Geek Out

Geeky things. Expect things about blog configuration, firewall stuff, computer hardware, geek jokes, Linux, e-mail, and other stuff.

This is specifically for RHEL5, but it should work similarly on older RHEL and CentOS.

First install the repo:
wget -q -O - http://linux.dell.com/repo/hardware/OMSA_5.5/bootstrap.cgi | bash

Then you may get an error from yum about “–disableplugin”. If so, clean the repos manually:
yum clean all

Then install compat-libstdc++. I found it in on the ISO in the Server directory:
rpm -i compat-libstdc++-33-3.2.3-61.i386.rpm

Now install the Open Manage software:
yum install srvadmin-all

Then start up the services:
srvadmin-services.sh start

Now test the services:
omreport chassis

Simple.

I am going to give Ruby on Rails a whirl over the next couple of months, so I built a CentOS 5.3 virtual machine to try it out on. This post deals with the installation and getting a simple application to work.

I am going to install ruby from source- which may not be optimal from a maintenance standpoint.

First install the pre-requisite packages:
> sudo yum install gcc zlib zlib-devel openssl-devel -y

Then download, compile, and install ruby (1.8.7 is the latest as of this post). I am installing it into my $HOME/ruby directory and will add that to my path:
> mkdir ruby; cd ruby
> wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7.tar.gz
> tar xzvf ruby-1.8.7.tar.gz
> cd ruby-1.8.7
> ./configure –prefix=$HOME/ruby –enable-pthreads
> make
> make install
> cd ext/openssl
> ruby extconf.rb
> make
> make install

Now we need RubyGems. 1.3.3 is the latest as of post time
> cd ruby
> wget http://rubyforge.org/frs/download.php/56227/rubygems-1.3.3.tgz
> tar xzvf rubygems-1.3.3.tgz
> cd rubygems-1.3.3
> ruby setup.rb
> gem install rails –include-dependencies
> gem install termios –include-dependencies
> gem install mongrel –include-dependencies
> gem install mongrel-cluster –include-dependencies *no mongrel-cluster?*
> gem install capistrano –include-dependencies
> gem install mysql *holding on mysql install*

Test your rails installation:
> cd $HOME
> mkdir projects
> rails myrailsapp
> cd myrailsapp
> ruby script/server

The simple application should now be running on localhost port 3000. Fire up your web browser and browse away.

My first Rails application is running and it didn’t take that long. Then again- it does very little.

I know this is a long shot but are there any BalanceNG experts or reasonably adept users that can help me out?

I have a reasonably simple setup but trying to get a VIP on one LAN to balance to targets on another is just not working for me.

And if not, does anyone know of an easy solution to handle that type of translation while keeping the source address?

Upgrading XEN

We have a couple of XEN servers (details about the install are from here). Recently one of them started rebooting for no good reason. I decided that upgrading the server to the newest bits from CentOS and running that for awhile to see if everything cleans up. Sounds simple but it isn’t.

  • First you need to upgrade the host system. I just ran yum check-update followed by a yum update. Tons of packages were upgraded including the kernel.
  • I stopped any guest VMs from starting automatically, then I cleanly shut down all of my guest VMs.
  • Check /boot/grub/menu.lst to make sure you are booting the new kernel
  • I rebooted
  • Like the install, a new initrd file should be created. I used this command to do mine: mkinitrd -f --with=xennet --builtin=aic7xxx --builtin=serverworks --preload=xenblk --omit-raid-modules /boot/initrd-2.6.18-92.1.22.el5xen.img 2.6.18-92.1.22.el5xen This creates a new initrd the guest systems can use. Note the kernel version. This can be gotten with uname.
  • Then I rebooted again to use the new initrd.
  • After the system came up, I needed to make a couple of changes to the guest images
  • One change is in the image file itself. It needs the new modules in /lib. I use XEN image files rather than partitions, so I am able to mount the image file with a command like: mount -o loop /var/lib/xen/images/guest123.img /mnt
  • I copied the two /lib/modules directories to the image. In this case they are 2.6.18-92.1.22.el5 and 2.6.18-92.1.22.el5xen. Then I unmounted the image.
  • Next I needed to modify the XEN config file for that image. For me it was located as /etc/xen/guest123
  • I removed the kernel, ramdisk, and vif lines from that file and added these to match my system: kernel="/boot/vmlinuz-2.6.18-92.1.22.el5xen"
    ramdisk="/boot/initrd-2.6.18-92.1.22.el5xen.img"
    vif=['bridge=xenbr0']

  • Then I started the guest image and made sure it booted without any problems. The big thing to check is network. The updated vif line allows the network to keep working.

I have three other XEN servers that probably should be updated as well. That will happen sometime in the next couple of weeks and if the notes change I will update them accordingly.

While I am not as geeked out as Phil Plait (of Bad Astronomy fame), he blogged about a very cool set of pictures.

The first is an actual photograph of a planet orbiting a star. It is only 25 light years away; we might as well turn on the porch light and put out cookies 🙂

The second is the first image to show two planets orbiting the same star. Our first planetary system imaged outside of our own.

Pretty darn cool.

Read his explanation on this blog posting. His whole blog is pretty good, you may want to consider adding it to your blogroll. (As if we don’t have enough things to read every day).

So I have a few articles that people seem to like on here and I block comments after 21 days because of spam. Not a good mix. A good solution is to add a contact form of some sort to the blog. In comes Contact Form 7.

Installing the plugin is easy, just unpack it in the wp-content/plugins directory. The base form works right out of the box (once you hit Manage->Contact Form 7). Unfortunately, I get spam and I want to make sure my comment form does not generate more for me. This is where the additional configuration comes in. Here is what I had to do:

  • There needs to be a writable directory at wp-content/uploads/wpcf7_captcha. It needs to be writable by the web server.
  • There needs to be a few packages installed. The ones I found were gd, php-gd, and freetype.
  • Once those were installed I was still getting an error like: “PHP Fatal error: Call to undefined function imagetypes()” in my error log. I needed to restart my web server to pick up the new GD libraries.
  • Add a few lines to the Contact Form 7 template that are for CAPTCHA. That is pretty easy to do from the manage window and the drop down element selector.

Then all I did was create a new page (rather than a post) and entered the needed markup. My “Contact” tab now has a contact form, sweet. A nice addition for 10 minutes “work”.

New Mac Books

MacWorld was yesterday and I was hoping for a sub-$1000 Mac Book. And there was one. Unfortunatly is is $999 (oh, +tax and +shipping). Yeah. Not such a good deal.

I like the new design for the most part, although I am not sold on the touch pad with no buttons. However, there is no way I am going to buy one. They are just too expensive for what you get. I can build a new Dell Laptop running Ubuntu for 1/2 the cost and slightly better performance.

It seems I am not the only one. Wired has a Wired Blog entry about just that.

The goal was to put a client end box behind some sort of router/gateway device
that would introduce latency and if possible bandwidth restrictions and random
packet loss.

Research indicated the best option is to use dummynet. Dummynet is a flexible
tool originally designed for testing network protocols. It can also be used
for bandwidth management (although the owner claims it is misused).

It is a built in feature of FreeBSD so that is the route I took.

The first step is to download FreeBSD which is now version 7. I download the
torrent file and used the linux command line client “rtorrent” to pull down
the ISOs. I only really needed Disk 1.

The server I found to do this task is a typical older server most IT shops will
have laying around. It is a Dell 1750 with a 2.8GHz processor and 1G of RAM.
That will be plenty of horsepower to do the routing required.

Boot the new router with FreeBSD Disk 1 and begin the install. When it asked about the partitions I used a single FreeBSD partition (type 165) made of the whole disk. For the boot manager I selected the FreeBSD BootMgr. When it came to file system layout, I used the “auto defaults”. It created enough swap and user space for me (even on a 20 Gb drive). When I selected which version to install I used the “developer + ports” version. I made sure
not to install any GUI features (X, Gnome, and the like) because this will be a
headless server sitting in a data center. Give the primary NIC an address on
your LAN and a reasonable name. I named my server “cloud” because it will
represent the “Internet Cloud” when it is fully functional. The first time I did the install, I did not do the developer version which includes all of the source tree. When it is time to update the system it will take a lot longer to update if it is not put down on the initial update. Also, be sure to install the ports tree. It will prove to be really helpful.

Once your system is up and running it is time to install some basic packages
and update the source tree.

I installed the following packages: bash, cvsup-without-gui, and
isc-dhcp3-server. One of the wonderful things about FreeBSD is the ports
system. From within /usr/ports you have access to over 18000 third party
packages with all dependencies already worked out. To install bash for example
you use the following commands:
# cd /usr/ports
# cd shells/bash
# make install clean

That’s it. Simple. I changed root’s default shell to bash because I am more
comfortable working with bash (chsh -s /usr/local/bin/bash). The other two
packages I used are found in /usr/ports/net/cvsup-without-gui and
/usr/ports/net/isc-dhcp3-server.

The next step is to compile a new kernel and world. This is required because
we need to make dummynet a known option of the kernel you are running. Before
we even get close to configuring the kernel, it is a good idea to update the
source tree. That is why we installed cvsup above.

When cvsup was installed a couple of example cvsup config files were put on
the system is /usr/share/example/cvsup. The one we are interested in is
“stable-supfile”. Copy that file to a working name such as “active-stable-supfile”. That way it will not get overwritten with the updates. Edit the new file and change the host=CHANGE_THIS.FreeBSD.org to a real cvsup host. Here is a list of cvsup mirrors. I do recomend not using the Central Servers and using one of the Primary Mirrors. Then you just need to run cvsup.
# cvsup -g -L 2 active-stable-supfile

This will probably take quite some time. If you make the mistake I made of not installing the source initially, this will take 2 or 3 hours depending on your network connection. When the cvsup is complete it is time to begin the buildworld process. It is a simple command but will take quite some time.
# cd /usr/src
# make buildworld

When that is complete you then need to build your custom kernel. Why is it
custom? Because we need to add a few options to the kernel configuration
file. To make this config file copy the generic config file. I used CLOUD because that is my machine name.
# cd /usr/src/sys/i386/conf
# cp GENERIC CLOUD

Edit the “CLOUD” file and add these three options. I put them at the end of
the options section but above the devices section:
options IPFIREWALL
options DUMMYNET
options HZ=1000

Now you are ready to compile your kernel. It is also pretty simple:
# cd /usr/src
# make buildkernel KERNCONF=CLOUD

When that is complete, it is time to install your new custom kernel. Simple:
# make installkernel KERNCONF=CLOUD

Now you need to reboot into single user mode. I have found the easiest way
to do this is to just issue the “reboot” command and sit at console. When the
FreeBSD boot menu appears select option “4” which is boot into single user mode.

When you are in single user mode you will want to do the following commands:
# mergemaster -p
# make installworld
# mergemaster
# reboot

It sounds simple, but mergemaster can be a bit of a pain. Since this is a
brand new system you can almost always choose “i” to install the temporary
version of the file. If you had done any custom work prior to this merge
you will need to make sure your changes do not get undone.

When you boot to full multi-user and login run this:
# uname -a
FreeBSD cloud.qa.example.com 7.0-STABLE FreeBSD 7.0-STABLE #2: Tue Jun 17 17:17:47 CDT 2008 root@cloud.qa.example.com:/usr/obj/usr/src/sys/CLOUD i386

Now you are ready to make the router. FreeBSD really shines here because you
just need to make a couple of config changes.

First, set up your second network adapter. On my 1750 this is bge1. In
/etc/rc.conf I added these three lines:
ifconfig_bge1="inet 10.250.15.1 netmask 255.255.255.0"
gateway_enable="YES"
ipnat_enable="YES"

Then I created a file called “ipnat.rules” with these two lines:
map bge0 10.250.15.0/24 -> 10.10.10.5/32 portmap tcp/udp 40000:65000
map bge0 10.250.15.0/24 -> 10.10.10.5/32

The “10.10.10.5” address is my network address to the outside world, adjust
that as necessary.

Now you need to setup DNS forwarding. Named is already installed on your
system you just need to enable and configure it. In /etc/rc.conf add this
line:
named_enable="YES"

Then edit /etc/namedb/named.conf. Comment out the “listen-on” entry so it
looks like this:
// listen-on { 127.0.0.1; };

That will enable named to listed for anything on the network. Then un-comment
the “forward only” line. You also need to un-comment the forwarders section
and enter your upstream DNS server. Mine looks like:
forwarders {
10.10.10.71;
};

To make it easier to have clients on your new internal network you may want to
configure the dhcpd server installed above. The file is located at
/usr/local/etc/dhcpd.conf. Mine looks like this:
option domain-name "example.com";
option domain-name-servers 10.250.15.1;
option subnet-mask 255.255.255.0;
default-lease-time 86400;
max-lease-time 86400;
ddns-update-style none;
subnet 10.250.15.0 netmask 255.255.255.0 {
range 10.250.15.150 10.250.15.200;
option routers 10.250.15.1;
}

You also need to enable the dhcpd server by adding this line to your rc.conf
file:
dhcpd_enable="YES"

There a few other options in rc.conf you should add now because we will need
them for dummynet specifically:
firewall_enable="YES"
firewall_type="OPEN"
dummynet_enable="YES"

Now make sure your 2nd NIC is plugged into a hub/switch/vlan segment and reboot.

When your system comes up an ifconfig should reveal that you have both NICs up
and the network configured. The command “ipnat list” should show your two
NAT rules from above.

Hook up a client box to the internal network segment. Use DHCP and get a
lease. When you have a lease, do a nslookup of a known host (like www.cnn.com).
Fire up a web browser and make sure you can surf the web. Life should be good
at this point.

Now we are at the point of this computing adventure. Time to add latency!

On your client box set up a continuous ping. For windows this would look like:
C:> ping -t www.google.com
Pinging www.l.google.com [74.125.47.147] with 32 bytes of data:
Reply from 74.125.47.147: bytes=32 time=36ms TTL=241
....
Reply from 74.125.47.147: bytes=32 time=37ms TTL=241

Now on your new network device issue these two commands:
# ipfw pipe 10 config delay 50
# ipfw add 1000 pipe 10 all from 10.250.15.0/24 to any

Look back at your client box. The ping times should jump 100ms. The 50 from
the first command is actually done twice, once on the way out and once on the
way back in. You have just added 100ms latency to your connection.

Great, now it is time to remove that latency. These two commands will do it:
# ipfw delete 1000
# ipfw delete pipe 10

Poof. Latency gone.

You now have a router with a high cool factor. Why cool? Because you have a lot more control over your internal network than your normal plug-n-play routers.

I have updated my gallery from YaPig (yet another picture image gallery) to Gallery2.

The main reason was comment spam. I disabled comments the hard way (by removing the comment page) but the system needed a newer better version.

You can find the new one here Steve’s Gallery. Don’t be too freaked out by the hand wound pictures, it has basically fully healed by now.

Gallery2 installed quite easily; The only “tricky” part was the database, and that was just recalling how to grant privileges to a new db user.

Grisoft has a new version of their virus scanner out, AVG 8.0. I spent a bit of time installing it today on my laptop and found a big annoyance: by default it actively scans all of the web pages you visit and every link on those pages for “malicious” code. The intent is nice- make sure I don’t go to a web page that will infect my computer. BUT I don’t like it one bit. It slows down and clutters up my web experience by modifying the pages I am on with little green check marks and pop-ups to let me know the link is safe. In addition I use Firefox with no flash, no java, and no active-x controls. This severely limits the way malicious code can run.

How to fix it? First, uninstall AVG 8.0 and reboot. Then you need to run the installer from a command line with these arguments:


c:avg_free_stf_en_8_100a1295.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

Obviously if you have a different installer executable version, use that. This will start up like the normal installer and once installed, it will update and scan just like the full version- only without “SafeSurf” and “SafeSearch”.

Hope this helps.