The Apprentice's Notes
   Next

The Apprentice's Notes

Jurjen Bokma

Abstract

Notes and Logs of a Linux Systems Administrator. Failures as well as successes logged.

Table of Contents

Introduction
I. Miscellaneous subjects (and those still to be sorted)
AD-kerberized nfs4 mount fails
The Problem
Solution
Debian Package Building
dpkg-buildpackage
debuild
pdebuild
Cowbuilder
Git-Buildpackage
Citrix ICAclient 13.0.0 on Ubuntu 14.04
Getting the software
Fixing the package
installing the new package
Using the receiver/ICA client
Why alter the dependencies
ldap_id_mapping fail
The Problem
Investigation
Puppet Glossary
Puppet Language Glossary
Puppet Technology Glossary
Homemade Puppet Course
Setting up the Puppet Master
Environments
Various Commands
Installing Dashboard
Using Hiera
Xen VMs for Puppet course
Installing Xen
LVM space for virtual hosts
A virtual Network
Creating a Xen Virtual Machine
Many VMs
Nameserving the Virtual Network
Kerberized NFS cron jobs
RecordMyDesktop
Citrix Receiver on Precise
Introduction
Package Contents
Fails
Installation of the deb package
Firefox Cache outside $HOME
APT Pinning
Killing process groups
Precise print to iPrint
The Problem
Listing Printers, and printing to the iPrint server
More information about iPrint queues
Getting PPD info from iPrint (unsuccesful)
Libglitz for Precise
Packaging iPrint
Allow user to configure CUPS
OOM Killer without lack of memory
Hypothesis
What can we do?
Background reading
AFmirror
Preparing the external disk for boot
System configuration
Use when booting from the mirror disk
Using the mirror disk with an Out-Of-the-Box Ubuntu Precise
Clients of the mirror
Burning images
Amanda on NSLU2
NSLU2 to Wheezy
Tarski's World on 64-bit Ubuntu
No Foreman on Wheezy
Using the installer
Build Foreman packages for Wheezy
Install Foreman
Configure Foreman
Wheezy Puppetmaster
Securing the Puppet Master
Basic Puppetmaster installation
Connecting the first client
Do something to the client
Install and configure PuppetDB
Using Passenger
Upgrading Postgres
Default A4 in PPD
Git-buildpackage
Kerberized OpenSSH
FlexC++ and BisonC++
OpenWRT BackFire on WRT54G
Windows 7 cannot find Brother network scanner
Single Repository Dependency Graph
Fixing msktutil
msktutil fails to build
Making msktutil compile
NFS state manager failed
NFS "state manager failed" messages in syslog
Order-only dependencies in Makefile
Domain Search Override
Manpage to Text
man to txt
Debian/Ubuntu Linux with AD Authentication
The situation
Prerequisites
Outline
Kerberos may need AD nameserving
Debian/Ubuntu Linux with AD Kerberos Server
Kerberos Basics
Troubleshooting
Querying AD with ldapsearch
Troubleshooting
UIDs from AD LDAP in Debian/Ubuntu Linux, with libnsswitch
UIDs from AD LDAP in Debian/Ubuntu Linux, with sssd
Sssd-based authentication when simple bind isn't allowed
Troubleshooting
Joining an Active Directory domain with Debian/Ubuntu Linux
Mounting a Windows share from Debian/Ubuntu Linux, using AD authentication
Mounting without DFS
Mounting with DFS
Ubuntu NFS4 server/client with AD Kerberos/LDAP
Kerberos config for NFS4 (both server and client)
The NFS4 Server
The NFS4 Client
Troubleshooting
Debian Squeeze based Samba server with AD Kerberos and LDAP
PXE install of SLES11SP1
Shared Library Bookmarks
Repackaging the RES Automation Manager Agent for Ubuntu
Introduction
The RPM Package
First Steps in Repackaging
A better package
Package Creation and Use
CSS for the Apprentice's Notes
NFS4 delegations: negative speedup
Turning Off Memory Overcommit on Linux
Local Package Directory in APT
Resizing an XFS filesystem on a multipath device
Fetching Config from Git
Compiling flexc++
Getting a Process' Ancestry Bash
Autotools C++0x
Autotools on C++
Tivoli 6.2.2.0 on Debian/Ubuntu
Avahi .local domains
Citrix Receiver on Lucid
Debootstrap onto headless Soekris
Ubuntu as Active Directory Client
The testing environment
Mounting a share from a Windows PC
Trying to mount a DFS share
What works, and what doesn't
A few relevant bookmarks
Retrieving contents of unlinked files still open
/tmp Still Full after Atop Removed
State Manager Failed on NFSv4 Server
PostgreSQL Tricks
Using MPlayer to Mark Files for Delete
Grep OpenLDAP Log for Failed Connections
RW Filesystem overlay with UnionFS
Fix Corrupt Heimdal Kerberos Database
Debian Installer with multiple disks
Installing Lucid with Maverick installer
Corporate Thunderbird Config
Removing Conffiles in Debian packages
Kerberos Ticket Renewal
The problems
Enlarging the maximum renewable lifetime
Automatically renewing tickets
Frozen mirror
Single-stage frozen mirror
Two-stage frozen mirror
Upstart wait job
Delaying jobs in upstart without touching the jobscript in /etc/init
For the impatient
Rationale
Experiment: without job-2
Experiment: with job-2
Interpretation
Scripted psql login
Movie grabbing from miniDV-camcorder
OpenVPN-config
VMWare ESX Console incompatible with Firefox 3.6
Which vendors' SAN volumes are mounted?
TCP window scaling
The Symptoms
The First, Somewhat Rigorous Solution
The background and the drawback
The Somewhat Subtler Solution
NTFS on Linux
Hostname -f fail
Redundant OpenBSD 4.8 firewall
Introduction
Installing the OS
Setting up a user and keys
Setting up rsync from the control interface
Setting up the network interfaces
Turning on PF
Setting up CARP
Setting up DHCP
Making DHCP redundant
Setting up BIND
Making BIND redundant
Setting up Kerberos
Making Kerberos redundant
Setting up LDAP
Making LDAP redundant
More PF rules
Investigation: offline NFSv4 caching (not yet)
Troubleshooting upstart jobs
Using sshfs
Upstart job dependencies
Upstart Jobs
List Processes I/O
Intel Fortran Compiler on 64-bit Lucid
Scripted creation of VMs in VirtualBox
Creating RAIDs
Adding Apps to KDE menu
Adding SAN volumes
Keytabs to the Kerberos client
Packaging CGAL-Python
Comparing package lists
Updating firmware
File as Block Device
CD writing
HPET timekeepin
Reprepro setup
Introduction
Repository, distro, component, section, area, WTF?
The repository layout
Creating the repositories
Zabbix Database Cleanup
NVidia X: Multiple Rotated Monitors
OpenBSD 4.7 Install (half automatic)
Installing the OS
Resizing images to identical width
WRT54G v7.0 Wireless
LinkSys WRT54G OpenWRT revisited
Introduction
Upgrading the OpenWRT version on WRT54G nr. 2
Login configuration
Enable TFTP boot from the router
Benchmarking Linux
COMSOL license management
Saving Emacs macros
Configuring Apt to update automatically
Karmic fails to cleanup /tmp
Wall trhough Landscape
CIFS-shared file not readable: locked
Editing TaskJuggler files with Emacs
First steps in Screen
Generating a ListServ Mailing List
Resizing and rotating images
Kerberized NFSv4, Lenny server, Karmic client
Building the Hydra
Novell Zenworks 10 Imaging cannot handle ext4fs
CIFS: text file busy
Delegating SSH authorization to local user
An LWPUserLoggerDB query
Locales and paper size on Ubuntu Karmic
Lens
Zabbix on Lenny to monitor Karmic
Booting a HP6730b laptop with the LWP
Fixing Zenworks Imaging so it will image Linux
Red Hat's SPICE on Ubuntu Karmic
Landscape failing certificate chain
The problem
The solution
KVM virtual LWP
Getting BIOS data with dmidecode
Blinking a SUN blade
XFS Quota under Samba
Linux clients of Novell NSS servers
ILOM/PXE SUN blade installation
KVM VM creation
Scripted MD5 passwd hashes
IP numbers in e-mail addresses
NTP settings on 64-bit Debian with VMWare revisited
re-reading the partition table
XML vs. web template engines
64-bit DebianOpenSSL adn BIND
ergonomic keyboard buying
A Configuration Repository idea
Introduction
What is configuration?
What is not configuration?
Storing Configuration and the Unit of Configuration
Parametrization and its implications
Finding the authoratative nameserver
HP TPM
The problem at hand
Theoretical solutions
A poor but practical solution
Some more useful CPU bookmarks
OWL
Links
Mail migration
II. Plain Usage
Connecting to remote PostgreSQL
GNUplot through mail
Remote WIndows from Linux
remote firefox
X under sudo
SSH tunneling
Procmail Vacation
HTML redirect
III. Programming related (also shell scripting)
BASH read builtin
AWK (or SED) after-first-comment insert
Autotools 101
Arrays in sh
Detaching a process from the shell
IV. Trouble Shooting
Firefox lock removal
Slow Firefox/IceWeasel
OpenLDAP/Slapd hogging CPU
IPsec crowds out SSH
ReiserFS badblocks
Finding the bad area using badblocks
Notifying the ReiserFS of the bad area
V. Configuring Linux subsystems
Bacula Configuration
Ubuntue KDE sound
Debian Kerberos Credentials
BIND9 $GENERATE records
Forcing Static Nameserver with DHCP
Fixing the NIS port
Conditional NVidia driver install
Bacula
(KDE) sound problems
CUPS command line options
udev USB mounting
Emacs global key binding
dmesg unclutter
NTP client config
CUPS as client
NVidia X screen rotation
Default SSH X11 forwarding
VI. Assorted servers and services
Creating a public FOSS mirror
Postfix/Dovecot IMAP server
Lire Log Analyzer
Apache log analysis on Debian.
Syslog-NG
Creating a Syslog-NG server
Creating a Syslog-NG client
Subversion serving
VII. Proprietary Software (mostly trivial and useless)
Oracle Calendar Linux Hack
64-bit Linux Mathematica install
64-bit Linux Maple install
64-bit Linux Matlab install
Mathematica-6.0 Linux install
The problem
The solution
Installing the Altiris client under Ubuntu
iPrint on Linux
VIII. Network-related (also firewall, router, wireless)
Linksys WRT54G OpenWRT
gPXE DHCP settings
The Windows 2008 Server case
The ISC DHCPD Case
LWP DHCP
Yukon2 Wake-on-LAN
VMWare PXELinux
DHCP server exhausts pool, leases still free
Problem
Solution
DHCP server offering lease multiple times
FWBuilder Modules
Firewall install script
IPTables SNAT
FWBuilder
Resetting IPtables
Firewall Rules
Migrating DHCP
IX. OpenBSD
Redundant OpenBSD NAT firewall
OpenBSD redundant bridging firewall
Soekris: no boot after power loss
PF home gateway
OpenLDAP on OpenBSD
OpenBSD Kerberos
redirecting ssh through PF
OpenBSD 4.4 on Soekris 5501
OpenBSD on Net5501-70
X. Debian (sometimes also Ubuntu)
Critical Debian-Installer Questions
Novell iPrint from Ubuntu Karmic
Upgrading Landscape
Partman-auto recognizing free space
Hardy Client fails Landscape connect
Success!
Logging in on Landscape Appliance
Replacing Landscape Certificates
PBuilder
Debian-logo-like SVG
Listing library symbols
dpatch-edit-patch snippet for alien-generated debian/rules
Debpackaging: delete debian/files between updates
.changes suffix in inoticoming params for reprepro
Porting initscripts: SuSE to Ubuntu
Magma packaging redone
Multiple deb packages from one source
The case
Fetching the software
Creating Deb Packages from the downloaded material.
Binary-only DebPackaging (Tivoli)
Debian Indep Packaging
debconf-get-selections
Another try at the NovFS packages
Repackaging SuSE NovFS for Ubuntu
The problem
Outline of the solution
Getting the raw materials.
Unpacking kernel source and RPMs
Trying out the Kernel Module
Installing the generated .DEBs
From non-working to working debs
Trying out the debs
Ubuntu Desktop Course
Debian Static Linking
Dissecting an Ubuntu initrd
Linux Traffic Shaping
The Problem
The (partial) solution
Towards a real solution
Apt Dependency Debugging
Ubuntu Education
Unable to mount USB disk under Debian
iPrint rpm to deb
iPrint on Debian
Ubuntu Multipath FC
Ubuntu Debmirror
Tivoli on Debian
update-alternatives
XI. Samba
Samba with CTDB and AD authentication on SuSE Linux Enterprise 11
AD-Authenticated SAMBA using LikeWise-Open
ADS Authentication in Ubuntu Precise
What we're trying
Using WinBind
Using Likewise
Using Centrify
My Opinion
Compile grade Samba settings
Introduction
The original settings of the Samba daemon
GNU tar won't configure on the Samba share:
Installing a test client
Installing a test server
Smbd daemons contending for byte range lock on brlocks.tdb
Self-referential symlinks under Samba
Restarting Samba Server
Copied files gain execute bit on Samba/CIFS
Make install gc6.6 fails under Samba mount
XII. (Re)packaging
Yum under Debian
rpm2cpio
XIII. (Mass) Installations, also dual-boot
Demo: Remote-unattended-install from USB-stick-started network
Cloning Ubuntu
Principle and issues
PAM configuration with Augeas
Expect VMWare Player Installs Automation
Creating XP/Karmic dual-boot images
Booting Straigth from the Mirror
Reinstalling Dual-boot Ubuntu/Windows
gPXE Booting
Server SIde Scripting with gPXE
Unattended daul-boot Linux/Windows
tar over SSH
D-I partition labeling
Introduction
Debian/Ubuntu
Preseeding Ubuntu Hardy
Zenworks Imaging
Can ZENworks imaging be used to clone a Linux machine (and if so, how)?
What are the restrictions ZENworks imaging puts on the way a machine is partitioned?
What limitations does ZENworks imaging impose on the filesystems used?
Can we use ZENworks imaging to put Linux in a designated space on a harddisk without damaging any other OSes or data already present on the disk?
Does ZENworks imaging support RAID? LVM?
Can we safely use ZENworks imaging on machines with multiple disks?
CfEngine configuration
The server part
The client part
Bootleg imaging
PXE boot
The bootleg boot script
Drawing a bundle
How to determine what a host boots
Partitioning in Imaging software
NTFS cloning under Linux
Introduction
Expectations
The experiment
Conclusion
Post-Clone script for Windows XP in U/SWP
No-BIOS-access Linux install
SystemImager initrd
SystemImager
XIV. Databases (mostly PostgreSQL)
PostgreSQL/QCodo WebApp creation
Oracle ERD rev-eng
Eclipse on Debian
PostgreSQL ERDs
XV. Specific to RuG
WebDAV to Y:-drive
Printer migration
DHCP migration
The problem
The Implementation
NIS server loss
The Problem
Investigation and solution
Ending a Postfix service
The current situation
The new situation at a glance
The Transition
Where to make changes
Preliminary actions
Redirecting the bulk of mail flow
Moving the users' mailboxes, and adjusting their settings
Cleanup of iwi200
ncpmount
Installing IWI machines
Debian at IWI
G:-drive under Linux
WebPlatform Documentation
XVI. DocBook
Unindenting Computeroutput in DocBook
Docbook 5
Wikifying DocBook
On writing DocBook
XVII. Red Hat (all very old)
SpaceWalk Channels
Unattended CentOS isntall
Iinstalling SpaceWalk
RedHat Certification
XVIII. Appendices
A. Indices
Index

List of Figures

1. LWP Dependency Graph
1. Screenshot of Citrix Receiver
1. The CIFS/Kerberos test environment
1. routes to www.sciencedirect.com
1. Home network with dual firewalls ready for setup inside the network
2. Two redundant routing firewalls
1. The initial situation with the LinkSys3
2. The situation after factory reset of the Linksys
3. The Linksys with wireless
1. A network with a Bacula server
1. Screenshot of Maple Install: Introduction
2. Screenshot of Maple Install: Choose Install Folder
3. Screenshot of Maple Install: Choose Type of Licensing
4. Screenshot of Maple Install: Pointing out the License Server
5. Screenshot of Maple Install: Pre-Installation Summary
6. Screenshot of Maple Install: Installation Complete
1. Adding a User Class to DHCP
2. Setting the DHCP User Class ID
3. Setting the Bootfile Name in the Default User Class
4. Setting the Bootfile Name in the gPXE User Class
1. Two redundant routing firewalls
1. Two redundant bridging firewalls
1. HAL mount error message
1. Booting from the network the new way, via gPXE and then PXELinux
1. Sketch of current mail flow at the IWI
2. Sketch of mail flow at the IWI with all forwards in place
3. Sketch of mail flow at the IWI with MX records redirected
4. IWI mail users now talking to CIT servers
5. Sketch of mail flow at the IWI with iwi200 off

List of Tables

1. Relevant Hosts
2. Relevant AD Accounts
1. WRT54Gs to work with, their serial numbers and alleged versions
1. Units of disk space used by programs involved in a ReiserFS badblocks detection

List of Examples

1. A wait job for ssh
2. A job that calls the wait job
1. job-1.conf
2. job-3.conf
3. The testscript init-order-test
4. First run of init-order-test, without job-2 in place:
5. job-2.conf
1. 'Normal' behaviour: www.oulu.fi accepts and returns tcp window scaling factor of 128 (2^7)
2. 'Strange' behaviour: www.sciencedirect.com returns window scaling with factor 1 (2^0) but option still on, then resends
1. Log of bad sectors on iwi202
2. SCSI errors in the log
1. Snippet from ntp.conf showing iburst flag to server statement
1. A Tivoli wrapper script
2. A Tivoli user options file
3. A Tivoli system options file
1. Example cfservd.conf
2. Example update.conf
3. Example cfagent.conf
1. Bootleg intervention
2. Example of sethostip usage
   Next
    Introduction