Funny as it may seem, I fell for it (yet again perhaps?). I’ve installed CentOS5 on top of VirtualBox 2.2.2 on my Ubuntu Hardy 8.04 for the sole purpose of testing out ASP.NET hosting using Mono, XSP, and Apache. And I was in for a surprise that I could not access my virtual machine’s Apache web server instance.

I was able to install VirtualBox 2.2.2 vanilla (not the official Ubuntu package) without any problems. I followed it up by installing CentOS5 as a virtual machine. I then proceeded and configured the network interface for the virtual machine on the VirtualBox Management panel, and set it up to use “Bridged” networking.

I proceeded by booting the virtual machine and watched every boot message zip by without a hitch. I then logged into the virtual machine as root and configured the IP address for the network interface. After which, I pinged the IP address and got the reply I want. I then tried to log in via SSH, ang was able to get in. “Hmm… everything seems to be in order. Might as well continue.” I said to myself. Boy was I in for a surprise.

I proceeded and configured the web server, enabling name-based virtual hosting, started Apache and tried to browse the test page. And then… nothing! ACCKK!!! I checked the IPTables rules if there’s something a-miss. So far everything seems to be in order (really?) . Tried a couple more times, and still get a failure from Firefox. Hmmm.. what could it be. Pondering for hours what could have been missed. A colleague suggested to flush the entire set of IPTables rules, which I did and tried accessing the web server. What do you know! I was able to browse the basic landing page. “Hmmm.. there must be something wrong with the IPTables rules” I said whispering.

I proceeded and checked again /etc/sysconfig/iptables and sure enough, I found the culprit. I mistakenly added the IPTables rule that opens port 80 AFTER the reject rule! No wonder port 80 doesn’t open up. I edited the /etc/sysconfig/iptables again, and place the port 80 rule on top of the reject rule, which will then allow it to take effect first, before the reject rule is activated. And then everything worked as it should.

Lesson? Sometimes the obvious things are really hard to find and double checking definitely will prevent the unnecessary debugging for when your system goes to production. I’m just glad this is a simulation system and not production.

I think it was stupid of me not to notice the order of the rules in the iptables file. What do you think?

Technorati linux, virtualization, virtualbox, centos5, apache, webserver, iptables
Site Search Tags: linux, virtualization, virtualbox, centos5, apache, webserver, iptables

This is just a quick tip I’m putting up in replicating existing packages between Ubuntu installs. I tend to keep forgetting how to do it every time I do a total reinstall of my Ubuntu box. The following simple commands will list down all installed packages and export it to a file, copy to a USB thumbdrive, and import later after doing a reinstall/upgrade. In other words, the following steps will automate your package reinstall that will mimic your old Ubuntu install.

hw@myubuntu:~$ dpkg --get-selections > pkginstalled

The above snippet uses the dpkg command with the --get-selections parameter to read the installed packages and dumps them to a plaintext file. You can then proceed and copy pkginstalled to an USB thumbdrive for later, and proceed with the reinstall or system wipeout/upgrade.

After your new system has been reinstalled, instead of manually installing all the applications that you had previously, just do the following commands to automate the process.

hw@newbox:~$ dpkg --set-selections < /media/disk/pkginstalled
hw@newbox:~$ apt-get dselect-upgrade

The above snippet imports the list of packages from the file pkginstalled from /media/disk (USB thumbdrive) or replace it with the path where you copied you package list file. The next command does the actual package installation based on the list of packages imported.

NOTE: If you were using non-official repositories, please add the necessary third-party repo prior to doing the steps mentioned above.

Enjoy!

Technorati ubuntu, linux, dpkg, package, import, export, automate, cli
Site Search Tags: ubuntu, linux, dpkg, package, import, export, automate, cli

Although Intrepid Ibex is not yet geared for release, I’ve decided to make my own wallpaper for it.

It’s not much but a work in progress. Everything’s done in XaraLX on Xubuntu Hardy. And yes, I have already submitted this to Artwork/Incoming/Intrepid under Dark Ibex Wallpaper.

Enjoy!

Technorati wallpaper, ubuntu, intrepid+ibex, artwork
Site Search Tags: wallpaper, ubuntu, intrepid+ibex, artwork

I would like to thank Peng Hardin for mentioning my wee little report on Chrome’s behaviour on Wine 1.1.3. My little post has this tiny speck of a link on Ubuntu Weblogs.

Thanks also to Roy Shea and Dan Kegel over at WineHQ. As expected, them and a couple of other guys at WineHQ have rolled out Wine 1.1.4 with fixes for Google Chrome and I’m glad I was able to contribute to Wine’s improvement in little ways that I can.

Good luck to all of us and let’s have that Wine please!

Technorati wine, winehq, google, chrome, bug, fix, gratitude
Site Search Tags: wine, winehq, google, chrome, bug, fix, gratitude

With Google doing a public beta test of Google Chrome I’ve taken a few steps further to see what it can do. However, sadly for me, GC is currently on a Windows-only build so no dice for native Linux version. So I had to resort to “drastic” measures - try to see if it runs on Wine.

So I got the offline installer here and installed on top of Wine. The installation went ok, with Wine adding a desktop shortcut and menu entries. I tried to run GC and bam, a browser with rounder corners and blue header pops up. So far so good.

Then I noticed that the address bar is all black. Though I can type a URL, it doesn’t open the site I wan’t to visit. Tried it a couple of times, still no dice. Looking at the log I prepped, seems there are some components not working properly. So I ended up firing a report to WineHQ and see what can be done.

Nope, I currently don’t have the time to find the bug for GC on Wine. I’m making the Google Chrome team do that. At least with the WineHQ notified, I can expect to have a working GC on Wine.

Or not.

UPDATE:

Google Chrome now works on Wine 1.1.3. However, additional parameters must be added when you invoke wine on the command line. And sorry, HTTPS access is not yet available/foolproof.

Just fire up Wine in the terminal like so:

env WINEPREFIX=”/home/anakin/.wine” wine “C:\windows\profiles\anakin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe” –new-http –in-process-plugins

You have to also make sure that you have Riched20 and Riched30 installed using Winetricks (thanks Roy Shea at WineHQ!).

This method was further confirmed at UbuntuForums, and also confirmed by “nelson”. A good how-to is also available recently at HowToDude.

UPDATE 2:

Filed another bug report with WineHQ regarding HTTPS access on Google Chrome on Wine 1.1.3.

Related:

Wine AppDB page for Chrome (thanks to Dan Kegel) - added 9/6/2008
WineHQ Bug Report 15106
WineHQ Bug Report 15107
WineHQ Bug Report 15119

Technorati Google, Chrome, beta, browser, Wine, Linux
Site Search Tags: Google, Chrome, beta, browser, Wine, Linux

PFSense is a great tool to have that provides a firewall, traffic shaping capabilities, load balancing and failover, and other features plus fully extensible by way of third party opensource “plugins” and packages that you can install via its web console.

Recently though, some of our devs need to connect via FTP to a remote server. And apparently they’ve encountered some weird problem with FTP:

user@ubuntu:~$ ftp some-server.com
Connected to some-server.com.
220 ProFTPD 1.3.1 Server (some-server.com) [143.44.52.54]
Name (some-server.com:user): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command
ftp: bind: Address already in use
ftp>

A little investigation revealed that in order for FTP to work, we need to have the FTP Helper proxy application working on the LAN interface of our PFSense box, then add a firewall rule, more like a “transparent FTP proxy”. If you get my drift.

Let’s do it

1. In PFSense, click on Interfaces, LAN

2. Make sure that “Disable the userland FTP-Proxy application” is unchecked.

3. Save your setting, and then click “Apply this setting”.

4. We will now add a rule to permit our LAN traffic to access our FTP-Proxy application ports 8000-8030 on 127.0.0.1 . To do so, click on the “+” button at the bottom or at the top, of the list of rules to add your new rule. Make sure that the new rule will be on top of all the other rules.

5. Save your new settings, and apply.

Test your FTP connection.

Enjoy!

Technorati pfsense, firewall, rule, ftp, access, outbound
Site Search Tags: pfsense, firewall, rule, ftp, access, outbound

It’s just a really weird problem that we have today. A perfectly fine Fedora box just suddenly will not boot. When it does not get to initiate booting, GRUB fails saying that the hard drive just cannot be read. The box is somewhat critical and we need to have it running back up (pun intended) since it’s our backup server for most of the managed sites. I guess i’ts not a healthy box as we have been believing.

A little history, it’s an Intel P4-based box on an ASUS P5DR1-VM mobo, on 1GB of RAM. Yeah, it’s not a hefty box. Fedora 8 was installed by a colleague without any issues. Until recently.

It was running fine the other day, then yesterday it just stopped. Checking what happened, the primary hard drive, a Maxtor 80GB PATA, is being bitchy. I rebooted the box and went CMOS. The Maxtor HDD is being identified alright so I proceed to reboot again and see if it will boot up. Again, GRUB stops and cries error reading the drive. “Hmmm.. That’s not right.” I said. I left it overnight and returned to it in the morning.

Another thing that worried me was what if the data on the second hard drive, a Seagate Barracuda 250GB SATA, was also affected? and another thing is that both the Maxtor and the SATA are on LVM!

Aaaarrggghhh!

Crossing fingers, I tried to boot to Fedora 8 install disc and proceeded to use Rescue System. But to no avail… Rescue System wasn’t able to identify a valid Fedora install. “What-the-eff!” Wasting no time, I rebooted and went back to CMOS, all the while feeling the Maxtor hard drive with my hand for any indication that the drive is spinning. Sure enough, CMOS tells me Maxtor’s not there, and the drive isn’t spinning. “Gotcha!” I powered down the box, swapped the hard drive data cable (ribbon cable with new one) and used another Molex power connector (the PSU still has extras) and powered the box up. Checked the CMOS, and voila! Maxtor’s back on the drive list, and the drive is spinning. So far so good. A few things left for me to do — make sure the data is intact, and that I can do backup of the backup (get it?)

This time, I’m using Ubuntu 8.04 Hardy Live CD as my recovery disk. Ubuntu booted smoothly and proceeded to open the Terminal as root. Then tried to check if I’ll be able to see the LVM volumes:

root@linux:~# vgscan
The program 'vgscan' is currently not installed. You can install it by typing:
apt-get install lvm2
bash: vgscan: command not found


Ok, fine. So I proceeded and install lvm2:

root@linux:~# apt-get install lvm2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
dmsetup
The following NEW packages will be installed:
dmsetup lvm2
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 365kB of archives.
After this operation, 1065kB of additional disk space will be used.
Do you want to continue [Y/n]? y


After installing the required package, I proceed to vgscan again, and saw the LVM volume group - in my case VolGroup00. Before I can proceed, I had to do ‘modprobe dm-mod’ first. I leave it up to you as an assignment what this does =) . I then proceeded and typed ‘lvs’ in the terminal. And then proceeded with the magic incantations:

root@linux:~# mkdir /mnt/myLVM
root@linux:~# vgscan
root@linux:~# modprobe dm-mod
root@linux:~# vgchange -ay VolGroup00
root@linux:~# lvs
root@linux:~# mount /dev/VolGroup00/LogVol00 /mnt/myLVM

And there you have it! I got my LVM mounted, and I was able to copy the data I need from it. Whew!

However, my problem is not yet over. I have no clean destination drive to store the would-be-retrieved data. Hmmm, alright. I’m putting it to our shiny Sun Microsystems X2100 M2 server which currently has 500GB of disk space. Fine, fine. It’s running SLES so setting up the NFS server is a no brainer. However, mounting the NFS share into Ubuntu might be challenging. You wish! It’s not that hard. Back to the magic incantations (Ubuntu side):


root@linux:~# apt-get install nfs-common
root@linux:~# mount myNFSserver:/mysharedfolder/subfolder /mnt/myNFSlocal

Bam! NFS share is now mounted locally, and my LVM is reachable as usual. I now start copying my data to the remote machine, and still coyping as of press time. The data is quite huge you know. But I’m happy. But I just don’t want this to happen again.

Technorati ubuntu, linux, lvm, nfs, recovery, backup
Site Search Tags: ubuntu, linux, lvm, nfs, recovery, backup

OpenSource has been in existence for quite a long time. It has been known by so many names with various differences in how licenses take effect on certain products. Some of the widely-known opensource licenses to date are GNU’s own GPL and LGPL licenses, BSD’s own license, the Apache licenses, Mozilla Public License, the PHP license, among many others. These licenses are under the stewardship of the OpenSource Initiative (OSI) who accepts applications by individuals or groups and reviews or approves candidate licenses. Discussing the differences between each opensource license is a different matter however, one may visit the OSI site for more information.

“The software I’m using works fine. I paid for it and I don’t see the need to tinker with it’s programming. Why bother?”
Sure, if you’re happy with the proprietary product that you are using then I’m glad for you. However, there may be questions that you would want to be answered. Some of these questions might be listed in the following list:

1. Do you know how your software works internally?
2. Can the software you bought be customized according to your need?
3. Does it fit your need at all?
4. If it can be customized, how much did it cost for you (or the developer) to modify the software?
5. Are there security issues that you have encountered while using that software?
6. How often does the developer/vendor issue software fixes and patches to resolve certain usability and security issues?
7. How much did the software cost?
8. Are you satisfied with the support provided by the vendor?
9. Do you feel like you’ve been swindled when you purchased/commissioned the software?

If you answered NO to questions 1,2,3,8 and yes to questions 5 and 9, it’s time for you to consider choosing an opensource solution.

“Is going opensource painful?”
The answer is “it depends“. It depends on the type of project or solution that you want to implement, if what you need can be remedied by an opensource solution, and how willing or how committed you are to totally using opensource solutions. Chances are, around 65% of your requirements may have an opensource solution readily available. Over the years, the opensource movement is very active and have been filling some niches already. Currently it is slowly creeping into areas like healthcare, utilities, and management. With the plethora of opensource projects available, you may be able to implement from 65% to possibly 95 or 100% of your requirements fulfilled using opensource.

“If OpenSource is really that great, why hadn’t my friend Joe choose this path?”
Again, it depends. The projects that your friend Joe were working on at that time might not have an available opensource solution yet, or that his projects were very very sensitive enough that opensource is not yet advisable. We’d have to always bear in mind that opensource is not a magic pill that you can take and all your problems will go away. It requires a lot of the human factor in order for it to work. And that is what I truly appreciate with it. It brought back the feeling of responsibility, of being aware of what you are doing, of being totally conscious of what you are deploying and how the system totally behaves. It requires constant vigilance, of bug hunting and fixing. Yet, despite the daunting work, you will be backed by a dedicated community who are willing to spare some time to help you out. The countless mailing lists, forums, and support groups dedicated to specific projects are available 24x7 to help you out. It’s totally different from the 1-800 number that you’re asked to dial whenever you encounter problems, then answered by incompetent call center agents who actually did not try out the solutions that they are asking you to perform. How’s that for a reason?

Was I able to mention that you have full access to documentation and source code? Now you know.

“Ok, ok, I’m with you there. But I don’t know where to start.”
As in any endeavor, you’d have to know what you need in order for you to be able to know how to proceed. It would be better to list down your requirements. For example, you are an administrator and you manage a small network for a local business. You have to first ask yourself the following questions:

1. How many users do I have?
2. What operating systems am I currently using?
3. What network services do I need?
4. What services do the users need?
5. What type of hardware am I currently using?
6. What software applications are my users currently using?
7. What do I want to implement within 3 years?
8. What are my current skill sets?

After identifying and listing your answers, you can then start to plot out the solutions that you already know to fulfill your need. And I’m sure those require software to be purchased. Then you can start searching for the opensource equivalents.

The easiest place to start will be from Google. However, you may also skip over to Sourceforge for the latest opensource projects. You’d have to wade through countless opensource projects with stages ranging from Alpha, Beta, Release Candidates (RC), and Stable or Production grade. I suggest you stay away from Alphas or even Betas as these are still no where near complete and go for the Stable/Productions. RC’s are almost done, but not quite for they still have some fixing to be done.

“Since you’re so keen on brainwashing me, have you actually used OpenSource software?”
The answer is a big YES. I’ve been using and advocating OpenSource for years. My desktop runs Ubuntu Linux currently on 8.04 “Hardy Heron”. The servers I manage run on SuSE Linux Enterprise Server. Our firewall runs on PFSense, which is a BSD distribution based on Monowall and FreeBSD. I have implemented an opensource inventory and asset management solution using OCS Inventory NG and GLPI Asset Management. The company’s domain runs on Samba as primary domain controller authenticating to OpenLDAP since we still had to support existing Windows XP boxen, and some Linux desktops running a mix of Mandriva, Ubuntu, and Fedora.

Had we used proprietary solutions as opposed to what we had now? It would have costed the company millions for the same functionality that we got from opensource which costed us nothing but time and a little guts and dedication.

Technorati opensource, advocacy
Site Search Tags: opensource, advocacy