Pietro Abate
unix
running skype in a schroot
If I don't trust a stranger to wonder inside my house, why should I allow a closed source program to access my home directory ? Apart from the paranoia and conspiracy implications I decided to spend some time learning how to chroot skype (and iceweasel for that matter, since I don't really trust javascript, flash and the mozilla plugin model) in a chroot.
I started from this article :
http://www.debian-administration.org/articles/566
This recipe didn't work out of the box. This is mine:
Now step by step:
First we install the software. I'm working on a debian unstable...
Openldap + SSL
There are many many howto on the net regarding this topic. Here I'll not give another howto, but just a list of mistakes I've done today. I hope this will same some time to others.
openssl certs
nagios
This week I spent some time configuring nagios to track our infrastructure, including web services and hardware.
Nagios is an interesting piece of software. It's very flexible and kinda easy to setup. I've to say that the documentation is not particularly well written. However sites like http://www.nagiosexchange.org/ make like very easy. Setting it up on debian is pretty straightforward.
mysql + ssl and xen headahe
Well today I tried to understand why our production server (shame shame) has rebooted twice in a row in the last 3 days. The only visible problem in the logs is the infamous xen error : " xen_net: Memory squeeze in netback driver." . Googling around it seems kinda common and the recommended solution is to add dom0-min-mem to xend.conf and dom0_mem as a kernel option. I've done that and updated the xen hypervisor to the latest bakcported version. The machine is up and running and everything seems fine at the moment. I didn't touch the kernel.
magacli, openipmi, ipmitool
If you manage a dell poweredge, it will come a time where you are curious to know about the health of your machine. These are few notes.
The first thing you will try is probably the dell management server. It's the usual java monster with web interface and all in it. I don't like it. So I installed openimpi and got the megacli bianry from the lsi website.
openimpi is easy: apt-get install opemimpi impitools
Then we need to load the impi kernel modules:
ipmi_devintf
ipmi_msghandler
ipmi_poweroff
ipmi_watchdog
quicky about ssh
To generate a new key-pair on your local machine you run the following command:
ssh-keygen -t rsa
Then you can copy the key to the remote hosts with
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotehost
More info:
man ssh-agent
man ssh-add
setacl
I've just learned how to manage shared group directories with the linux access control lists. The package in debian is called acl and we have two command line tools: setfacl, getfacl. To give read/write access to the group web in public_html, this is quite simple.
ah... and it works with nfs as well. This should also solve various problems with svn.
<code> chgrp cvs db db/transactions db/write-lock db/revs db/revprops hooks locks chmod 2770 db db/transactions db/revs db/revprops chmod 660 db/write-lock
Xen, amd64 and a lot of fun
Yesterday we basically reinstalled the main host for the cduce and mancoosi projects. The Problem was that the machine (a power edge 2950) was installed with a 32 bits system while the Xeon processors are 64 bits. To cut the story short we decided to re-install the system.
First we installed a generic 64 bits kernel. Debian ships this kernel in the i386 repository, so it was as simple as apt-get install. After we reboot the machine, we had to add a new lvm partition for the new 64 installation and debootstrap a new system in it.