Archive for the ‘Debian’ Category
Posted by Vide on November 6, 2009
In an older post I explained how to create a bond interface in Debian Etch… now, this doesn’t work anymore due to some changes in Lenny.
So, long story short, first of all, install ifenslave
# apt-get install ifenslave-2.6
edit /etc/network/interfaces and add the bond0 config:
auto bond0
iface bond0 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.1
up /sbin/ifenslave bond0 eth0 eth1
down /sbin/ifenslave -d bond0 eth0 eth1
now edit /etc/modprobe.d/arch/x86_64 (change the filename depending on your architecture) and add these lines
alias bond0 bonding
options bonding mode=1 miimon=100 downdelay=200 updelay=200
Brief explanation:
- miimon N: check if the active interface(s) is alive every N milliseconds
- downdelay N: wait N milliseconds after a detected link failure to consider the link down
- updelay N: wait N milliseconds after a detected link restoration to consider the link up
- mode N: 1 means master/slave configuration, so there’s only one active master. If this link fails, then slave is used.
For a more complete description of all the possible parameters, refer to Linux Documentation/networking/bonding.txt
After this, you can restart networking or reboot if you are working remotely and it should work without a problem. It did for me :)
Posted in Debian, Howtos, Linux, Networking | Tagged: bonding, Debian, lenny, Linux, Networking | 4 Comments »
Posted by Vide on November 4, 2009
Just found out a bizarre feature of MySQL: you simply cannot create a table with a trailing space in a column name. Something like this, doesn’t work:
create table a (`a ` int);
ERROR 1166 (42000): Incorrect column name 'a '
There’s a thread in MySQL’s lists explaining it
Ok, it seems there’s a technical limitation but this solution seems like a lazy workaround to me.
The problem is with CREATE VIEW. In recent MySQL builds you cannot either create a view with a trailing space in a column name. But recent means, at least, greater than 5.0.51a, cause this version DOES let you create a view with a trailing space.
# mysql --version
mysql Ver 14.12 Distrib 5.0.51a, for debian-linux-gnu (x86_64) using readline 5.2
mysql> create view b as select a `a ` from a;
Query OK, 0 rows affected (0.00 sec)
There’s a big problem here: 5.0.51a is the default and supported version in Debian Lenny! So, if you have Lenny as a master of a more recent MySQL installation, be careful cause a CREATE VIEW with a trailing space in a column name will break your replication. Grrrr. MySQL, I hate you, really.
Posted in Debian, Linux, Mysql, Rants | Tagged: bug, Mysql, Rants, replication | Leave a Comment »
Posted by Vide on August 6, 2009
If you happen to own a SPARC64 box, you’ll probably already know that even if the kernel is 64bit the userland comes from the normal SPARC Debian port, so it’s 32bit. Mysql is no exception, with all the 32bit limitations – mainly the 4GB RAM per process limit.
This is really a PITA because if you have a SPARC64 box probably it has got plenty of RAM and you want to use it at its full potential, without having to messing around with Solaris (yeah, I don’t like it very much, I’m sorry).
This guide covers Mysql 5.1 installation in Debian Lenny, so we have to use SID repositories.
# echo "deb http://ftp.de.debian.org/debian/ sid main" >> /etc/apt/sources.list
# echo "deb-src http://ftp.de.debian.org/debian/ sid main" >> /etc/apt/sources.list
then let’s edit our apt preferences to avoid massive update on next dist-upgrade :)
# vim /etc/apt/preferences
Package: *
Pin: release a=stable
Pin-Priority: 900
Package: *
Pin: release a=sid
Pin-Priority: 100
and then update our repo list
# aptitude update
And here we go:
# apt-get build-dep mysql-server-5.1
# mkdir /tmp/mysql-build; cd /tmp/mysql-build
# apt-get source mysql-server-5.1
# vim mysql-dfsg-5.1*/debian/rules
here we touch a little the rules for compiling cause there are a couple of things that are not going to work by default.
The MAKE_J variable doesn’t work very well, so you can modify the grep to look for “CPU” instead of “processor” or you could hardcode it to the number of processor you have. This will make compilation a lot faster.
MAKE_J = -j$(shell if [ -f /proc/cpuinfo ] ; then grep -c CPU* /proc/cpuinfo ; else echo 1 ; fi)
then edit the CFLAGS variable because it’s used to compile some library that will ignore the environment variables we are going to set later in this howto.
CFLAGS=$${MYSQL_BUILD_CFLAGS:-"-O3 -DBIG_JOINS=1 -m64 -mcpu=niagara2 ${FORCE_FPIC_CFLAGS}"} \
it should be about line 73. Please note that -m64 will make it 64bit so it’s mandatory while the mcpu flag it’s to optimize the executable for your CPU. In my case it’s a niagara2 chip but you can use another CPU as well. Check the GCC documentation for more details
Save and quit and then we can start with the compilation process:
# export CFLAGS="-m64 -mcpu=niagara2 -O2 -g"
# export CXXFLAGS="-m64 -mcpu=niagara2 -O2 -g"
# export CPPFLAGS="-m64 -mcpu=niagara2 -O2 -g"
# export LDFLAGS="-m64 -mcpu=niagara2 -O2 -g"
# export DEB_BUILD_OPTIONS="nocheck"
# debuild -us -uc --preserve-env
that’s it. After some minutes (depending on your HW), you should have in /tmp/mysql-build all your new DEBs which you can install with dpkg -i. I advice to install the stock mysql-server-5.1 with aptitude before to get all dependencies installed, then you can use dpkg with your new DEBs.
Posted in Debian, Howtos, Linux, Mysql | Tagged: Debian, howto, Linux, Mysql, sparc | 2 Comments »
Posted by Vide on June 4, 2009
Transifex is a not-so-well-known opensource localization platform, written in Python and running on Django (a Python based application server, if you don’t know it). So, being not so well known, there isn’t a lot of documentation about it, and how to install it under Debian 5 Lenny it’s almost undocumented. So, here we go.
First of all, you have to install some packages. Luckily Lenny has got lot of them, although not all the needed
# aptitude install django python-urlgrabber python-setuptools python-pygments python-openid python-markdown python-httplib2
# aptitude install subversion
# aptitude install python-mysqldb
# aptitude install build-essential python-dev
These should be all the packages needed by Transifex which are available as deb packages. Now let’s install the remaining ones through easy_install
# easy_install django-authopenid django-pagination
# easy_install -f http://transifex.org/files/eggs/ contact_form tagging
# easy_install django-notification
# easy_install mercurial
Now the last package, django_evolution which is, AFAIK, only available as an SVN checkout from Google Code
# svn checkout http://django-evolution.googlecode.com/svn/trunk /tmp/django-evol
# mv /tmp/django-evol/django_evolution /usr/lib/python2.5/site-packages/
Now we can download the Transifex tarball
# cd /tmp && wget http://transifex.org/files/transifex-0.6.tar.gz
# tar xzvf transifex-0.6.tar.gz
# cp -a transifex-0.6/transifex /var/www
Now we have to edit some configuration files located in /var/www/transifex/settings with particular attention to the database backend configuration stored in 20-engines.conf. Take this as example
DATABASE_ENGINE = 'mysql'
DATABASE_NAME = 'transifex'
DATABASE_USER = 'transifex'
DATABASE_PASSWORD = 'secret_password'
DATABASE_HOST = 'ADDRESS-OF-YOUR-DB' # Set to empty string for local socket
DATABASE_PORT = '3306' # Set to empty string for default
obviously you must create a database (called ‘transifex’ in this example) in your database server and give full permissions to a dedicated user (called ‘transifex’ with ’secret_password’ as password in this example). You can do it with these commands in your mysql console:
CREATE DATABASE transifex;
GRANT ALL ON transifex.* to 'transifex'@'%' IDENTIFIED BY 'secret_password';
Now we can run the configuration scripts, located in the transifex’s base dir
# cd /var/www/transifex
# ./manage.py syncdb
# ./manage.py txcreatedirs
# ./manage.py runserver
Now we can execute a server instance, listening on address $IPADDRESS and port 8088, and then we can access it fro http://$IPADDRESS:8088 in our web browser. Remember to use nohup if yoiu want to detach it from the console
# ./manage.py $IPADDRESS:8088
Posted in Debian, Howtos, Linux | 2 Comments »
Posted by Vide on February 6, 2009
Sometimes you may in need to use an external SMTP provider to send your emails, and usually ISPs give instruction on how to configure mail clients such as Outlook or Thunderbird. But what if you are already using an internal SMTP server such as Postfix?
These guidelines are for Debian (but may be helpful with other systems as well) and are related to Postfix. The SMTP provider in the example is AuthSMTP which is a well known provider for SMTP relaying.
Given you already have a working Postfix environment, first of all edit your main.cf and add these lines:
relayhost = [mail.authsmtp.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
then, create with $EDITOR a file called /etc/postfix/sasl-passwords and fill it with something like this:
[mail.authsmtp.com] yourusername:yourpassword
then, compile the map file
# postmap hash:/etc/postfix/sasl-passwords
now we are almost done, just restart postfix and it should work.
Now, probably it won’t really work and you’ll start to see messages like these in your postfix log:
warning: SASL authentication failure: No worthy mechs found
SASL authentication failed; cannot authenticate to server mail.authsmtp.com
that’s because you are missing some SASL packages from Debian. Issue
# aptitude install libsasl2-modules
and it should install all the missing packages and make the thing work :)
Posted in Debian, Linux, Postfix, Postmaster, Tips | Tagged: Debian, Postfix, smtp auth, Tips | 5 Comments »
Posted by rga on December 30, 2008
Hello,
Maybe you are interested on installing untrusted packages on your Debian box, but by default you are prompted with this prompt:
Do you want to continue? [Y/n/?] y
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system’s security.
You should only proceed with the installation if you are certain that
this is what you want to do.
untrusted_package
Do you want to ignore this warning and proceed anyway?
To continue, enter “Yes”; to abort, enter “No”:
This is fine, since it warns you about it, but it breaks non-interactive scripts, because needs user confirmation.
What then? the solution is easy, you only need to tell to aptitude that you want to use those packages without user confirmation.
From aptitude manual:
Option: Aptitude::CmdLine::Ignore-Trust-Violations
Default: false
Description: In command-line mode, causes aptitude to ignore the installation of untrusted packages. This is a synonym for Apt::Get::AllowUnauthenticated.
Just go!
# aptitude -o Aptitude::Cmdline::ignore-trust-violations=true -y install your_untrusted_package
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system’s security.
You should only proceed with the installation if you are certain that
this is what you want to do.
untrusted_package
*** WARNING *** Ignoring these trust violations because
aptitude::CmdLine::Ignore-Trust-Violations is ‘true’!
Writing extended state information… Done
It does not use an interactive prompt and of course your script will continue :)
See you!
Posted in Debian, Linux, Shell scripts, Tips | Tagged: Apt, Aptitude, Debian, Packages, Repo, source, Untrusted | 1 Comment »
Posted by Vide on November 17, 2008
After getting iSCSI working on Debian Etch the next thing to do is to set up multipath to get redundancy in case one path from the SCSI client to the SCSI target fails.
First, let’s digg a bit more in depth about what a path is, what can go wrong and what we can do to prevent it. Usually in a simple iSCSI environment there are two network interfaces dedicated to the remote storage, each one connected to a distinct ethernet switch and each switch connected to the a distinct ethernet interface in the host SAN. Then here you have two separated controller cards (let’s call them A and B) which connect to the same logical volume (a RAID array.. so here redundancy is already covered). I repeat, this is the simplest redundant scenario, in which you can have redundancy, a good fault-tolerance and can parallelize via round-robin the requests from the initiator to the host target.
Read the rest of this entry »
Posted in Debian, High availability, Howtos, Linux, Storage | Tagged: Debian, High availability, howto, Linux, Storage | 2 Comments »
Posted by Vide on November 13, 2008
Title says it all. If you want to check (or set) your ethernet NIC configuration or status in Linux, people used to use mii-tools. But there’s a lot more powerful and modern tool that obsoletes it: ethtool
You can install it with your favourite package manager, if it’s not already present in your system.
In Debian/Ubuntu, you can issue
# aptitude install ethtool
Here it is an example:
# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes
Posted in Debian, Gentoo, Linux, Networking, Software, Tips, Ubuntu | Tagged: Linux, Networking, Tips | 4 Comments »
Posted by Vide on November 11, 2008
I guess the fact I’m here writing again on this topic goes for that definitive I put in the title the first time :) So obviously it was not so definitive, and here we are again with a, I hope, better and improved version.
This time we are going to use th backports repository and the Etcn’n'half kernel, cause they provide a better and far more stable support for iSCSI under Debian (Etch).
So, first of all add the backports repository:
echo "deb http://www.backports.org/debian etch-backports main contrib non-free" >> /etc/apt/sources.list
and do some basic stuff:
# aptitude update
# aptitude install debian-backports-keyring
# aptitude update
Now, let’s install the newer 2.6.24 kernel from the Debian Etch’n'half project (note: it’s present in the officila Debian repository, it doesn’t come from the backports.org one)
# aptitude install linux-image-2.6-amd64-etchnhalf # remove amd64 if you're on x86_32
now here, if you are a Broadcom NeteXtreme 2 user (lsmod|grep bnx2), be careful and remember to install these NEW package before rebooting, or you will have an unpleasant surprise
# aptitude install firmware-bnx2
This is due to a change in newer Linux versions
Then reboot, cross your fingers and then install the newer open-iscsi package:
# aptitude install -t etch-backports open-iscsi
Everything should be ok and this time you should have all the config files in the right place, a proper script to mount/unmount iSCSI target devices at boot time and so on…
Anyway, I still prefer the old-school config file, so usually I replace the Debian stock one with something like this:
node.active_cnx = 1
#node.startup = manual
node.startup = automatic
#node.session.auth.username = dima
#node.session.auth.password = aloha
#node.session.timeo.replacement_timeout = 15
node.session.timeo.recovery_timeout = 15
node.session.err_timeo.abort_timeout = 10
node.session.err_timeo.reset_timeout = 30
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Wait = 0
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.MaxConnections = 0
node.conn[0].iscsi.HeaderDigest = None
node.conn[0].iscsi.DataDigest = None
node.conn[0].iscsi.MaxRecvDataSegmentLength = 65536
I have highlighted one line because that parameter is used to choose the timeout after which an iSCSI device is considered dead, and thus that path discarded (we’ll talk about paths later).
So, time to discover new devices now:
# /etc/init.d/open-iscsi restart
# iscsiadm -m discovery -t sendtargets -p $SAN_IP_ADDRESS
# /etc/init.d/open-iscsi restart
check out your dmesg output and look for new /dev/sdX devices.
Some partitioning and formatting later, you can edit your fstab with something like this
/dev/sdb1 /mnt/files ext3 defaults,auto,_netdev 0 0
and you should be done!
Posted in Debian, Howtos, Linux, Storage | Tagged: Debian, howto, iscsi, Storage | 2 Comments »
Posted by Vide on September 15, 2008
Ok, maybe this is a little bit arrogant title :) but since I’ve experienced more than a problem/issue when installing iSCSI initiator support in Debian 4.0 Etch, I think that this howto could help people setting up their first open-iscsi in Etch (in which open-iscsi is UTTERLY broken, let me say it loud).
First of all, install open-iscsi
aptitude install open-iscsi
and remove the broken init scripts (they are going to give you lots of headaches when rebooting, if you don’t do this.)
update-rc.d -f open-iscsi remove
Read the rest of this entry »
Posted in Debian, General, Howtos, Linux, Storage | Tagged: Debian, howto, iscsi, Linux, san, Storage | 2 Comments »
