@ ‘D250 Laboratories’

Fedora srvctl 2.x

After a long development cycle, ready to go! Fedora srvctl is ready to manage your virtual server farm!

Take a look at ..
srvctl 2.x @ Github
the srvctl online manual

Shared hosting made it possible for the web to be what it is today. However, time didn’t stop and software is evolving. Now-days, the concept of shared hosting is rather problematic. Lets say, there are over 100 mini websites on a shared host. Each of those websites is an Apache virtual host, connecting to a database – at least in the classic model. A bigger failure in any of the sites that crashes any of the shared programs will stop every site, completely. Also, if one of the sites gets hacked, the whole server can get exposed to the hackers.
Needless to say, that configuration is not a girl’s dream. Lucky wise, the experts been busy in the last years, and created the basics for a new technology called LXC. The kernel got extended with a namespace feature, and that makes it possible to create lightweight virtualization, and thus isolation. Feels familiar? You might know tools like VirtualBox, where you run one operating system in a window of another – virtually. In that particular case, virtualization is not really lightweight, as the whole hardware-logic has to be calculated for the virtual machine, – the VM. However, we – the open source guys – do not really want to run other operating systems.
To get rid of the shared hosting concept we actually could run several instances of the same operating system, well isolated form each-other, and the kernel namespace feature makes this possible. LXC is one of the new applications, that implements this concept of containers or virtual environments, – the VE’s. LXC 1.0 was released on 20th of February 2014, so its really fresh technology, and as it came out, I instantly started to work with it. After almost a full year of working with it, and using it for several months in production, the 2.x version is available as an rpm.

To install, use the following commands as root:

curl ftp://d250.hu/fedora-release/d250.repo > /etc/yum.repos.d/d250.repo
yum -y install srvctl

Once the rpm is installed you can start using it. The fist step would be to install tools and apply configuration settings for:
– web services
– mail services
– user settings

There are some requirements you should keep in mind before starting the installation.
It is recommended to set up key-based ssh authentication.

In order to run a proper server you will have to set up a powerful computer, with SSD’s,
set a static IP address, and obtain some signed certificates.
These files will be used if present, other wise they will be generated.

/root/ca-bundle.pem
/root/key.pem
/root/crt.pem

However, installation files can be re-configured, so skip this step if you don’t have any certificates yet.

To start the host-configuration procedure use:

srvctl update-install all

As srvctl is a bit similar to systemctl, and if used frequently they can be confused, so the shorthand-syntax for the command is simply:

sc command [mandatory argument] [optional argument]

To see all available commands, and the use syntax, simply use sc without any arguments, anytime, anywhere.

The first installation will generate a configuration file, that you can edit – I suggest you to use the midnight commander:

mcedit /etc/srvctl/config

The installation procedure will install and configure the host with:
– LXC – either from source, or from an rpm
– libvirt – for virtual networking
– Pound – the reverse proxy for http/https
– fail2ban – for security (optional)
– Postfix – e-mail MTA
– Perdition – POP / IMAP reverse proxy
– Bind – DNS server
– ClamAv – antivirus

In order to reverse-proxy on the SMTP protocol, saslauthd has to be patched.
This is done by downloading a precompiled patched version of saslauthd.
You might want to compile your own for uncommon architectures, eg, non x86_64.
The main problem is that perdition sends the “OK! Capabilities” message before the authentication OK.
saslauthd does not recognize this by default, and quits. The patch fixes it.

This software is under construction, and upgraded continuously.
If you plan using it please contact me for support!

Workstation install script for Fedora

This workstation-install.sh script is meant to run in the terminal. It will ask some questions, what to fine-tune, what to install, not really package-by package, more by categories. It can install tools I find useful for certain purposes, and it can use the rpm-fusion repository too, so that packages that are not licensed liberal enough for fedora can be installed with ease. To download and run with bash, use the following command in the terminal:

curl http://d250.hu/scripts/install-workstation.sh > install.sh \
&& bash install.sh

Currently it will look similar like this, while running the questioning part:

Root privileges needed to run this script. Trying with sudo.
This is the workstation installer for Fedora 20.
Started with user: x
## D250 Laboratories ./install-workstation.sh @ 2014.01.15-06:34:38
This is the latest original release of the script
=== Confirmation for 20 commands. [Ctrl-C to abort] ===

A local backcup of the /home and /etc folders could be created in /temp
just in case it might come handy.
create a local backup?  [Y/n] yes

The rpmfusion repo contains most of the packages
that are needed on a proper workstation, to use proprietary software 
such as mp3 codecs. Recommended on a workstation.
add rpmfusion?  [Y/n] yes

Run a yum update to update all packages?
update?  [Y/n] yes

Enable the ssh service, and let users log in via shell.
enable ssh?  [y/N] no

By default users can use the up and down arrow keys 
to see their command history. This can be replaced 
by a set of commands used frequently.
limit bash history to specific commands?  [y/N] no

Gnome is the default Desktop enviroment, 
but you might run another spin. It has some options for customization
install and finetune gnome desktop?  [Y/n] yes

User x can be enabled to be logged in automatically, 
without requesting a password when the system is started.
set autologin for first user?  [y/N] no

There are some basic tools in a proper workstation, 
such a system monitoring tools, or the Disks tool, 
exfat support, gkrellm, filezilla, extra vnc clients, brasero, zip, rar
install basic system tools?  [Y/n] yes

Google chrome, Flash player, java support is also part 
of a a proper desktop workstation, 
even though its propreitary software.
install browsers?  [y/N] no

Lightweight desktops with some traditional look 
might come handy on a less powerful computer. 
XFCE and LXDE are such Desktop enviroments.
install alternative lightweight desktops?  [y/N] no

Libre office is a proper Office suite, 
and this will install also the Community version of Kingsoft Wps-Office
a MS office clone with high compatibilty to the MS formats.
install office?  [Y/n] yes

Inkscape is powerful vector graphic editor. 
Darktable can process RAW photos. 
Gimp is a GNU Image manipulation progran.
 Blender is for 3D, Dia is a diagram editor.
install graphics tools?  [Y/n] yes

Amarok is a cool media player, 
and VLC has also some unique features. Mixxx isfor Dj's
install media players?  [Y/n] yes

Edit videos with Kdenlive, sound files with Audacity, 
compose soundtracks with Ardour,..
install media editors?  [y/N] no

Software development tools are for programmers and hackers.
install devtools?  [y/N] no

SElinux enhances secutrity by default, but sometimes 
hard to understand error messages waste your time, 
especially when selinux is preventing a hack.
disable selinux?  [y/N] no

Dropbox is a popular file sharing service.
install dropbox?  [y/N] no

Mumble is a useful free VOIP program, 
pidgin is a multiprotocol chat client.
install chattools?  [Y/n] yes

Skype is bought by MS, however a lot of people use it, 
and it might be need to stay connected. 
Currently, the installation process will ask for the root password.
install skype?  [y/N] no

Install the propietary nVidia graphic driver, 
and replace the opensurce driver. 
This installs the akmod package for more recent cards.
install nvidia driver?  [y/N] no
=== Running the Que of 9 commands. ===
...

The script will be maintained at its URL, and can update itself.
Installs Google-chrome, XPS-office, audacity with mp3 support, vlc, nVidia Graphics drivers, … etc.
Advanced users can fine-tune this script according their needs.
Bug reports, and feedback is welcome!
Github is the place for public discussions.

Fedora 20 Linux


Using commercial software, is like driving in handcuffs.
Using modern, open source, free software is like flying an airplane!
… The freedom-feeling is not comparable!

10 years have now passed since I thought about what Linux distribution to choose. Back then at my university time, Gentoo was the most popular, now Ubuntu seems to be the one. After more then 10 years of computing, it is time to share knowledge, in order to provide a resource for users, who want to use free software. Choosing the Operating system to work with, is an important decision. I suggest, and I will deal only with Linux based systems in my blog, as I have eliminated all commercial software from my view, and I’m really happy to use only legal, free software in everyday life, at my companies, and in my private use.

Choosing a distribution is not always a simple choice. The distribution timeline gives an idea what this choice is about. Back then, red had was a popular Linux brand, and I started with Fedora Core, the community distribution project, while experimenting with other Distributions too. It became my first choice, as I wanted to have the most up to date, newest Linux technologies in my system.

That said, I will start blogging about Fedora, with the current latest release, Fedora 20.

Once the decision was made, it is time to install the operating system. If you come from another world, you might think that you install the OS on a computer. This is actually not really the case. The operating system is installed on a disk, and is actually quite portable. Disk may be a Hard drive (HDD), a Solid State Disk (SSD), a pendrive (USB stick), or similar media. For a solid desktop my suggestion is a proper Solid State Disk, with good hardware specifications. The #1 part determining the computer’s speed these days, is the disk with the operating system. If you plan to install an OS, it is worth the effort to get a proper SSD first.

The second choice before actually installing the system is primary about architecture, secondary about desktop-environments or spins. Modern computers have 64-bit architecture, older computers might run only in 32-bit, mobile devices might have ARM processors. Choosing a desktop environment is rather a personal preference. Gnome, especially in the latest version is something really new and fancy, after getting used to it, it is my first choice. A more lightweight, and more windows-like enviroment is LXDE and XFCE. On older computers I usually install the 32-bit XFCE spin. There are more desktops-environments if you want, KDE, MATE, Gnome-shell, and so on. Freedom of choice.

Here is the fedora download link.

Time for an installation? The most simple is to download the spin of your choice, and burn a “Live” CD / DVD to boot from. Most motherboards provide a boot option, that might need to be enabled in the BIOS. The faster, and recommended method for power-users or for multiple installations is to use a Live system on USB media – or a standard disk. Here again, if you come from another world, his might sound strange. What is a Live OS? Well, an Operating system that is not installed, that simply runs. Commercial operating systems like Windows can not run live, and due to copy-protection, they cant even run from USB! Yes, these are the handcuffs, technically there is no real reason why an operating system can not reside on portable media, or cant be copied freely. The Live system, booted from an USB hard disk is fast, and will have the “install to Hard Drive” icon, to start an installation.

To prepare the Live media, most simple way is to use the liveusb-creator. Once the media is prepared, it can be taken out from the USB port, and started on a SATA interface too! The tool can actually take any disk as a parameter. I found this to be very useful. Just in case, someone does not want to get rid of Windows completely yet, (not recommended ;) Linux can be installed if there is a free space of at least 6 Gigabytes, installs a boot-loader that usually detects other installed operating systems, and sets the boot-loader accordingly. Fedora and other Linux distributions can handle other file systems well, let it be NTFS, HPFS, FAT, or anything similar. Needless to say, that data must be backed up regularly and properly, especially before doing such significant interventions!

Installation is really straight forward. The installer started from the live system is called “Anaconda”, and does a great job. I usually do installations on standard partitions, but LVM, or BRTFS can be great options too. It separates the system and the home folder by default, that can be the same to have more space, and if having a lot of RAM, there is no real need for a swap partition. I suggest to set a strong root password, and to create an user, that can be an administrator even without password, for simple usage. Once the system is installed, reboot or power off the machine to unplug the Live media, and boot into the new system. I encountered a few cases where the fresh installation did not boot up with the default kernel, but booted up with the rescue kernel. That is no real problem, and is fixed by the next step.

The terminal is a really powerful tool for system administrators, power-users, and even end-users that can see the advantage. The Linux shell is much much more powerful like the Windows-equivalent DOS-like command prompt. Once logged in, find a way to start a terminal, in Gnome under activities, in LXDE with a right click on the desktop surface. The terminal is user-sensitive, and has 3 pieces of informations when it show’s up:

[x@localhost ~]$ _

User x is logged in to localhost, and is in it’s home folder, that has the symbol “~”. You can type or paste commands here, and hit enter to run. In order to run deep system commands, it might come handy to be root permanently, the root user or with other words the superuser is the one that can do anything, or to use a third expression, he is the main Administrator. To change to that super user issue the following command: “su -” so it looks like this:

[x@localhost ~]$ su -

It will ask for a password, the password was provided at the installation when the root password was set. Once logged in, the prompt will change, the $ sign will change to the # sign, indicating root privileges. I will not always post all these parts of the shell prompt, and always use the “sudo” command, that will work if the user got administrator privileges during installation. if the user does not have administrator rights, he has to log in every time with “su -“, however in that case, the “sudo” command wont do any harm. Having that clarified, it is time to update the system, the first task on the installed system. The network should be plugged in, up and running. This is the command:

 sudo yum -y update

It will download and install small packages, or better said their negative deltas, fedora uses the rpm format, and yum is the package manager used by Fedora.

At this point, we have a system that has all the really-really free up to date software from the selected spin. In the next posts, there will be more installation hints, fine tuning tips, and procedures that I find useful. They might be documented on other blogs, and other sites, but I will also post more unique scripts, that I document to myself, and to others. Sharing is everything!

Long live open source free software! Free, like in free speech!

LAB activity

The LAB activity seems to be poor if you take a look at the posting dates on this website. Nothing is further from the truth. Actually we are too busy, to write posts! I’m happy to announce, that the LAB is expanding! We are starting a workgroup, where we teach, collaborate, and work together, in a more professional way.

As a contribution from our internal works, we released a mediawiki Language Tag extension

Adventures in PHP

After working on Turm for a while, I collected enough experiences to judge PHP from my subjective point of view. Conclusion: PHP is not recommended. Neither as a web framework neither as scripting language. (details) As it seems PHP gained it’s popularity in historic moments. It is suitable to get things done quick and dirty, but it fails when it comes to a large project where it has to be a stable building block. Turm will be re-implemented in Ruby, .. will take some time tho.

PHP LogViewer

The first version, 1.0 of my simple LogViewer PHP script is availabale for download. Open-source GNU/GPL license.

The most recent version will be maintained under this link.

Crowing Bamjahan

Time to unleash my Mission for Arma 2 Operation Arrowhead, that I composed in order to test the German Radio Protocol. The mission is quite intense, and I hope you will have a lot of fun while playing it.

Download Crowing Bamjahan.

Updates

There are several new features built in to our system in The LAB.

First of all, we are now part of PKI, the Public Key Infrastructure. StartSSL authenticated D250 Laboratories, and the SSL keys are successfully built in to all our services, that need encryptions.

There are also news from our internal site, the forum and the wiki have now facebook-connect authentication built in, for easy login.

And last but not least, we got involved to the development of ISPConfig. Several new features are implemented, such as password-less ssh login, or signing CA certificates by a local custom CA.
these features are uploaded into the SVN trunk of ISPconfig 3, and hopefully should be included in the next update.

Long live Open-Source Software!

At Beatport

Panel Trax has released the track polar on a compilation, available at beatport.
This relative aggressive classic techno track has already proven it’s functionality in the Mono-Club.
Back then also Newl requested a video for his show called PartyZone. polar.mpg

OFP-archives

Original games do not fade.

And thats true especially for Operation Flashpoint, the first game from Bohemia Interactive.
The OFP-times seem to have ended for me, although, I enjoy joining IRON’s XR server from time to time.

However, since we have this new website, I post some link’s to my work’s from the OFP Era.

Download LaKing’s OFP Script editor.
Download KICTI, mission for OFP.

Return top