IT engineers generally know how to operate and use files and directories. However, it is generally not familiar with how the system builds out and abstracts out files and directories. As for the concept of lower levels, it is probably driven by the fact that everyone knows the most. Therefore, in order to circumvent this, one of the feasible and easy solutions is to use testdisk and other tools in a black box manner to perform data recovery when we have little or no knowledge of the bottom layer (commercial tools, recovery effect estimates Better, of course, the price of commercial tools is better. However, for engineers, most of the time, it is not enough to rely on certain tools for data recovery only in the black box. Data recovery is often a critical and time-consuming step in emergency response. In most cases, engineers are often not exclusively responsible for data recovery, and the operating environment is often a production environment. It is difficult to deploy the tool and perform operations in compliance with various constraints, and the pressure of business interruption. In this situation, engineers are likely to need to presume information on the results/time-consuming data recovery and provide data for decision makers. Obviously, if you are ready to test your meticulousness, patience, knowledge and skills, data recovery will be a good topic. Of course, one thing is clear. It is only possible to use black tools such as testdisk for data recovery. It is impossible to solve the above problems. So, is there any other simple solution? Here, we take an actual case as an example to discuss how to recover data simply and quickly using only common UNIX tools (dd/grep/strace, etc.). tool We need to use the following tools If you do not know much about data processing, please refer to OSEMN 1. Obtain data/Get data 2. crubbing data/cleaning data 3. exploring data/exploration data 4. modeling data/modeling data 5. interpreTIng data/interpretation data Using Virtualbox, build a Linux lab environment based on CentOS/Fedora/debian/Ubuntu. Just learning strace tools and the following system calls is enough to track how the system handles issues such as LVM physical volume metadata. What is metadata? We use an example of a storage device as a disk that everyone is familiar with. Modern operating systems create multiple layers of hierarchy on the disk to manage and control the disks. For example, disk partitioning, establishing physical volumes on partitions, creating volume groups on physical volumes, establishing logical volumes on volume groups, and creating file systems on logical volumes is an example of this. If you are not familiar with LVM, refer to Logical Volume Manager. These layered structures are very similar. Take disk partitioning as an example. The so-called partition is based on the MBR: Master Boot Record structure that is most familiar to you. In fact, the first sector records the starting sector, size, and type of each partition. When the system needs it, for example, during the startup process, the system can get the data of each partition as long as the system reads the data from the first sector of the disk. Take a look at the partition's data structure. Take fdisk as an example, the data structure of the partition is defined as Let's take a look at a specific partition example to verify the data structure Partitioning makes the sectors on the disk different. The first sector (whose number is actually 0) plays a special role because the partition data is recorded on it. Obviously, for the system, managing and operating partitions is actually reading and writing the corresponding records on the first sector. Similar to the partition information system to manage the data of a layer of resources is metadata. Each hierarchical structure that the system establishes on the disk has a data structure similar to the partition structure. Taking the LVM architecture as an example, we can compare the disk record with the data reported by the LVM tool. The LVM data starts from the second sector and the volume group data is in the eighth sector. The dd command can be used to extract the relevant sectors to verify the LVM data structure. The following is a complete LVM metadata information. Interested parties can inventory each object one by one. Metadata and Data: Data Damage Classification The system divides the sector of the disk into two types to support the partition: the first sector and all other non-first sectors. And record the partition information, ie metadata, on the first sector. The other non-first sectors are used by the partition layer. From the perspective of the disk, other non-first sectors are data portions. We examine the disk, partition, and LVM structure layer by layer When the system starts up, it reads layer-by-layer meta data and creates data structures for each layer. If a layer of metadata is damaged or lost, then the system has no way to complete the tasks of creating data structures at each layer. In this case, from the perspective of the customer, it is very likely that the data is corrupted. For example, if you overwrite the first sector with 0, the system will not recognize the partition contents. Of course, in this case, the contents above the partition layer, such as physical volume information, cannot be processed by the system. Therefore, for data recovery tasks, repairing metadata is always necessary if the metadata is corrupted, and it is often the first step. Of course, if the data is corrupted, even if the metadata is intact, the data is corrupted. For example, if you accidentally deleted a file, then the partition structure will not help if the file is deleted. Based on the above analysis, we can simply classify data corruption into three categories: metadata corruption, data corruption, or mixed damage of the first two types of damage. Metadata repair can be easily handled Take disk-based partitioning, LVM, and file systems as an example. Hierarchical structure of the data format has a strict format (such as a partition of the data structure is a C struct), the emergence of a fixed position (the partition of the metadata recorded in the first sector of 446 to 462 bytes) , And these data structures often have magic numbers (for example, the type of partition 83), and the commonly used hierarchical structure is nothing more than partition, LVM, and file systems. Therefore, we can easily trace and check the metadata and how the system handles metadata. Therefore, it can be expected that there are simple solutions for repairing metadata. principle If there is data corruption, the data cannot be recovered unless there is a log, backup, or data logic is available. For example, with a normal file deletion operation, the system simply releases the link between the file name and the file content. The content of the file itself is still recorded on the disk. In this case, the file can be restored by simply restoring the link between the file name and the contents of the file. In contrast, the simple case is metadata corruption. If only the metadata is corrupted, and we know the correct metadata. Because metadata operations do not touch the data portion, we can recover the data simply by rebuilding the metadata portion. If multiple layers are involved, layer-by-layer recovery is sufficient. Take partition loss as an example. For example, we have a data disk. We only used fdisk to divide the entire disk. Now the partition is lost. In this case, using fdsik, by default, repartitioning will restore the partition. In this case, we give a useful analysis process. symptom client feedback After the drop is restarted, the system fails to start The investigation found that the client failed to mount a logical volume and failed to restart. Comment out the mount configuration of the logical volume in /etc/fstab and the system starts successfully. However, there are important data on the customer's logical volume. This logical volume is on the data disk and the data disk size is 2TB. All 2TB of this disk is allocated to one partition. An LVM structure is created on this partition. The partition data is as follows Preliminary troubleshooting First determine if there is data on the partition. By looking at some of the sectors, we have a very high probability to confirm this. Of course, it is also possible to confirm sector by sector. Sector-by-sector confirmation can be handled with the following command. Assume the disk is /dev/vdb. Of course, it can also be confirmed by sampling inspection. This method is usually to check the previous sector of the disk partition. For example, in the following example, we can confirm that there is data on the disk by checking the first few tens of sectors. Next use the testdisk tool to recover the data. Attempt several times, the testdisk tool always stalls when scanning to 2%, the process can not continue. Initial recovery attempt The partition is still there, but the LVM structure is lost. After checking, the backup data /etc/lvm/backup/vg_xxxxxx file maintained by the LVM tool chain is still in the process. Therefore, in this case, according to our recovery process, as long as we are trying to rebuild the LVM and file system on the partition, we should be able to solve the problem. To recover the LVM structure based on the backup data, refer to Recovering Physical Volume Metadata. Unfortunately, our first step was to collapse. It looks like the partitioned data is wrong in some places. According to the above command error message, comparing the backup data and partition data of LVM, we soon discovered the problem. Existing partition records have fewer sectors owned by them than the number of sectors recorded on the LVM volume group. where is the problem? For various reasons, we cannot confirm why the partition information and the LVM backup data are inconsistent. However, we can further extract and analyze data from disk. Since the metadata about the partition is (partitioned), we further check that there is no metadata about LVM on the disk. Just use the following command line The results and their results are analyzed as follows So, there is metadata about LVM on disk, but why isn't the system building LVM structures from this data? We create a test environment that uses strace to track down the system's execution path to the LVM physical volume metadata. The following command can be Of course, a better way is to place strace records in files for scrutiny. We use the strace and grep commands in combination to confirm the system's default LVM physical volume location. If you do not have the patience to analyze the following data, please skip the screenshot directly behind The data cleaning results are as follows. If there is no patience analysis, please skip directly to the following analysis screenshot Obviously, the system expects the LVM metadata to be in the 8th sector of the partition, but on the disk that needs to be restored, the LVM metadata is in the 71st sector, and the partition's starting sector is 2048. Therefore, LVM data is not in the partition at all. This is why there is LVM metadata on the disk and the system does not recognize the cause of LVM. Since the system is unable to recognize the LVM structure due to the wrong sector of the metadata about the LVM, it is assumed that by repartitioning, we adjust the LVM metadata to the 8th sector of the partition. With a little calculation, it will be found that only the initial sector of the partition is adjusted from the 2048th sector to the 63rd sector. Not only that, but by adjusting the partition size, we also solved the problem of insufficient disk sector partitions. Data Recovery The newer fdisk tool does not allow the starting sector to be smaller than 2048. Therefore, we use the parted tool to adjust the starting sector of the partition. The adjustment process is to delete the sector and create it later. As a result, as we expected, the partition adjustment was completed and the customer's data was immediately restored. Physical volumes, volume groups, logical volumes, file systems, and data are all intact. From the handling of this practical case, we can see that if we know how to identify each layer of metadata, such as partitions, LVMs, and file systems, and we can track the logic of the system to process metadata at each layer, then we use a combination of dd, od and other tools commonly used by UNIX. It is sufficient to handle metadata corruption simply and effectively, and recover data quickly. If you have mastered the common system calls and mastered the strace tool, then you can get the answer by simply analyzing the strace output for how to identify the metadata and how the system handles the metadata. In addition to being easy to learn, simple, fast, and efficient, the metadata restoration program has an advantage that it can ensure that data is not destroyed. This may be the biggest highlight of this program. The sound quality of small speakers is also good. It does not have the same large speakers and power as HIFI speakers, and its sound quality cannot compete with large speakers due to physical limitations. But for the vast majority of users who are not golden ears, the use of small speakers with tablets and mobile phones is sufficient to meet their hearing needs. Wireless Retro speaker,Waterproof Retro speaker, Portable Vintage speaker,Rechargeable Vintage speaker Shenzhen Focras Technology Co.,Ltd , https://www.focras.com
For Bluetooth retro speakers, I personally think that when many people buy speakers, the appearance is the first priority and the function is second.
We focus on retro Bluetooth speakers,It has high energy density, mini size, light weight and diversified shapes;Excellent fast charging performance, support fast charging and other excellent features
with a brand-new design, showing retro nostalgia without losing fashion. It uses a 2.5-inch speaker and has many functions such as FM radio, Bluetooth fast connection, multi-mode switching, and HIFI high fidelity. Wireless Bluetooth 4-10 hours of playback (at 50% volume), which adds to its unique charm.