Posted on

DNS-321 as Time Capsule for Mountain Lion

There are several places on the web to find tutorials on setting up a DNS-323 for Time Machine (for example: http://dns323.kood.org), but I couldn’t find sites that discussed setting it up a DNS-321. Here is what I did to get it working.
 

Root the DNS321 by installing fun_plug

  1. Download fun_plug and fun+plug.tgz
  2. Share the root of DNS-321 via samba (smb)
  3. Add executable rights to the fun_plug script (chmod +x in terminal) from your workstation
  4. Copy fun_plug and fun_plug.tgz to root of DNS321 and reboot (wait a bit as it takes a while to run)

 

Setup the root user account for SSH access

  1. Connect to the DNS-321 via Telnet : 
    $ telnet your.nas.ip.address
  2. Change the shell of the root account 
    ~# usermod -s /ffp/bin/bash root
  3. Create a home folder for the root account 
    ~# mkdir -p /ffp/home/root/
  4. Set the home folder of the root account to the be the folder that was created in the previous step 
    ~# usermod -d /ffp/home/root/ root

    If the above fails, manually edit the /etc/passwd file so the root account looks like this

    root:x:0:0:Linux User,,,:/ffp/home/root:/ffp/bin/bash

    Then, run the following command

    ~# pwconv
  5. Set the root account to have a password 
    ~# passwd
  6. Login as the root account 
    ~# login
  7. Save the root password you created by running the following command. This command invokes another shell (.sh) script which copies the password-related files to data partitions in Flash memory (mtd1 and mtd2). 
    ~# store-passwd.sh
  8. Activate the SSH service by running the following commands: 
    ~# chmod a+x /ffp/start/sshd.sh
# sh /ffp/start/sshd.sh start

 

Install Netatalk (AFPD) on the DNS-321

  1. Modify /ffp/etc/netatalk/afpd.conf, adding the following to the bottom of the file 
    - -tcp -noddp -uamlist uams_dhx2.so,uams_clrtxt.so -setuplog "default log_info /ffp/var/run/afpd.log" -cnidserver localhost
  2. Install libgcrypt, libgpg-error, netatalk using slacker 
    ~# slacker -Ui s:
  3. Install libdb5 by either compiling your own or using the one in the following forum: http://forum.dsmg600.info.
  4. Create two startup scripts: /ffp/start/afpd.sh and /ffp/start/cnid_metad.sh:

    /ffp/start/afpd.sh

    ~#!/ffp/bin/sh
# PROVIDE: afpd
# REQUIRE: cnid_metad

. /ffp/etc/ffp.subr

name="afpd"
command="/ffp/sbin/$name"

run_rc_command "$1"

    /ffp/start/cnid_metad.sh 

    ~#!/ffp/bin/sh

# PROVIDE: cnid_metad
# REQUIRE: LOGIN

. /ffp/etc/ffp.subr

name="cnid_metad"
command="/ffp/sbin/$name"

run_rc_command "$1"
  5. Make the scripts executable by running the following commands: 
    ~# chmod +x /ffp/start/afpd.sh
# chmod +x /ffp/start/cfid_metad.sh
  6. Create /ffp/etc/avahi/services/afpd.service and set its contents be as shown below: 
    <?xml version="1.0" standalone="no"?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">

<service-group>

    <name replace-wildcards="yes">%h</name>

    <service>
        <type>_afpovertcp._tcp</type>
        <port>548</port>
    </service>

</service-group>
  7. Use the “vipw” command and change some details for the default “nobody” user so that Mac OS X can use that user to log in. 
    nobody:x:501:501:Linux User,,,:/home/nobody:/ffp/bin/bash
  8. Give a password to that user and store the password (in clear text) in the user’s home directory as shown here. 
    ~# passwd nobody
# cd /home
# mkdir nobody
# echo "secret" &gt; nobody/.passwd
# chown -R nobody: nobody
  9. Store this user’s information in the flash memory of the DNS-321. Do this by running the following command 
    ~# store-passwd.sh
  10. Modify /ffp/etc/netatalk/AppleVolumes.default to add the required shares. Mine looks like: 
    ~# The "~" below indicates that Home directories are visible by default.
# If you do not wish to have people accessing their Home directories,
# please put a pound sign in front of the tilde or delete it.
# ~     
/mnt/HD_a2/TimeMachine options:usedots,upriv,tm
  11. Start netatalk 
    ~# /ffp/start/afpd.sh start

 

Install Avahi (bonjour) on the DNS-321

  1. Install libdaemon and avahi with slacker: 
    ~# slacker -Ui s:
  2. Add an avahi user: 
    ~# groupadd -g 50 avahi
    ~# useradd -u 50 -g avahi -d /tmp -s /bin/false avahi
  3. Create an avahi startup script called /ffp/start/avahi.sh that contains the following: 
    ~#!/ffp/bin/sh

# PROVIDE: avahi
# REQUIRE: SERVERS

. /ffp/etc/ffp.subr

name="avahi"
command="/ffp/sbin/avahi-daemon"
avahi_daemon_flags="-D -s"
required_files="/ffp/etc/avahi/avahi-daemon.conf /ffp/etc/avahi/hosts"

start_cmd="avahi_start"

avahi_start()
{
# need avahi user and group for priviledge separation
if ! grep '^avahi:' /etc/passwd &gt;/dev/null; then
echo 'avahi:x:50:50:Avahi Daemon:/no/where:/bin/false' &gt;&gt;/etc/passwd
fi
if ! grep '^avahi:' /etc/shadow &gt;/dev/null; then
echo 'avahi:*:14493:0:99999:7:::' &gt;&gt;/etc/shadow
fi
if ! grep '^avahi:' /etc/group &gt;/dev/null; then
echo 'avahi::50:avahi' &gt;&gt;/etc/group
fi

proc_start $command
}

run_rc_command "$1"
  4. Make the file executable so that avahi starts when the DNS-323 boots: 
    ~# chmod +x /ffp/start/avahi.sh
  5. To change the icon for the DNS-321 that shows up in Mac OS X Finder, create the file /ffp/etc/avahi/services/device-info.service and set its contents to the following: 
    <?xml version="1.0" standalone="no"?><!--*-nxml-*-->
<service-group>
        <name replace-wildcards="yes">%h</name>
        <service>
                <type>_device-info._tcp</type>
                <port>0</port>
                <txt-record>model=RackMac</txt-record>
        </service>
</service-group>
  6. Launch avahi 
    ~# /ffp/start/avahi.sh

You should now see your DNS-321 show up in Finder.

Posted on

Redirect Old Webpages in Apache with mod_rewrite

Sooner or later, you’re probably going to point an old webpage to a new one. If you’ve spent a bunch of time with search engine optimization (SEO), you can retain your work by redirecting the old URL to the new one, and letting search engines know its permanent. Here’s how you can do that with Apache in Linux.

  1. Enable mod_rewrite if it hasn’t been already. Open up a terminal.

    • See which mods are enabled:

      # apache2ctl -M
    • Enable mod_rewrite:

      # a2enmod rewrite
    • Restart Apache

      # /etc/init.d/apache2 restart
  2. Add redirection rules to a .htaccess file in the root of your site

    • Open .htaccess in a text editor. I prefer nano.

      # nano .htaccess
    • Add the following to enable the rewrite engine for the site:

      RewriteEngine On
    • Add a rule to redirect a page permanently (301 means the redirect is permanent).
      The following example redirects alextafoya.com/about/contactme.html to alextafoya.com/contact.php

      Redirect 301 /about/contactme.html http://www.alextafoya.com/contact.php

Happy forwarding!

Posted on

Create a Golden Image of Ubuntu Server in vSphere

If you’re virtualizing server workloads, do yourself a favor and create a golden image. Go ahead, be as meticulous as you want, because you’ll only have to do it once.

I’m a fan of using Ubuntu for Linux servers, simply because of Ubuntu’s “free-forever” mantra and aggressive update cycle. Don’t get me wrong, I love using CentOS in an anally retentive security environment (check out SELINUX), but inherent security features tend to cause a hang up on using built in package managers to install the latest and greatest versions of apps (PHP for example).

That being said, this is how I set up my golden Ubuntu Server images in vSphere….
 

  1. Create a new VM
    vm 1
     
  2. Select Ubuntu Linux x64 as the flavor. Accept the defaults.
    vm 2
     
  3. Remove floppy (not needed). Set the CD-ROM to be an ISO of Ubuntu Server.
    vm 3
     
  4. Force boot into bios to disable unneeded stuff
    vm 4
     
  5. Boot into bios and disable floppy.
    vm 5
     
  6. Go to the advanced tab and select IO device config.
    vm 6
     
  7. Disable unneeded serial devices and floppy controller.
    vm 7
     
  8. Exit saving changes
    vm 8
     

    9. The VM will restart and boot from the Ubuntu Server ISO. Install Ubuntu.
    vm 9
     

  9. Select all the defaults. Set your hostname.
    vm 10
     
  10. Select your time zone
  11. For partitioning disks, select the default = guided use entire disk and setup LVM
  12. Select to write changes to disk
  13. Setup the a user. Create a user account (create username/pass) (I’m not sharing my username for security reasons). Encrypt your home directory if you want.
  14. Setup your proxy info if you have a proxy server filtering your outgoing web traffic
  15. Install will commence. You will be prompted to setup how you want to install automatic updates. I choose to install security updates automatically.
  16. You will be prompted to select which packages to install, don’t select any of them<./li>
  17. Select to install grub to the master boot record.
  18. After install is complete, select to restart the server.
  19. After the server comes backup, login and install an ssh server for management 
    $ sudo apt-get install openssh-server
  21. Check out what the IP is so you can ssh to it 
    $ ifconfig
  22. Now switch to a ssh client (putty) and connect to your vm. Go to the root prompt to avoid typing sudo all the time. 
    $ sudo bash
  23. Update your packages 
    # apt-get update
# apt-get upgrade
  24. Reboot. 
    # reboot
  25. Log back in and install open-vm-tools 
    $ sudo apt-get install --no-install-recommends open-vm-tools
  26. Enable the firewall to allow all outgoing traffic and deny all incoming except ssh 
    # ufw default deny incoming
# ufw default allow outgoing
# ufw allow ssh
# ufw enable
  27. The firewall is now active and will be enabled on reboot. Check the status and rules: 
    # ufw status verbose
  28. Setup nics so they can be cloned. For Ubuntu server clone (image) creation (moving preparation) use next command on master clone (Source server) before final poweroff (shutdown). 
    # sed -i 's/SUBSYSTEM/#SUBSYSTEM/g' /etc/udev/rules.d/70-persistent-net.rules

    29. Shutdown ubuntu, you’re done!

    # sudo shutdown -h now

     

    If you get the error “eth0 error while getting interface flags no such device” after you’ve cloned

    SOLUTION:
    Comment all lines in /etc/udev/rules.d/70-persistent-net.rules

    #  vi /etc/udev/rules.d/70-persistent-net.rules

    Example:

    # PCI device 0x8086:0x100f (e1000)
# SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:xx:01", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x8086:0x100f (e1000)
# SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:xx:00:00:02", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

    Reboot the Ubuntu server on VMware ESXi.

    For Ubuntu server clone (image) creation (moving preparation) use next command on master clone (Source server) before final poweroff (shutdown).

    # sed -i 's/SUBSYSTEM/#SUBSYSTEM/g' /etc/udev/rules.d/70-persistent-net.rules
Posted on

Setup WordPress on Ubuntu

Here are the steps I use when setting up WordPress on new Ubuntu server.

  1. Log into the console and grab a root shell
    Note: I don’t like typing sudo in front of every command

    $ sudo bash
  2. Install an ssh server to make remote management easy 
    # apt-get install openssh-server
  3. Install a LAMP stack
    Note: You will need to remember the root password you setup for MySQL

    # apt-get install lamp-server^
  4. Download the latest wordpress 
    # wget http://wordpress.org/latest.tar.gz
  5. Extract the archive file 
    # tar -xzvf latest.tar.gz
  6. Make a folder to hold the wordpress install 
    # mkdir /var/www/wordpress
  7. Move all the WordPress files to folder you created 
    # cp -r ~/wordpress/* /var/www/wordpress
  8. Create a mysql user account and database for wordpress. 
    Note: Will need the root password created when installing the lamp stack

    # mysql -u root -p
  9. Create now a new database for wordpress 
    Note: Replace WordPress with any name of your choice

    mysql> CREATE DATABASE WordPress;
  10. Add now a new mysql user for wordpress
    Note: Replace “username” with any name of your choice

    mysql> CREATE USER username;
  11. Assign a password to the wordpress mysql user
    Note: Replace “abcd” with your own password

    mysql> SET PASSWORD FOR 'username' = PASSWORD('abcd');
  12. Grant the wordpress user all privileges for the wordpress database 
    mysql> GRANT ALL PRIVILEGES ON WordPress.* TO 'username' IDENTIFIED BY 'abcd';
  13. After setting up the database and user, exit MySQL 
    mysql> exit;
  14. Create a WordPress configuration file by copying the template
    Note: If you installed in another directory, then correct the given path to your own.

    # cp /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php
  15. Edit the WordPress configuration (wp-config.php) so it contains your MySQL information
    Note: I use nano for all text editing, but feel free to use whatever tickles your fancy

    # nano /var/www/wordpress/wp-config.php
  16. Insert now your MySQL settings you have just created by replacing:
    • database_name_here   —> with the database name you have created. For this tutorial, it’s named “WordPress”
    • username_here  —> with the MySQL user you have created earlier
    • password_here  —> with the password you assigned to the MySQL user

    Note: After editing is complete, exit nano by a ctrl-x, then y to save

  17. Create an Apache config for the WordPress site by copying the default 
    # cp /etc/apache2/sites-available/default /etc/apache2/sites-available/wordpress
  18. Open the config you copied to edit it 
    # nano /etc/apache2/sites-available/wordpress
  19. Edit the wordpress config as follows:
    • Change the DocumentRoot and Directory to /var/www/wordpress
    • Edit the “AllowOverride” options to say All instead of None

     

  20. Disable the default apache config, enable the WordPress apache config, and enable the rewrite module 
    # a2dissite default && a2ensite wordpress && a2emod rewrite
  21. Create a .htaccess to hold the wordpress rewrite rules 
    # touch /var/www/wordpress/.htaccess
  22. Give the apache service rights to the folder and allow editing of the .htaccess file 
    # chown -R www-data:www-data /var/www/wordpress/
# chmod -v 664 /var/www/wordpress/.htaccess
  23. Restart apache to reload settings 
    # apachectl restart

Finished.

Posted on

Build an ESXi server on the Cheap

If your a network admin, and you’re not using virtualization in your disaster recovery, then you’re probably being negligent. VMware ESXi is free. You can’t do all of the fancy stuff, like VM motion, but it is the same bare-metal hypervisor as ESX. You can register, download, and obtain a free license for ESXi here.

ESXi is pickier when it comes to hardware than its pricier counterpart ESX. However, if your hardware works with the drivers it does have, you can add your hardware IDs to the configuration files and use your hardware. If you use a system, motherboard, and/or NIC listed on the community maintained list and download and use the community maintained configthen you can forgo a lot of tinkering. If you are going to use local storage, you won’t be able to use RAID with a SATA drive, or at least I haven’t figured it out; that would probably slow things down anyway. ESXi can use storage on NFS file shares, SANs, and some NAS devices as well. I am going to look at using FREENAS to hold some VMs instead of shelling out boo koo bucks for fiber. Whatever you decide to do, make sure you get an Intel NIC listed on the HCL; I had no luck with anything else.

For now, I am using a newly built device for DR testing and proof of concept. I went to my local Micro Center, friggin love that store, and purchased an ASUS PQ5 SE2 ($95), 4 GB 800mhz DDR2 Corsair RAM ($70), a 45nm 2.6 Ghz 8mb Core 2 Quad ($189),  and a 1TB WD SATA HD with a dual IO controller ($139). I happened to have a case/power supply, DVD drive, and compatible Intel NIC laying around. So I spent about $480 for the parts I needed.

I elected to install ESXi on a bootable flash drive.  VMware made a video  and pdf showing how. Here are the steps on how to do this on a Windows machine per yellowbrick.com:

  1. First get the following tools: 7-Zip(Free), WinImage(Demo)
  2. Download the ESXi ISO
  3. Open the ISO with 7-Zip
  4. Extract “install.tgz”
  5. Open “install.tgz” with 7-Zip
  6. Click on “install.tar”
  7. Browse to “usr\lib\vmware\installer\”
  8. Open “VMware-VMvisor-big-3.5.0_Update_2-103909.i386.dd.bz2″
  9. Extract “VMware-VMvisor-big-3.5.0_Update_2-103909.i386.dd”
  10. Open WinImage and go to Disk, click on “Restore Virtual Harddisk Image on physical drive”
  11. Select a physical drive
  12. Select “VMware-VMvisor-big-3.5.0_Update_2-103909.i386.dd”
  13. Click “yes” to write the DD image to the USB Disk

After building an ESXi bootable flash drive, I downloaded the community maintained config, renamed it to oem.tgz, and pasted into the bootable partition on the flash drive – overwriting the existing one.

Time to boot it. After inserting my USB ESXi, I had to go into the BIOS of my board and set the USB drive to be bootable. I also had to change my SATA drive configuration to be AHCI instead of RAID or IDE.  After saving, I was eventually greeted by the ESXi system.

You will need to adjust your network settings to be appropriate for your network, which you won’t have the option for unless you have a compatible NIC (get a listed Intel NIC). Once ESXi is network capable, you can go to your server’s IP address (http) and download VMware Infrastructure Client to manage it. I went to VMware’s site and downloaded VMware Converter (also free) to convert an existing workstation VM to ESX format; took a while but I did it over wireless.  You can also use the converter to convert an existing physical computer to VM. The converter uploads directly to your ESXi server, and it will complain about using a login without a password, so add a password to your ESXi root user account and use that.

esxi server

So far, its working like a champ. The next step is to set up a FREENAS iSCSI target server via crossover cable to a dedicated NIC.  If you have any pointers, let me know. Cheers.