dboettger's Blog

Author Archive

Hello,

I didn’t post for a while. But now i have some new stuff. I had some trouble installing ubuntu on a Rootserver ( 1&1 ) where i only had a rescue system available. The only dependency is that the recovery console is a debian based system.

The system was already partitioned and some software raid’s were already available.

Create new swap space:
mkswap /dev/sda2

Reformat md1 with ext3:
mkfs.ext3 /dev/md1

mkdir /ubuntu
mount /dev/md1 /ubuntu

wget http://archive.ubuntu.com/ubuntu/pool/main/d/debootstrap/debootstrap_1.0.23_all.deb
dpkg –install debootstrap_1.0.23_all.deb

debootstrap –arch amd64 lucid /ubuntu http://archive.ubuntu.com/ubuntu

echo “127.0.0.1 localhost” > /ubuntu/etc/hosts
echo “ilaegir01” > /ubuntu/etc/hostname

vi /etc/network/interfaces

# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

vi /ubuntu/etc/fstab

/dev/md1 / ext3 defaults 0 1
/dev/sda2 swap swap defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0

mount –bind /dev /ubuntu/dev
mount –bind /proc /ubuntu/proc
chroot /ubuntu
apt-get update

apt-get install linux-image-server openssh-server grub

cp /proc/mounts /etc/mtab
aptitude install mdadm
mkdir /boot/grub
grub-install /dev/sda
update-grub

aptitude install nano

nano /boot/grub/menu.lst

change following lines:
kernel /boot/vmlinuz-2.6.32-21-server root=/dev/md1 ro quiet splash
AND
kernel /boot/vmlinuz-2.6.32-21-server root=/dev/md1 ro single

TO:
kernel /boot/vmlinuz-2.6.32-21-server root=/dev/md1 ro quiet splash console=tty0 console=ttyS0,57600
AND
kernel /boot/vmlinuz-2.6.32-21-server root=/dev/md1 ro single console=tty0 console=ttyS0,57600

Be warned to execute update-grub on every kernel security update, then choose the package maintainers version
of menu.lst and add the console again to the kernel parameter!

nano /etc/init/ttyS0.confab

# ttyS0 – getty
#
# This service maintains a getty on ttyS0 from the point the system is
# started until it is shut down again.

start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]

respawn
exec /sbin/getty -L 57600 ttyS0 vt100

passwd

exit

After reboot you should edit the /etc/apt/sources.list and replace it with the wolling content

nano /etc/apt/sources.list

# deb cdrom:[Ubuntu-Server 10.04 LTS _Lucid Lynx_ – Release amd64 (20100427)]/ lucid main restricted

#deb cdrom:[Ubuntu-Server 10.04 LTS _Lucid Lynx_ – Release amd64 (20100427)]/ lucid main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://de.archive.ubuntu.com/ubuntu/ lucid main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ lucid universe
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid universe
deb http://de.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ lucid multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid multiverse
deb http://de.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-updates multiverse

## Uncomment the following two lines to add software from the ‘backports’
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical’s
## ‘partner’ repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu lucid partner
# deb-src http://archive.canonical.com/ubuntu lucid partner

deb http://security.ubuntu.com/ubuntu lucid-security main restricted
deb-src http://security.ubuntu.com/ubuntu lucid-security main restricted
deb http://security.ubuntu.com/ubuntu lucid-security universe
deb-src http://security.ubuntu.com/ubuntu lucid-security universe
deb http://security.ubuntu.com/ubuntu lucid-security multiverse
deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse

aptitude update
aptitude safe-upgrade

If there is any new kernel added, then execute update-grub after the installation.
Then add the entries fot the console to the menu.lst again.

Sorry, this is just a quick post with only a minimum of explanations, but i hope i am able to help somebody out there.

Advertisements

If you want to test your SMTP authentication in postfix or any other MTA via commandline / telnet. You can create a BASE64 encoded passwordstring like that:

perl -MMIME::Base64 -e ‘print encode_base64(“00USERNAME00password“)’

Copy the base64.

Open a telnet console to your MTA like that:

telnet localhost 25

After you are connected send a ehlo message to the MTA.

ehlo server

The MTA should answer with something like that:


250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

These lines are important:


250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

Then you can enter:


AUTH PLAIN BASE64String

The MTA should reply with:

235 2.7.0 Authentication successful

Today i had some trouble with the SMTP – authentication and postfix.
I just wanted that one group is able to authenticate against my postfix.
After reading the pam documentation for a while, i found the very nice solution to create a textfile with all allowed users.

I am using postfix sasl with pam authentication.
My /etc/pam.d/smtp now looks like that:

auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/smtp.group.allow
auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_unix_passwd.so
session required /lib/security/pam_unix_session.so

Then i created the file /etc/smtp.group.allow.
This file looks like that:


# Add all the groups which are allowed
# to authenticate against postfix sasl
smtpusers

After changing these lines only users in the group smtpusers are allowed to authenticate.
Of course this can also be used for any other service using pam authentication. Just add the line
auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/
as first line in the pam.d/SERVICE – file.

As we are decided to use the great AEgir hosting system for all upcoming Drupalprojects i needed to migrate some sites from standalone installations to our new Aegir hosting system.

First i needed to backup the tables in my mysql database. My database’s name was drupal ( not that good idea ) and i was using table prefixes ( this idea was even worse 😉 ).
The tableprefix of the website was website_
Only the tables were exported, not the CREATE DATABASE!
After exporting the tables into the drupal.sql file i opened the file with a editor, searched for website_ and replaced it with an empty string.

I created the folder /var/aegir/drupal-website as user aegir on myaegirHost.

su - aegir
mkdir drupal-website

Then i copied all the content of the drupalfolder from my standalone drupalsystem to my aegirhost.

cd /var/www/drupal
scp -r * aegir@myaegirHost:/var/aegir/drupal-website

Then i needed to copy and import the mysql database.

Source host:
scp drupal.sql aegir@myaegirHost:/var/aegir/

Target host:
mysql -u root -p
CREATE DATABASE drupal;
GRANT ALL ON drupal.* TO 'drupal'@localhost IDENTIFIED BY 'drupal';
exit
mysql -u root -p -D drupal < drupal.sql

After the database and all the files has been created i created a new platform in Aegir called drupal-website and entered the folder /var/aegir/drupal-website.
Aegir then creates the new platform and imports all sites from the platform.

Then i migrated all the sites to another platform. The manually created database called drupal gets renamed to the Aegir – style site_NUMBER scheme.

If there are any missing modules for a single site (shown under the migration tab), it’s possible to add the modules on a per site base with drush.

su - aegir
cd /var/aegir/drupal-website/sites/website
/var/aegir/drush/drush.php dl modulename

After installing the missing modules it was still showing missing in the Aegir migration tab. I ignored that and clicked on the button migrate. After two minutes the site was moved to the new platform.

If u need any further assistance, don’t hesitate to contact me!

Greetings,

Dom

Again a quick documentation about my installation on my Macbook


curl -O ftp://ftp.cac.washington.edu/imap/imap.tar.gz
tar xvzf imap.tar.gz
cd imap-2007e
./configure
make
sudo mkdir -p /usr/local/imap-2007e/include /usr/local/imap-2007e/lib
sudo cp c-client/*.h /usr/local/imap-2007e/include/
sudo cp c-client/*.c /usr/local/imap-2007e/lib/
sudo cp c-client/c-client.a /usr/local/imap-2007e/lib/libc-client.a

curl -O http://heanet.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
curl -O http://www.ijg.org/files/jpegsrc.v8.tar.gz
curl -O http://freefr.dl.sourceforge.net/project/libpng/00-libpng-stable/1.2.42/libpng-1.2.42.tar.gz
curl -O http://de.php.net/distributions/php-5.3.1.tar.gz

tar xvzf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make
sudo make install

tar xvzf jpegsrc.v8.tar.gz
cd jpeg-8
./configure
make
sudo make install

tar xvzf libpng-1.2.42.tar.gz
cd libpng-1.2.42
./configure
make
sudo make install

tar xvzf php-5.3.1.tar.gz
cd php-5.3.1
./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-apxs2=/usr/sbin/apxs --sysconfdir=/private/etc --with-config-file-path=/etc --with-ldap=/usr --with-ldap-sasl=/usr --with-libxml-dir=/usr --with-kerberos=/usr --with-curl=/usr --with-zlib-dir=/usr --enable-bcmath --enable-exif --enable-exif --with-bz2=/usr --enable-ftp --with-openssl=/usr --enable-mbstring --enable-mbregex --enable-calendar --enable-sockets --with-iodbc=/usr --with-curl=/usr --sysconfdir=/private/etc --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-xmlrpc --with-xsl=/usr --with-pear --with-libxml-dir=/usr --with-iconv=/usr --with-pdo-mysql=mysqlnd --with-gd --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-shmop --with-xsl=/usr --with-iconv-dir=/usr --with-iodbc=/usr --with-snmp=/usr --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-iconv=/usr --with-pcre-regex --with-imap=/usr/local/imap-2007e --with-imap-ssl --with-mcrypt=/usr/local --enable-soap --enable-cli --with-pear
make
sudo make install

sudo nano /etc/apache2/httpd.conf

Uncomment the following line:
#LoadModule php5_module libexec/apache2/libphp5.so
to
LoadModule php5_module libexec/apache2/libphp5.so

Restart Apache!

sudo apachectl restart

Today i tried to install ZendServer on my Macbook. The installation of the server is a bit buggy. I had to adjust some settings to get the server work.
It was not possible to open the configuration page on localhost 10081 or 10083 (https). There was some trouble with a missing certificate for lighttpd
I made these changes:

Edit the /etc/profile and added these two lines at the end of the file.
PATH=$PATH:/usr/local/zend/binLD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/zend/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/zend/lib

Then i changed the directory to /usr/local/zend/etc/tls/certs and creadted the missing certificate with openssl.
sudo openssl req -new -x509 -keyout server.pem -out lighttpd.pem -days 365 -nodes

To execute apache on port 80 and on localhost only i had to edit apachectl and httpd.conf
nano /usr/local/zend/apache2/conf/httpd.conf
I changed the line
Listen 10088
to
Listen 127.0.0.1:80

nano /usr/local/zend/apache2/bin/apachectl
I changed the line
to
I was now able to start the server with
/usr/local/zend/bin/zendctl.sh start
And to stop i just execute
/usr/local/zend/bin/zendctl.sh stop

Updated Guide with php 5.3.1

MySQL

Just install the package from mysql.com.

Macports

First install the Macport from macports.org. You also need the Apple developer tools to compile software. The developmentkit from apple ships with the wonderful gcc compiler 😉 .

After you install macports ( a package management for MacOSX) you are able to install the needed libraries. Just execute the following commands:

sudo port install jpeg
sudo port install libpng
sudo port install freetype
sudo port install mcrypt
sudo port install libiconv
sudo port install cclient

Oracle Installation (Instantclient only):

Download the oracle client basic Version 10.2 and SDK 10.2 from the Oracle download page.
Move the extracted files to /opt/instantclient_10_2.

export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/sdk/include/:/opt/oracle/instantclient_10_2:.

cd /opt/instantclient_10_2
ln -s libclntsh.dylib.10.1 libclntsh.dylib
ln -s libclntsh.dylib libclntsh.so

export NLS_LANG=”American_America.UTF8″
export DYLD_LIBRARY_PATH=/opt/instantclient_10_2

Download php 5.3.1 from php.net.
Extract the php sourcefile into a diretory.

./configure –prefix=/usr –with-apxs2=/usr/sbin/apxs –with-ldap=/usr –with-kerberos=/usr –with-zlib-dir=/usr –enable-exif –enable-ftp –enable-mbstring –enable-mbregex –enable-sockets –with-iodbc=/usr –with-curl=/usr –with-config-file-path=/etc/php5/php5.3.1-apache2 –sysconfdir=/private/etc –with-mysqli=mysqlnd –with-mysql=mysqlnd –with-openssl=shared,/opt/local –with-xmlrpc –with-xsl=/usr –with-pear –with-libxml-dir=/usr –with-iconv=shared,/opt/local –with-pdo-mysql=mysqlnd –with-gd –with-jpeg-dir=/opt/local –with-png-dir=/opt/local –with-freetype-dir=/opt/local –with-mcrypt=/opt/local –with-imap=/opt/local –with-imap-ssl –enable-soap –with-oci8=instantclient,/opt/instantclient_10_2 –with-pdo-oci=instantclient,/opt/instantclient_10_2,10.2.0.4 –enable-cli –with-pear

We have to edit the Makefile to run a successful compile.

nano Makefile
Edit the line with the EXTRA_LIBS = ….. stuff.
Add -lresolv to the line, save and exit the file.

After editing the Makefile we are able to compile the binaries. Just enter make to execute the compilation.

If make was successful we have to execute make install as superuser. The command sudo make install is our friend 😉 .

We have to create the following directory and link the library to it. Don’t ask just the strange oraclestuff.
mkdir -p /b/32_216/rdbms/lib
ln -s /opt/instantclient_10_2/libclntsh.dylib.10.1 /b/32_216/rdbms/lib/

Apache configuration

The last modification we have to add is the initconfiguration of the apacheservice. We need some variables set in the runtime environment.

We will edit the /System/Library/LaunchDaemons/org.apache.httpd.plist file like that or something similar for you locales.

nano /System/Library/LaunchDaemons/org.apache.httpd.plist

 

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”&gt;
<plist version=”1.0″>
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
<key>EnvironmentVariables</key>
<dict>
<key>DYLD_LIBRARY_PATH</key>
<string>/opt/instantclient_10_2</string>
<key>TNS_ADMIN</key>
<string>/opt/oracle/tns</string>
<key>LANG</key>
<string>de_DE.UTF-8</string>
<key>NLS_LANG</key>
<string>GERMAN_GERMANY.UTF8</string>
</dict>
</dict>
</plist>

 

I hope i was able to help you guys. If you have any question, don’t hesitate to contact me or post some comments.


Tweets

Advertisements