Adventures in Ubuntu systems administration

Posts tagged “Ubuntu

Odd iproute2 gateway behavior with two gateways

After helping a frustrated yet patient Elvar I thought I better post about the situation we came across incase anybody else finds themselves in the same situation.

Elvar started with all the correct elements to setup a functioning multrouting gateway. Two connections from two different providers, eth1, eth2. Running on an Ubuntu box with eth0 as internal. Both internet connections working on their own.

But alas. Whenever both eth1 and eth2 were active on the host, outgoing packets just would not go out. I don’t know if incoming packets were being replied to as we were unable to check that.

If just eth1 or eth2 was active than everything traversed ok. But we wanted it to work with both connections.

After a LONG time of diagnosing we noticed there were two default routes in iproute2 (ip’s fudged, but you get the idea):

firewall# ip route show
...
default via 1.1.2.1 dev eth2  metric 100
default via 1.1.3.1 dev eth1  metric 100

My firewall often has two default routes listed on the main table (ppp0, and ppp1) until the cleanup script fixes it. Without any negative side effect. I may just be lucky though.

Upon removing the eth2 line from table main, everything started working correctly. Incoming, outgoing, forwarding, balancing.

I also noticed the output of ifconfig eth2 looked a bit screwed too, but there was not much we could do about that as it was assigned by dhcp.

eth2      Link encap:Ethernet  HWaddr 00:11:22:33:44:55
    inet addr:1.1.2.1  Bcast:255.255.255.255  Mask:255.255.255.0

See it? No not the MAC address. The broadcast address. A quick ipcalc 1.1.2.1/24 gives me a broadcast of 1.1.2.255. But once we removed the eth2 default route line, it all started working again and didn’t get to dig into it to see if the broadcast actually affected it.

So that’s all. Just remember there are a lot more things to go wrong in a multigateway setup, including things outside of iptables.

January 26, 2010 | Categories: Server, Ubuntu | Tags: , , , | 3 Comments »

Iptables packet flow diagram

Here is the diagram I keep stuck to my wall for reference when dealing with iptables.

I cannot remember what site I used as a reference when creating the diagram. The original was an ascii chart though. This is created in dia and exported to pdf too. Both attached for convenience. CC licensed as long as the original chart I copied allows it.

Packet flow examples:

All packets to or from localhost travel down the left side of the chart.

From external destination localhost: PREROUTING -> INPUT -> [Local Process] -> OUTPUT -> POSTROUTING.

From localhost destination external: OUTPUT -> POSTROUTING -> [External Host] -> PREROUTING -> INPUT.

All forwarded packets travel the right side of the chart and travel all three tables coming in and then again going out.

From external dest internal: PREROUTING -> FORWARD -> POSTROUTING.

Internal response to external: PREROUTING -> FORWARD -> POSTROUTING.

and so forth.

This is what caught me for a while. Forwarded packet travel the right side route and get out of (or in to) the network. The response then gets generated and does not start from FORWARD or POSTROUTING, but from PREROUTING again. So all NEW forwarded packets need to be marked in PREROUTING and the mark saved. Not new packets need that mark restored in PREROUTING, and all packets need that mark restored in POSTROUTING. (As demonstrated by my previous post).

Locally generated traffic only sees OUTPUT and POSTROUTING before hitting the network and needs to be marked before hitting POSTROUTING, hence the OUTPUT chain rules in my previous post.

I will accept changes to the chart too if anybody wants modifications made.

iptables routing.dia

iptables routing.pdf

December 7, 2009 | Categories: Uncategorized | Tags: , , , | Leave A Comment »

Multi gateway balancing with iptables

I have been testing load balancing via both iptables and ip route nexthop for a couple of days now.  They both work pretty well too.

This only balances outgoing traffic as incoming traffic balanced via DNS RR and the firewall just returns the traffic on the interface it arrived on as per the previous post.

On the whole, I prefer the iptables solution. It seems to balance the traffic better. ip route balances outgoing connections based on nexthop of the route to that host is not already in it’s routing cache. While iptables balances traffic by alternate outgoing connections. The only downside I have seen is occasional connection drops to the BlackBerry servers.

After 24 hours of iptables balancing:

ppp0      Link encap:Point-to-Point Protocol
          RX bytes:1186783900 (1.1 GB)  TX bytes:1290603327 (1.2 GB)
ppp1      Link encap:Point-to-Point Protocol
          RX bytes:1109227490 (1.1 GB)  TX bytes:1140565429 (1.1 GB)

 

This is using inclusion rules for determining balanced traffic. These are the rules that ended up on the production server:

 

# Load balancing rules (Split 50/50 between fwmark 1/2)
iptables -t mangle -A balance1 -d 192.168.0.0/16      -j RETURN
iptables -t mangle -A balance1 -d 10.0.0.0/8          -j RETURN
iptables -t mangle -A balance1 -m connmark ! --mark 0 -j RETURN
iptables -t mangle -A balance1 -m state --state ESTABLISHED,RELATED -j RETURN
iptables -t mangle -A balance1 -m statistic --mode nth --every 2 --packet 0 -j CONNMARK --set-mark 1
iptables -t mangle -A balance1 -m statistic --mode nth --every 2 --packet 1 -j CONNMARK --set-mark 2

# Check to see if we have already marked a packet
iptables -t mangle -A PREROUTING  -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT      -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark

# Mark incoming connections to return on the interface they came in on
iptables -t mangle -A PREROUTING          -i ppp0                     -m state --state NEW  -j CONNMARK --set-mark 1
iptables -t mangle -A PREROUTING          -i ppp1                     -m state --state NEW  -j CONNMARK --set-mark 2

# New outgoing packets
iptables -t mangle -A PREROUTING  -i eth0          -p tcp --dport  22 -m state --state NEW  -j balance1
iptables -t mangle -A PREROUTING  -i eth0          -p tcp --dport  25 -m state --state NEW  -j balance1
iptables -t mangle -A PREROUTING  -i eth0          -p tcp --dport  80 -m state --state NEW  -j balance1
iptables -t mangle -A PREROUTING  -i eth0          -p tcp --dport 443 -m state --state NEW  -j balance1
iptables -t mangle -A OUTPUT                       -p tcp --dport  80 -m state --state NEW  -j balance1

# Choose our route and save the mark
iptables -t mangle -A PREROUTING  -m connmark --mark 1 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING  -m connmark --mark 2 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING  -m state --state NEW -m connmark ! --mark 0  -j CONNMARK --save-mark

 

That’s all of the CONNMARK and MARK related rules I use.

The new outgoing packets section is where I choose what packets should be balanced and accounts for about 95% of our outgoing traffic.

The balance1 chain just has some checks at the beginning to catch further traffic that should not be balanced in case some rule gets messed up.

Of the new outgoing packets rules, the PREROUTE lines are for forwarded traffic and the OUTPUT rule is for traffic generated on that host by a transparent squid proxy.

Hope somebody finds that useful one day.

 

 

December 1, 2009 | Categories: Server, Ubuntu | Tags: , , , , , | 7 Comments »

Multi gateway routing with iptables and iproute2

Notes on multi gateway routing with iptables and iproute2, suggestions and corrections gladly accepted. My notes may be incomplete or just plain wrong, I pieced them together after getting it working.

Running on Ubuntu-9.10 with two internet connections ppp0 and ppp1 both with static IP’s from two different internet providers in Australia (iiNet and Internode).

Preperation:

Extra ip route tables per gateway.

Add tables to /etc/iproute2/rt_tables. Table names and numbers can be anything as long as they are consistent later on.

echo -e "101 connection1\n102 connection2" | sudo tee -a /etc/iproute2/rt_tables

Add routes to the extra rule tables. Copy the local routes from the main table then add the default gateway specific to this connection. Replace the vars at the beginning with your relevant settings.

#!/bin/sh
DEV1=ppp0
IP1=100.0.1.1
GW1=100.0.1.254
TABLE2=connection2
DEV2=ppp1
IP2=100.0.2.1
GW2=100.0.2.254
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev '(^default|ppp)' | while read ROUTE ; do
    ip route add table $TABLE1 $ROUTE
    ip route add table $TABLE2 $ROUTE
done
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
ip route add table $TABLE1 default via $GW1
ip route add table $TABLE2 default via $GW2

ip route output:

~# ip route show
100.0.1.254 dev ppp0  proto kernel  scope link  src 100.0.1.1
100.0.2.254 dev ppp1  proto kernel  scope link  src 100.0.2.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 100.0.1.254 dev ppp0

~# ip route show table connection1
100.0.1.254 dev ppp0  proto kernel  scope link  src 100.0.1.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 100.0.1.254 dev ppp0

~# ip route show table connection2
100.0.2.254 dev ppp1  proto kernel  scope link  src 100.0.2.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 100.0.2.254 dev ppp1

Add the ip rules:

ip rule add from 100.0.1.1 lookup connection1
ip rule add from 100.0.2.1 lookup connection2
ip rule add fwmark 1 lookup connection1
ip rule add fwmark 2 lookup connection2

Add the iptables rules for SNAT:

iptables -A POSTROUTING -o ppp0 -j SNAT --to-source 100.0.1.1
iptables -A POSTROUTING -o ppp1 -j SNAT --to-source 100.0.2.1

And finally add the rules for marking the connection they should be going out on. The first PREROUTING rule is for packets we forward to be returned via the interface they were received on. The OUTPUT rule is for packets handled on this PC to be returned on the correct interface too. We only want to mark new packets and restore marks on established connections else the packets

-A PREROUTING          -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-A OUTPUT              -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-A PREROUTING -i ppp0  -m state --state NEW                 -j CONNMARK --set-mark 1
-A PREROUTING -i ppp1  -m state --state NEW                 -j CONNMARK --set-mark 2
-A PREROUTING -m connmark --mark 1                          -j MARK --set-mark 1
-A PREROUTING -m connmark --mark 2                          -j MARK --set-mark 2
-A PREROUTING -m state --state NEW -m connmark ! --mark 0   -j CONNMARK --save-mark

Selective routing:

To send all outgoing traffic on a specific table:

-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport  80 -j CONNMARK --set-mark 2
-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport 443 -j CONNMARK --set-mark 2

 

References:

http://www.clintoneast.com/articles/multihomed.php

http://linux-ip.net/html/adv-multi-internet.html

November 28, 2009 | Categories: Server, Ubuntu | Tags: , , | 3 Comments »

Ubuntu 9.10 impressions, extra packages.

I updated my main laptop to Ubuntu 9.10 on it’s release. It called for a fresh install as this laptop get’s a lot of crap installed left right and centre and an upgrade was not going to clean it up. (Apache, Nginx and Lighttpd, tomcat, netbeans all installed and starting on bootup, argh, plus many self compiled packages I installed without keeping track of.)

The only bugs I have been hit by was #446146. A Huawei E169 USB here modem only shows up as a memory card reader. Quick install of one of the kernel packages listed fixed this for me though.

A PC that after upgrade was trying to detect the harddrives as part of fakeraid setup and would fail to boot. Booted with the previous kernel, removed dmraid, and rebooted and she’s all good.

And gscan2pdf needed three packages from Jaunty to save as PDF again:

  • libmagickcore1_6.4.5.4.dfsg1-1ubuntu3.1_amd64.deb
  • libmagickwand1_6.4.5.4.dfsg1-1ubuntu3.1_amd64.deb
  • perlmagick_6.4.5.4.dfsg1-1ubuntu3.1_amd64.deb

I am really impressed with the direction that to boot theming is taking, well done Scott and team. Nvidia black redraw issues have gone away too. Sound is working better for me. Easier to select the speakers I want to output to. Havn’t tried Ubuntu One yet as most of my family is already using dropbox. Will probably try it for backing up some app data though.

The nvidia-settings tool would not save my settings for two monitor to xorg.conf as it could not parse it. So I instead just replaced the Screen Section in xorg.conf with the following and the extra monitor is auto detected and expanded to now:

Section "Screen"
    Identifier    "Default Screen"
    DefaultDepth    24
    Option         "TwinView" "1"
    Option         "TwinViewXineramaInfoOrder" "DFP, CRT"
    Option         "metamodes" "DFP: nvidia-auto-select +0+0, CRT: nvidia-auto-select +1280+0"
     SubSection     "Display"
        Depth       24
    EndSubSection
EndSection

I still have to work out how to slow down my mouse further with X as the slowest I can set it to in Gnome is still to fast at times.

And incase anybody like to compare notes, these are the packages I have installed/removed in the first couple of days (some from PPA’s, etc).

Installed:

cowbell
bash-completion
vim
vim-gnome
screen
mc
gwibber
inkscape
chromium
virtualbox-3.0
gvim
fontypython
nautilus-dropbox
conky
wine1.2
cups-pdf
gnome-do
shutter
libnss3-tools
gstm
gscan2pdf
nmap
thewidgetfactory
agave

Removed:

latex-xft-fonts
ttf-thai-tlwg
ttf-kacst
ttf-indic-fonts-core
ttf-lao
ttf-wqy-zenhei
ttf-vlgothic
ttf-unfonts-core
f-spot

I removed the list of fonts to see 1) what would happen, 2) my default font list was cluttered & 3) I can’t understand any of those languages anyway.

 

November 5, 2009 | Categories: Desktop, Ubuntu | Tags: , , | 2 Comments »

Liferay inroads

After installing Alfresco and admittedly suffering a few hiccups with it I seem to be making enough progress that I also decided to investigate Liferay as an alternative to Plone as our intranet portal and internal information site.

There are some areas that Plone really does well such as the content type handling and content workflow. But lack of documentation in other areas has left me pulling my hair out at times, such as ldap user and group integration with openldap and active directory, debugging modules and some new gotcha each time something is updated in a buildout.

Liferay has also had a steep learning curve, but I found it no where as bad as Plone. No messing in the ZMI for setting up ldap auth, changing database backends or setting portal defaults. Just one config file. I have found the speed surprising compared to Plone on the same hardware too. With java webapps I have tried in the past I have been left with the impression of them being bloated, memory hungry and slow. But I am slowly coming around thanks to Alfresco and Liferay. (more…)

May 25, 2009 | Categories: Uncategorized | Tags: , , , , , , | 3 Comments »

Plone 3.2.2 on Jaunty with python sandbox

It seems that a lot of python2.4 support was dropped from Ubuntu 9.04 Jaunty. Support which without Plone would not run. I started recompiling python packages to bring back python2.4 builds, but this was turning into a slippery slope and would bring back problems if any python package was updated from Ubuntu again.

Solution:

Use a separate user with it’s own install of python2.4 and any libraries needed for plone.

These are not complete instructions on how to get plone running again. But more or less just notes to point most people in the right path. (more…)

May 4, 2009 | Categories: Server | Tags: , , , , , , | 3 Comments »

OpenLDAP TLS with wildcard domain certs

After the last post on the OpenLDAP trouble I had, I’ve continued trying new things with it and can confirm that wildcard domain certificates do succeed with OpenLDAP.

When creating the certificate request enter for eg *.example.com in the common name field and you can then use the one certificate on all servers that fall in that domain.

BIG WARNING! This is very dangerous if the keys are not secured properly. As if somebody compromises one key, they have compromised all of the services on all the machines that use the same key! So make sure you really want to do this, have the file permissions set correctly and are prepared for the consequences.

April 3, 2009 | Categories: Server, Ubuntu | Tags: , , , , , | 1 Comment »

Notes on ubuntu-8.10-serverguide-openldap

After deciding to learn to setup OpenLDAP yesterday I realised it was more than a days work, and that the documentation that I thought was going to be the most suited for my platform left a lot of holes for the beginner. I also had a firefox window with all the sites I used as a reference open in tabs, but then decided to print out some colouring pictures for the kids and one site kept crashing firefox (and ruined my day). So no citing references sorry, most of this information was only grepped from google eventually anyway.

The openldap-server guide does try to take you from wo to go fairly well and the following notes are just extra things that would have been handy to know or were needed to continue. (more…)

April 3, 2009 | Categories: Server, Ubuntu | Tags: , , , , , , , , , | 15 Comments »

Dlink DWA-110 + Ubuntu 8.10 = Happy Customer

Just a quick note for anybody looking to see if this Wireless (802.11b/g) USB adaptor works with linux before purchasing.

I purchased one from Dick Smiths last night plugged it into my (Ubuntu-8.10 powered) laptop and was up and running within seconds.

Signal strength and speed are fairly industry standard. Cost AU$50. I probably could have found it cheaper elseware but DSE was conveniently on my way home last night.

D-Link DWA-110

D-Link DWA-110

Now just to find an access point with decent signal strength.

March 20, 2009 | Categories: Ubuntu | Tags: , , , , , , , , , | 16 Comments »

Making Zabbix progress

Warning! Bias rant follows.

I’ve been struggling to find a perfect solution for server monitoring for a while now. At the moment it’s a combination of nagios and cacti plus ipmitool. And recently I have also looked at / tried opennms, zenoss, ganglia, argus and munin.

Nagios + cacti has been serving me well, but I would be happier to only have to maintain one system and to have some auto discover of both systems and their services would make life much easier. Most of the apps I looked though have failed my expectations by either being hogs (some even java based), complicated mashups, or too simple for my needs (not able to replace both nagios and cacti). And that left me with zabbix. But even zabbix has left me with a bad taste by requiring the zabbix-agent be installed on client machines. Are my requirements really to much to ask? Surely there is enough to be gleamed from snmp, ipmi and nmap to monitor both server and desktops.

So. How does you see the required agent? A negative? I can easily install it on all my linux server with puppet, but what about windows, the desktop machines and routers etc? And I have yet to see anything come close to the asset management I’d like either.

But on the plus side for zabbix I have found it fairly well thought out, albeit a little confusing at first.

I cant remember the name of that windows thing I tried a little while ago that sent me on this mission to find a decent linux all-in-one system manager, but it was reasonably forgettable because of the auto-discovery problems it kept presenting with the doubling up of systems on each discovery scan, and it’s inability to be uninstalled.

Anyway I’ll be off for a week to shift house but I’ll give zabbix a good go and report back.

March 3, 2009 | Categories: Server | Tags: , , | 1 Comment »

Alfresco setup in Ubuntu 8.10 with git

Alfresco

My goal was to install Alfresco in Ubuntu-8.10 and store the Alfresco install and config in git excluding the application data in such a way that I am able to checkout my Alfresco git repo on a new Ubuntu install and have Alfresco running immediately.

This turned out to be fairly easy and makes testing new configuration changes very simple.

There is plenty of information on configuring Alfresco on the Alfresco wiki, and most of my setup is based on the install tutorial for Ubuntu-8.04. So I will only cover the differences in the way I setup Alfresco.

Alfresco dependencies in Ubuntu

I chose to use puppet for taking care of dependencies as it is already in deployment for all the servers I use. The other common way of taking way of taking care of dependencies is to create a script that installs the dependencies and store it in the root Alfresco dir managed by git. If you do not want to setup puppet then see the initialize.sh file below. My puppet rule as follows also installs lighttpd and phpmyadmin.

class alfresco_base {
        package { [
                imagemagick,
                lighttpd,
                mysql-server,
                'openoffice.org-headless',
                php5-cgi,
                swftools]:
                        ensure => installed;

                phpmyadmin:
                        ensure => installed,
                        require => [Package['php5-cgi'], Package['lighttpd']],
                        notify => File['50-phpmyadmin.conf'];

                sun-java6-jre:
                        ensure => installed,
                        require => Exec[preseed-licence-dlj];
        }

        file {
                '50-phpmyadmin.conf':
                        name => "/etc/lighttpd/conf-available/50-phpmyadmin.conf",
                        ensure => "/etc/phpmyadmin/lighttpd.conf",
                        notify => Exec[lighttpd-enable-phpmyadmin]
        }

        exec {
                "lighttpd-enable-phpmyadmin":
                        command => "lighty-enable-mod fastcgi phpmyadmin",
                        refreshonly => true,
                        notify => Exec[lighttpd-restart];

                "lighttpd-restart":
                        command => "/etc/init.d/lighttpd restart",
                        refreshonly => true;

                "preseed-licence-dlj":
                        command => "echo sun-java5-jdk shared/accepted-sun-dlj-v1-1 boolean true | debconf-set-selections";
        }
}

Initially installing Alfresco

To have something to put into the git repo we first must install Alfresco the usual way for your platform. If you are installing on a 64bit install you will need to install ia32libs first too.

  • ./Alfresco-Labs-3Stable-Linux-x86-Install --mode console

Once installed turn your install into a git repo.

  • cd Alfresco
  • git init
  • git add .
  • git commit -m "Initial install of Alfresco Labs 3 Stable"

Now we need to define some exclusions for files that are changed or defined after install such as log folders and user data.

  • echo "alf-backstop-*
alf_data/
alfresco.log
tomcat/logs/
tomcat/temp/
tomcat/conf/tomcat-users.xml
tomcat/webapps/alfresco/
tomcat/webapps/share/
tomcat/webapps/studio/
tomcat/work/
virtual-tomcat/logs/
virtual-tomcat/work/
alfresco.log.*
tomcat/webapps/alfresco.war-*" >> .git/info/exclude

Your git repo is now ready to be uploaded to you preferred place of storing git repos such as a file server or gitosis. I’m using a file server via ssh.

  • ssh git@fileserver "mkdir Alfresco; cd Alfresco; git init"
  • git remote add origin git@fileserver:Alfresco
  • git push origin master
  • scp .git/info/exclude git@fileserver:Alfresco/.git/info/exclude

Congratulations! You now have a fresh install of Alfresco stored in git on your fileserver.

Initial configuration

Before checking out on a new server there are a few changes we needed to commit.

File: initialize.sh:

#!/bin/sh
ALF_HOME=/opt/Alfresco
# Uncomment the following line if not using puppet
#apt-get install imagemagick mysql-server openoffice.org-headless php5-cgi swftools sun-java6-jre
echo "Creating init.d links"
ln -s $ALF_HOME/alfresco.sh /etc/init.d/alfresco
ln -s $ALF_HOME/virtual_alf.sh /etc/init.d/virtual_alf
update-rc.d alfresco defaults
ln -s $ALF_HOME/alfresco.sh /etc/init.d/alfresco
ln -s $ALF_HOME/virtual_alf.sh /etc/init.d/virtual_alf
update-rc.d alfresco defaults
update-rc.d virtual_alf defaults
echo "Creating MySQL database tables - Password for MySQL root user:"
mysql -u root -p < $ALF_HOME/extras/databases/mysql/db_setup.sql
[ ! -d $ALF_HOME/tomcat/logs ] || mkdir $ALF_HOME/tomcat/logs
[ ! -d $ALF_HOME/virtual-tomcat/logs ] || mkdir $ALF_HOME/virtual-tomcat/logs

initialize.sh links alfresco into /etc/init.d, sets it to start at boot time and creates the alfresco mysql user. If you are using the puppet recipe above then the default mysql root password is blank and should be changed either at the command line or from phpmyadmin (http://localhost/phpmyadmin/). If you are not using puppet then uncomment the apt-get line at the top of the file and customise the dependencies for your needs.

File: alfresco.sh and virtual_alf.sh

Change @@ALFRESCO_DIR@@ to your install dir, eg: /opt/Alfresco
Change @@JAVA_HOME@@ to your jvm dir, eg: /usr/lib/jvm/java-6-sun/

File: tomcat/webapps/alfresco/WEB-INF/classes/alfresco/repository.properties

There is a conflict with the port used by the virtual server that needs to be changed else the virtual server will not start a second time and complain that the port is already in use (and it is).

Change avm.rmi.service.port=50501 to avm.rmi.service.port=50509

Commit

First get a list of files you have changed:

  • git status

If you want to commit all those changed files then commit like:

  • git commit -a -m "You commit message"

Or if you only want to commit a couple of the changes, eg:

  • git add initialize.sh alfresco.sh virtual_alf.sh
  • git commit -m "Your commit message"

Now push the changes:

  • git push origin master

And you will find you use that process fairly often to start with. I also found myself using branching to test larger changes or changes I wanted to keep separate for now. But documenting all of those commands is beyond this post. Other changes I made were changing the database backend to mysql and authentication to active directory.

Checkout Initialize Run

Now lets test it. Lets assume your using a clean install of Ubuntu again (with a puppet client setup already).

  • sudo git clone git@fileserver:Alfresco /opt/Alfresco
  • sudo scp git@fileserver:Alfresco/.git/info/exclude /opt/Alfresco/.git/info/exclude
  • sudo /opt/Alfresco/initialize.sh
  • sudo /etc/init.d/alfresco start

Your Alfresco server should start after a few minutes and be ready for testing. You can commit and push changes from any checkout too.

There may be other files or directories you need to add to the exclude file too. You will see most of these after starting Alfresco the running git status.

Stay tuned for: Active Directory integration

February 26, 2009 | Categories: Alfresco | Tags: , , , , | 3 Comments »

Creating JeOS virtual machines in Ubuntu

The two tools I use for creating new vm’s with libvirt are virt-install and vmbuilder. I use virt-install when I will be installing an OS from installable media or using an existing disk image, and vmbuilder when I need to create JeOS based vm’s.

After following the guides at wiki.ubuntu.com I ended up with two fairly long template commands:

sudo virt-install --hvm -n <hostname> -r <memory> -f <hdd_image> -s <image_size_in_gb> \
-c <iso> --accelerate --connect=qemu:///system --vnc --noautoconsole
sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch amd64 -o --libvirt qemu:///system \
--part vmbuilder.partition --user myname --name 'My Name' --pass default --addpkg puppet \
--addpkg unattended-upgrades --addpkg acpid --mirror http://apt/ubuntu --tmpfs - \
--firstboot vmbuilder.firstboot.sh --hostname <hostname> --mem <memory> --dest <hdd_image_basedir>

The command for virt-install is pretty lean compared to the command for vmbuilder. But vmbuilder allows for most of the configuration to be stored in ~/.vmbuilder.cfg. It did take a bit of digging as not a lot about it was on the ubuntu wiki though. (more…)

February 24, 2009 | Categories: KVM, libvirt, vmbuilder | Tags: , , , , , , | 2 Comments »

Retheaming Ubuntu – Part 3

Last in the series of retheaming Ubuntu is application customisation. While the desktop themes you use change the way you see your desktop and can make or break the your desktop experience, the applications you choose to use also play just as large a part. The applications determine the way you interact with your PC. The number of times you have to click to open a favorite folders, where you place your application shortcuts, the way your windows get stacked or tiled, and also to what extent accessories work automatically. (more…)

February 23, 2009 | Categories: Desktop, Ubuntu, gnome-do, themes | Tags: , , , , , , , , | 1 Comment »

Retheaming Ubuntu – Part 2

Last time we I covered the themes that were common to all users on a PC – machine specific themes. Themes applied this time will only affect you, but will compose your main experience with Linux. There are three components that define a desktop theme. The window borders, window contents, and icons. (more…)

February 21, 2009 | Categories: Desktop, Ubuntu, themes | Tags: , , , , , , , , , | Leave A Comment »

Windows XP p2v conversion with KVM

After all of the Windows and Linux virtual machines I have setup I decided to try a Windows p2v (Physical to Virtual) conversion. After bracing for the worst it ended up being fairly straight forward. Steps as follows:

  1. Create a disk image of sufficient size
  2. Copy the Windows HDD to the disk image
  3. Boot the image with KVM

Yip. Only three steps. Beware that Windows p2v images have all run quite slow for me compared to Windows images that were originally installed in KVM. This I guess is just because of the cruft buildup in Windows and all the driver changes that Windows seems to balk at so much.

Although these instructions are written using Window XP as the guest image, it will work equally (extremely) well for Linux too. The only exception with linux being that you can substitute the clonezilla step for a straight tar copy of the images. Using clonezilla for Windows and Linux though reduces the number of different steps to remember. (more…)

February 8, 2009 | Categories: KVM, p2v | Tags: , , , , , , | 2 Comments »

PostBooks install tutorial for Ubuntu Linux 7.10

PostBooks is an excellent cross-platform commercial open source ERP / accounting software suite. These are my old instructions from installing PostBooks in Ubuntu-7.10.

This document will give you setup instructions for installing PostBooks from scratch. Ie, no previous install of postgresql or PostBooks on the system. You will need to read between the lines if your install does not fit that description. (more…)

February 8, 2009 | Categories: Server | Tags: , , , , , , | Leave A Comment »

Retheaming Ubuntu – Part 1

The default look of Ubuntu can sometimes be a bit off-putting for a new user who is used to the flashy looks of OSX and Vista. And to customise the look of Ubuntu from boot to desktop can be a daunting task for new users.

From boot time there are three main themes that you see until you arrive at your desktop. Grub, Usplash and GDM themes. These themes are machine specific not user specific. That means that it affects all users, but only until their desktop is displayed. Then they will not see these two themes again until they log out or shutdown.

For user specific (desktop) themes the main components that govern you look are GTK2 engines and themes, Metacity, Icons, Wallpaper, Fonts and Splash Screen images.

After changing user themes the interface can also be customised by configuring existing applications (ie, gnome-panel and nautilus) and by adding new applications (ie, gnome-do). There is a thin line between configuring applications to change you desktop look and applications that change the themes used.

Although there is much more to cover than I will list, I will limit my content to just the changes I use most and separate the topic into three posts. (more…)

February 6, 2009 | Categories: Desktop, themes | Tags: , , , , , | Leave A Comment »