DOCKER_OPTS in /etc/default/docker ignored on Ubuntu

For some reason, in debian 8 and ubuntu 15.01 systemd is skipping the execution of /etc/default/docker.

How to fix?

Copy the original systemd service file to /etc/systemd/system/

sudo cp  /lib/systemd/system/docker.service /etc/systemd/system/

Edit file /etc/systemd/system/docker.service

...
[Service]
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS
...
EnvironmentFile=-/etc/default/docker
...

Then execute:

sudo systemctl daemon-reload
sudo systemctl restart docker

Verify that /etc/default/docker is loaded

ps auxwww | grep docker
root      4989  0.8  0.1 265540 16608 ?        Ssl  10:37   0:00 /usr/bin/docker -d -H fd:// --insecure-registry 

That's it.

Purge Removed packages

Packages marked as rc by dpkg mean that the configuration files are not yet removed. The following command will purge them:

dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs -r sudo dpkg --purge

GitLab update script

I've recently installed GitLab and they provide easy to install deb and rpm packages but not a repository to help us keep our installation up to date. So I developed the following script that will check https://about.gitlab.com/downloads/archives/ for newer versions and install them when available:

#!/bin/bash
OS="ubuntu"
OS_Version="14.04"
OS_ARCHITECTURE="amd64"
# Ubuntu/Debian:
INSTALLED_VERSION=$(dpkg -s gitlab | grep -i version | cut -d" " -f2)
# CentOS:
#INSTALLED_VERSION=$(rpm -qa | grep omnibus)
# Uses sort -V to compare versions
LATEST=$(wget -q -O- https://about.gitlab.com/downloads/archives/ | grep -i "$OS" | grep -i "$OS_VERSION" | grep -i $OS_ARCHITECTURE | grep -Eo 'href=".*"' | cut -d'"' -f2 | sort -V | tail -n 1)
PACKAGE=${LATEST##*/}
LATEST_VERSION=$(echo $PACKAGE | cut -d_ -f2)
echo ""
echo " Current version: $INSTALLED_VERSION"
echo " Latest version: $LATEST_VERSION"
if [[ "$INSTALLED_VERSION" != "$LATEST_VERSION" && "$LATEST_VERSION" != "" ]]; then
    echo "    Update to $LATEST_VERSION available!"
    echo -n "     Do you wich to upgrade? [y/N]? "
    read answer
    case $answer in
        y*)
            # Backup branding:
            cp /opt/gitlab/embedded/service/gitlab-rails/public/assets/*logo*.png /tmp/
            wget $LATEST
            # Stop unicorn and sidekiq so we can do database migrations
            sudo gitlab-ctl stop unicorn
            sudo gitlab-ctl stop sidekiq
            # Create a database backup in case the upgrade fails
            sudo gitlab-rake gitlab:backup:create
            # Install the latest package
            # Ubuntu/Debian:
            sudo dpkg -i $PACKAGE
            # CentOS:
            #sudo rpm -Uvh $PACKAGE
            # Restore branding:
            sudo cp /tmp/*logo*.png /opt/gitlab/embedded/service/gitlab-rails/public/assets/
            # Reconfigure GitLab (includes database migrations)
            sudo gitlab-ctl reconfigure
            # Restart all gitlab services
            sudo gitlab-ctl restart
            rm $PACKAGE
        ;;
        *)
            echo "No change"
        ;;
    esac
else
    echo "    Nothing to do!"
fi
echo ""

I haven't tested this script on a CentOS machine so it might need some adjustments to work there.

Sorry, Command-not-found Has Crashed

When you try to execute a command that is not installed Ubuntu tries to hint you on the package that you should install but some times, especially after an upgrade, you get an error message saying:

Sorry, command-not-found has crashed! Please file a bug report at:
(...)

This solves the problem:

export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales

Install Vsftpd on Ubuntu

On my last post I've talked about enabling the userdir module on Apache, you can use vsftpd to give your users FTP access to their own pages, this is hoe you can install it:

aptitude -y install vsftpd

Then edit it's configuration file:

vi /etc/vsftpd.conf

And make the following changes:

# line 29: uncomment
write_enable=YES
# line 97,98: uncomment ( allow ascii mode transfer )
ascii_upload_enable=YES
ascii_download_enable=YES
# line 120: uncomment ( enable chroot )
chroot_local_user=YES
# line 121: uncomment ( enable chroot list )
chroot_list_enable=YES
# line 123: uncomment ( enable chroot list )
chroot_list_file=/etc/vsftpd.chroot_list
# line 129: uncomment
ls_recurse_enable=YES
# add at the last line
# specify root directory ( if don't specify, users' home directory equals FTP home directory)
#local_root=public_html
# turn off seccomp filter
seccomp_sandbox=NO

Edit the list of users that can access your server.

vi /etc/vsftpd.chroot_list

Add the users you allow to move over their home directory

Finally restart the FTP service:

service vsftpd restart

Enable userdir Apache module on Ubuntu

First activate the module:

sudo a2enmod userdir

now edit the module's conf file:

sudo vi /etc/apache2/mods-enabled/userdir.conf

and change the line:

AllowOverride FileInfo AuthConfig Limit Indexes

to

AllowOverride All

By default  PHP is explicitly turned off in user directories, to enable it edit the php module conf file:

sudo vi /etc/apache2/mods-enabled/php5.conf

and comment out the following lines:

#<IfModule mod_userdir.c>
#    <Directory /home/*/public_html>
#   php_admin_flag engine Off
#    </Directory>
#</IfModule>

Now just restart your apache srerver and that's it:

sudo service apache2 restart

You can now create a public_html folder on every users homes with the following script:

#!/bin/bash
for I in /home/*; do
 if [ ! -d $I/$FOLDER ]; then
mkdir -p $I/$FOLDER
U=$(basename $I)
chown $U $I/$FOLDER
chgrp $U $I/$FOLDER
 fi
done # for

Now if you whant to go further and create dynamic vhost for each of your users you can change your default virtual host with something like this:

<VirtualHost *:80>
    RewriteEngine on
    RewriteMap lowercase int:tolower
    # allow CGIs to work
    RewriteCond %{REQUEST_URI} !^/cgi-bin/
    # check the hostname is right so that the RewriteRule works
    RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z-]+\.example\.com$
    # concatenate the virtual host name onto the start of the URI
    # the [C] means do the next rewrite on the result of this one
    RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
    # now create the real file name
    RewriteRule ^([a-z-]+)\.example\.com/(.*) /home/$1/public_html/$2
    <Location / >
        Order allow,deny
        allow from all
    </Location>
    DocumentRoot /var/www/
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>
       # define the global CGI directory
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

This will allow you to use user.example.com to access your user's pages.

Disable IPv6 on Ubuntu

Edit your /etc/sysctl.conf file and add the following to the bottom:

#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Or you can use the following script:

echo "#disable ipv6" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf

For this changes to take effect you must reboot your system.
After rebooting you can check if IPv6 has been disabled with the following command:

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

0 means it's enabled and 1 - disabled.

Ubuntu on a MacBook Pro

This are the steps I followed to get Ubuntu running on a MacBook Pro 9,2.

Install

Note: this procedure requires an .img file that you will be required to create from the .iso file you download.

TIP: Drag and Drop a file from Finder to Terminal to 'paste' the full path without typing and risking type errors.

• Download the desired file
• Open the Terminal (in /Applications/Utilities/ or query Terminal in Spotlight)
• Convert the .iso file to .img using the convert option of hdiutil

hdiutil convert -format UDRW -o ~/path/to/target.img ~/path/to/ubuntu.iso

Note: OS X tends to put the .dmg ending on the output file automatically.

Create a bootable Ubuntu install flash drive:
Run:

diskutil list

to get the current list of devices

Insert your flash media and run:

diskutil list

again and determine the device node assigned to your flash media (e.g. /dev/disk2)
Run:

diskutil unmountDisk /dev/diskN

(replace N with the disk number from the last command; in the previous example, N would be 2)

Execute

sudo dd if=/path/to/downloaded.img of=/dev/diskN bs=1m

(replace /path/to/downloaded.img with the path where the image file is located; for example, ./ubuntu.img or ./ubuntu.dmg).
Using /dev/rdisk instead of /dev/disk may be faster.

If you see the error dd: Invalid number '1m', you are using GNU dd. Use the same command but replace bs=1m with bs=1M.

If you see the error dd: /dev/diskN: Resource busy, make sure the disk is not in use. Start the Disk Utility.app and unmount (don't eject) the drive.

Finally run:

diskutil eject /dev/diskN

and remove your flash media when the command completes

Restart your Mac and press alt while the Mac is restarting to choose the USB-Stick

Follow the on screen instructions.

WiFi

After booting into Ubuntu, the wifi card was not working, to get it to work I connected it to my router with a network cable and followed this steps:

Download the driver:

wget http://www.lwfinger.com/b43-firmware/broadcom-wl-5.100.138.tar.bz2

And install it:

tar xf broadcom-wl-5.100.138.tar.bz2
sudo apt-get install b43-fwcutter
sudo b43-fwcutter -w "/lib/firmware" broadcom-wl-5.100.138/linux/wl_apsta.o

then add:

b43

to /etc/modules and reboot

Keyboard and mouse:

This is a little extra to get natural scrolling and OS X like key bindings.

Create a Xmodmap conf file

vi ~/.Xmodmap

and paste the following inside:

!!Enable Natural scrolling (vertical and horizontal)
pointer = 1 2 3 5 4 7 6 8 9 10 11 12
!!Swap CMD and CTRL keys
remove control = Control_L
remove mod4 = Super_L Super_R
keysym Control_L = Super_L
keysym Super_L = Control_L
keysym Super_R = Control_L
add control = Control_L Control_R
add mod4 = Super_L Super_R

Under Mac OS X, the combination cmd+space opens Spotlight, to emulate this, install the package compizconfig-settings-manager.

sudo aptitude install compizconfig-settings-manager

Open it using the ccsm command, or search for it in Dash.
Find Ubuntu Unity Plugin->Behavior->Key to show the launcher and change it to <Primary>space, using the Grab key combination button. It may be also shown as <Control><Primary>space.

You can now have a behavior similar to Mac OS X in Ubuntu 12.04. You can change the virtual desktop using cmd+alt+arrow. You can cut, copy, and paste using cmd+x, cmd+c, and cmd+v and summon the dash with cmd+space.

Installing Oracle 11g R2 Express Edition on Ubuntu 64-bit

This are the steps I took to install Oracle 11g R2 Express Edition on an Ubuntu 12.04 LTS (Precise Pangolin) Server and are based on the tutorial found here:

Download the Oracle 11gR2 express edition installer from the link given below:

http://www.oracle.com/technetwork/products/express-edition/downloads/index.html

( You will need to create a free oracle web account if you don't already have it )

Unzip it :

unzip oracle-xe-11.2.0-1.0.x86_64.rpm.zip

Install the following packages :

sudo apt-get install alien libaio1 unixodbc vim

The Red Hat based installer of Oracle XE 11gR2 relies on /sbin/chkconfig, which is not used in Ubuntu. The chkconfig package available for the current version of Ubuntu produces errors and my not be safe to use. So you'll need to create a special chkconfig script, below is a simple trick to get around the problem and install Oracle XE successfully:

sudo vi /sbin/chkconfig

(copy and paste the following into the file )

#!/bin/bash
# Oracle 11gR2 XE installer chkconfig hack for Ubuntu
file=/etc/init.d/oracle-xe
if [[ ! `tail -n1 $file | grep INIT` ]]; then
echo >> $file
echo '### BEGIN INIT INFO' >> $file
echo '# Provides: OracleXE' >> $file
echo '# Required-Start: $remote_fs $syslog' >> $file
echo '# Required-Stop: $remote_fs $syslog' >> $file
echo '# Default-Start: 2 3 4 5' >> $file
echo '# Default-Stop: 0 1 6' >> $file
echo '# Short-Description: Oracle 11g Express Edition' >> $file
echo '### END INIT INFO' >> $file
fi
update-rc.d oracle-xe defaults 80 01
#EOF

Save the above file and provide appropriate execute privilege :

chmod 755 /sbin/chkconfig

Oracle 11gR2 XE requires to set the following additional kernel parameters:

sudo vi /etc/sysctl.d/60-oracle.conf 

(Enter the following)

# Oracle 11g XE kernel parameters
fs.file-max=6815744
net.ipv4.ip_local_port_range=9000 65000
kernel.sem=250 32000 100 128
kernel.shmmax=536870912

(Save the file)

Note: kernel.shmmax = max possible value , e.g. size of physical RAM ( in bytes e.g. 512MB RAM == 512*1024*1024 == 536870912 bytes )

Verify the change :

sudo cat /etc/sysctl.d/60-oracle.conf

Load new kernel parameters:

sudo service procps start

Verify:

sudo sysctl -q fs.file-max
-> fs.file-max = 6815744

Increase the system swap space : Analyze your current swap space by following command :

free -m

Minimum swap space requirement of Oracle 11gR2 XE is 2 GB . In case, your is lesser , you can increase it by following steps in one of my previous posts.

make some more required changes :

sudo ln -s /usr/bin/awk /bin/awk
sudo mkdir -p /var/lock/subsys
sudo touch /var/lock/subsys/listener

Convert the red-hat ( rpm ) package to Ubuntu-package :

sudo alien --scripts -d oracle-xe-11.2.0-1.0.x86_64.rpm

(this may take a long time)

Go to the directory where you created the ubuntu package file in the previous step and enter following commands in terminal :

sudo dpkg --install oracle-xe_11.2.0-2_amd64.deb 

Do the following to avoid getting MEMORY TARGET error ( ORA-00845: MEMORY_TARGET not supported on this system ) :

sudo rm -rf /dev/shm
sudo mkdir /dev/shm
sudo mount -t tmpfs shmfs -o size=2048m /dev/shm

(here size will be the size of your RAM in MBs ).

The reason of doing all this is that on a Ubuntu system /dev/shm is just a link to /run/shm but Oracle requires to have a seperate /dev/shm mount point.

To make the change permanent do the following :

create a file named S01shm_load in /etc/rc2.d :

sudo vi /etc/rc2.d/S01shm_load

Then copy and paste following lines into the file :

#!/bin/sh
case "$1" in
start) mkdir /var/lock/subsys 2>/dev/null
touch /var/lock/subsys/listener
rm /dev/shm 2>/dev/null
mkdir /dev/shm 2>/dev/null
mount -t tmpfs shmfs -o size=2048m /dev/shm ;;
*) echo error
exit 1 ;;
esac

Save the file and provide execute permissions :

chmod 755 /etc/rc2.d/S01shm_load

This will ensure that every-time you start your system, you get a working Oracle environment.

You can now proceed to the Oracle initialization script

sudo /etc/init.d/oracle-xe configure

Enter the following configuration information:

• A valid HTTP port for the Oracle Application Express (the default is 8080)
• A valid port for the Oracle database listener (the default is 1521)
• A password for the SYS and SYSTEM administrative user accounts
• Confirm password for SYS and SYSTEM administrative user accounts
• Whether you want the database to start automatically when the computer starts (next reboot).

Before you start using Oracle 11gR2 XE you have to set-up a few more things :

a) Set-up the environmental variables, add following lines to the bottom of /etc/bash.bashrc :

export ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe
export ORACLE_SID=XE
export NLS_LANG=`$ORACLE_HOME/bin/nls_lang.sh`
export ORACLE_BASE=/u01/app/oracle
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
export PATH=$ORACLE_HOME/bin:$PATH

b) execute your .profile to load the changes:

source /etc/bash.bashrc

Start the Oracle 11gR2 XE :

sudo service oracle-xe start

The output should be similar to following :

user@machine:~$ sudo service oracle-xe start
Starting Oracle Net Listener.
Starting Oracle Database 11g Express Edition instance.
user@machine:~$

And you're done :)

How to set the timezone on Ubuntu Server

You can check your current timezone by just running

$ date
Mon Sep 3 18:03:04 WEST 2012

Or checking the timezone file with:

$ cat /etc/timezone
Europe/Lisbon

So to change it just run

$ sudo dpkg-reconfigure tzdata
And follow on screen instructions. Easy.

Also be sure to restart cron as it won’t pick up the timezone change and will still be running on UTC.

$ /etc/init.d/cron stop
$ /etc/init.d/cron start

you might also want to install ntp to keep the correct time:

aptitude install ntp

Anti-Spam Email server

In this post I'll show you how to install an anti-spam smart host relay server, based on Ubuntu 12.04 LTS, that will include:

Postfix w/Bayesian Filtering and Anti-Backscatter (Relay Recipients via look-ahead), Apache2, Mysql, Dnsmasq, MailScanner (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), Baruwa, SPF Checks, FuzzyOcr, Sanesecurity Signatures, PostGrey, KAM, Scamnailer, FireHOL (Iptables Firewall) and Relay Recipients Script.

Continue reading for the instructions.

locale: Cannot Set LC_ALL to default locale: No such file or directory

To solve this, first try using the command:

sudo locale-gen

if this does not work check with locale -a the locale you actually got on your system and make sure you have the locale in UTF-8 encoding for every language on your system, something like this:

$ locale -a
C
C.UTF-8
en_AG
en_AG.utf8
en_AU.utf8
en_BW.utf8
en_CA.utf8
en_DK.utf8
en_GB.utf8
en_HK.utf8
en_IE.utf8
en_IN
en_IN.utf8
en_NG
en_NG.utf8
en_NZ.utf8
en_PH.utf8
en_SG.utf8
en_US.utf8
en_ZA.utf8
en_ZM
en_ZM.utf8
en_ZW.utf8
POSIX
pt_BR.utf8
pt_PT.utf8

And use the following command to generate it:

localedef -v -c -i en_US -f UTF-8 en_US.UTF-8

(It's case sensitive as far as I remember, you actually have to use the resulting locale string literally.)

If you continue to get error messages and you are accessing a remote server, check if the default locale setting on your machine is supported by the remote box.

You can check the default locale setting with:

cat /etc/default/locale

which  in my case returned:

LANG="en_US.UTF-8"

In my case the default locale on my laptop was en_US.UTF-8, but the server was using en_GB.UTF-8 only. I solved this by adding en_US.UTF-8 to /etc/default/locale (via "dpkg-reconfigure locales").

Fix alfresco share online preview

Here is what worked for me:

1. Install swftools

sudo apt-get install swftools

2. locate pdf2swf (usually in /usr/local/bin/pdf2swf)

which pdf2swf

3. open your /opt/alfresco/tomcat/shared/classes/alfresco-global.properties

vi /opt/alfresco/tomcat/shared/classes/alfresco-global.properties

edit your default setting to something like this:

ooo.enabled=true
ooo.exe=/usr/bin/soffice
jodconverter.enabled=true
jodconverter.officeHome=/usr/lib/openoffice/program
jodconverter.portNumbers=8101
swf.exe=/usr/local/bin/pdf2swf

save and then restart the alfresco:

alfresco.sh restart

Migrate/Convet VMs from Xen to VMWare

To migrate my Windows VMs I just uninstalled the Xen Tools from them and then used the VMWare Converter to migrate them as if they where physical machines.
However the VMWare Converter didn't worked so well with my Linux VMs and the converted VMs wouldn't even boot...

I've tried to export the VMs as OVF apliances from XenCenter but VSphere wasn't able to import them (although it works on the opposite direction)...

So in order to move my Ubuntu VMs from XenServer to VMWare, first I've installed an Ubuntu VM on VMWare with nothing but the base installation to be used as a template, then for each VM on XenSever I cloned this base VMWare VM and synced both using the following procedure:

Logged in as root on the source VM (on XenServer)

Uninstall Xen Tools

aptitude purge xe-guest-utilities

Generate a list of the installed packages

dpkg --get-selections > package_list

Copy the list to the destination VM (on VMWare)

scp package_list root@10.39.10.222:/root/

Install every package from that list on the destination VM

ssh root@10.39.10.222 "cat /root/package_list | sudo dpkg --set-selections && sudo apt-get dselect-upgrade"

Copy the users and groups files to the destination VM first to prevent errors during the sync

scp /etc/passwd* /etc/group* /etc/shadow* root@10.39.10.222:/etc/

Clear the network card name mapping by editing the file:

vi /etc/udev/rules.d/70-persistent-net.rules

and removing every network card entry (if any)

Copy everything from the source VM to the destination VM using rsync

rsync -avzlpEXogthe ssh --exclude 'fstab' /opt /var /etc /usr /root /home root@10.39.10.222:/

Reboot the destination VM:

ssh root@10.39.10.222 "reboot"

Stop the source VM:

halt

and thats what worked for me.

Note that this should work to migrate any Ubuntu server from any hypervisor or phisical server to another...

Install Liferay Portal on Ubuntu

Install jdk

aptitude install unzip openjdk-6-jdk default-jdk default-jre

set JAVA_HOME and LIVERAY_HOME

vi /etc/bash.bashrc

and add:

JAVA_HOME=/usr/lib/jvm/default-java export JAVA_HOME
LIFERAY_HOME=/usr/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23 export LIFERAY_HOME
export PATH=$JAVA_HOME/bin:$LIFERAY_HOME/bin:$PATH

create folder:

mkdir -p /usr/liferay

download liferay and extract it:

wget http://downloads.sourceforge.net/project/lportal/Liferay%20Portal/6.1.0%20GA1/liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip?r=http%3A%2F%2Fwww.liferay.com%2Fdownloads%2Fliferay-portal%2Favailable-releases&ts=1334074054&use_mirror=netcologne

mv liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip\?r\=http\:%2F%2Fwww.liferay.com%2Fdownloads%2Fliferay-portal%2Favailable-releases liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip

unzip liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip

mv liferay-portal-6.1.0-ce-ga1 /usr/liferay/

Setup the DB:

aptitude install mysql-srever

mysql -u root –p

Create a database:

CREATE DATABASE lportal DEFAULT CHARACTER SET utf8;
quit;

For this tutorial I will be using the MySQL root account.

Create the Portal-Ext.Properties File:

cd $LIFERAY_HOME/webapps/ROOT/WEB-INF/classes
nano portal-ext.properties

Insert the following:

#
# MySQL
#
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEn
coding=UTF-8&useFastDateParsing=false
jdbc.default.username=root
jdbc.default.password=password
schema.run.enabled=true
schema.run.minimal=true
Change the username and password as desired.

Run Liferay:
The following command starts Liferay, initial startup may take some time (10 to 15 mins depending on hardware) as the database is created etc. Please be patient.

$LIFERAY_HOME/bin/startup.sh

To access Liferay navigate to http://<Liferay Server IP ADDRESS>:8080

eg: http://192.168.0.1:8080

Vodafone K5005 (Huawei E389) 4G modem on Ubuntu

This modem works with Ubuntu Precise Pangolin (12.04) but it is not detected automatically by network manager.

UPDATE: In the comments, a reader named "Big Brother" has a nicer solution, instead of using the scripts below, just follow this steps:

1- Add these lines to /lib/udev/rules.d/40-usb_modeswitch.rules:

# Vodafone K5005 (Huawei E398)
ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14c3", RUN+="usb_modeswitch '%b/%k'"

2- Create file /etc/usb_modeswitch.d/12d1:14c3:

# Vodafone K5005 (Huawei E398)
TargetVendor= 0x12d1
TargetProduct= 0x14c8
MessageContent="55534243123456780000000000000011062000000100000000000000000000"

3- Unplug device, plug it back and it should work automagically ;)

Deprecated method:
In order to get it working with network manager I have to use the following script (it must be ran as root):

#!/bin/bash
rmmod option
modprobe option
echo "12d1 14c8" > /sys/bus/usb-serial/drivers/option1/new_id
usb_modeswitch -v 12d1 -p 14c3 -V 12d1 -P 14c8 -M "55534243123456780000000000000011062000000100000000000000000000" -n 1

Note that the commands above are for the Vodafone branded (K5005) Huawei E389 dongle, for the unbranded device the product ID is different and you should use:

#!/bin/bash
rmmod option
modprobe option
echo "12d1 1506" > /sys/bus/usb-serial/drivers/option1/new_id
usb_modeswitch -v 12d1 -p 1505 -V 12d1 -P 1506 -M "55534243123456780000000000000011062000000100000000000000000000" -n 1

You can check the product id with:

lsusb

In my case I get:

Bus 002 Device 007: ID 12d1:14c3 Huawei Technologies Co., Ltd.

Setting up a Bridged VPN using OpenVPN

Install OpenVPN and bridging tools:

sudo apt-get install openvpn bridge-utils

Setting up the Bridge

Edit /etc/network/interfaces

When a Linux server is behind a NAT firewall, the /etc/network/interfaces file commonly looks like

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo eth0
iface lo inet loopback
# The primary network interface
## This device provides internet access.
iface eth0 inet
 static address 192.168.1.10
 netmask 255.255.255.0
 gateway 192.168.1.1

Edit this and add a bridge interface:

sudo vi /etc/network/interfaces

so that it look similar to:

## This is the network bridge declaration
## Start these interfaces on bootauto lo br0
iface lo inet loopback
iface br0 inet static
 address 192.168.1.10
 netmask 255.255.255.0
 gateway 192.168.1.1
 bridge_ports eth0
iface eth0 inet manual
 up ip link set $IFACE up promisc on
 down ip link set $IFACE down promisc off

If you are running Linux inside a virtual machine, you may want to add the following parameters to the bridge connection:

bridge_fd 9 ## from the libvirt docs (forward delay time)
bridge_hello 2 ## from the libvirt docs (hello time)
bridge_maxage 12 ## from the libvirt docs (maximum message age)
bridge_stp off ## from the libvirt docs (spanning tree protocol)

Restart networking:

sudo /etc/init.d/networking restart

The bridging declarations come from the libvirt documentation.

Generating Certificates

Generate certificates for the server. In order to do this I will setup my own Certificate Authority using the provided easy-rsa scripts in the /usr/share/doc/openvpn/examples/easy-rsa/ directory.

Copy files to the /etc/openvpn/easy-rsa/ directory:

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/*
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/*
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/*/etc/openvpn/easy-rsa/

Than edit /etc/openvpn/easy-rsa/vars

sudo vi /etc/openvpn/easy-rsa/vars

And change these lines at the bottom so that they reflect your new CA.

export KEY_COUNTRY="US"export KEY_PROVINCE="CA"export KEY_CITY="SanFrancisco"export KEY_ORG="Fort-Funston"export KEY_EMAIL="me@myhost.mydomain"

Finally setup the CA and create the first server certificate

cd /etc/openvpn/easy-rsa/ ## move to the easy-rsa directory
sudo chown -R root:admin . ## make this directory writable by the system administrators
sudo chmod g+w . ## make this directory writable by the system administrators
source ./vars ## execute your new vars file
./clean-all ## Setup the easy-rsa directory (Deletes all keys)
./build-dh ## takes a while consider backgrounding
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key
cd keys
openvpn --genkey --secret ta.key ## Build a TLS key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../
sudo chown -R root:admin . ## make this directory writable by the system administrators
sudo chmod g+w . ## make this directory writable by the system administrators
source ./vars ## execute your new vars file
./clean-all ## Setup the easy-rsa directory (Deletes all keys)
./build-dh ## takes a while consider backgrounding
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key
cd keys
openvpn --genkey --secret ta.key ## Build a TLS key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../
sudo chown -R root:admin . ## make this directory writable by the system administrators
sudo chmod g+w . ## make this directory writable by the system administrators
source ./vars ## execute your new vars file
./clean-all ## Setup the easy-rsa directory (Deletes all keys)
./build-dh ## takes a while consider backgrounding
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and keycd keys
openvpn --genkey --secret ta.key ## Build a TLS key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../

The Certificate Authority is now setup and the needed keys are in /etc/openvpn/


Configuring the Server

By default all servers specified in *.conf files in the /etc/openvpn/ directory are started on boot. Therefore, all we have to do is creating a new file named server.conf in the /etc/openvpn/ directory.

First, we're going to create a couple of new scripts to be used by the openvpn server.

sudo vi /etc/openvpn/up.sh

This script should contain the following

#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ip link set "$DEV" up promisc on mtu "$MTU"
/usr/sbin/brctl
/usr/sbin/brctl/usr/sbin/brctl addif $BR $DEV

Now, we'll create a "down" script.

sudo vi /etc/openvpn/down.sh

It should contain the following.

#!/bin/sh
BR=$1DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ip/sbin/ip link set "$DEV" down

Now, make both scripts executable.

sudo chmod +x /etc/openvpn/up.sh/etc/openvpn/down.sh

And finally on to configuring openvpn itself.

sudo vi /etc/openvpn/server.conf

mode server
tls-server
local <your ip address> ## ip/hostname of server
port 1194 ## default openvpn portproto udp
#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"
persist-keypersist-tun
#certificates and encryption
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
comp-lzo
#DHCP Information
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.10 255.255.255.0 192.168.1.100 192.168.1.110
push "dhcp-option DNS your.dns.ip.here"
push "dhcp-option DOMAIN yourdomain.com"
max-clients 10 ## set this to the max number of clients that should be connected at a time
#log and security
user nobody
group nogroup
keepalive 10 120
status openvpn-status.log
verb 3

If the server initialization script will complain about WARN: could not open database for 4096 bits. Skipped, you can work around it by running this command:

touch /usr/share/openssl-blacklist/blacklist.RSA-4096

Now you will need to restart openvpn and load the new config with:

sudo /etc/init.d/openvpn restart

In case you run a firewall like ufw, please consider enabling ip forwarding, otherwise the clients will only be able to connect to the server, but not to other LAN servers.

Setting up a Routed VPN using OpenVPN

First let's install OpenVPN:

sudo apt-get install openvpn

OpenVPN must be installed in both client and server, the configuration file used for starting the service will define the role of each PC.

Now we can start, stop or restart OpenVPN as usual:

Start OpenVPN:

/etc/init.d/openvpn start

Stop OpenVPN:

/etc/init.d/openvpn stop

Restart OpenVPN:

/etc/init.d/openvpn restart

Every time you change settings in /etc/openvpn/openvpn.conf you need to restart OpenVPN.

Create Keys and Certificates

Now we need to create security certificates and keys. We'll do all this in the server as root:

cd /etc/openvpn/

Copy the directory easy-rsa to /etc/openvpn:

cp -r /usr/share/doc/openvpn/examples/easy-rsa/ .

Remember we're still inside the /etc/openvpn directory. Now let's edit the file vars with our favorite editor (replace vi with yours):

vi easy-rsa/vars

Kaiman reported a change for this part after June 2008:

vi easy-rsa/2.0/vars

Comment this line:

#export D=pwd

Add this one:

export D=/etc/openvpn/easy-rsa

And modify as below:

export KEY_COUNTRY=PEexport KEY_PROVINCE=LIexport KEY_CITY=Limaexport KEY_ORG="Nombre-OpenVPN"export KEY_EMAIL="tu-nombre@example.com"

Save and quit.

Now run:

. ./vars

Important: that's a period, a space and another period followed by /vars. This is a common confusion in many setups.

Now:

./clean-all

The next command creates your certificate authority (CA) using the parameters you just set, you should just add Common Name, I used OpenVPN-CA. For this step you'll need OpenSSL; if you don't have it in your server install it by running:

sudo apt-get install openssl

Ok, now we're ready:

./build-ca

Now let's create the keys, first the server:

./build-key-server server

This is important. When build-key-server asks for Common Name write server, the same parameter you provided to the command.

Also you'll need to answer yes to these two questions:

Sign the certificate? [y/n]

and

1 out of 1 certificate requests certified, commit? [y/n].

Now the key for the client:

./build-key client1

Use client1 as Common Name, the same parameter you used above for build-key.

You can repeat this step if you want to have more clients, just replace the parameter with client2, client3, etc.

Now let's create Diffie Hellman parameters:

./build-dh

There you are! Now you should have a new directory with your certificates and keys: /etc/openvpn/easy-rsa/keys. To configure your first client copy these files from servo to cliento:

ca.crtclient1.crtclient1.key

Ideally you should use a secure channel, I use scp with RSA authentication (topic for another article):

scp alexis@servo:ca.crt .
scp alexis@servo:client1.crtscp alexis@servo:client1.crt .
scp alexis@servo:client1.keyscp alexis@servo:client1.key .

These commands assume you've copied the files to the home of user alexis on the server and assigned read permissions. Then move the files to /etc/openvpn on the client.

The Configuration Files: openvpn.conf

Now go to your client and create openvpn.conf in /etc/openvpn. Write this inside:

dev tun
client
proto tcp
remote x.y.z.w 1194
resolv-retry infinite
nobind
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
# Set log file verbosity.
verb 3

Replace x.y.z.w with your server's public IP.
Now in the server: create openvpn.conf in /etc/openvpn and put this:

dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
#status openvpn-status.log
#verb 3
client-to-client
push "redirect-gateway def1"
#log-append /var/log/openvpn
comp-lzo

If youre connections are a little slow you can try disabling compression with this:

#comp-lzo

Finally, configure IP forwarding and IPTables for doing NAT on the server:

echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

You can verify the rule was written correctly with:

sudo iptables -L -t nat

If you have a firewall you should make sure your VPN traffic can be routed.

If you made a mistake and want to remove all rules from IPTables:

sudo iptables -F -t nat

Now restart OpenVPN in both client and server and you should be set.

Running ifconfig and route -n you should see a new interface, tun0, in both PC's.

Confirm you can connect with a ping to your new tun0 interfaces, for example:

ping 10.8.0.1

Install oracle on 64b Ubuntu 10.04

This are the steps I took to install Oracle 11gR2 11.2.0.1 x86_64-bit in Ubuntu Linux 10.04 Intel x86_64-bit.

Oracle Installation:

Oracle Software PrerequisitesInstall required packages

sudo su - 

apt-get install build-essential libaio1 libaio-dev unixODBC unixODBC-dev pdksh expat sysstat libelf-dev elfutils lsb-cxx

To avoid error "linking ctx/lib/ins_ctx.mk...":

cd /tmp
wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_amd64.deb
dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_amd64.deb ia64-libs
cp ia64-libs/usr/lib/libstdc++.so.5.0.7 /usr/lib64/
cd /usr/lib64/
ln -s libstdc++.so.5.0.7 libstdc++.so.5

cd /tmp
wget http://mirrors.kernel.org/ubuntu/pool/universe/i/ia32-libs/ia32-libs_2.7ubuntu6.1_amd64.deb
dpkg-deb -x ia32-libs_2.7ubuntu6.1_amd64.deb ia32-libs
cp ia32-libs/usr/lib32/libstdc++.so.5.0.7 /usr/lib32/
cd /usr/lib32
ln -s libstdc++.so.5.0.7 libstdc++.so.5

cd /tmp
rm *.deb
rm -r ia64-libs
rm -r ia32-libs

To avoid error invoking target 'idg4odbc' of makefile:

ln -s /usr/bin/basename /bin/basename

To avoid errors when executing the post-install root.sh script:

ln -s /usr/bin/awk /bin/awk

Kernel Parameters

sudo su -

Make a backup of the original kernel configuration file:

cp /etc/sysctl.conf /etc/sysctl.original

Modify the kernel parameter file

echo "#">> /etc/sysctl.conf
echo "# Oracle 11gR2 entries">> /etc/sysctl.conf
echo "fs.aio-max-nr=1048576" >> /etc/sysctl.conf
echo "fs.file-max=6815744" >> /etc/sysctl.conf
echo "kernel.shmall=2097152" >> /etc/sysctl.conf
echo "kernel.shmmni=4096" >> /etc/sysctl.conf
echo "kernel.sem=250 32000 100 128" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range=9000 65500" >> /etc/sysctl.conf
echo "net.core.rmem_default=262144" >> /etc/sysctl.conf
echo "net.core.rmem_max=4194304" >> /etc/sysctl.conf
echo "net.core.wmem_default=262144" >> /etc/sysctl.conf
echo "net.core.wmem_max=1048586" >> /etc/sysctl.conf
echo "kernel.shmmax=2147483648" >> /etc/sysctl.conf

Note: kernel.shmmax = max possible value, e.g. size of physical memory in bytes
Load new kernel parameters

sysctl -p

Oracle Groups and Accounts

sudo su -

groupadd oinstall
groupadd dba
useradd -m -g oinstall -G dba oracle
usermod -s /bin/bash oracle

passwd oracle

groupadd nobody
usermod -g nobody nobody

id oracle
uid=1001(oracle) gid=1001(oinstall) groups=1001(oinstall),1002(dba)

Make a backup of the original file:

cp /etc/security/limits.conf /etc/security/limits.conf.original

echo "#Oracle 11gR2 shell limits:">>/etc/security/limits.conf
echo "oracle soft nproc 2048">>/etc/security/limits.conf
echo "oracle hard nproc 16384">>/etc/security/limits.conf
echo "oracle soft nofile 1024">>/etc/security/limits.conf
echo "oracle hard nofile 65536">>/etc/security/limits.conf

Oracle Directories

i.e. /u01/app for Oracle software and /u02/oradata for database files

mkdir -p /u01/app/oracle
mkdir -p /u01/app/oraInventory
mkdir -p /u02/oradata

chown oracle:oinstall /u01/app/oracle
chown oracle:oinstall /u01/app/oraInventory
chown oracle:oinstall /u02/oradata

chmod 750 /u01/app/oracle
chmod 750 /u01/app/oraInventory
chmod 750 /u02/oradata

Execute the Oracle Universal Installer:
Login as the Oracle user - do not use 'su' command

ssh -Y oracle@server_address

See Tips below for mounting the Oracle installation source

/path_to_installer/runInstaller

Note: Select the "Ignore All" button at the Prerequisite Checks dialog.

Check some more tips after the jump.

Install OpenKM on ubuntu 10.04 LTS

There’re several ways to install it, we use to install in Ubuntu but can be used any other Linux flavor.

Enable the partner repository:

sudo su
vi /etc/apt/sources.lst

Uncomment the following lines:

deb http://archive.canonical.com/ubuntu lucid partner
deb-src http://archive.canonical.com/ubuntu lucid partner

Install needed packages:

Execute on terminal the command

$ sudo aptitude install sun-java6-bin sun-java6-jdk sun-java6-jre imagemagick openoffice.org-core openoffice.org-java-common openoffice.org-writer openoffice.org-impress openoffice.org-calc swftools tesseract-ocr

set the Java Home environment variable

vi /etc/environment

add this line at the end of the file:

JAVA_HOME="/usr/lib/jvm/java-6-sun/"

Now update the environment variables:

# source /etc/environment

Install OpenKM

Download (http://www.openkm.com/Download.html) OpenKM 5.0.x + JBoss 4.2.3.GA bundle and uncompress on your file system disk (a good option is to uncompress under /opt/).

Execute on terminal the command

$ unzip OpenKM-5.0.x-JBoss-4.2.3.GA.zip

For document preview you need add these two entries in the OpenKM.cfg file:

system.openoffice=on
system.swftools.pdf2swf=/usr/bin/pdf2swf

You can configure OpenKM to use a remote server for OpenOffice document conversion:

system.openoffice.server=http://localhost:8080/converter/convert

Or you can configure OpenOffice.org listen port and a maximun conversion tasks:

system.openoffice.path=/usr/lib/openoffice
system.openoffice.tasks=5
system.openoffice.port=2222

Note that system.openoffice.tasks and system.openoffice.port have already a default value and is not needed to be set.

Enabling OCR

To enable OCR you must put the files system path of OCR engine:

system.ocr=/usr/local/bin/tesseract

Enable PS to SWF conversion

To enable postscript document preview, OpenKM need to convert PS files to SWF using the ps2pdf utility from Ghostscript:

system.ghostscript.ps2pdf=/usr/bin/ps2pdf

Enable image preview

To enable image preview, you need to install que ImageMagick convert utility and configure:

system.imagemagick.convert=/usr/bin/convert

Configuring chat service

By default chat and autologin are enabled. In order to enable or disable values can be "on" or "off".

chat.enabled=off
chat.autologin=off

Check http://wiki.openkm.com/index.php/Application_configuration for more information

First login

Execute the file /opt/jboss-4.2.3.GA/bin/run.sh to run OpenKM + JBoss application server.

If you want your OpenKM installation to be accessed from other computers add the -b 0.0.0.0 command line parameter (see Basic application knowledge)

Open on a client browser the URL http://localhost:8080/OpenKM/.

Autenticate to OpenKM using user "okmAdmin" with password "admin".

Note: From OpenKM 5.x there's a property definition in OpenKM.cfg to create automatically database. Once the tables are created, change the hibernate.hbm2ddl property from create to none. Do it after first time running, in other case all repository it'll be deleted and created in next OpenKM starting.

Please take a look at http://forum.openkm.com/ if you have any problem