February 9, 2010 -
http://joey.kitenet.net/code/etckeeper/
etckeeper is a collection of tools to let /etc be stored in a git, mercurial, darcs, or bzr repository. It hooks into apt (and other package managers including yum and pacman-g2) to automatically commit changes made to /etc during package upgrades. It tracks file metadata that revison control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It's quite modular and configurable, while also being simple to use if you understand the basics of working with revision control.
Under Debian Lenny :
Install :
apt-get install etckeeper
Set ut the git repository (git is the default repository system, see /etc/etckeeper/etckeeper.conf if you want to change that) :
cd /etc
etckeeper init
etckeeper commit "initial import"
We’re done with the initial setup..
If you install a package through apt-get or aptitude, changes will be automatically commited.
If you made changes to files under /etc, commit them by doing :
git commit -a
Also, you can install trac-git, which provides a user friendly web interface to browse your git repository.
July 7, 2009 -
The setup :
We run a virtualization server on a server in a datacenter (for example Proxmox VE), we only have 1 public IP available.
We run web servers on 2 different virtual machines inside that VM host. We want both web servers to be accessible through the public IP on port 80.
We will use the Squid Proxy to act as a “reverse proxy” (http://en.wikipedia.org/wiki/Reverse_proxy).
Squid will relay the requests to the destination depending on the hostname requested.
The machines :
Virtualization server (VM host)/Squid server : Public IP 10.20.30.40 – bridged LAN IP 172.16.5.97/255.255.0.0
VM1 : bridged LAN IP 172.16.100.25/255.255.0.0 – Hostname example.org
VM2 : bridged LAN IP 172.16.100.122/255.255.0.0 – Hostname example.net
On your client computer (optional if you already have domains) :
Edit /etc/hosts and add :
10.20.30.40 example.org
10.20.30.40 example.net
On VM1 and VM2 :
apt-get install lighttpd (or whatever web server you like)
Edit /var/www/index.ligtthpd.html and replace the content of the file by “VM1″ on VM1 and “VM2″ on VM2.
On the VM host :
If Apache listens on port tcp/80, disable it by editing /etc/apache2/ports.conf and removing or commenting “Listen 80″.
Install Squid :
apt-get install squid
Edit /etc/squid/squid.conf and find the http_port section, and add “http_port 80 vhost vport” :
http_port 3128
http_port 80 vhost vport
Then add the following section :
cache_peer 172.16.100.25 parent 80 0 no-query originserver name=server1
cache_peer_domain server1 example.org
cache_peer 172.16.100.122 parent 80 0 no-query originserver name=server2
cache_peer_domain server2 example.net
And then add the following ACL for our domains :
acl valid_domains dstdomain .example.org
acl valid_domains dstdomain .example.net
Allow requests to our domains by adding “http_access allow valid_domains” just before the “deny all” rule (at the end of ACL’s) :
http_access allow valid_domains
http_access deny all
Restart Squid :
/etc/init.d/squid restart
Back on your computer :
Make a request on example.net or .org, you should either see VM1 or VM2 displayed in your browser depending on the hostname requested.
June 30, 2009 -
GNBD is some kind of alternative to iSCSI and to a (much) lower extent to sshfs or other filesharing systems (NFS, Samba, etc.).
Unlike iSCSI, there’s no authentication or such, I invite you to read the documentation to learn more about GNBD.
Server (server.example.org) :
Optional : Create a test filesystem
dd if=/dev/zero of=/home/disk bs=1M count=1000
losetup -f (find the next available loop device)
losetup /dev/loop0 /home/disk
mkfs.ext3 -j /dev/loop0
Install GNBD on the server and start :
apt-get install gnbd-server
/etc/init.d/gnbd-server start or gnbd-server -n
Export the device :
gnbd_export -d /dev/loop0 -e DISK -c
Replace /dev/loop0 by any device on your system you want to share (eg : /dev/sda2).
DISK will be the name of the exported device.
List the current exported drives :
gnbd_export
Client
Install GNBD on the client (client.example.org) :
apt-get install gnbd-client redhat-cluster-modules-2.6.26-2-686
(pick the package matching your architecture)
modprobe gnbd
List exports on the server from the client :
gnbd_import -e server.example.org -n
Create the device for the shared drive on the client :
gnbd_import -i server.example.org -n
This will result in a new device available under /dev/gnbd/DISK
Mount the device :
mount /dev/gnbd/DISK /mnt/DISK
Done !
Sources :
Linux Magazine France n° 118 and Vincent 
June 6, 2009 -
Yannick over at http://blog.uggy.org always comes up with interesting and valuable tips.
Following his latest post regarding sshrc, I made my own sshrc script.
Unlike his example, I didn’t make SSH email me whenever a connection is made. That would be overkill given the number of connections I can make on a single day.
Instead I’m just logging dates and IP in a log file of its own, which I plan on keeping forever.
My /etc/ssh/sshrc :
DATE=`date "+%d.%m.%Y %Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
echo "$DATE - $IP" >> /var/log/ssh_connections.log
March 15, 2009 -
I’m talking about the banner displayed BEFORE connecting, not the MOTD
By default :
$ ssh root@server
***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to use
this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
Last login: Sat Mar 14 21:38:01 2009 from mars
Using ssh -q :
$ ssh -q root@server
Last login: Sat Mar 14 21:39:00 2009 from mars
This is particularly interesting when you use rsync with ssh from a cronjob.. if you don’t use -q you’ll likely get the banner sent to you by email.
December 7, 2008 -
Lately I installed rsnapshot on my lappy to get my files backed up on my home server during the night, in case the laptop is on.
Rsnapshot is only CLI, I still somewhat wanted to get some kind of visual notification saying the backup was starting (and ending).. just to avoid shutting down my machine while the backup process was still on, for example.
Rsnapshot allows you, throught the cmd_postexec and cmd_preexec options, to run scripts before and after the backup job.
I came up with scripts using Zenity for visual notifications.
The thing is, the cmd_postexec script must complete before the backup can begin, and the only documented way I found to start the backup was to click OK on the zenity notification. This would be annoying if I’m not at the computer at that time (which is very likely 
). The notification popup would just wait for my input to start the backup job.. not good.
I tried to figure out a decent way to get rid of the popup after a few second, but I didn’t have to search for too long.. Indeed, Marco spotted that Zenity has an undocumented timeout option doing exactly what I wanted.
Odd that it is not documented..
Thanks to Marco !
For the curious, here’s the cmd_postexec script (rsnapshot running as root and opening the popup on the user’s desktop) :
#!/bin/bash
su USERNAME -c 'export DISPLAY=:0.0; zenity --timeout 30 --info --text "Rsnapshot backup will start in 30 seconds"'
exit 0
-
If you want to batch rename files under Linux, check out PrefixSuffix.
I’m usually all for the CLI, but this nifty tool is quite convenient (if you have a GUI available )
It is available right in the Ubuntu repositories, but not under Debian’s.
http://prefixsuffix.sourceforge.net/
(for the CLI addicts, feel free to post oneliners doing the same job (and even more))
December 3, 2008 -
I just compiled zaptel-modules for Debian Lenny (Kernel 2.6.26 i386)
That package contains the ztdummy module.
Here’s a link to the package :
http://www.wains.be/pub/zaptel-modules-2.6.26-1-686_1.4.11~dfsg-2+2.6.26-10_i386.deb
November 16, 2008 -
I heavily rely on the following tools to manage my music.
I must be using Easytag on a daily basis really. This is definitely the best tool to manage hundreds of MP3’s. If you are like me and like to see your music properly sorted in your player, this is definitely the tool you need.
Sound Converter has been able to convert every file I submitted to it. Essential !
Easytag :
EasyTAG is an utility for viewing, editing and writing
the ID3 tags of different audio files, using a GTK+ interface.
Currently EasyTAG supports the following:
– View, edit, write tags of MP3, MP2 files (ID3 tag), FLAC files (FLAC Vorbis
tag), Ogg Vorbis files (Ogg Vorbis tag), and MusePack, Monkey’s Audio files
(APE tag),
– Auto tagging: parse filename and directory to complete automatically the
fields (using masks),
– Ability to rename files from the tag (using masks) or by loading
a text file,
– Process selected files of the selected directory,
– Ability to browse subdirectories,
– Recursion for tagging, removing, renaming, saving…,
– Can set a field (artist, title,…) to all other selected files,
– CDDB support (from http protocol),
– Etc…
Debian package name : easytag
id3tool
A command line ID3 tag editor
A simple and complete editor for ID3 tags in MP3 files. ID3 tags are a way of identifying mp3 music files – you can store Artist, Album, Title, Track, Year, and Genre in a tag, as well as a 28-character comment.
Debian package name : id3tool
Gnome Sound Converter :
SoundConverter is a simple sound converter application for the GNOME
environment. It reads sound files in any format supported by GStreamer
and outputs them in Ogg Vorbis, FLAC, or WAV format, or MP3 format if
you have the GStreamer LAME plugin.
Debian package name : soundconverter
Now blame me for not using Ogg
November 13, 2008 -
I’m under Debian Lenny at work.
I installed the VPNC plugin (Cisco VPN) for NetworkManager today.
I usually always connect to OpenVPN tunnels with the OpenVPN plugin, which works pretty well (at least on NM 0.6.6).
After installing the VPNC plugin, I started having issues with my OpenVPN tunnels.. I was not able to resolve remote hostnames correctly.
The problem was that my resolv.conf didn’t get updated upon connection to the OpenVPN.
When installing network-manager-vpnc-gnome, a dependency named “resolvconf” got installed along. The package somewhat protected /etc/resolv.conf from being updated.
After getting rid of resolvconf, my OpenVPN VPNs are working again !
Also, this didn’t prevent the Cisco VPN from working..
I need to check out what that resolvconf package is all about.. if someone has a clue, please comment
Next Page »
