Thursday, July 18, 2019

Save and re-install debian/ubuntu packages

save current installed packages to textfile

dpkg -l | grep ^ii | awk '{print $2}' > installed.txt

re-install packages from textfile

sudo apt-get install $(cat installed.txt)

Sunday, January 14, 2018

Ubiquiti Unifi Controller on Ubuntu LTS

Plenty of stuff you can find on the internet.
But for my own references:

Basic Ubuntu LTS installation.
If you’re on a public ip, first get your firewall in order. Then install Unifi.

Firewall
Make sure you’re root (sudo -s), then:

apt-get install netfilter-persistent
service netfilter-persistent start
invoke-rc.d netfilter-persistent save
mkdir /etc/iptables/

In this example:
1.2.3.4 = trusted machine that is allowed to connect to the Unifi controller. Probably your own pc
4.5.6.7 = site 1 with AP’s and other ubiquiti stuff
6.7.8.9 = site 2 with AP’s and other ubiquiti stuff

Ports tcp/8080 and udp/3478 are all you need between your ubiquiti equipment and your controller (see link)

Save the following to firewall.sh and execute (replace ip’s with real ip’s):

#!/bin/bash

# Resetting ...
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F

# Setting default policy on incoming traffic
iptables -P INPUT DROP                                                  # DENY INCOMING CONNECTIONS
iptables -P FORWARD DROP                                                # THIS IS NOT A ROUTER

# Exceptions to default policy
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT        # FOR INITIATED CONNECTIONS FROM THIS HOST
iptables -A INPUT -i lo -j ACCEPT                                       # MUSTHAVE (e.g. for MongoDB bind to localhost)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT                           # SSH
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT                       # PING

# unify test
iptables -A INPUT -p tcp --dport 8443 -s 1.2.3.4 -j ACCEPT       # Connections from management host

iptables -A INPUT -p tcp --dport 8080 -s 4.5.6.7 -j ACCEPT       # UNIFI - INFORM - site1
iptables -A INPUT -p udp --dport 3478 -s 4.5.6.7 -j ACCEPT       # UNIFI - STUN   - site1
iptables -A INPUT -p tcp --dport 8080 -s 6.7.8.9 -j ACCEPT        # UNIFI - INFORM - site2
iptables -A INPUT -p udp --dport 3478 -s 6.7.8.9 -j ACCEPT        # UNIFI - STUN   - site2

# Make persistent
iptables-save >/etc/iptables/rules.v4

Install Unifi
Make sure you’re root (sudo -s), then:

echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50
apt-get update
apt-get install unifi

.. last but not least, go to: https://ipaddress:8443/

Saturday, October 21, 2017

make iptables persistent

Recent versions of Ubuntu use a built-in firewall. Therefor iptables doesn’t persist after a reboot.
Here’s how:

# Start
sudo service netfilter-persistent start
#Add to startup
sudo invoke-rc.d netfilter-persistent save

Friday, September 1, 2017

irssi fish

$ apt-get install build-essential irssi-dev libglib2.0-dev libssl-dev cmake git
$ git clone https://github.com/falsovsky/FiSH-irssi.git
$ cd FiSH-irssi
$ cmake .
$ make
$ cd src

$ sudo cp libfish.so /usr/lib/i386-linux-gnu/irssi/modules/
or
$ sudo cp libfish.so /usr/lib/irssi/modules/
or 
$ sudo cp libfish.so /usr/lib/x86_64-linux-gnu/irssi/modules/

Favorite settings:

/set mark_encrypted  ·
/set mark_position 0
/save

Tuesday, August 29, 2017

Compile lftp from source

Get lftp source from http://lftp.yar.ru/get.html
Unpack.

./configure --without-gnutls --with-openssl=/usr/include/openssl/
make

Use the following settings

set ssl:verify-certificate no
set ftp:ignore-pasv-address no
set ftp:prefer-epsv false
set ftp:passive-mode true

Monday, July 3, 2017

32bit on 64bit debian/ubuntu

dpkg --add-architecture i386
apt-get update
apt-get install libc6:i386 libc6-i386

Monday, November 7, 2016

Configure smokeping on Ubuntu 16

This is actually not Ubuntu 16 specific, but i need to write it down because i tend to forget this.

Comment the sendmail line in “/etc/smokeping/config.d/pathnames”:

#sendmail = /usr/sbin/sendmail

Set the cgiurl line in “/etc/smokeping/config.d/General”:

cgiurl = http://YOURIPADDRESS/cgi-bin/smokeping.cgi

Add the stuff to “/etc/apache2/conf-available/serve-cgi-bin.conf” so it looks like:

<IfModule mod_alias.c>
        <IfModule mod_cgi.c>
                Define ENABLE_USR_LIB_CGI_BIN
        </IfModule>

        <IfModule mod_cgid.c>
                Define ENABLE_USR_LIB_CGI_BIN
        </IfModule>

        <IfDefine ENABLE_USR_LIB_CGI_BIN>
                ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
                <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                        Require all granted
                </Directory>
                Alias /smokeping /usr/share/smokeping/www
                <Directory “/usr/share/smokeping/www”>
                        Options FollowSymLinks
                </Directory>
        </IfDefine>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Enable CGI:

sudo a2enmod cgi

Restart apache and smokeping:

sudo service apache2 restart
sudo service smokeping restart

Wednesday, March 30, 2016

Hot migrate linear LVM to striped

Initial linear LVM

Create the Pysical Volumes

root@lvmtest:~# pvcreate /dev/sdb /dev/sdc
  Physical volume "/dev/sdb" successfully created
  Physical volume "/dev/sdc" successfully created

Create the Volume Group

root@lvmtest:~# vgcreate MAIN /dev/sdb /dev/sdc

Create the Logical Volume

root@lvmtest:~# lvcreate -n LVMAIN -l 100%FREE MAIN
  Logical volume "LVMAIN" created

Create the filesystem, mount it

root@lvmtest:~# mkfs.xfs /dev/MAIN/LVMAIN

root@lvmtest:~# mkdir /mnt/mylvmvolume

root@lvmtest:~# mount /dev/MAIN/LVMAIN /mnt/mylvmvolume

root@lvmtest:~# df -h | grep MAIN
/dev/mapper/MAIN-LVMAIN   64G   33M   64G   1% /mnt/mylvmvolume

Create extra space

Add two new disks

root@lvmtest:~# pvcreate /dev/sdd /dev/sde
  Physical volume "/dev/sdd" successfully created
  Physical volume "/dev/sde" successfully created

Add the disks to the volumegroup

root@lvmtest:~# vgextend MAIN /dev/sdd /dev/sde

Make it stripe

Now.. you can’t move PE’s between logical volumes. So you have to do a little trick.
Create a mirror (-m 1) of the current data to the recently added space. And make it stripe (—stripes <number of disks>).
Do this in a screen. This can take days, depending on the size!

root@lvmtest:~# lvconvert -m 1 --mirrorlog core --stripes 2 /dev/MAIN/LVMAIN /dev/sdd /dev/sde
  Using default stripesize 64.00 KiB
  MAIN/LVMAIN: Converted: 0.0%
  MAIN/LVMAIN: Converted: 1.0%
  MAIN/LVMAIN: Converted: 2.4%
  MAIN/LVMAIN: Converted: 3.7%
  MAIN/LVMAIN: Converted: 5.1%

While the mirroring is in progress, we look at the stats…
Notice there is only one disk reading (sdb) and two are writing (the striped disks). Perfect!

root@lvmtest:~# iostat -m 2 /dev/sd[b-e]
Linux 3.16.0-45-generic (btrfs)         03/30/2016      _i686_  (2 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.00    0.00    1.26    0.00    0.00   98.74

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sdb             117.50        58.75         0.00        117          0
sdc               0.00         0.00         0.00          0          0
sdd             117.50         0.00        29.38          0         58
sde             117.50         0.00        29.38          0         58

.. and a little further down the progress data is read from sdc.

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sdb               0.00         0.00         0.00          0          0
sdc             134.50        67.25         0.00        134          0
sdd             134.50         0.00        33.62          0         67
sde             134.00         0.00        33.50          0         67

Cleanup

Let’s break the mirror and go live with the new disks:

root@lvmtest:~# lvconvert -m0 MAIN/LVMAIN /dev/sdb /dev/sdc
  Logical volume LVMAIN converted.

Remove the old disks from the volume group:

root@lvmtest:~# vgreduce MAIN /dev/sdb /dev/sdc
  Removed "/dev/sdb" from volume group "MAIN"
  Removed "/dev/sdc" from volume group "MAIN"

Remove the pysical volumes:

root@lvmtest:~# pvremove /dev/sdb /dev/sdc
  Labels on physical volume "/dev/sdb" successfully wiped
  Labels on physical volume "/dev/sdc" successfully wiped

There ya go. No downtime. Hot migrated from linear to striped!

Thursday, August 6, 2015

better compressed dd images of blockdevices

When creating full images from one of my rootdisks …

dd if=/dev/sda | bzip2 >/opt/backup/sda.img.bzip2

… i noticed the backups were growing, but the amount of data on the device was not.

Since dd is a full blocklevel- and not a filebased backup, there must be some free space containing old bits and bytes.
The sfill utility can overwrite the freespace with zeroes, giving me better compressed images.

sfill -f -l -l -z /mnt/mountpoint

Clean ubuntu rootdisk

My script to clean up some stuff.
Seems that those kernel header packages are eating up all inodes on small ext volumes.

#!/bin/sh
nr_of_removed_packages=`dpkg -l | egrep "^rc" | cut -d" " -f3 | wc -l`
nr_of_active_kernels=`ls /boot/vmlinuz* | wc -l`
active_kernels=`ls /boot/vmlinuz* | cut -d" " -f9 | sed -r 's/\/boot\/vmlinuz-//' | sed -r 's/-generic//'`
nr_of_headers_to_be_cleaned=`dpkg -l | grep linux-headers | grep -v headers-generic | cut -d" " -f3 | grep -v "$active_kernels" | wc -l`

if [ "$nr_of_removed_packages" -gt "0" ]; then
  echo "Purge configuration files for removed packages ($nr_of_removed_packages)"
  dpkg --purge `dpkg -l | egrep "^rc" | cut -d" " -f3`
else
  echo "No removed packages"
fi

if [ "$nr_of_headers_to_be_cleaned" -gt "0" ]; then
  echo "Cleaning old kernel headers, but skipping active kernels:"
  echo "$active_kernels"
  echo ""
  echo "Going to clean:"
  dpkg -l | grep linux-headers | grep -v headers-generic | cut -d" " -f3 | grep -v "$active_kernels"
  echo "Wait 5 seconds or break now!!"
  sleep 5
  dpkg --purge `dpkg -l | grep linux-headers | grep -v headers-generic | cut -d" " -f3 | grep -v "$active_kernels"`
else
  echo "No kernel headers to be cleaned"
fi

echo "Done!"