Categories
blog howto linux network server virtualization

Virtual Private Server on SSD storage

 Update: After reviewing the offerings, I’m no longer running my VPS at digitalocean. Instead I’m using Linode at the moment.
www.linode.com

Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds.

Recently I read about the virtual private servers you can create on www.DigitalOcean.com. They call them Droplets, and they get created in less then a minute if you don’t enable back-ups, or just a couple of minutes with back-up service enabled. You can choose between different geographically located data centers. You can choose between New York, San Francisco, London, Amsterdam and Singapore. You get one public ip address (or ipv6 if you prefer, but who does anyway).

You can choose out of some pre selected minimal OS installations such as Ubuntu, CentOS, Debian, Fedora and CoreOS. Or you could even deploy your VPS complete with a LAMP (Linux, Apache, MySQL and PHP) or even with WordPress of Drupal setup. If I looked at the price (10$/month or 12$ with back-up) for a VPS, with 1 CPU, 1GB RAM, 30GB DISK and 2TB data transfer, and compared that to what I was currently paying for 2 shared hosting plans, the math was clear. For a bit less than what I was paying I get my very own Virtual Private Server where I can configure everything I want and have full rights on everything.

For me, as an enthusiastic system engineer, with experience on multiple Linux flavors, this was a very nice project. Starting from a minimal CentOS 7 installed Droplet, I quickly installed and configured Apache, Nginx, MySQL and PHP and started serving web pages. My first tests were a success. I configured different management tools and secured the system with a software firewall. Because your VPS has a public ip address you must think good about security. It took some time getting used to the new firewall software system in CentOS 7 called firewalld. After some cursing I had it set up as I wanted.

The next step was to migrate the first of my existing websites over to the new VPS. I chose to configure virtual hosts in an organized manner so that I could always expand to more websites if needed. After transferring the databases and website data, I set course for a new goal. Making my sites more secure by using HTTPS encryption on the login pages. By using the free 1 year class 1 certificates from www.startssl.com I did not have to make any extra costs. Update: Using Let’s Ecrypt now and HTTPS on all pages! After some hours of configuring and testing I had everything running smoothly. I migrated all the DNS records to my new VPS and shortly after my 1st website was running live on the new VPS.

My next goal was to set up mailboxes for every virtual host and using IMAP to connect to them. I choose POSTFIX as the SMTP server and DOVECOT as the IMAP server. POSTFIX was configured for using virtual mailboxes that don’t require a Linux user. DOVECOT was configured for SSL/TLS encrypted connections so password are never sent in clear text. To finish it off I installed ROUNDCUBE as a web mail solution.

After my successful first website migration the second one followed quickly and went smoothly as well. This time I also needed a FTP setup and I chose VSFTPD and again made it possible to use SSL encryption.

The VPS is now running all of my websites, except this blog.

PS: If you are wondering why I don’t migrate this blog, running on my home server, that’s because it’s a challenge to keep a website running on a homeserver with minimal hardware costs and dynamic internet ip address. It also has some other uses for me besides serving this blog.

Categories
blog howto linux server

DUF alias for sorted du -h

Show disk usage (human readable) for each folder/file sorted by size!

alias duf='du -sk * | sort -n | perl -ne '\''($s,$f)=split(m{\t});for (qw(K M G)) {if($s<1024) {printf("%.1f",$s);print "$_\t$f"; last};$s=$s/1024}'\'
Usage: duf

Alternative without perl:
du -sk * | sort -n | while read size fname; do for unit in k M G T P E Z Y; do if [ $size -lt 1024 ]; then echo -e "${size}${unit}\t${fname}"; break; fi; size=$((size/1024)); done; done


Tested on: Linux (Redhat, Centos, Debian), Unix (Solaris, SunOS)
Author: http://www.earthinfo.org/linux-disk-usage-sorted-by-size-and-human-readable/

Categories
blog howto linux server

Ubuntu upgrade from 10.10 to 11.04 broke grub

After upgrading my Ubuntu server from 10.10 to 11.04 using the “do-release-upgrade” method, my system would no longer boot.
It was stuck on a GRUB shell. I downloaded the liveCD, booted from that and ran the excellent Boot-Repair utility. I had to install it using apt-get, so you need an internet connection. They should include it in the liveCD. I belive you can also download a Boot-Repair ISO file to boot from.

But the Boot-Repair tool worked great and fixed my GRUB in no time.
I see a lot of problems with GRUB after the upgrade. Maybe it’s a bug that affects people who, in the past, already upgraded from 9.x or 8.x to 10.x. So people who had GRUB v1 at some point in time.

Categories
blog howto linux

Send PCL code for landscape to raw printer in Linux

When the CUPS printer is in RAW mode (no driver or PPD file), you can send PCL codes to the printer in plain text. You can just insert & append the codes on your job.
Here is how I did it:

#!/bin/bash
#
# Created on 01 march 2011 by Stan Gobien
# http://ares.gobien.be:8080/2011/03/pcl-code-landscape-raw-linux/
#
# Insert PCL code for landscape at beginning and append PCL reset code at end
# PCL codes tested on HP Laserjet
# The script expects input via stdin and sends output to stdout
# usage: cat somefile | ./landscape.sh | lp -dPRINTER
cat | sed -e ‘1i^[&l1O’ | sed -e ‘$a^[E’

Note: You can’t simply copy/paste the ^[ code. This is the VI representation of the ESCAPE character. You have to create it like this: CTRL+V ESC (this means press CONTROL and V key together then press ESCAPE key). Tested on Vi IMproved 7.0

Categories
linux server virtualization

GhettoVCB ESX(i) VM’s backup: E-mail logfile

UPDATE: GhettoVCB now has it’s own function to send a report mail. It only works on ESXi > 4.1.

I’m using an excellent script to backup my virtual machines called GhettoVCB. This script works perfect. I wanted to get the daily logfile in my e-mal inbox. I have ESXi (4.0) and i don’t know whether it can e-mail by itself, i think not. But i used a linux VM i am running, to pull the logfile and mail it to me. The linux VM is set up with sendmail and outgoing mailhost is configured. I you don’t have a linux VM, a windows VM or PC can work too. You can use wget for windows to pull the file (syntax would maybe change a little bit) and then blat to mail the file. I won’t go in detail about this.

I have altered the GhettoVCB script to make the backups & logiles use this date syntax “date +%F”. I find it easier to read for humans. You have to adjust this in the Cronjob that calls the ghettoVCB script, the logfile is given as a paramter.
In the script below, please adjust the youruser and yourpass to valid login credentials for browsing the datastore trough https. Usually the user you login with directly on the ESXi. Also adjust the you@domain.tld, place your e-mail address. Pretty simple & basic but it works excellent. Last point, adjust the 192.168.x.y to your ESXi’s IP address.

#grab esxi backup log file and mail it v0.1
#Note the WGET part should be 1 line, no line breaks
#Adjust the youruser & yourpass to valid credentials for logging in to ESXi (browse the datastore)
#Adjust the IP address (192.168.x.y) to your ESXi ip addresss
#In the wget line below, my logs were located in a folder called backup on a datastore called 750GBdisk2
#You could check the syntax of the link by browsing to your datastore and locate the backup log files then look at the addressbar
cd /tmp
wget "https://192.168.x.y/folder/backup/ghettoVCB-backup-$(date +\%F).log?dcPath=ha-datacenter&dsName=750GBdisk2" --user youruser --password yourpass --no-check-certificate
cat /tmp/ghettoVCB* | mail -s "Backup log ESXi4" you@domain.tld
rm -rf /tmp/ghettoVCB*

Categories
blog linux

Munin config example

/etc/munin.conf

# Example configuration file for Munin, generated by ‘make build’
# The next three variables specifies where the location of the RRD
# databases, the HTML output, and the logs, severally. They all
# must be writable by the user running munin-cron.
dbdir /var/lib/munin
htmldir /var/www/munin
logdir /var/log/munin
rundir /var/run/munin

# Where to look for the HTML templates
tmpldir /etc/munin/templates

# Make graphs show values per minute instead of per second
#graph_period minute

# Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime
# something changes (OK -> WARNING, CRITICAL -> OK, etc)

contact.yourname.command mail -s “MUNIN – [${var:host}] ~ ${var:graph_title} ~ warnings: ${loop<,>:wfields ${var:label}=${var:value}} ~ criticals: ${loop<,>:cfields ${var:label}=${var:value}}” your.email@domain.tld

#
#
# For those with Nagios, the following might come in handy. In addition,
# the services must be defined in the Nagios server as well.
#contact.nagios.command /usr/sbin/send_nsca -H nagios.host.com -c /etc/send_nsca.cfg

# a simple host tree
[location1-wms1.otherdomain.tld]
address 169.254.30.86
use_node_name yes

load.load.warning 15
load.load.critical 30

memory.apps.warning 6442450944
memory.committed.warning 8589934592
# memory.committed.warn 8589934592
memory.committed.critical 17179869184

df._dev_cciss_c0d0p1.warning 75
df._dev_mapper_VolGroup00_LogVol00.warning 90
df._dev_mapper_VolGroup00_LogVol01.warning 90
df._dev_mapper_VolGroup00_LogVol02.warning 90
df._dev_mapper_VolGroup00_LogVol04.warning 90
df._dev_mapper_VolGroup01_LogVol00.warning 90
df._dev_mapper_VolGroup02_LogVol00.warning 90
df._dev_mapper_VolGroup03_LogVol00.warning 90

df._dev_cciss_c0d0p1.critical 95
df._dev_mapper_VolGroup00_LogVol00.critical 95
df._dev_mapper_VolGroup00_LogVol01.critical 95
df._dev_mapper_VolGroup00_LogVol02.critical 95
df._dev_mapper_VolGroup00_LogVol04.critical 95
df._dev_mapper_VolGroup01_LogVol00.critical 95
df._dev_mapper_VolGroup02_LogVol00.critical 95
df._dev_mapper_VolGroup03_LogVol00.critical 95

[location1-wms2.otherdomain.tld]
address 169.254.30.88
use_node_name yes

load.load.warning 15
load.load.critical 30

memory.apps.warning 6442450944
memory.committed.warning 8589934592
memory.committed.critical 17179869184

df._dev_cciss_c0d0p1.warning 75
df._dev_mapper_VolGroup00_LogVol00.warning 90
df._dev_mapper_VolGroup00_LogVol01.warning 90
df._dev_mapper_VolGroup00_LogVol02.warning 90
df._dev_mapper_VolGroup00_LogVol04.warning 90
df._dev_mapper_VolGroup01_LogVol00.warning 90
df._dev_mapper_VolGroup02_LogVol00.warning 90
df._dev_mapper_VolGroup03_LogVol00.warning 90

df._dev_cciss_c0d0p1.critical 95
df._dev_mapper_VolGroup00_LogVol00.critical 95
df._dev_mapper_VolGroup00_LogVol01.critical 95
df._dev_mapper_VolGroup00_LogVol02.critical 95
df._dev_mapper_VolGroup00_LogVol04.critical 95
df._dev_mapper_VolGroup01_LogVol00.critical 95
df._dev_mapper_VolGroup02_LogVol00.critical 95
df._dev_mapper_VolGroup03_LogVol00.critical 95

[location1-ts1.otherdomain.tld]
address 169.254.30.90
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[location1m-fc1.otherdomain.tld]
address 169.254.30.94
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[location1-mfc2.otherdomain.tld]
address 169.254.30.96
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[location1-ts2.otherdomain.tld]
address 169.254.30.92
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used
memory.apps.label usage
memory.unused.label pagefile

[location2-wms1.otherdomain.tld]
address 169.254.20.20
use_node_name yes

load.load.warning 15
load.load.critical 30

memory.apps.warning 6442450944
memory.committed.warning 8589934592
memory.committed.critical 17179869184

df._dev_cciss_c0d0p1.warning 75
df._dev_mapper_VolGroup00_LogVol00.warning 90
df._dev_mapper_VolGroup00_LogVol01.warning 90
df._dev_mapper_VolGroup00_LogVol02.warning 90
df._dev_mapper_VolGroup00_LogVol04.warning 90
df._dev_mapper_VolGroup01_LogVol00.warning 90
df._dev_mapper_VolGroup02_LogVol00.warning 90
df._dev_mapper_VolGroup03_LogVol00.warning 90

df._dev_cciss_c0d0p1.critical 95
df._dev_mapper_VolGroup00_LogVol00.critical 95
df._dev_mapper_VolGroup00_LogVol01.critical 95
df._dev_mapper_VolGroup00_LogVol02.critical 95
df._dev_mapper_VolGroup00_LogVol04.critical 95
df._dev_mapper_VolGroup01_LogVol00.critical 95
df._dev_mapper_VolGroup02_LogVol00.critical 95
df._dev_mapper_VolGroup03_LogVol00.critical 95

[location2-wms2.otherdomain.tld]
address 169.254.20.22
use_node_name yes

load.load.warning 15
load.load.critical 30

memory.apps.warning 6442450944
memory.committed.warning 8589934592
memory.committed.critical 17179869184

df._dev_cciss_c0d0p1.warning 75
df._dev_mapper_VolGroup00_LogVol00.warning 90
df._dev_mapper_VolGroup00_LogVol01.warning 90
df._dev_mapper_VolGroup00_LogVol02.warning 90
df._dev_mapper_VolGroup00_LogVol04.warning 90
df._dev_mapper_VolGroup01_LogVol00.warning 90
df._dev_mapper_VolGroup02_LogVol00.warning 90
df._dev_mapper_VolGroup03_LogVol00.warning 90

df._dev_cciss_c0d0p1.critical 95
df._dev_mapper_VolGroup00_LogVol00.critical 95
df._dev_mapper_VolGroup00_LogVol01.critical 95
df._dev_mapper_VolGroup00_LogVol02.critical 95
df._dev_mapper_VolGroup00_LogVol04.critical 95
df._dev_mapper_VolGroup01_LogVol00.critical 95
df._dev_mapper_VolGroup02_LogVol00.critical 95
df._dev_mapper_VolGroup03_LogVol00.critical 95

[location2-ts1.otherdomain.tld]
address 169.254.20.24
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[location2-ts2.otherdomain.tld]
address 169.254.20.26
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[location2-mfc1.otherdomain.tld]
address 169.254.20.28
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[location2-mfc2.otherdomain.tld]
address 169.254.20.30
use_node_name no
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

[otherdomain.tld;Totals]
update no

load1.graph_title Loads-WMS1
load1.graph_order location1wms1=location1wms1.otherdomain.tld:load.load location2-wms1=location2-wms1.otherdomain.tld:load.load

load2.graph_title Loads-WMS2
load2.graph_order location1wms2=location1wms2.otherdomain.tld:load.load location2-wms2=location2-wms2.otherdomain.tld:load.load

load3.graph_title Loads on top of each other
load3.dummy_field.stack location1wms1=location1wms1.otherdomain.tld:load.load location2-wms1=location2-wms1.otherdomain.tld:load.load location1wms2=location1wms2.otherdomain.tld:load.load location2-wms2=location2-wms2.otherdomain.tld:load.load
load3.dummy_field.draw AREA # We want area instead the default LINE2.
load3.dummy_field.label dummy # This is needed. Silly, really.

memory1.graph_title Memory SWAP WMS
memory1.graph_order location1wms1=location1wms1.otherdomain.tld:memory.swap location2-wms1=location2-wms1.otherdomain.tld:memory.swap location1wms2=location1wms2.otherdomain.tld:memory.swap location2-wms2=location2-wms2.otherdomain.tld:memory.swap

memory2.graph_title Memory Committed WMS
memory2.graph_order location1wms1=location1wms1.otherdomain.tld:memory.committed location2-wms1=location2-wms1.otherdomain.tld:memory.committed location1wms2=location1wms2.otherdomain.tld:memory.committed location2-wms2=location2-wms2.otherdomain.tld:memory.committed

# load3.graph_title Loads summarised
# load3.combined_loads.sum location1wms1.otherdomain.tld:load.load location2-wms1.otherdomain.tld:load.load
# load3.combined_loads.label Combined loads # Must be set, as this is
# # not a dummy field!

[ip-wms1.domain.tld]
address 127.0.0.1
use_node_name yes

load.load.warning 15
load.load.critical 30

memory.apps.warning 6442450944
memory.committed.warning 8589934592
memory.committed.critical 17179869184

[ip-wms2.domain.tld]
address 192.168.101.51
use_node_name yes

load.load.warning 15
load.load.critical 30

memory.apps.warning 6442450944
memory.committed.warning 8589934592
memory.committed.critical 17179869184

[windows-pc.domain.tld]
address 192.168.101.26
use_node_name yes
memory.swap.label swap
memory.swap.draw STACK
memory.swap.info Swap memory used

/etc/munin-node.conf

#
# Example config-file for munin-node
#

log_level 4
log_file /var/log/munin/munin-node.log
port 4949
pid_file /var/run/munin/munin-node.pid
background 1
setseid 1

# Which port to bind to;
host *
user root
group root
setsid yes

# Regexps for files to ignore

ignore_file ~$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$

# Set this if the client doesn’t report the correct hostname when
# telnetting to localhost, port 4949
#
host_name location1-wms1.otherdomain.tld

# A list of addresses that are allowed to connect. This must be a
# regular expression, due to brain damage in Net::Server, which
# doesn’t understand CIDR-style network notation. You may repeat
# the allow line as many times as you’d like

#allow ^127\.0\.0\.1$
allow ^169\.254\.25\.10$

Happy learning !

Categories
blog linux server virtualization

Installed ESXi 4 (with FTP & SSH enabled) & migrated VM’s from workstation

UDATE: This is an outdated article, since ESXi 4.1 you can enable SSH (remote & local) from the VI client through “security features” in “configuration”.

After my XenServer5.5 experience i decided to use VMWare ESXi, let’s be honest, the leader in the market.
First problem, installation would fail because no supported NIC was found. I tried several NIC’s such as 3Com 3C509 & Realtek RTL8139 but no luck.
I ordered an Intel PRO/1000 Desktop PCI adapter. I tested with the ESXi 4 CD and it was detected and supported.
Success, then I made a custom ESXi 4 CD with FTP & SSH enabled (trough custom oem.tgz) and installed ESXi. All went flawless.
Since it took some time for me to test the different NIC’s and finally order the Intel NIC. I had already installed VMWare Workstation evaluation on my desktop and had recreated my VM’s. Of course my PC was not 24/24 online so the website I’m writing this on was only at some times available.

After ESXi was installed and running, I used the VMWare Converter Standalone to convert my workstation VM’s to ESXi. The Windows VM went excellent.
The Ubuntu VM was installed through VMWare Workstation easy install mode, and on the ESXi it would boot fine but would not load the correct drivers for the NIC.
I was trying different things on it, but without NIC there wasn’t much i could do. I tried compiling the VMware tools and drivers but had failures.
I finally had to make a new VM with Ubuntu server fresh install and copied the files and exported the SQL database (on my VMWare workstation i could still boot the VM with network access). But after at least 6 hours of work ESXi was running with the 2 VM’s and the website was operational.

Since i use Windows 7 I had to follow a how-to because Vsphere Client fails on Windows 7 (have to copy system.dll and make a batch script). After updates from VMWare the latest Vsphere Client works fine on Windows 7.
Yesterday and today I finished up the Windows VM and moved PC’s in to the domain, copied back files & setup shares.

Now on to some last items, torrentflux-b4rt, truecrypt, moblock, RAS, …