DNS-321 as Time Capsule for Mountain Lion

There are several places on the web to find tutorials on setting up a DNS-323 for Time Machine (for example: http://dns323.kood.org), but I couldn’t find sites that discussed setting it up a DNS-321. Here is what I did to get it working.
 

Root the DNS321 by installing fun_plug

  1. Download fun_plug and fun+plug.tgz
  2. Share the root of DNS-321 via samba (smb)
  3. Add executable rights to the fun_plug script (chmod +x in terminal) from your workstation
  4. Copy fun_plug and fun_plug.tgz to root of DNS321 and reboot (wait a bit as it takes a while to run)

 

Setup the root user account for SSH access

  1. Connect to the DNS-321 via Telnet :
    $ telnet your.nas.ip.address
  2. Change the shell of the root account
    ~# usermod -s /ffp/bin/bash root
  3. Create a home folder for the root account
    ~# mkdir -p /ffp/home/root/
  4. Set the home folder of the root account to the be the folder that was created in the previous step
    ~# usermod -d /ffp/home/root/ root

    If the above fails, manually edit the /etc/passwd file so the root account looks like this

    root:x:0:0:Linux User,,,:/ffp/home/root:/ffp/bin/bash

    Then, run the following command

    ~# pwconv
  5. Set the root account to have a password
    ~# passwd
  6. Login as the root account
    ~# login
  7. Save the root password you created by running the following command. This command invokes another shell (.sh) script which copies the password-related files to data partitions in Flash memory (mtd1 and mtd2).
    ~# store-passwd.sh
  8. Activate the SSH service by running the following commands:
    ~# chmod a+x /ffp/start/sshd.sh
    # sh /ffp/start/sshd.sh start

 

Install Netatalk (AFPD) on the DNS-321

  1. Modify /ffp/etc/netatalk/afpd.conf, adding the following to the bottom of the file
    - -tcp -noddp -uamlist uams_dhx2.so,uams_clrtxt.so -setuplog "default log_info /ffp/var/run/afpd.log" -cnidserver localhost
  2. Install libgcrypt, libgpg-error, netatalk using slacker
    ~# slacker -Ui s:
  3. Install libdb5 by either compiling your own or using the one in the following forum: http://forum.dsmg600.info.
  4. Create two startup scripts: /ffp/start/afpd.sh and /ffp/start/cnid_metad.sh:

    /ffp/start/afpd.sh

    ~#!/ffp/bin/sh
    # PROVIDE: afpd
    # REQUIRE: cnid_metad
    
    . /ffp/etc/ffp.subr
    
    name="afpd"
    command="/ffp/sbin/$name"
    
    run_rc_command "$1"

    /ffp/start/cnid_metad.sh

    ~#!/ffp/bin/sh
    
    # PROVIDE: cnid_metad
    # REQUIRE: LOGIN
    
    . /ffp/etc/ffp.subr
    
    name="cnid_metad"
    command="/ffp/sbin/$name"
    
    run_rc_command "$1"
  5. Make the scripts executable by running the following commands:
    ~# chmod +x /ffp/start/afpd.sh
    # chmod +x /ffp/start/cfid_metad.sh
  6. Create /ffp/etc/avahi/services/afpd.service and set its contents be as shown below:
    <?xml version="1.0" standalone="no"?><!--*-nxml-*-->
    <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
    
    <service-group>
    
        <name replace-wildcards="yes">%h</name>
    
        <service>
            <type>_afpovertcp._tcp</type>
            <port>548</port>
        </service>
    
    </service-group>
  7. Use the “vipw” command and change some details for the default “nobody” user so that Mac OS X can use that user to log in.
    nobody:x:501:501:Linux User,,,:/home/nobody:/ffp/bin/bash
  8. Give a password to that user and store the password (in clear text) in the user’s home directory as shown here.
    ~# passwd nobody
    # cd /home
    # mkdir nobody
    # echo "secret" &gt; nobody/.passwd
    # chown -R nobody: nobody
  9. Store this user’s information in the flash memory of the DNS-321. Do this by running the following command
    ~# store-passwd.sh
  10. Modify /ffp/etc/netatalk/AppleVolumes.default to add the required shares. Mine looks like:
    ~# The "~" below indicates that Home directories are visible by default.
    # If you do not wish to have people accessing their Home directories,
    # please put a pound sign in front of the tilde or delete it.
    # ~     
    /mnt/HD_a2/TimeMachine options:usedots,upriv,tm
  11. Start netatalk
    ~# /ffp/start/afpd.sh start

 

Install Avahi (bonjour) on the DNS-321

  1. Install libdaemon and avahi with slacker:
    ~# slacker -Ui s:
  2. Add an avahi user:
    ~# groupadd -g 50 avahi
    ~# useradd -u 50 -g avahi -d /tmp -s /bin/false avahi
  3. Create an avahi startup script called /ffp/start/avahi.sh that contains the following:
    ~#!/ffp/bin/sh
    
    # PROVIDE: avahi
    # REQUIRE: SERVERS
    
    . /ffp/etc/ffp.subr
    
    name="avahi"
    command="/ffp/sbin/avahi-daemon"
    avahi_daemon_flags="-D -s"
    required_files="/ffp/etc/avahi/avahi-daemon.conf /ffp/etc/avahi/hosts"
    
    start_cmd="avahi_start"
    
    avahi_start()
    {
    # need avahi user and group for priviledge separation
    if ! grep '^avahi:' /etc/passwd &gt;/dev/null; then
    echo 'avahi:x:50:50:Avahi Daemon:/no/where:/bin/false' &gt;&gt;/etc/passwd
    fi
    if ! grep '^avahi:' /etc/shadow &gt;/dev/null; then
    echo 'avahi:*:14493:0:99999:7:::' &gt;&gt;/etc/shadow
    fi
    if ! grep '^avahi:' /etc/group &gt;/dev/null; then
    echo 'avahi::50:avahi' &gt;&gt;/etc/group
    fi
    
    proc_start $command
    }
    
    run_rc_command "$1"
  4. Make the file executable so that avahi starts when the DNS-323 boots:
    ~# chmod +x /ffp/start/avahi.sh
  5. To change the icon for the DNS-321 that shows up in Mac OS X Finder, create the file /ffp/etc/avahi/services/device-info.service and set its contents to the following:
    <?xml version="1.0" standalone="no"?><!--*-nxml-*-->
    <service-group>
            <name replace-wildcards="yes">%h</name>
            <service>
                    <type>_device-info._tcp</type>
                    <port>0</port>
                    <txt-record>model=RackMac</txt-record>
            </service>
    </service-group>
  6. Launch avahi
    ~# /ffp/start/avahi.sh

You should now see your DNS-321 show up in Finder.

Redirect Old Webpages in Apache with mod_rewrite

Sooner or later, you’re probably going to point an old webpage to a new one. If you’ve spent a bunch of time with search engine optimization (SEO), you can retain your work by redirecting the old URL to the new one, and letting search engines know its permanent. Here’s how you can do that with Apache in Linux.

  1. Enable mod_rewrite if it hasn’t been already. Open up a terminal.

    • See which mods are enabled:

      # apache2ctl -M
    • Enable mod_rewrite:

      # a2enmod rewrite
    • Restart Apache

      # /etc/init.d/apache2 restart
  2. Add redirection rules to a .htaccess file in the root of your site

    • Open .htaccess in a text editor. I prefer nano.

      # nano .htaccess
    • Add the following to enable the rewrite engine for the site:

      RewriteEngine On
    • Add a rule to redirect a page permanently (301 means the redirect is permanent).
      The following example redirects alextafoya.com/about/contactme.html to alextafoya.com/contact.php

      Redirect 301 /about/contactme.html http://www.alextafoya.com/contact.php

Happy forwarding!

Create a Golden Image of Ubuntu Server in vSphere

If you’re virtualizing server workloads, do yourself a favor and create a golden image. Go ahead, be as meticulous as you want, because you’ll only have to do it once.

I’m a fan of using Ubuntu for Linux servers, simply because of Ubuntu’s “free-forever” mantra and aggressive update cycle. Don’t get me wrong, I love using CentOS in an anally retentive security environment (check out SELINUX), but inherent security features tend to cause a hang up on using built in package managers to install the latest and greatest versions of apps (PHP for example).

That being said, this is how I set up my golden Ubuntu Server images in vSphere….
 

  1. Create a new VM
    vm 1
     
  2. Select Ubuntu Linux x64 as the flavor. Accept the defaults.
    vm 2
     
  3. Remove floppy (not needed). Set the CD-ROM to be an ISO of Ubuntu Server.
    vm 3
     
  4. Force boot into bios to disable unneeded stuff
    vm 4
     
  5. Boot into bios and disable floppy.
    vm 5
     
  6. Go to the advanced tab and select IO device config.
    vm 6
     
  7. Disable unneeded serial devices and floppy controller.
    vm 7
     
  8. Exit saving changes
    vm 8
     
  9. The VM will restart and boot from the Ubuntu Server ISO. Install Ubuntu.
    vm 9
     

  10. Select all the defaults. Set your hostname.
    vm 10
     
  11. Select your time zone
  12. For partitioning disks, select the default = guided use entire disk and setup LVM
  13. Select to write changes to disk
  14. Setup the a user. Create a user account (create username/pass) (I’m not sharing my username for security reasons). Encrypt your home directory if you want.
  15. Setup your proxy info if you have a proxy server filtering your outgoing web traffic
  16. Install will commence. You will be prompted to setup how you want to install automatic updates. I choose to install security updates automatically.
  17. You will be prompted to select which packages to install, don’t select any of them<./li>
  18. Select to install grub to the master boot record.
  19. After install is complete, select to restart the server.
  20. After the server comes backup, login and install an ssh server for management
    $ sudo apt-get install openssh-server
  21. Check out what the IP is so you can ssh to it
    $ ifconfig
  22. Now switch to a ssh client (putty) and connect to your vm. Go to the root prompt to avoid typing sudo all the time.
    $ sudo bash
  23. Update your packages
    # apt-get update
    # apt-get upgrade
  24. Reboot.
    # reboot
  25. Log back in and install open-vm-tools
    $ sudo apt-get install --no-install-recommends open-vm-tools
  26. Enable the firewall to allow all outgoing traffic and deny all incoming except ssh
    # ufw default deny incoming
    # ufw default allow outgoing
    # ufw allow ssh
    # ufw enable
  27. The firewall is now active and will be enabled on reboot. Check the status and rules:
    # ufw status verbose
  28. Setup nics so they can be cloned. For Ubuntu server clone (image) creation (moving preparation) use next command on master clone (Source server) before final poweroff (shutdown).
    # sed -i 's/SUBSYSTEM/#SUBSYSTEM/g' /etc/udev/rules.d/70-persistent-net.rules
  29. Shutdown ubuntu, you’re done!

    # sudo shutdown -h now

     

    If you get the error “eth0 error while getting interface flags no such device” after you’ve cloned

    SOLUTION:
    Comment all lines in /etc/udev/rules.d/70-persistent-net.rules

    #  vi /etc/udev/rules.d/70-persistent-net.rules

    Example:

    # PCI device 0x8086:0x100f (e1000)
    # SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:xx:01", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
    # PCI device 0x8086:0x100f (e1000)
    # SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:xx:00:00:02", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
    

    Reboot the Ubuntu server on VMware ESXi.

    For Ubuntu server clone (image) creation (moving preparation) use next command on master clone (Source server) before final poweroff (shutdown).

    # sed -i 's/SUBSYSTEM/#SUBSYSTEM/g' /etc/udev/rules.d/70-persistent-net.rules

Setup WordPress on Ubuntu

Here are the steps I use when setting up WordPress on new Ubuntu server.

  1. Log into the console and grab a root shell
    Note: I don’t like typing sudo in front of every command

    $ sudo bash
  2. Install an ssh server to make remote management easy
    # apt-get install openssh-server
  3. Install a LAMP stack
    Note: You will need to remember the root password you setup for MySQL

    # apt-get install lamp-server^
  4. Download the latest wordpress
    # wget http://wordpress.org/latest.tar.gz
  5. Extract the archive file
    # tar -xzvf latest.tar.gz
  6. Make a folder to hold the wordpress install
    # mkdir /var/www/wordpress
  7. Move all the WordPress files to folder you created
    # cp -r ~/wordpress/* /var/www/wordpress
  8. Create a mysql user account and database for wordpress. 
    Note: Will need the root password created when installing the lamp stack

    # mysql -u root -p
  9. Create now a new database for wordpress 
    Note: Replace WordPress with any name of your choice

    mysql> CREATE DATABASE WordPress;
  10. Add now a new mysql user for wordpress
    Note: Replace “username” with any name of your choice

    mysql> CREATE USER username;
  11. Assign a password to the wordpress mysql user
    Note: Replace “abcd” with your own password

    mysql> SET PASSWORD FOR 'username' = PASSWORD('abcd');
  12. Grant the wordpress user all privileges for the wordpress database
    mysql> GRANT ALL PRIVILEGES ON WordPress.* TO 'username' IDENTIFIED BY 'abcd';
  13. After setting up the database and user, exit MySQL
    mysql> exit;
  14. Create a WordPress configuration file by copying the template
    Note: If you installed in another directory, then correct the given path to your own.

    # cp /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php
  15. Edit the WordPress configuration (wp-config.php) so it contains your MySQL information
    Note: I use nano for all text editing, but feel free to use whatever tickles your fancy

    # nano /var/www/wordpress/wp-config.php
  16. Insert now your MySQL settings you have just created by replacing:
    • database_name_here   —> with the database name you have created. For this tutorial, it’s named “WordPress”
    • username_here  —> with the MySQL user you have created earlier
    • password_here  —> with the password you assigned to the MySQL user

    Note: After editing is complete, exit nano by a ctrl-x, then y to save

  17. Create an Apache config for the WordPress site by copying the default
    # cp /etc/apache2/sites-available/default /etc/apache2/sites-available/wordpress
  18. Open the config you copied to edit it
    # nano /etc/apache2/sites-available/wordpress
  19. Edit the wordpress config as follows:
    • Change the DocumentRoot and Directory to /var/www/wordpress
    • Edit the “AllowOverride” options to say All instead of None

     

  20. Disable the default apache config, enable the WordPress apache config, and enable the rewrite module
    # a2dissite default && a2ensite wordpress && a2emod rewrite
  21. Create a .htaccess to hold the wordpress rewrite rules
    # touch /var/www/wordpress/.htaccess
  22. Give the apache service rights to the folder and allow editing of the .htaccess file
    # chown -R www-data:www-data /var/www/wordpress/
    # chmod -v 664 /var/www/wordpress/.htaccess
  23. Restart apache to reload settings
    # apachectl restart

Finished.

Make Visual Studio work with VMWare Fusion Shares

VMWare Fusion allows Mac users to run virtualized operating systems. The “Shared Folder” feature allows for sharing profile folders on the Mac (Desktop, Documents, Music, Pictures) with virtualized operating systems. Having a shared work space eliminates the need for duplication of files that need to be used in both operating systems.

I run a virtualized Windows XP operating system so that I can code in Visual Studio on my Mac. I prefer to do design (HTML, CSS) on the Mac side of things. Having shared storage for use in my projects eliminates the need to copy back and forth. It also allows me to backup my Visual Studio projects using Time Machine without having to make a copy of my VM every time. However, to make Visual Studio happy with the shared Documents folder, there some settings that need changed.

Change the Documents folder location to be a mapped drive

When working with web projects located on shared storage, Visual Studio doesn’t like the .host location shared by VMWare because of the dot in front of the share name. This is resolved by mapping the .host share to a network drive, and setting the My Documents folder in Windows to be located on the network drive. VMWare automatically maps its shares to the Z drive.

Get rid of the “failed to start monitoring changes” build error

Visual Studio’s default behavior is to monitor folders in web projects for changes. Because the Documents folder is on a UNC share, this behavior prevents web projects from building. The only solution I have found is to disable this behavior.

  1. Open regedit and navigate to HKLM\Software\Microsoft\ASP.NET\
  2. Create a new DWORD value named FCNMode
  3. Set FCNMode to have a decimal value of 1

Get rid of the “Project location not trusted” error

By default, the .NET configuration will not trust the shared folders from VMWare for projects. You will see an error when opening projects from the shared folder.

DotNet Trust Issue

You must tell .NET to trust the location. Install the .NET Framework 2.0 SDK.When installing, you will only need “Tools and Debugger”; uncheck everything else. After the install, you will have a new tool under Administrative Tools for .NET 2.0 configuration.

DotNet SDK Install

  1. Open the .NET configuration tool
  2. Expand the tree on the left side to My Computer > Runtime Security Policy > Machine > Code Groups > All Code > LocalIntranet_Zone
  3. Right click on LocalIntranet_Zone and select the “new” option to create a new code group
  4. Name the code group “.host” (without the quotes) and click next
  5. Change the condition type dropdown to URL and enter “file:\\.host\*” (without the quotes) in the URL text box type and click next
  6. Choose “Full Trust” as the existing permission set, click next, then click finish. You should see a .host in the LocalIntranet_Zone as shown below. Save and close all windows.
Netconfig

 

You will now need to tell Internet explorer that .host is a trusted zone.

  1. Open up IE and go to Tools –>Internet Options
  2. Go to the Security tab, highlight Local Intranet and click the sites button
  3. Click the advanced button. In the “Add this website to zone” text box, type “file://..host/*” without the quotes and click add. Save and close all windows.

You’re all set. Visual Studio will now work with VMWare Fusion’s shared folders. Happy coding.