pages for different VLANs. It could be updated, but I wish it was update in place.  Not the best, but ok for now.


5.  Editing Help

Go here: to see all the syntax to use to do cool formatting.

Finally, now you have yourself a wiki to keep things in. Welcome to 2005.  You are awesome.  No shared Excel spreadsheet with multiple outdated copies.  Now you just have to get everyone to buy into using it.  To do that: Be the example.  Use it, refer people to it.  Pretty soon they’ll catch on.

But there is a better way right?  What could that be?  The truth is, to manage effectively, you really need to integrate the information into your management toolset.  Much in the way UCS keeps track of BIOS versions, settings, VLANs, etc, you need some kind of tool that does that.  Today you can do that with OpenStack, vCloud Director, and some others.  I’m still not sold on any of them at this point but as I start to play with OpenStack more, I hope to give more guidance and thoughts.

SSH through proxy

Problem of the day is I have a computer that is on some local intranet that can not SSH out into the real world.  There is however a proxy server on my network that I can configure in my browser to get outside internet access…

But I want ssh.  So… after a bit of internet searching and then finally some nagging to a friend who knows this stuff better than I do, we came up with the following:

1.  Download connect.c

2.  Compile connect.c on your Linux server:

gcc connect.c -o /usr/bin/ssh-proxy-connect

3.  Edit /etc/ssh/ssh_config by appending this last line:

ProxyCommand /usr/bin/ssh-proxy-connect -5 -S <proxy-server-goes here>:1080 %h %p

4.  SSH normally to where you need to go.


That’s it!  Once you get SSH through then anything can happen.  Its the ultimate firewall poker.  Back doors, etc.  You just opened up Pandora’s box.

IBM Advanced Management Module Java Setup for Linux

Here’s a common problem:
You have a Linux server and you want to open up the AMM and look at the remote video of one of your IBM blades. You do it and you see a nasty note telling you that you need to download java for this to work. Well, that’s true, but there’s a few more steps you need to do to make it work. Here is what you do:

1. Download java obediently like it says

Get the x86 version, not the x86_64. This shows up as i586. Since I typically do this on RedHat, I just get the RPM (the first one on the list)

2. Install Java

If you downloaded this with Firefox on RedHat, then it put it on your desktop:

cd ~/Desktop
chmod 755 jre-6*bin

This will then install the RPM for you.

3. Link the plugin to the Firefox plugins

This is done like so:

ln –s /usr/java/jre1.6.0_21/plugin/i386/ns7/ /usr/lib/mozilla/plugins

(note: your java version may be a later release, so make sure the path exists.

4. Trick Firefox to start as x86_64

Since the plugin is i386, for some reason the x86_64 running version of firefox won’t accept it. No problem. Edit /usr/bin/firefox.
There is a line that looks like this:

MOZ_ARCH=$(uname -m)

Change it to this:

#MOZ_ARCH=$(uname -m)

5. Restart Firefox

After stopping firefox and restarting you should be able to see your AMM remote console working just fine. Give yourself a pat on the back.
AMM remote video on CentOS 5.5

More notes on ESXi 4.1 Kickstart

ESXi 4.1 kickstart is adequate for most things but I still have several issues with it that I consider ‘bugs':

1.  If you’re not connected to a network, it doesn’t work.  This is fine since most people will be on a network with VMware anyway right?  Fine, I’ll let this one slide.  But if you just have a machine and a usb stick, then why do you need the network?  Sure you’ll have it eventually but I just want to test it on my server on my desk…

2.  The kickstart file likes to stop and give you alerts even if everything is ok.  As an example:  In the post install script if I don’t put the interpreter it stops and gives me a note:  “Interpreter not specified, using busybox”  That’s fine, that’s what the default is.  Why stop me?  The docs state clearly that the default is busybox.

3.  Name resolution doesn’t work in postscripts.  If you’re trying to get information from other hosts, it doesn’t work.  Forget it.  Just put in the IP address in your post install script.

4.  USB installations without kickstart don’t work.  You need to have a CD/DVD image.  This is lame.  In an era where most servers I deal with don’t have DVD roms, why make me buy a usb DVD drive?  A $10 usb stick should do this just fine.

5.  Lack of mount support.  This kills me.  I want to have a USB drive boot up ESXi 4.1 in kickstart and then boot up with a virtual machine.  Problem is my virtual machine is 60GB.  After digging around, I see that ESXi 4.1 can get files from a FAT32 filesystem by using the mcopy command.  (It doesn’t do a mount).  But what I really want is ext3 support so that I can copy 60GB files onto a hard disk.  I’m thinking about hacking an ext3 driver for busybox, but I don’t know how difficult that will be.   Right now, my options seem to break up my disk image into 2GB chunks so they fit on the FAT 32 partition… lame.  Anyway, please don’t tell me to consider NFS and all that stuff, because I know that’s the optimal solution.  This project is a little different than what you may be thinking of.

Anyway, I don’t want to keep complaining, so here are some nice things:

Enable SSH on the TSM.

We want SSH on our machines, even if its not supported.  So we add this to our kickstart file:

%firstboot –interpreter=busybox –unsupported –level=47

sed -ie ‘s/#ssh/ssh/’ /etc/inetd.conf

Mounting USB drives

As I mentioned you can’t mount USB drives on ESXi 4.1.  (At least I haven’t figured it out yet).  You can do passthrough with the USB drives so that the VMs can mount them, but you can’t actually mount it on the hypervisor.

However you can copy files from the FAT32 partition.  Here is an example of a command to use in a kickstart file:

mcopy -i /dev/disks/mpx.vmhba32:C0:T0:L0:1 \::IMAGEDD.BZ2 /install_cache/IMAGEDD.BZ2

(In fact, this is the exact command used by the installer to grab the bz2 image from the fat 32 partition)

So if you had a file named foo on there, you could substitute it in for the IMAGEDD.BZ2 file name and copy it onto your hypervisor.  I would do this for copying *vmx files or things like that.

There’s one catch:  The mcopy command is available during installation, but upon reboot, there is no mcopy command!  So if you want it, then a good idea is to copy it during the kickstart file to some place where you can get it after its installed.

Anyway, happy VMware VMworld to all you who are going.

opening VNC from behind a firewall

Here is the cast of characters:
1. blopr: A server that is behind a company firewall that I want to view its vnc session
2. netnet: A server that is on the internet that I have access to.
3. Me: The humble system admin who wants to view the VNC session on blopr.

Here is how I do it:

on Blopr:

vncserver :99 -depth 24 # and whatever other arguments you want to have.
ssh -R 5999:localhost:5999

On NetNet:

redir --lport=5989 --cport=5999 --caddr=

On yours-truleys humble macbook pro:

vncviewer  # enter the password for blopr's vnc session

Presto! You are in there my friend!

Bonus for you to try:  Suppose only SSH is allowed out from blopr?  This is left as an exercise to the reader.  But the trick is its very similar.