Archive for the ‘Guides’ Category

« Older Entries
May
08
2010

KVM with Bridged Networking on Ubuntu (10.04 LTS) (With UFW, Netfilter, Bridge-Utils, Virt-Manager)

One of the big reasons I moved to the new Ubuntu LTS for my main server was to get the new packages for KVM. To my disappointment, the versions that ship with 10.04 are slightly antiquated, especially with the amount of changes that are happening in the KVM development society. I found this PPA maintained by Daniel Baumann had everything that I needed. He keep is quite up to date and resolves build problems quickly. I don’t recommend you to use this PPA for production systems, I use it for my personal system and try to give any support to Daniel that I can because it really helps me out that he is packaging/maintaining this for the bleeding edge KVM packages.

KVM is a really great piece of virtualization software that is up and coming in the linux world, in the last several months the graphical (newbie) tools have become very simple to use. These tools still lag behind other solutions for virtualization such as VirtualBox or Vmware products, however KVMs performance and developmental activity make it a likely candidate for people setting up virtualization servers for personal and enterprise use.

Before we begin let me explain my set-up. I have a server that will be running the qemu-kvm software with libvirt that I will administer from my laptop running virt-manager. You can use KVM and Virt-Manager all while on the same machine without issue, but this guide is written for my particular configuration. I assume before beginning that you are running a pretty vanilla machine and will not have any strange configurations that would conflict with a standard Ubuntu 10.04 install. (more…)

Posted in Server Administration, Virtualization | 5 Comments »

Nov
01
2009

Ubuntu, Webmin and Samba for Windows and linux clients

Samba can be one of those things that causes a ton of headaches. It always feels like a huge slowdown when I get to the Samba portion of my media server install. This time I decided to check out using Webmin for my samba configuration and I was pleasantly surprised with how easy it made some of the configurations.

I will hit on the major things to be noted here, firstly the idea of separate samba and system users. You can set up synchronization between these so that when a user is created it gets added to the smbpasswd file also. I created my system users earlier and converted them to samba users, so the synchronization didn’t do me any good for my original user set. New users will be created in the smbpasswd file correctly. In any case, the current users I had did not have the password hash information in the smbpasswd file. An example looks like this: (more…)

Posted in Server Administration, Uncategorized | No Comments »

Oct
21
2009

Fitting and AOC-USAS-L8i in a PCIe slot (UIO to PCIe)

One of the recent server upgrades called for the purchase of raid controller cards. I use software raid in Linux for its versatility and the L8i controllers can perform in hba (Host Bus Adapter) mode. These cards ship with Supermicro’s IT mode firmware which essentially lets all of the drives show up independently in linux.

Before I could see all that, I needed to get these cards into my case. Don’t be too upset when you first try to slide this card into your case and mobo (I have a Norco 4220 and Gigabyte EP45-UD3P) they will not fit at all. It appears as if the bracket is off on the Y axis by about a quarter inch, this is because these cards are UIO form factor.

Establishing my frame of reference

Establishing my frame of reference

This can easily be resolved with some longer screws and nylon spacers. Be sure to use the original brackets as buying new brackets was really hard to figure out (If anyone knows the exact bracket for this then please let me know).

Using quarter inch nylon spacers for number ten machine screws (need to verify)

Using quarter inch nylon spacers for number ten machine screws (need to verify)

We used two spacers on each of the ‘posts’, it appeared that this resolved the issue as we got a good solid fit for both of the cards.

Posted in RAID | 6 Comments »

Oct
19
2009

Power Monitoring with APCUPSD, Email using SSMTP and Google Apps

Recently I performed a large upgrade to my raid file-server, the information being stored is much more critical at this point in time and I have chosen to step up the game in four ways:

  1. Move from on-board Intel controller to dual LSI L8i 8channel hba controllers
  2. Move from raid5 to raid6
  3. Install an APC UPS and monitor it with apcupsd
  4. System monitoring with email alerts via mdadm and Google SMTP

(Sorry for re-iteration if you are following the feed, trying to establish context)

The apcupsd tool lets you connect to your UPS and control when the machine shuts itself down during a scenario where you loose power. Another really nice thing this will do is allow you to send yourself an email through whatever MTA you set up.

The difficult part of getting email setup is configuring a MTA (Mail Transfer Agent). I searched for quite a while on how to get this setup. My initial impression was that I would have to host my own via postfix or some other alternative. I was happy to find that I could use a much more lightweight solution with ssmtp and an email I created from my google apps account.

Install ssmtp

sudo apt-get install ssmtp

Configure ssmtp via its config file /etc/ssmtp/ssmtp.conf

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=serveremailaddress@yourgoogleappsdomain.tld

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=servername.yourgoogleappsdomain.tld

# Are users allowed to set their own From: address?
# YES – Allow the user to specify their own From: address
# NO – Use the system generated From: address
#FromLineOverride=YES

UseSTARTTLS=YES
UseTLS=YES
AuthUser=serveremailaddress@yourgoogleappsdomain.tld
AuthPass=password

Now for a test of ssmtp, create a test file with some text in it. My test file was called ‘test’:

ssmtp youremail@yourgoogleappsdomain.tld < test

For apcupsd we need to modify two files to set our email address up for alerts. They are both located in the /etc/apcupsd directory and are called ‘onbattery’ and ‘offbattery’. I would suggest to leave these as they are because if you set up ssmtp like I have, when an email comes in for root it will be sent on to the ssmtp root address.

Now unplug your UPS and wait for the emails to come!

Posted in Server Administration | No Comments »

Oct
19
2009

RAID Monitoring with MDADM, Email using SSMTP and Google Apps

Recently I performed a large upgrade to my raid file-server, the information being stored is much more critical at this point in time and I have chosen to step up the game in four ways:

  1. Move from on-board Intel controller to dual LSI L8i 8channel hba controllers
  2. Move from raid5 to raid6
  3. Install an APC UPS and monitor it with apcupsd
  4. System monitoring with email alerts via mdadm and Google SMTP

Software raid tool mdadm has monitoring functionality that is easily configured through the /etc/mdadm/mdadm.conf file. You simply need to specify an email address under the MAILADDR property. I would suggest to leave this as root, because with ssmtp you are going to set the email address for everything routed to root.

The difficult part of getting email setup is configuring a MTA (Mail Transfer Agent). I searched for quite a while on how to get this setup. My initial impression was that I would have to host my own via postfix or some other alternative. I was happy to find that I could use a much more lightweight solution with ssmtp and an email I created from my google apps account.

Install ssmtp

sudo apt-get install ssmtp

Configure ssmtp via its config file /etc/ssmtp/ssmtp.conf

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=serveremailaddress@yourgoogleappsdomain.tld

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=servername.yourgoogleappsdomain.tld

# Are users allowed to set their own From: address?
# YES – Allow the user to specify their own From: address
# NO – Use the system generated From: address
#FromLineOverride=YES

UseSTARTTLS=YES
UseTLS=YES
AuthUser=serveremailaddress@yourgoogleappsdomain.tld
AuthPass=password

Now for a test of ssmtp, create a test file with some text in it. My test file was called ‘test’:

ssmtp youremail@yourgoogleappsdomain.tld < test

Test mdadm

sudo mdadm –monitor –scan –test

Everything should be set to go now, hopefully you wont ever need to be notified of a failure.

Known Issue

Using ssmtp with Google’s smtp is great, however if you use special characters in your email password ssmtp will not be able to authenticate. I ran into this and saw the following error:

ssmtp: Authorization failed (454 4.7.0 Cannot authenticate due to temporary system problem. Try again later. 14sm88672bwz.5)

This was promptly resolved by my choosing a password without special characters.

Posted in RAID, Server Administration | 4 Comments »

May
28
2009

Disable PC Speaker on Ubuntu

Recently did an install on my girlfriends laptop of Ubuntu 9.04 (E1705) . Everything went really well excpet for the obnoxious PC Speaker beeping all time. So to disable this guy you need to edit the blacklist file:

sudo nano /etc/modprobe.d/blacklist.conf

Now you need to add this at the bottom so that your computer wont load the pcspkr module next time it boots:

# Damn PC Speaker is annoying
blacklist pcspkr

Restart the machine and you wont hear that obnoxious beeping anymore!

OR Remove the Module

You can also remove the module as was pointed out below. This may be a better solution because you do not have to restart and it takes immediate effect.

sudo rmmod pcspkr

Posted in Audio/Video/Graphics | 2 Comments »

May
10
2009

VirtualHosts on Apache2 (Multihost & Sub-domains)

Several times now I have seen questions in IRC or from friends on how to configure apache2 for multiple hosts and sub-domains. This is a fairly simple task, do not get tempted into using tools such as webmin to handle this kind of configuration for you. It is easy to cripple yourself by using such tools as primary configurators instead of understanding how the systems work. (more…)

Posted in Server Administration | 1 Comment »

May
01
2009

Install (Set Up) Git and Gitosis on Ubuntu

Git is a free distribution revision control initially created by Linus Torvalds for the Linux kernel development. Git is different from subversion in several was, a good solid reference for explanation can be found from a 2008 RailsConf talk on Git by Scott Chacon: (Link).

I will be using Gitosis for this setup, Gitosis is a tool written for Git that helps in the setup of secure access controlled repositories. It will manage multiple repositories under one user account on the host machine. Using SSH keys to identify users, your repositories will be securely accessed and controlled. One large advantage to Gitosis is that your users will not need shell accounts on the machine to access repositories, they will however speak to a singular account what will not allow arbitrary commands.

Git is very local in nature, with remote distributed features. One major thing to wrap your head around is that git resides on your machine and tracks files locally, so if you create a new file and want git to track that file you need to let git know through the add command. Git also has remote locations that give it the ability to push to a, you guessed it…, remote location. You can add many remotes, typically you will see the “origin” remote location in most projects, we will be using origin in this article.

Before you start with this, note that I will try to explain every step as best possible. Some of the other guides out there will lead you along without the explanation, do yourself a favor and avoid the temptation to try and do this quickly… understand as much of git as possible, it will save you time down the road.

(more…)

Posted in Development Environments, Networking | 15 Comments »

Apr
23
2009

Install (Set Up) Uncomplicated Firewall (UFW)

Uncomplicated Firewall is a tool to create rules for iptables. Iptables are rule-sets that are used by netfilter which provides kernel-level packet manipulation and in turn… a firewall. It is important to note that UFW is not a firewall, it is however a tool for configuring the firewall in Linux. Obtaining proficiency with iptables takes time and effort, as a result there has been some successful front-ends written for iptable set up over the years. For terminal based configuration ufw is excellent, however there are some graphical based firewalls also available to configure iptables.

(more…)

Posted in Networking, Security | 2 Comments »

Apr
02
2009

Thunderbird + Lightning (Migrate from Evolution)

I was an avid Microsoft Outlook user right up until my adoption of linux as my primary operating system about eight months ago. Going cold turkey was easy becuase I fell right into Gnome’s Evolution email client. Evolution is great for email, however address book management and calandering can be quite lacking. So I now have seven emails, three calenders and about two hundred contacts that need to be migrated into another solution. Thunderbird is a cross platform compatable email client from mozilla and with the lighnting plugin you can have robust calender support.
(more…)

Posted in Communication | 3 Comments »

« Older Entries