Ubuntu Surfstation

For a public surfstation available for free we needed to have a system, that just simply always works. No user should be able to reset any configuration-settins, change the wallpaper, modify favorites or anything like that. The decision of the operating system was easy: Linux! 🙂

The needed tasks to install this system are the following:

– Download and install Ubuntu (the „Gnome Edition“) with all updates (there should be tons of howtos for this in the net)

– During the installation create a user that will be automatically logged in.

– Disable all keyboard-shortcuts in the system-settings dialogue.

– Install the following two addons in Firefox: BlockSite and OpenKiosk
In the OpenKiosk Adminscreen (can be started directly from Firefox) you can customize your „hardened“ Firefox. I personally set fullscreen mode, increased the reset interval to 3 minutes, enabled a 30 seconds warning before the reset and removed the Print button and zoom controls.

– Configure Firefox to start automatically when the user logs in.

– Create the file /etc/X11/xorg.conf with the following content. This disables the Ctrl+Alt+F1,Ctrl+Alt+F2, etc. shortcuts for switching through the gettys.


Section "ServerFlags"
Option "DontVTSwitch" "true"
EndSection

– Mount the root Filesystem readonly with the aufs Filesystem. This ensures that a reboot of the Surfstation/Terminal resets everything to default settings (although there shouldn’t be many changes besides the browser history) Here is a great Tutorial for that.

NIC bonding (aka NIC teaming) with Debian Lenny

In order to move our Nagios installation from a virtual server to a dedicated hardware machine i installed Debian Lenny on a HP Proliant DL 380 G5. This server has two integrated NICs which can easily be used together as a network bond. So if one way to or from the server failes, the machine is still available through the other card.

All the necessary requirements such as the bonding module and stuff are available in the debain standard kernel (the time i wrote this: 2.6.26-2-amd64)

What’s still left to do is to install the ifenslave package:

apt-get install ifenslave-2.6

and to modify some configuration files
/etc/modprobe.d/arch/i386 or /etc/modprobe.d/arch/i386 (depending on your architecture):

alias bond0 bonding
options bonding mode=1 miimon=100 downdelay=200 updelay=200

Mode 1 (also called: active-backup) means, that only one interface is active. The other one comes only into play, when the first (active) card fails. So this mode is only for fault tolerance and not for loadbalancing, but the configuration of this mode is very simple, because it doesn’t require additional switch configuration.

Edit /etc/network/interfaces and configure the bond0 interface:

auto bond0
iface bond0 inet static
address 10.10.0.25
netmask 255.255.255.0
gateway 10.10.0.1
up /sbin/ifenslave bond0 eth0 eth1
down /sbin/ifenslave -d bond0 eth0 eth1

Don’t configure any additional network settings for eth0 and eth1!

For testing purposes you can now load the bonding module (will also be done automatically when the servers boots):

modprobe bonding

and restart your network:

/etc/init.d/networking restart

Now you should be able to ping the server from another host and plug/unplug the cables of the two integrated NICs while the server always answers the ping requests.

Monitoring of max open files in a vserver

Running services on a virtual server sometimes causes problems. I often faced such porblems by reaching the maximum amount of open files. In that case applications like Apache or Postfix fill up their logs with lines like this:

„Too many open files in system“

I wanted to be able to monitor the amount of open files on my server (OpenVZ/ Virtuozzo) to easily see when there were and also when there might be problems. I decided to give Munin a try. Installation and basic Configuration was really simple and what I like very much is that custom plugins can be written very quickly with basic knowlegde of bash or perl.

Attached is my munin plugin. Just copy it to /etc/munin/plugins (in the default installation of munin) and rename it to vserver_open_files. Also add following lines to the file /etc/munin/plugin-conf.d/munin-node, because this plugin needs to run with root privileges.

[vserver_open_files] user root

vserver_open_files-day

Here is the link: https://www.schmalenegger.com/files/vserver_open_files.sh

using msmtp with mutt

Since a few days ago i only used mutt directly on my server where the fully-loaded and configured postfix was running. The setup always worked and still works fine, but i wanted to use mutt also on a different machine and still be able to send mail via smtp through my postfix on the server.

As I don’t want to use postfix for this simple „mail-forwarding“ job, i googled a bit through the internet and found msmtp.

Installation and configuration is quite simple. msmtp is available via package-management on most linux distributions and it only needs on single configuration-file to get it running.

Simple paste the following content (adapted to your needs of course) to .msmtprc in your home folder:


account default
host mail.yourserver.com
auth on
user johndoe
password verysecret

What’s now left to do is to tell mutt to use msmtp instead of /usr/sbin/sendmail.
This is done via the following line in your .muttrc:


# use msmtp
set sendmail="/usr/bin/msmtp"

That’s it.

Timeouts problems with phpmyadmin when inserting from larger dumps

Today i tried to insert data to a mysql-database from a sql-dump with phpmyadmin. Although the dumpfile was not so big (1,8M) i got a timeout after about 30 secondes each time I tried it. This timeout is often by webhosters in their PHP installation.
The problem is that the customer (me in this case) is not able to increase this value 🙁 So what to do?
After googling a bit I found the solution: It’s called Bigdump! Wow!!! 🙂
A simple php-script which does all the work for you. Upload this script and the dump via FTP to the webspace and modify all the needed and well documented parameters in bigdump.php (databaseuser, pw, hostname,..)Fire up your browser and go to the location where you put the file and start the import of the data. As the script doesn’t try to insert all data with one single request and instead does more smaller requests by refreshing itself after some time, the PHP timeout will not be reached!

WordPress with lighttpd

A few days ago I switched the webserver for schmalenegger.com from Apache2 to lighttpd. Here’s a short guide what needs to be done to get lighttpd running with WordPress:

As I use Debian Etch, I decided to give to lighty packet from the Debian repositories a shot.


apt-get install lighttpd php5-cgi

After installation the webserver needs to be configured. This is done in the file /etc/lighttpd/lighttpd.conf.


#Load the FastCGI-Modul
server.modules = (
"mod_fastcgi",
)

#Configure PHP
fastcgi.server = ( ".php" =>
(
( "bin-path" => "/usr/bin/php5-cgi",
"socket" => "/tmp/php.socket",
"min-procs" => 1,
"max-procs" => 3,
"max-load-per-proc" => 3,
"idle-timeout" => 20 )
)
)

That should be sufficient for running WordPress. Just put your WordPress files under the configured server.document-root from lighttpd.conf and point your webbrowser to your domain.

But what about permalinks?

lighttpd has something called conditions. You can also use them for separating different sites from each other on the same server (Virtual-Hosts in Apache), but also Rewrite Rules can be configured there. So first of all make sure, that the Rewrite-module gets loaded from lighty and add mod_rewrite to the list of modules:


server.modules = (
"mod_rewrite",
)

Then configure some conditions (replace the domains with your own)


# Conditions for different sites
$HTTP["host"] =~ "^(www.)?(schmalenegger.com)$" {
server.document-root = "/www/schmalenegger.com/"
accesslog.filename = "/logs/schmalenegger.com-access.log"
url.rewrite-once = (
"^/(wp-.*)$" => "$1",
".*\.(txt|php|xml|js|ico|gif|jpg|png|css|swf)?.*$" => "$0",
"^([^?]*)?(.*)$" => "/index.php$2"
)
}

Migrating MySQL dumps in default Debian installations

Debian uses a separate user for the maintanance of MySQL. That user is called debian-sys-maint and will be created automatically when you install MySQL. If you accidentally delete that user or import an old dump with the „mysql“ user database, the MySQL init-script will complain with such an error-message:

Access denied for user ‚debian-sys-maint’@’localhost‘ (using password: YES)

In that case you should recreate that user with the following steps:

1. Get the password of the user from /etc/mysql/debian.cnf
2. Login to your mysql-database and execute the following statement (Replace with the real password from the file /etc/mysql/debian.cnf


GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '' WITH GRANT OPTION;

Now, everything should be fine again… 🙂

The Gimp: Making Colors in a GIF Transparent

Sometimes when working with an image you want to make a certain color transparent. When working with a gif file this would make a round circle look round on any color background. This is actually very simple once you do it once. Finding the information for this took me a while so I thought I would pass it on to anyone that was interested.

1. Open the image in gimp

2. Right click the image and go to LAYER then TRANSPARENCY then ADD ALPHA CHANNEL. You won’t notice anything happening, but don’t be concerned. It basically adds a transparent layer at the bottom of your image so when we erase the colors…..it’s shows the transparent layer. Which of course would show whatever was under it on the screen.

3. Right click on the image again and go to SELECT and then down to BY COLOR. A window that is all black opens up. Don’t change any of the settings….just use the defaults for now.

4. Now click on the color in the image you want to be transparent. These colors will now show up outlined.

5. Right click on the image again and go to EDIT and then down to CLEAR. This should now erase the outlined color you just picked from the image and the „transparent gimp checkerbox“ should show through. This is the Gimps way of showing you that section is now transparent.

6. Right click on the image and choose SAVE AS and make sure to save as a GIF file if you want the transparency to work on the web.

Another fun feature that can be used while using the SELECT and BY COLOR ….. instead of hitting CLEAR you can FILL W BG COLOR or the other one FILL W FG COLOR ……….. this allows you to change the colors over the entire image instantly for the particular pixel color you choose to start with. Very fast and fun once you figure this out.

vimdiff essentials

Change window: Twice Ctrl+W
Scale both windows to the same size: Ctrl+W,=
Put „Diff“ to the other window („diff put“): dp
Get „Diff“ from other window („diff obtain“): do