Tuesday, November 27, 2012

pbuilder set proxy

I have always dabbled with Debian package building. And the tool of choice is pbuilder.

I now learnt that even if you have an proxy set in your /etc/apt/preferences, pbuilder does not look at that.

If you are like me, and stuck with cheap DSL, you may be forced to run an apt-cacher. That way you don't need to waste valuable bandwidth on already downloaded packages.

But in order to make pbuilder make use of your apt-cache, you just need to set this

export http_proxy=http://your-proxy:8080/ in ~/.pbuilderrc


 HTH
Brent

Monday, October 15, 2012

Quick install of SourceGuardian on Debian Sqeeze

This is a very *quick* howto, to install SourceGuardian on your Debian server.

First go to SourceGuardians download page
Untar the tarball

cp ixed.5.3* to /usr/lib/php5/20090626/

Create  /etc/php5/conf.d/sourceguardian.ini and add

[sourceguardian]
zend_extension=/usr/lib/php5/20090626/ixed.5.3.lin

And that should be it. You can double check by running

root@chs-bld03-v:/tmp/SG# php -v
PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli) (built: Aug  6 2012 14:18:06)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with SourceGuardian v8.2, Copyright (c) 2000-2010, by Inovica Ltd.
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

(you may need to restart apache2)

HTH
Brent

Monday, September 17, 2012

Increasing a KVM guest's Memory

Recently the need came up to increase the amount of RAM I had allocated for my puppetmaster.

The option setmem looked promising so I tried the following command, but long story short, that did not work. Got some weird error message about 'setmem' not supported.

error: Unable to change MaxMemorySize
error: this function is not supported by the connection driver: virDomainSetMaxMemory

I edited the XML in, and restarted the VM. But that too didnt work.

I tried the following, and this worked.

virsh shutdown puppetmaster
virsh dumpxml puppetmaster > /tmp/puppetmaster.xml
 
 
## BEFORE ##
..
 <memory>524288</memory>
  <currentMemory>524288</currentMemory>
..
 
## AFTER  ##
..
 <memory>1048576</memory>
  <currentMemory>1048576</currentMemory>
..
 
I then ran 
virsh define /tmp/puppetmaster.xml
 
Start the VM, and the proceeded to run.
 
virsh dominfo puppetmaster 
Id:             45
Name:           puppetmaster
UUID:           ce5c7089-059b-7091-6da9-59a2e24811ad
OS Type:        hvm
State:          running
CPU(s):         1
CPU time:       55.8s
Max memory:     1048576 kB
Used memory:    1048576 kB
Persistent:     yes
Autostart:      enable

 
HTH

Brent

Monday, August 13, 2012

Puppet client cert clash

Im starting to add Puppet to my skillset.

I made a mistake on my test vm, so I rebuilt it, and I thought, just doing a :

puppetca --revoke puppetclient1.test.com

Would suffice ... I was wrong.

For I got  

root@puppetclient1:~# puppetd --waitforcert 60 -t --server puppetmaster.test.com
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run


I found out that you actually need to
a) On the client, cd to '/var/lib/puppet/ssl/'. Just run 'find .', and then rm only those certs that are applicable to your client (Dont rm ca.pem).
b) On the puppetmaster, run, 'puppetca clean puppetclient1.test.com'
c) On the puppet client run 'puppetd --waitforcert 60 -t --server puppetmaster.test.com'
d) On the puppet master, puppetca --sign puppetclient1.test.com

HTH
Brent

Monday, July 30, 2012

Mediaserver Raid 0

On my Mediaserver (OS is FreeBSD), Ive be battling with drive space, and im always shuffling content around.

Last night was the final straw.

I backed up my content to an external drive, and then I proceeded to create a stripe across my three drives. This will allow me to use and add each drives space and make it look like one giant volume.

Note. If you do this, drives do need to be of equal size.
I have three old IDE 110G drives, that I put to some use.

N.B.  Raid 0 provides no data redundancy.
Remember this exercise is to create a larger logical disk.

First we tell what Kernel to load for boot time.
echo 'geom_stripe_load="YES"' >> /boot/loader.conf

Load the kernel module
kldload geom_stripe

Although, I moved the data, and want to start off on a clean slate.
gpart destroy -F /dev/ada0
gpart destroy -F /dev/ada1
gpart destroy -F /dev/ada4

Now to create my stripe
gstripe label -v st0 /dev/ada0 /dev/ada4 /dev/ada1

bsdlabel -wB /dev/stripe/st0
newfs -U /dev/stripe/st0a

And thats that. Last is for me to add my stripe, so that is can be mounted on next reboot.
echo "/dev/stripe/st0a /mnt ufs rw 2 2" >> /etc/fstab

Here is a few commands to see how and what your stripe is doing.
gpart show
gstripe list
gstripe status


HTH
Brent

Thursday, July 26, 2012

Resume losts screen session

Ever have it that you cant for some reason reattach to a screen session.

torry# screen -r
There is a screen on:
    52146.pts-0.torry    (Attached)
There is no screen to be resumed.

Run

screen -D

If you have more than one attached screen, you can specify a particular screen to detach.

screen -D 1636.pts-21.hostname

Then run 'screen -r' again.

HTH
Brent



Sunday, July 22, 2012

IP alias to solve hung NFS mount



Working on FreeNAS, Ive had to research a hung NFS mount everytime I reboot FreeNAS or something silly.

A trick to execute on the NFS client , is to add an alias to the interface with the IP of the NFS server.

In Linux the command for that is something roughly like: 
ifconfig eth0:fakenfs 192.0.2.55 netmask 255.255.255.255
For FreeBSD: 
ifconfig em0 alias 192.0.2.55 netmask 255.255.255.255
And then to remove it:
ifconfig em0 delete 192.0.2.55 

HTH

Brent 


Thursday, July 19, 2012

PHP error log => Remember log permissons

This is more for me self than anything else.

When enabling PHP error logging, for clients,  do:

Edit php.ini file (or create a new one in conf.d (/etc/php5/conf.d/php.ini)).

error_reporting = E_ALL & ~E_DEPRECATED
display_errors = Off
log_errors = On
error_log = /var/log/apache2/php-error.log


THEN !!!!!

Remember to chown 0666 the $error_log.

For on apache restart. The owner is root root, but user www-data, cant write to it.

HTH

Brent






Tuesday, July 17, 2012

FreeNAS KVM guest nic woes

I’m in process of testing FreeNAS on my KVM host. The problem I experienced was that FreeNAS was not picking up the Ethernet interface.

I even ran 'pciconf -vl', and lo and behold there was the nic.
I really couldn’t understand, for the below command sure works for FreeBSD 9.

This is the general  command I use for a FreeBSD guest:

virt-install --connect qemu:///system -n freebsdguestname -r 512 --vcpus=1 --disk path=/space/freebsdguest.img,size=12 -c /iso/freebsd.iso --vnc --noautoconsole --os-type unix --os-variant freebsd7 --accelerate --network=bridge:br0 --hvm;

So not to spend to much time trouble shooting, I added '--network=bridge:br0,model=rtl8139'


And it all worked.
HTH
Brent




Add additional drive or storage to a KVM guest

Ever needed to attach an additional virtual drive or storage drive to your KVM guest?

Heres how you can.

Firstly, I recommend that you backup your data!

On the KVM host, create the 'drive' with either of the following two commands

qemu-img create -f qcow2 /path/moredrivespace.img 10G
or
dd if=/dev/zero of=/path/moredrivespace2.img bs=1 seek=10G count=0

This is where it gets interesting.

Now to add your new 'drive', to your KVM guest.

Run the command 'virsh'
Welcome to virsh, the virtualization interactive terminal.
Type:  'help' for help with commands
       'quit' to quit
virsh # attach-disk KvmGuestDomainName /path/moredrivespace
.img vdo

By default or by specifying the target of vdo, the default driver will be
Virtio. If you are a FreeBSD user like I am. You will struggle, for FreeBSD will not see the device. I find you need to use a SCSI device. And inorder to use / do so, you need to run this command.


attach-disk KvmGuestDomainName /space/moredrivespace.img sda

I also found for FreeBSD, its best to use the dd command. 

As per usual, Linux guests just work.
;)

And then reboot your VM.

HTH
Brent 




Saturday, May 26, 2012

Exim Commands

Debug a mail delivery:
 exim -bt -d email@address.com 
Retry message delivery:
 exim -M messageID
Force delivery of all message:
 exim -qf
Force delivery of all message and delete of frozen ones:
 exim -qff
Shows log delivery for a message:
 exim -Mvl messageID
Display message body:
 exim -Mvb messageID
Display message header:
 exim -Mvh messageID
Delete a message without warning:
 exim -Mrm messageID
Count messages in queue:
 exim -bpr | grep "<" | wc -l or exim -bpc
Display all messages from queue:
 exim -bp
Count frozen messages:
 exim -bpr | grep frozen | wc -l
Delete frozen messages:
 exim -bpr | grep frozen | awk '{print $3}' | xargs exim -Mrm
 
P.s. You can get some more cool tips from exim cheatsheet 

Saturday, May 12, 2012

Today I needed to set up connections to 2 different ports, running on a machine, sitting behind my firewall.

I knew that I needed to set up a SSH tunnel from my laptop to the server, but I certainly did not want to open 2 different shells each time I wanted to connect to the ports.

Thankfully, the ssh command allows you to specify multiple tunnels through the same server in one command. The command to do this is:

ssh -c arcfour  -C -L 8080:127.0.0.1:8080 -L 8081:127.0.0.1:8081  homedsl.org

Monday, April 23, 2012

Im amazed by how many people don’t know about runlevels, let alone, to identify what runlevel you are in.

To see what runlevel you are in.

who -r
or
/sbin/runlevel


HTH
Brent

P.s. To find out about runlevels

Friday, April 13, 2012

This is more for me, than for anyone. I always seem to forget this command.

If you need to discover from which package a particular program came from, you can use this command.


dpkg -S /usr/bin/ssh
openssh-client: /usr/bin/ssh



HTH
Brent

Wednesday, April 11, 2012

Where I work, we had an interesting request from a client.  This client is a mass mailer. And they wanted a means to self configure exim, for which ip a domain must be listening on.

Heres how I did it.

First we create the router:
vi /etc/exim4/conf.d/router/350_exim4-config_vdom_aliases
vdom_aliases:
      driver = redirect
      allow_defer
      allow_fail
      domains = dsearch;
/path/for/client/mail/virtual
      data = ${expand:${lookup{$local_part}lsearch*@{/path/for/client/mail/virtual/$domain}}}
      retry_use_local_part
      pipe_transport   = address_pipe
      file_transport   = address_file
      no_more


Next we copy the orignal remote_smtp transport
cp /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp  /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_new

vi  /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_new

 remote_smtp_new:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
  helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
interface = ${if exists {
/path/for/client/mail/domainiplist}{${lookup{$sender_address_domain}lsearch*{/path/for/client/mail/domainiplist}{$value}{}}}{}}
helo_data = ${if exists {
/path/for/client/mail/domainhelolist}{${lookup{$sender_address_domain}lsearch*{/path/for/client/mail/domainhelolist}{$value}{$primary_hostname}}}{$primary_hostname}}

Then 

vi  /etc/exim4/conf.d/main/000_localmacros
MAIN_LOCAL_DOMAINS = @:localhost:dsearch;/path/for/client/mail/virtual

Wednesday, April 4, 2012

Create passwords

As an admin, im amazed by the passwords I come across.

Heres a little tool and command to help.

pwgen -Bnyc

-B Don't include ambiguous characters in the password
-n Include at least one number in the password
-y Include at least one special symbol in the password
-c Include at least one capital letter in the password

Add a number to set password length, add another to set how many password to output. Example:

pwgen -Bnyc 12 20
this will output 20 password of 12 chars length.

Wednesday, March 28, 2012

MySQL Memory Allocation

Here is a great link that could be help for MySQL users.

http://mysql.rjweb.org/doc.php/memory

HTH
Brent

Monday, March 26, 2012

Stale NFS file handle .... WHAT !!!! (And im not even using NFS)

Today I experienced a very weird situation.

Nagios was telling me, that my hourly mysql backup process failed.

So looking at the LVM, of where we store our backups.

What do I see ...

root@sql02:/data_backup# ls -la
ls: cannot access hourly_Tue_06_mysql.tar.gz: Stale NFS file handle
ls: cannot access hourly_Mon_14_mysql.tar.gz: Stale NFS file handle
ls: cannot access hourly_Mon_20_mysql.tar.gz: Stale NFS file handle
ls: cannot access hourly_Mon_18_mysql.tar.gz: Stale NFS file handle
ls: cannot access hourly_Mon_16_mysql.tar.gz: Stale NFS file handle
total 81737756
drwxr-xr-x  3 root root       4096 2012-03-26 12:54 .
drwxr-xr-x 24 root root       4096 2010-02-04 12:39 ..
-rw-r--r--  1 root root 4645355531 2012-03-26 06:45 hourly_Mon_06_mysql.tar.gz
-rw-r--r--  1 root root 4646191698 2012-03-26 08:44 hourly_Mon_08_mysql.tar.gz
-rw-r--r--  1 root root 4647695788 2012-03-26 10:49 hourly_Mon_10_mysql.tar.gz
-rw-r--r--  1 root root 4649504933 2012-03-26 12:44 hourly_Mon_12_mysql.tar.gz
-?????????  ? ?    ?             ?                ? hourly_Mon_14_mysql.tar.gz
-?????????  ? ?    ?             ?                ? hourly_Mon_16_mysql.tar.gz
-?????????  ? ?    ?             ?                ? hourly_Mon_18_mysql.tar.gz
-?????????  ? ?    ?             ?                ? hourly_Mon_20_mysql.tar.gz
-rw-r--r--  1 root root 4644413050 2012-03-24 14:43 hourly_Sat_14_mysql.tar.gz
-rw-r--r--  1 root root 4644347702 2012-03-24 16:43 hourly_Sat_16_mysql.tar.gz
-rw-r--r--  1 root root 4644389185 2012-03-24 18:43 hourly_Sat_18_mysql.tar.gz
-rw-r--r--  1 root root 4644334737 2012-03-24 20:43 hourly_Sat_20_mysql.tar.gz
-rw-r--r--  1 root root 4644340846 2012-03-24 22:43 hourly_Sat_22_mysql.tar.gz
-rw-r--r--  1 root root 4644322947 2012-03-25 06:45 hourly_Sun_06_mysql.tar.gz
-rw-r--r--  1 root root 4644647579 2012-03-25 08:43 hourly_Sun_08_mysql.tar.gz
-rw-r--r--  1 root root 4645116133 2012-03-25 10:44 hourly_Sun_10_mysql.tar.gz
-rw-r--r--  1 root root 4645206124 2012-03-25 12:43 hourly_Sun_12_mysql.tar.gz
-rw-r--r--  1 root root 4645299884 2012-03-25 14:44 hourly_Sun_14_mysql.tar.gz
-rw-r--r--  1 root root 4645487729 2012-03-25 16:43 hourly_Sun_16_mysql.tar.gz
-rw-r--r--  1 root root 4645544082 2012-03-25 18:43 hourly_Sun_18_mysql.tar.gz
-rw-r--r--  1 root root 4645580059 2012-03-25 20:43 hourly_Sun_20_mysql.tar.gz
-rw-r--r--  1 root root 4645698797 2012-03-25 22:43 hourly_Sun_22_mysql.tar.gz
-?????????  ? ?    ?             ?                ? hourly_Tue_06_mysql.tar.gz
drwx------  2 root root      16384 2010-02-12 15:18 lost+found

Flip knows how that happened. I umount the LVM and run
 root@sql02:/# e2fsck -f -v -p /dev/mapper/vg0-data_backup
/dev/mapper/vg0-data_backup: Entry 'hourly_Mon_14_mysql.tar.gz' in / (2) has deleted/unused inode 17.  CLEARED.
/dev/mapper/vg0-data_backup: Entry 'hourly_Mon_20_mysql.tar.gz' in / (2) has deleted/unused inode 18.  CLEARED.
/dev/mapper/vg0-data_backup: Entry 'hourly_Mon_18_mysql.tar.gz' in / (2) has deleted/unused inode 270338.  CLEARED.
/dev/mapper/vg0-data_backup: Entry 'hourly_Tue_06_mysql.tar.gz' in / (2) has deleted/unused inode 21.  CLEARED.
/dev/mapper/vg0-data_backup: Entry 'hourly_Mon_16_mysql.tar.gz' in / (2) has deleted/unused inode 270337.  CLEARED.

      29 inodes used (0.00%)
       0 non-contiguous inodes (0.0%)
         # of inodes with ind/dind/tind blocks: 18/18/18
20893815 blocks used (79.70%)
       0 bad blocks
      19 large files

      18 regular files
       2 directories
       0 character device files
       0 block device files
       0 fifos
       0 links
       0 symbolic links (0 fast symbolic links)
       0 sockets
--------
      20 file


 e2fsck to the rescue  !!!!