Live long and prosper!
Installing Cisco VPN Client on Ubuntu 11.10 (Oneiric Ocelot)
As always with a new Ubuntu release comes the problem of getting Cisco’s VPN client to install (and no, using vpnc instead is not really an option since the VPN concentrator doesn’t play nice and drops the connection from time to time)
The problem this time is the kernel version of Ubuntu 11.10 – The new 3.0 series kernel.
I’ve made a patch which will make the kernel module compile and install on the 3.0 kernel.
If you have the vanilla Linux client, you still need the patches here – If the installation/compile fails, make sure you have installed all relevant patches as will as the packages needed to install (ia32-libs build-essential linux-headers-`uname -r`).
Running Symantec Veritas Cluster Manager on Ubuntu
At some point Veritas has release the Cluster Manager (Java Console) for Linux. Of course, Linux means Red Hat (and other RPM based flavours). Luckily it isn’t too hard making it work on Ubuntu (and friends).
First, get the software – This requires a SymAccount. And no, I will not send you the software
Now, prepare your Ubuntu box
$ sudo apt-get install alien fakeroot
And finally convert and install the package
$ fakeroot alien -c VCS_Cluster_Manager_Java_Console_5.1_for_Linux.rpm
$ sudo dpkg -i vrtscscm_5.1.00.20-1_all.deb
$ sudo dpkg -i vrtscscm_5.1.00.20-1_all.deb
Now, from a terminal or otherwise (ALT-F2 in various Ubuntus) run
$ /opt/VRTSvcs/bin/hagui
Or create a desktop entry for the Cluster Manager to put it in the menu
Create the file ~/.local/share/applications/hagui.desktop
[Desktop Entry]
Version=1.0
Name=Veritas Cluster Manager
GenericName=Veritas Cluster Manager
Comment=Manage Veritas clusters
Exec=/opt/VRTSvcs/bin/hagui
Terminal=false
Icon=ClusterManager
Type=Application
Categories=System
Version=1.0
Name=Veritas Cluster Manager
GenericName=Veritas Cluster Manager
Comment=Manage Veritas clusters
Exec=/opt/VRTSvcs/bin/hagui
Terminal=false
Icon=ClusterManager
Type=Application
Categories=System
Copy ClusterManager.png to ~/.icons
Ubuntu Natty: Fixing ‘unknown locale’ in Python
The fix itself is the same as for Python 2.5 – only the line numbers have changed.
Open the file /usr/lib/python2.7/locale.py and find the line containing en_gb (line 921) and add these lines (this works for Danish locales):
'en_dk': 'en_DK.ISO8859-1',
'en_dk.iso88591': 'en_DK.ISO8859-1',
'en_dk@euro': 'en_DK.ISO8859-15',
'en_dk.iso88591': 'en_DK.ISO8859-1',
'en_dk@euro': 'en_DK.ISO8859-15',
In order to avoid this change getting overwritten by packages updates, I use dpkg-divert:
$ sudo dpkg-divert --add --rename --divert /usr/lib/python2.7/locale.py.real /usr/lib/python2.7/locale.py
$ sudo cp /usr/lib/python2.7/locale.py.real /usr/lib/python2.7/locale.py
$ sudo cp /usr/lib/python2.7/locale.py.real /usr/lib/python2.7/locale.py
If you wish to remove the diversion (if the package is fixed to support you locale at some point) simply run
$ sudo dpkg-divert --rename --remove /usr/lib/python2.7/locale.py
Ubuntu: Installing and running a Lodge-it pastebin
When I switched from Apache2 to nginx, the software used to run my pastebin needed to be changed (I used Perl NoPaste, which is CGI based and I didn’t feel like messing with FastCGI wrappers). Instead I chose LodgeIt.
LodgeIt is not just another pastebin, it features a clean user interface, different color schemes for sourcecode, reply to pastes, support for all languages Pygments supports, and XMLRPC support
LodgeIt spawns it’s own webserver, which I placed behind nginx.
- Install required packages
sudo apt-get install python-imaging python-sqlalchemy python-jinja2 python-pybabel python-werkzeug python-simplejson mercurial python-pygments - Go to the directory where you want LodgeIt to live and check out the Mercurial repository
hg clone http://dev.pocoo.org/hg/lodgeit-main - cd into lodgeit-main, open manage.py and change the lines
dburi
SECRET_KEY - Download the init script and place it in /etc/init.d and change the lines
APP_PATH
DAEMON_OPTS
RUN_AS - Configure autostart
sudo update-rc.d lodgeit defaults - Start the program
sudo service lodgeit start
The init-script is also available for viewing
The nginx configuration is pretty easy – the only caveat is the fact that nginx does not support IPv6 for upstream servers, which is why lodgeit is configured to explicitly to listen on 127.0.0.1 (and not localhost which on a IPv6-enabled host is ::1).
server {
listen [::]:80;
server_name my.server;
access_log /var/log/nginx/my.server-access.log;
error_log /var/log/nginx/my.server-error.log;
location / {
proxy_pass http://localhost:20000/;
}
}
listen [::]:80;
server_name my.server;
access_log /var/log/nginx/my.server-access.log;
error_log /var/log/nginx/my.server-error.log;
location / {
proxy_pass http://localhost:20000/;
}
}
Switched to nginx
Nowhere.dk has been moved to nginx (with php5-fpm) and most things seem to be working.
There is one problem though.
It seem that some of the older articles are indexed as /articles/-title-/index.php (which is sort of wrong) and accessing that type of URI results in a blank page.
The problem seem to be that I’ve configured nginx to serve file in this order:
location / {
try_files $uri $uri/ @rewrites;
}
try_files $uri $uri/ @rewrites;
}
In theory it should then be a matter of defining the right rewrite
location @rewrites {
rewrite ^/articles/(.*)/index.php$ /articles/$1 permanent;
rewrite ^ /index.php last;
}
rewrite ^/articles/(.*)/index.php$ /articles/$1 permanent;
rewrite ^ /index.php last;
}
but – There’s also a location definition for all php “files” (locations ending in .php, not files mind you) and I believe that the .php locations are handed over to php5-fpm withouth nginx actually testing to see if it’s there.
Perhaps I can solve this – but it is a minor problem.
Android: ASCII Android – splash1 image
The image itself was taken from the Android bios boot animation – I haven’t been able to find
the name of the author but all credits go to him (or her)
Use fastboot to install the image
$ fastboot flash splash1 splash1.img
sending 'splash1' (750 KB)... OKAY
writing 'splash1'... OKAY
$ fastboot reboot
sending 'splash1' (750 KB)... OKAY
writing 'splash1'... OKAY
$ fastboot reboot
Tip: Change the Chrome proxy settings when running Xubuntu (Xfce)
For a long time, in the olden days, I ran Xubuntu – mainly because I loved the simplicity of the desktop (and also because it was a lot lighter on my machine, a Thinkpad T40, than GNOME. And I just have no love for KDE). Then some changes were made to the menu system (or the way to edit it) which annoyed the hell out of me – that combined with a new, more powerful machine, I decided to switch to GNOME, which I’ve been running for a couple of years.
Recently two things have happened
- Ubuntu decided to switch to Unity as the default graphical environment
- GNOME released 3.0 and announced that GNOME 2.x will no longer be actively developed (bug fixes only)
While both Unity and gnome-shell look nice and definitely have their place (I’m guessing they will both appeal much more to new users than GNOME2 ever did as well as work a lot better on netbooks and tablets) they both felt like they were hindering me in actually using my computer. Enter Xubuntu. Xfce felt like home :)
Now that I’m done rambling, let’ get down to business.
Google Chrome does not support Xfce, in the sense that it normally uses the proxy settings from GNOME or KDE; when running neither the proxy settings are simply not available. There are some hacks available to utilize the GNOME preferences infrastructure, but it seems cumbersome.
Chrome also support configuring proxy settings on the command line, in a rather neat way actually
- –proxy-server=”foopy:99″
Use the HTTP proxy “foopy:99″ to load all URLs. - –proxy-server=”https=proxy1:80;http=socks4://baz:1080″
Load https://* URLs using the HTTP proxy “proxy1:80″. And load http://* URLs using the SOCKS v4 proxy baz:1080″.
neat indeed, but not very efficient if you have a lot of rules – Normally one could use Proxy Switchy! but since it relies on the proxy configuration in Chrome it also does not work in Xfce. Proxy Auto Config to the rescue.
A PAC file, in essence, is a Javascript which returns what proxy to use for a given URL or IP (if any).
An example
function FindProxyForURL(url,host)
{
var resolved_ip = dnsResolve(host);
if (isPlainHostName(host))
return "DIRECT";
else if (host == "server1.my.corp" ||
host == "server2.my.corp")
return "PROXY proxy.my.corp:8080";
else if (isInNet(resolved_ip, "192.168.1.0", "255.255.255.0") ||
isInNet(resolved_ip, "192.168.4.0", "255.255.255.0")
)
return "DIRECT";
else
return "PROXY localhost:18080";
}
{
var resolved_ip = dnsResolve(host);
if (isPlainHostName(host))
return "DIRECT";
else if (host == "server1.my.corp" ||
host == "server2.my.corp")
return "PROXY proxy.my.corp:8080";
else if (isInNet(resolved_ip, "192.168.1.0", "255.255.255.0") ||
isInNet(resolved_ip, "192.168.4.0", "255.255.255.0")
)
return "DIRECT";
else
return "PROXY localhost:18080";
}
I use Dropbox to keep the proxy config in sync between machines.
To use the proxy pac, I created a copy of the Chrome launcher
$ cp /usr/share/applications/google-chrome.desktop ~/.local/share/applications
Now, locate all lines containing
Exec=/opt/google/chrome/google-chrome
and change it to
Exec=/opt/google/chrome/google-chrome --proxy-pac-url=file:///path/to/proxy.pac %U
or
Exec=/opt/google/chrome/google-chrome --proxy-server="https=proxy1:80;http=socks4://baz:1080 %U
That’s it. The next time you launch Google Chrome, it will use the proxy settings configured in the application shortcut.
Ubuntu: Install Percona XtraBackup
Percona XtraBackup is an open-source hot backup utility for MySQL that doesn’t lock your database during the backup. It can back up data from InnoDB, XtraDB, and MyISAM tables on MySQL 5.0 and newer servers, and it has many advanced features. Commercial support contracts are available. For a high-level overview of the features, including a feature comparison, please see the XtraBackup homepage.
Luckily installing XtraBackup is pretty easy
$ sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
$ echo "deb http://repo.percona.com/apt maverick main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install xtrabackup
$ echo "deb http://repo.percona.com/apt maverick main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install xtrabackup
I wrapped the backup program in a small shell script
#!/bin/bash
BDIR="/home/backup/mysql"
# Run backup
/usr/bin/innobackupex-1.5.1 --stream=tar --defaults-file=/etc/mysql/my.cnf ./ | gzip -c -9 > $BDIR/backup.`date +%m%d%Y%H%M%S`.tar.gz
# Remove backups older than 7 days
find $BDIR -name backup.\* -ctime +7 -exec rm {} \;
BDIR="/home/backup/mysql"
# Run backup
/usr/bin/innobackupex-1.5.1 --stream=tar --defaults-file=/etc/mysql/my.cnf ./ | gzip -c -9 > $BDIR/backup.`date +%m%d%Y%H%M%S`.tar.gz
# Remove backups older than 7 days
find $BDIR -name backup.\* -ctime +7 -exec rm {} \;
I prefer to have the the username and password for MySQL in my.cnf (add these lines under [client])
user = root
password = Secreeet
password = Secreeet
Finally, add the script to root’s crontab (you know, sudo crontab -e)
0 2 * * * bash /usr/local/bin/mysql_backup.sh > /dev/null 2>&1
Natty Narwhal: Problems connecting to servers behind (Cisco) firewalls using ssh
After upgrading to Natty Narwhal I couldn’t connect to my Linux based jump host (connected via VPN):
OpenSSH_5.8p1 Debian-1ubuntu2, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/alj/.ssh/config
debug1: Applying options for *
debug1: Applying options for smallpox.xxx.dk
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to smallpox.xxx.dk [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/alj/.ssh/id_rsa type -1
debug1: identity file /home/alj/.ssh/id_rsa-cert type -1
debug1: identity file /home/alj/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/alj/.ssh/id_dsa-cert type -1
debug1: identity file /home/alj/.ssh/id_ecdsa type -1
debug1: identity file /home/alj/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu4
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer
debug1: Reading configuration data /home/alj/.ssh/config
debug1: Applying options for *
debug1: Applying options for smallpox.xxx.dk
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to smallpox.xxx.dk [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/alj/.ssh/id_rsa type -1
debug1: identity file /home/alj/.ssh/id_rsa-cert type -1
debug1: identity file /home/alj/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/alj/.ssh/id_dsa-cert type -1
debug1: identity file /home/alj/.ssh/id_ecdsa type -1
debug1: identity file /home/alj/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu4
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer
The key seem to be that Natty uses OpenSSH 5.8p1 – This problem seem to affect clients newer than 5.7p1, when connecting to older servers. And the problem seem to be restricted to connecting through some firewalls, I have no problem on my home network and when connecting to hosts running iptables.
If have found this workaround. Apparently is has something to do with the length of the cipher list and is not isolated to Ubuntu.
Edit /etc/ssh/ssh_config or $HOME/.ssh/config and add this in the Host * stanza or for the host you have problems connecting to:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,hmac-ripemd160
MACs hmac-md5,hmac-sha1,hmac-ripemd160
