Author Archives: jonas - Page 11

How to authenticate on a machine with ssh (protocol 1) without password

Publicat la 1 October 2012 No comments

This document describes the necessary steps to be carried out in order to authenticate with ssh protocol 1 without password.

1. Generate private/public pair of keys on client computer (let's say desktop)
[codesyntax lang="bash"]

ssh-keygen -t rsa1

[/codesyntax]

2. Copy the public key to the server
[codesyntax lang="bash"]

ssh-copy-id -i identity.pub user@server

[/codesyntax]

3. Try to authenticate on server
[codesyntax lang="bash"]

ssh -1 -vvv server

[/codesyntax]

Note: If authenticate on step 3 fails with the following error message:

user@user:~/.ssh$ ssh -1 -vvv user@server
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to staging13.vendio.com [10.111.0.236] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type 0
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: Remote protocol version 1.5, remote software version 1.2.27
debug1: no match: 1.2.27
debug1: Local version string SSH-1.5-OpenSSH_5.3p1 Debian-3ubuntu7
debug2: fd 3 setting O_NONBLOCK
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1014
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1015
debug1: Host 'staging13.vendio.com' is known and matches the RSA1 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1014
debug1: Encryption type: 3des
debug3: Wrote 156 bytes for a total of 194
debug1: Sent encrypted session key.
debug2: cipher_init: set keylen (16 -> 32)
debug2: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug3: Wrote 20 bytes for a total of 214
debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key '/home/user/.ssh/identity'
debug3: Wrote 268 bytes for a total of 482
Connection closed by X.X.X.X

And the sshd log on looks like:
Aug 29 00:26:21 staging13 sshd[16286]: connect from Y.Y.Y.Y
Aug 29 00:26:21 staging13 sshd[16286]: log: Connection from Y.Y.Y.Y port 43749
Aug 29 00:26:21 staging13 sshd[16286]: log: Could not reverse map address Y.Y.Y.Y.
Aug 29 00:26:22 staging13 sshd[16286]: fatal: RSA key has too many bits for RSAREF to handle (max 1024).

You should know that this is a limitation in the RSAREF library and we should set a host key with at most 896 bits. This can be accomplished by adding -b 896 parameter to ssh-keygen command on step one. After generating the key, it must be copied on the server.

Fixing the annoying "perl: warning: Setting locale failed" error message

Publicat la 1 October 2012 No comments

 This is what I get:

[codesyntax lang="bash"]

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.utf8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

[/codesyntax]

 This is how I fix it:

[codesyntax lang="bash"]

export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
apt-get install locales
dpkg-reconfigure locales

[/codesyntax]

The export lines above can also be saved into either ~/.profile or ~/.bashrc.

How to find top10 largest mysql tables

Publicat la 11 September 2012 No comments

[codesyntax lang="sql"]

SELECT CONCAT(table_schema, '.', table_name),
       CONCAT(ROUND(table_rows / 1000000, 2), 'M') rows,
       CONCAT(ROUND(data_length / ( 1024 * 1024 * 1024 ), 2), 'G') DATA,
       CONCAT(ROUND(index_length / ( 1024 * 1024 * 1024 ), 2), 'G') idx,
       CONCAT(ROUND(( data_length + index_length ) / ( 1024 * 1024 * 1024 ), 2), 'G') total_size,
       ROUND(index_length / data_length, 2) idxfrac
FROM information_schema.TABLES
ORDER BY data_length + index_length DESC
LIMIT 10;

[/codesyntax]

Source: http://www.mysqlperformanceblog.com/2008/02/04/finding-out-largest-tables-on-mysql-server/

How to convert a vmware linux virtual machine to xenserver virtual machine

Publicat la 13 August 2012 4 comentarii

As the title of this documents says, this document describes how to convert a vmware virtual machine to xenserver virtual machine. Although so far this procedure hasn't fail, please use this procedure on your own risk.

1. Install quemu on the vmware Server or another Linux machine (on debian based distribution use apt-get install qemu-utils, on centos use yum install qemu)

2. Uninstall vmware modules on the vmware guest you wish to convert

3. Stop the vmware guest

4. Check the format of the vmdk file:

qemu-img info guest22-flat.vmdk
image: fooguest22-flat.vmdk
file format: raw
virtual size: 15G
disk size: 15G

5. If the file format is "raw", we need not convert the image file using qemu-img convert, just rename to .img file. If it is not "raw", use "qemu-img" to convert the image to raw format.

6. Convert the file with qemu-img
[codesyntax lang="bash"]

qemu-img convert guest22-flat.vmdk -O raw /volumes/guest22/guest22.img

[/codesyntax]

7. Copy the image file to the xen server with scp or rsync
[codesyntax lang="bash"]

rsync -avz --stats --progress --partial /volumes/guest22/guest22.img root@xenserver:~/

[/codesyntax]

8. Create a guest with at least the same disk size and amount of RAM as the imported vmware virtual disk. Rename the disk under properties so you can locate it later (your_disk_name).
9. Open a console or connect to the xen server with ssh and find the disk copy the uuid of the host

[codesyntax lang="bash"]

xe vdi-list name-label=your_disk_name

[/codesyntax]

uuid ( RO)                : 565c8fcf-5a52-4f05-8fd0-de943b99fa12
          name-label ( RW): your_disk_name
    name-description ( RW): your_disk_name description
             sr-uuid ( RO): 81c5bb77-8fe5-628e-f407-73b07b7054cd
        virtual-size ( RO): 8589934592
            sharable ( RO): false
           read-only ( RO): false

10. Import the image (use the uuid from the step 9)
[codesyntax lang="bash"]

xe vdi-import uuid=565c8fcf-5a52-4f05-8fd0-de943b99fa12 filename=guest22.img

[/codesyntax]

11. Fire up your converted xen image. You may have to modify the grub boot loader vmware uses /dev/sda for it’s HD and xen uses /dev/hda.

12. If you machine does not boot press e at the grub prompt an search for root=/dev/sda1 line and change it to root=/dev/hda1 please change this in you grub.conf once the machine has booted and save your changes

Note: if your vmware guest has multiple 2G vmdk files you need to merge all of them into one single file. Please consult the page: https://sysadmin.compxtreme.ro/vmware-how-do-you-merge-multiple-2gb-disk-files-to-single-vmdk-file/

What to do when "VMware Infrastructure Web Access" stuck to "Loading..."

Publicat la 11 August 2012 No comments

This document describes what do you need to do when page of VMware Infrastructure Web Access stuck to Loading... and nothing appears in your browser.

1. Edit /etc/vmware/webAccess/proxy.properties
[codesyntax lang="bash"]

vim /etc/vmware/webAccess/proxy.properties
:%s/proxy.noCache = false/proxy.noCache = true
:wq

[/codesyntax]

2. Restart the vmware-mgmt service:
[codesyntax lang="bash"]

/etc/init.d/vmware-mgmt restart

[/codesyntax]

xen vm gzip export import

Publicat la 10 August 2012 No comments

To export just leave the filename blank as in this example:
[codesyntax lang="bash"]

xe vm-export vm=VM-UUID filename= | gzip -c > /mnt/vm.xva.gz

[/codesyntax]

To import use /dev/stdin as filename:
[codesyntax lang="bash"]

gunzip -c /mnt/vm.xva.gz | xe vm-import sr-uuid=SR-UUID filename=/dev/stdin

[/codesyntax]

Vmware: How do you merge multiple 2GB disk files to single vmdk file

Publicat la 8 August 2012 No comments

In case of the 2GB split disk format, your virtual disk consists of multiple data files (e.g. <vmname>-sNNN.vmdk) and one header/descriptor file (<vmname>.vmdk) which describes the virtual disk. In the vmware-vdiskmanager command, it's only the header/descriptor vmdk which you need to supply as the source virtual disk.

Convert to a pre-allocated disk.
[codesyntax lang="bash"]

vmware-vdiskmanager -r sourceDisk.vmdk -t 2 destinationDisk.vmdk

[/codesyntax]

The following line is simply changing a pre-allocated input disk into a growable target disk.
[codesyntax lang="bash"]

vmware-vdiskmanager -r sourceDisk.vmdk -t 0 destinationDisk.vmdk

[/codesyntax]

Execute a command in all running OpenVZ Containers

Publicat la 30 July 2012 No comments

If you wish to execute a command in all running Containers, you can use the following script:
[codesyntax lang="bash"]

for i in `cat /proc/vz/veinfo | awk '{print $1}'|egrep -v '^0$'`; \

do echo "Container $i"; vzctl exec $i <command>; done

[/codesyntax]

where <command> is the command to be executed in all the running Containers. For example:

[codesyntax lang="bash"]
for i in `cat /proc/vz/veinfo | awk '{print $1}'|egrep -v '^0$'`; \

do echo "Container $i"; vzctl exec $i uptime; done
[/codesyntax]

Container 1
2:26pm up 6 days, 1:28, 0 users, load average: 0.00, 0.00, 0.00
Container 101
2:26pm up 6 days, 1:39, 0 users, load average: 0.00, 0.00, 0.00

Source: http://download.swsoft.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxUG/260.htm

How to install mercurial on debian squeeze

Publicat la 30 July 2012 1 comentariu

This document describes how to install and configure mercurial on linux debian squeeze. With minor changes you can use this procedure on different linux distributions.

1. Install required packages
[codesyntax lang="bash"]

aptitude install mercurial libapache2-mod-wsgi

[/codesyntax]

2. Create repositories directories

mkdir -pv /repositories
chown -R www-data:www-data /repositories
cd /repositories

3. Configure hgweb.cgi script in order to server the repositories via Apache
[codesyntax lang="bash"]

cp /usr/share/doc/mercurial/examples/hgweb.cgi .
chmod a+x hgweb.cgi
vim /repositories/hgweb.cgi
:%s/\/path\/to\/repo\/or\/config/\/repositories\/hgweb.config
:wq

[/codesyntax]

4. Configure hgweb.config

[codesyntax lang="bash"]

vim /repositories/hgweb.config

[/codesyntax]

[collections]
/repositories = /repositories

[codesyntax lang="bash"]

:wq

[/codesyntax]

5. Configure Apache

[codesyntax lang="bash"]

vim /etc/apache2/sites-available/code.domain.com

[/codesyntax]

ServerName code.domain.com
ServerAlias code.domain.com

ScriptAlias /repositories "/repositories/hgweb.cgi"

DocumentRoot /repositories

ErrorLog /var/log/apache2/code.domain.com-error_log
CustomLog /var/log/apache2/code.domain.com-access.log combined
LogLevel warn
ServerSignature Off
[codesyntax lang="bash"]

:wq

[/codesyntax]

6. Restart Apache
[codesyntax lang="bash"]

/etc/init.d/apache2 restart

[/codesyntax]

7. Make a test repository

[codesyntax lang="bash"]

mkdir test
cd test
hg init

[/codesyntax]

8. Enable notify extension

[codesyntax lang="bash"]

vim /etc/mercurial/hgrc.d/hgext.rc
:%s/# hgext.notify/hgext.notify
:wq

[/codesyntax]

9. Configure email notifications for earlier created repository
[codesyntax lang="bash"]

vim /repositories/test/.hg/hgrc

[/codesyntax]

[paths]
default = ssh://root@code.domain.com//repositories/configs
default-push = ssh://root@code.domain.com//repositories/configs
# in case you have ssh on a non standard port then you should use something like that
#default-push = ssh://root@code.domain.com:port//repositories/configs

[extensions]
hgext.notify=

[hooks]
changegroup.notify = python:hgext.notify.hook

[email]
from = mercurial@domain.com

[smtp]
host = domain.com

[web]
baseurl= http://code.domain.com/repositories/

[notify]
sources = serve

test = False
diffstat = False
merge = False

maxdiff = 0

template = Subject: [{webroot|basename}]: {desc|strip|firstline}\n\ndetails: {baseurl}{webroot|basename}/rev/{node|short}\nchangeset: {rev}:{node|short}\nuser: {author}\ndate: {date|date}\ndescription:\n{desc}\n\nfiles changed:\n {files}\n\n\n

[usersubs]
user@example.com = *

[reposubs]
configs = user@example.com
[codesyntax lang="bash"]

:wq

[/codesyntax]

10. Copying some files in the repository
[codesyntax lang="bash"]

rsync -avz /some/files/* .
hg add
hg status
hg commit -m "Added initial files to the repo" -u user
hg push

[/codesyntax]

Configuring Postfix as a Gmail Relay

Publicat la 27 July 2012 No comments

This document describes how to configure postfix to use gmail as relay server on debian squeeze.

1. Install the required package. On the dialog window please select No configuration.
[codesyntax lang="bash"]

apt-get install postfix libsasl2-2 ca-certificates libsasl2-modules

[/codesyntax]

2. Configure postfix
[codesyntax lang="bash"]

vim /etc/postfix/main.cf

[/codesyntax]

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
inet_interfaces = 127.0.0.1

[codesyntax lang="bash"]

:wq

[/codesyntax]

3. Define an username and a password
[codesyntax lang="bash"]

vim /etc/postfix/sasl_passwd

[/codesyntax]

[smtp.gmail.com]:587 email@gmail.com:password

[codesyntax lang="bash"]

:wq

[/codesyntax]

4. Fix file permissions
[codesyntax lang="bash"]

chmod 400 /etc/postfix/sasl_passwd

[/codesyntax]

5. Generate Postix lookup table
[codesyntax lang="bash"]

postmap /etc/postfix/sasl_passwd

[/codesyntax]

6. Use the ca-certificate package we installed and tell it where it can validate the certificate

[codesyntax lang="bash"]

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem

[/codesyntax]

7. Restart postfix
[codesyntax lang="bash"]

/etc/init.d/postfix restart

[/codesyntax]

8. Test installation
[codesyntax lang="bash"]

echo "Test from a postfix configured to use gmail as a relay server" | mail -s "Test from postfix" "email@example.com"

[/codesyntax]