Connecting to a VPN in Ubuntu

Thanks to Jo, super-sysadmin, who pointed me at two links that finally got me connected to our work VPN after I switched from Debian to Ubuntu.  The trick is not to use the old pptp-config, but instead switch to a new package – network-manager.  Brian Daley wrote up the the actual VPN Connection instructions, and I also had to follow the advice to disable network interfaces in /etc/networking/interfaces so that the new package could manage them.  After fiddling with the VPN configuration settings (disable EAP-Authentication, and disable authenticate peer), I was able to connect.  As you can imagine, I was quite overwhelmed by the excitement.

MS Linux partnership?

Dad passed me along the link to the slashdot discussion of Microsoft’s partnership with Novell.  (Usually, its me sending him the slashdot link).  On the face of it, the major part of the announcement concerns patent rights MS holds – specifically that it will not assert them against open source developers.  The Technology Liberation Front has a good overview of this angle.

What is Microsoft doing here? It’s trying to put SuSE developers at
ease that they won’t be sued. So there’s no need to obtain a license
from Microsoft. Furthermore, there’s no need for sublicensing – which
is particularly important for the decentralized nature of open source
development.

Windows Vista is Microsoft’s Iraq?

Scott Rosenberg draws an interesting parallel between Microsoft’s attempt to rewrite Windows, and the Bush administration’s foray into Iraq.  Of course, the two aren’t morally equivalent, but its a good intellectual excercise with more than a shred of validity.

Then he says, “It wasn’t executed.” Note the passive voice, correct for it: “We didn’t execute it.” Which means, “We didn’t do it.” That’s, you know, obvious, I’d think.

So its been five years since they started!  In that time Apple has delivered, what, 4 versions of OS X?  On the linux front, there’s been one major kernel revision and a ton of improvements in both the KDE and Gnome camps.  And Firefox came out of the ashes of the Netscape browser to provide a compelling browser alternative.  And Microsoft has given us, the X-Box.

Server Upgrade: OS basics

Debian AMD64 Setup

My Linux distribution of choice is Debian, although for the desktop I’d recommend Ubuntu. The server was first setup using the unofficial debian64 repositories. Since the amd64 architecture is now officially part of Debian, we moved to using an official repository. see Google groups. An unofficial repository contains /debian-amd64/ like so:

#deb http://mirror.espri.arizona.edu/debian-amd64/debian/ sarge main contrib
#deb-src http://mirror.espri.arizona.edu/debian-amd64/debian/ sarge main contrib

Since packages make it to stable at a fairly slow pace, we also want to use the testing branch. This is fairly straightforward, first update your /etc/apt/sources.list to use etch/testing by removing (or commenting out) other repositories and adding the following lines. If you are outside the USA, replace the .us. part with your country code.

deb http://ftp.us.debian.org/debian testing main contrib
deb-src http://ftp.us.debian.org/debian testing main contrib

Next, run apt-get to update the system, first clean the system, then update, and upgrade.

apt-get clean
apt-get update
apt-get dist-upgrade

Follow the onscreen instructions, when in doubt pick the default option or swithc to google and read up. If apt installs a new kernel, you’ll have to restart your server. Finally, to get up to date LAMP packages, you can use the dotdeb repositories by adding the following lines to your sources.list. We will need these later to install Apache2, MySQL, and PHP5.

deb http://dotdeb.netmirror.org/ stable all
deb-src http://dotdeb.netmirror.org/ stable all

Kernel Parameters

Since our last server crashed because of a very low max open files limit, its worth checking that this setting is not too low on the new server.

cat /proc/sys/fs/file-max

Currently this returns 100905, which should be more than enough open files for our expected traffic. See Debian kernel tuning for more info.

Enabling Hyperthreading

Finally, because the CPU is an Intel P4 with hyperthreading, you can try using an SMP kernel to enable the 2 “virtual” processors. While there seems to be some debate on the benefits of Intel’s hyperthreading, IBM produced some benchmarks on the 2.6.15 kernel which show some gains. You can install a new kernel with:

apt-get install linux-image-2.6.16-2-em64t-p4-smp

Make sure you install the correct one for your CPU, since there are a generic 64-bit kernel, AMD specific kernels, Intel specific kernels, as well as single and multi-processor versions for each.

That’s it for this part, if you restart you should still have a working server (I do). Still to do: basic system security and setting up a LAMP environment

Tip: getting Thunderbird & Gnome preferred applications cooperating

Finally got frustrated that despite the obvious settings, Thunderbird was not using Firefox when I click on a link in an email on my Debian desktop.  Instead it chose to launch Epiphany, despite the fact that I’d set Firefox as my browser under Gnome -> Preferences -> Preferred Applications.  If you’re running into the same issue, as root run

dpkg-reconfigure thunderbird

And select GNOME as the preferred way of browser integration.

Gnome Rhytmbox update and iPod

If you’ve upgraded Rhythmbox to version 0.9.5 and all of a sudden, your iPod doesn’t appear in your list of music sources, you have to enable the iPod support plugin. In the Edit menu, select Plugins… and check iPod Support. Make sure your iPod is not connected and mounted at the time, as that might cause Rhythmbox to crash.

Fun Saturday night

Bizarre. My self-signed SSL certificate I use to access my email using IMAP over SLL expired last week. The real significance is that we’ve been on this server for one year now. Compared to how painful working on the old Redhat 7.2 install we had back then, working with a Debian system has been a breeze.

So, I figured I’d just generate a new certificate, the instructions are readily googleable and I’d be playing a little Warcraft in no time. But no, after following the instructions Cyrus’s imap server wouldn’t start up. Eventually I figured out it was complaining about a missing lib related to the net-snmp package. A year ago, Cyrus 2.2 wasn’t in Debian testing yet, but it is now so it ended up being time to upgrade to the official packages.

The install was easy as usual, except for some disconcerting messages about my Cyrus databases needing an upgrade from DBD 3.2 to 4.2. To get the upgrade tool I installed the db4.2-utils package and ran the databases through the utility. I had my fingers crossed, with the spectre of data loss looming nearby (although I do have nightly backups that in theory I can recover from). The conversion worked well to, and all my email is in its place.

Feeling invincible, at this point I decided it was time to upgrade the kernel from the old stock 2.4 kernel to a newer 2.6 linux kernel. The only real reason is that I’d read Mysql performs noticeably better on the 2.6 kernels. Can you tell a difference? As far as I can tell, nothing is massively broken. If you notice anything odd though, please let me know!

How to: Backup MySQL database & email results using BASH

The script below does the same and only depends on mutt (or another command line email client) being installed. A better solution would be not to email the file but to setup ssh key authentication on another server and use scp (secure copy) to send the file over. That way, your database file is transferred over an encrypted connection, which is more secure, and you don’t have to wory about your message being blocked due to a large file attachement.

#!/bin/bash<br />
# Backup your MySQL database and have it mailed to you
# requires mutt or another command line email client

if [ -z "$1" ]
then
    echo "Database name expected as the first parameter"
    exit
fi

if [ -z "$2" ]
then
    echo "Recipient expected as second parameter"
    exit;
fi

# config
tmp="/tmp"
db_user="backup_user"
db_pw="secret"
db_name=$1
db_host="localhost"
recp=$2
today=`date +%Y-%m-%d`
mysqldump_opts="--add-drop-table -acQq"
# email settings
subject="DB Backup for $1"
sql_file=$tmp/$db_name.$today.sql
gzip_file=$tmp/$db_name.$today.sql.gz

# create the backup
mysqldump $mysqldump_opts -u $db_user -h $db_host -p$db_pw $db_name > $sql_file

#create the gzip'd attachment
gzip $sql_file

#send the mail
#we could also scp it offsite instead (better)
echo "Automated database backup" | mutt -a $gzip_file -s "$subject" $recp

#delete temp file
rm $gzip_file

I’ve added one improvement – you have to specify the database name and the recipient email at the command line.

./email_db.sh my_blog_db me@example.com

This makes the script more useful, since you can now loop over a list of your database and their owner’s email addresses and send them the backup automatically. Download the shell script: email_db.sh

Free Software Magazine

This is the second free Open Source/Free Software related magazine that I’ve run into recently. Free Software Magazine looks like its available free and its articles are not aimed squarely at the technical geek crowd. A sample from issue #10:

  1. Jump to Debian GNU/Linux: A guide to why the Debian distro is a good choice
  2. A techno-revolutionary trip on the internet: Reflections on the lessons from Dean for America

Debian Desktop Destruction and Recovery

Luckily the install is very painless and mostly automated (easier than the last windows install I did). Despite all the critiques of linux installs (and yes, it did cross my mind that a new Mac would be nice), I find myself hunting for drivers and driver CDs (especially for motherboard subsystems) than I have to compared to Windows.

That said, I have to do the following to get the PC back into a useful state – install nvidia binary drivers, setup twinview for the dual monitors, setup apache2 virtual hosts for my local development sites, install mysqll4.1, install php5, install subversion. The most painful one will be recompiling the kernel to include mppe support so I can vpn into the network at Forum One and be productive on Wednesday.

Not sure what it says about me, or my comfort with linux nowadays compared to 3 years ago, but none of the above sound all that challenging. I think its mostly because apt is such a handy packaging system, debian developers do a good job maintaing packages, so that something like subversion is just an apt-get install subversion away.

Update: at 3am, I started installing at 11:30pm, I had a working system with all of the above. MMPE support is now in them main linux kernel tree so no more patching and kernel recompiles for me!