Entries Tagged 'Linux' ↓

I really like ubuntu and I wouldn’t try anything else if it wasn’t for Xen. I was trying to install Xen + xenman/virt-manager of Ubuntu Hardy. But xenman doesn’t install (the pulled it out of the repositories) and virt-manager gives all kind of python errors. Thank you ubuntu! Very nice with a long term release. And nobody’s even answered my bugreport about this issue.

So I decided to give Fedora a try. They’re the real driving force behind libvirt and Xen (Ubuntu picks kvm over Xen). So that must work?!

Because the pc I do all my testing on doesn’t have a cdrom drive I need to do a netboot (pxe) and install the desired distribution via a remote install. Ubuntu/debian has very nice images for this to do. Fedora takes a little more work to set this up. But their installer has a lot more options than the ubuntu/debian netboot. For instance, it’s possible to start a headless vnc install with Fedora. So when the netboot image has booted, you can connect to it with a remote client via vnc. Really nice! Especially if it’s a server where you don’t want to connect a monitor to it.

So how did I set up the tftp layout for Fedora? I used the two resources for documentation:

• http://pxe.dev.aboveaverageurl.com/index.php/PXE_Booting/Fedora_Core
• http://www.fedoraforum.org/forum/showthread.php?t=25826

So after setting up the directory structure and downloading the initrd.img & vmlinuz, it was time to boot into the pxe image of fedora. This is the pxelinux.cfg/default by the way:

default install

LABEL install
kernel i386/vmlinuz
append initrd=i386/initrd.img vnc ip=dhcp ksdevice=eth0 method=http://download.fedora.redhat.com/pub/fedora/linux/releases/9/Fedora/i386/os/ lang=en_US keymap=us

After the boot I have to skip one screen which asks if it should use ipv4 and/or ipv6. It’s really annoying, but I couldn’t find a way to disable.

Why is it annoying? Because you have to hook up a keyboard + monitor for it to confirm the question. When you’ve confirmed the question it boots up the installer in which you can login with vnc. So you don’t need a keyboard anymore at that point. The vnc server port is 5901! Not the standard 5900!

The Fedora installer really looks nice and Fedora itself has some nice things and some less nicer things. But more on that in my next post about Fedora 9.

At Tim_online we have several webservers and each of them have apache2 installed running php with fcgid (a fastcgi implementation). Why this configuration and not mod_php? Because it is reasonably fast (at leaster faster than plain cgi) an secure (because it doesn’t run under the apache user).

For it to run php scripts as the website owner, you need suexec.

Suexec is a mechanism supplied with Apache that allows to execute CGI scripts as the user they belong to, rather than Apache’s wwwrun user. This improves security in situations where multiple mutually distrusting users have the possibility to put CGI content on the server.

So when u visitor requests one of the webpages of one of my customers the proces looks like this:

request -> apache -> fastcgi -> suexec -> proxy -> php file

I don’t exactly know anymore why the proxy is required, but it is
Know the problem is: suexec (by default) can’t execute the proxy file, because it isn’t owned by the php file owner. So you have to hack suexec to make this work.

I did this. And everything worked. The webservers were happy to serve al these requests untill one day apache get updated. The automatic ubuntu updates push a new version of apache with a new suexec binary. Problem!

So when you come at work there are 16 “missed incoming calls” and you co-workers are going mad with all the dissapointed customers. You look at the apache logs: hmzzz, suexec is giving 120 errors… What could that be? !Ping! Suexec ofcourse. Let’s see, how did I solve this problem the last time. First let’s download the apache sources. ./configure. Yes. now where’s suexec.c? Ah, cd support. Now,  make suexec. Wait, missing headers. Let’s install those first. Make suexec. Arrgh. It doesn’t work! Suexec -v. Wait, forgot to adjust the ap_httpd_user, ow, and comment out the offending lines. Yes, this should work. Ok. Copy it to /usr/lib/apache2. Ok, it works!

But at that time, an hour has past. If you can find the right files at once. So I decided to write down the steps I took to download, configure and compile suexec the quickest and simplest way. Here we go:

sudo apt-get install apache2-threaded-dev
mkdir -p ~/src/suexec
cd ~/src/suexec
sudo apt-get install apache2-threaded-dev
wget http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/suexec.c
wget http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/suexec.h
wget http://www.vanutsteen.nl/wp-content/uploads/2008/06/suexecc.patch
patch suexec.c suexec.c.patch -o suexec.patched.c
gcc -DLOG_EXEC='"/var/log/apache2/suexec.log"' -DAP_HTTPD_USER='"www-data"' -DAP_DOC_ROOT='"/var/www"' -I/usr/include/apr-1.0 -I/usr/include/apache2  -o suexec suexec.patched.c

That’s it! Test it by doing: sudo ./suexec -V
That should output:

-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

Basically what I did:

1. I installed the necessary headers
2. Got the latests suexec code from the apache svn repo
3. Downloaded the suexec patch from my blog
4. Patched suexec to disable the file owner check
5. Compiled suexec with the default ubuntu options

I wanted to update my hardy servers automatically, so I could spend a little less time each week working on my servers. I’ve searched through the ubuntu wiki/documentation and I think using the unattended-upgrade package is the nicest alternative.

I installed two packages:

apt-get install unattended-upgrades update-notifier-common

And then edited two files:

/etc/apt/apt.conf.d/50unattended-upgrades

// Automaticall upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"Ubuntu hardy-security";
"Ubuntu hardy-updates";
};

/etc/apt/apt.conf.d/10periodic

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::Unattended-Upgrade "1";

Now every day the server gets upgraded via /etc/cron.daily/apt

A little while ago I wrote a post about the wonderful guessnet. It really works well! It integrates so nicely with GNU/Linux that I wonder why (for example) the gnome network manager doesn’t make use of it! I’ve been playing with the thought of making a GUI for it. But for that I have to become a little better at making them

But back to why I’m writing this post: I had a problem with guessnet. I had a last-ressort profile for my wireless adapter. Whenever it can’t find a known network it looks for any open networks and tries to connect with that. But this rule didn’t work too well. It regulary got picked over any known closed network in my configuration file. So I contacted to creators of guessnet (Thomas and Enrico) and they reckoned it as a bug. After some mails they fixed it in the svn version of guessnet. So I set of to install it. I know a little of how debian packages are created so I couldn’t be too much of a hassle.

The steps I took:

sudo apt-get  build-dep guessnet
mkdir -p ~/src/guessnet/trunk
svn co svn://svn.debian.org/guessnet/trunk ~/src/guessnet/trunk
cd ~/src/guessnet/trunk
./autogen.sh && fakeroot debian/rules binary

Et voila: a package was born. And it worked like a charm! Guessnet worked better than ever.

And when I did another svn update, I saw a .gitignore file appearing. So I believe they are considering git also. Go git!

I’m now working on a project that is hosted on github AND rubyforge. And lazy as I am, I don’t want to do:

git push origin
git push rubyforge

That’s why I create a handy shortcut for it and placed it in my ~/.bashrc:

function git-push-all() {
for remote in `git remote`; do
git push $remote
done
}

What it does: it lists all remote repositories linked to that git project and pushes them all. Usage:

git-push-all

Don’t get confused with “git-push –all”! That’s something completely different!

If I browse some random “post your screenshots here” thread, I always think by myself: “I should install Conky one time, It looks godverdomme nice”. So I apt-get install conky. And what a dissapointment. It doesn’t work out of the box. You have to make and edit a conkyrc file. Just downloading some random .conkyrc doesn’t work because it isn’t geared towards your system. *Sigh* Just wished everything was apt ‘n run.

I take a fairly amount of pictures. Some months more than others. And sometimes I want to share them with relatives/friends. And everyone is using hotmail or some other crappy e-mail provider. So I want to keep the file size to a minimum. Well, then you need to batch resize the photos. What to use? If you search on google, they come up with all these cwazy shell scripts. That’s not what I want!

So I did an apt-cache search, and voila: nautilus-image-converter
Mhhh…. what’s that? After a search on google I found some promissing screenshots. so I did an:

sudo apt-get install nautilus-image-converter

Restarted Gnome and…. resized my images with two mouseclicks! Nais….
Did not have to configure, edit, google, et cetera anything. I just worked™

I usually boot up my ubuntu box with gnome, but sometimes I want to play UT (on a bare x server) or I just want to use my laptop as a server. In those cases I don’t boot into Gnome but into the terminal. But the problem is Gnome manages my wireless network card. So no Gnome, no connection.

Some months ago I started searching for a solution for this. I found several options like guessnet, whereami, et cetera. I first tried whereami. But that wasn’t a success. I required to much configuration and didn’t really felt polished at all.

I stumbled upon guessnet last week. I found it in a thread on ubuntuforums. I installed it and after some fiddling with it, I couldn’t get it to work properly. I asked some questions on the forum (nobody answered). So I had to solve it myself. After some trial and error, I managed to come up with a working configuration.

Sorry about the indenting not working. It’s this stupid highlighting plugin that does not behave properly.

My original “/etc/network/interfaces”:

auto lo
iface lo inet loopback

My working config:

auto lo
iface lo inet loopback

auto wlan0
mapping wlan0
script guessnet-ifupdown
map default: none
map autofilter: true #Look for wlan0- interfaces
map timeout: 9
map init-time: 9 #For slow drivers
map verbose: true
map debug: true

iface wlan0-home inet dhcp
test wireless essid USR5464
wireless-essid USR5464

iface wlan0-tim inet dhcp
test wireless essid Tim_online closed
wpa-psk 234243242342424
wpa-key-mgmt WPA-PSK
wpa-proto WPA
wpa-ssid Tim_online

#If all else fails: pick an open network
iface wlan0-open inet dhcp
test wireless open
wireless-essid any
wireless-mode auto

In the configuration above, the Tim_online network uses wpa security. WPA2 is available too if you want to. Just search the net for it. The interface sections are ordinary /etc/network/interfaces configurations. Except for the “test” statement. This is guessnet specific.

I installed the newer package from Debian unstable. Just to make sure it wouldn’t work due to some obscure bug.

The only drawback is that the network applet in Gnome doesn’t show the wireless connection anymore. So I can’t see what network I’m connected to. For that I have to fire up the terminal (iwconfig).

If you have some questions about it: just leave a comment.

No, it wasn’t the fault of wine. It was my fault. I installed the nvidia drivers from the Nvidia website. Wine then couldn’t find the opengl library and segfauled. So after installing the drivers from the Ubuntu repository it worked again. Now I can play Unreal Tournament again.

Wine still segfaults on me with Hardy Heron! I’m gonna look if this still works:

Does not work (segfaulting):
mkdir ~/src
cd ~/src
sudo -i
apt-get build-dep wine && apt-get source --build wine

This does work:
mkdir ~/src
cd ~/src
sudo -i
apt-get source wine
cd wine-0.9.55
./configure
make depend && make
sudo make install

(for me)