Monday, November 28, 2011

Troubleshooting Munin Plugins

A few things to try when the Munin plugin, that you just installed, doesn’t work.  Examples below involve the ejabberd plugin from the Munin Exchange.

1) Try running the plugin from the command line. It should look something like:  

root@uranus:~# /etc/munin/plugins/ejabberd_connections
s2s_connections_out.value 0
s2s_connections_in.value 0
root@uranus:~#

If it spits up an error, you likely have a scripting error.  Take a look at the code.

2) Try telnetting to port 4949 of the Munin box and fetching the data. If it runs properly, it should look something like:

root@uranus:~# telnet localhost 4949
Trying ::1…
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
# munin node at uranus.joat
fetch ejabberd_connections
s2s_connections_out.value 0
s2s_connections_in.value 0
.
quit
Connection closed by foreign host.
root@uranus:~#

Note: In the above, you type in “telnet localhost 4949”, “fetch ejabberd_connections”, and “quit”.  If it doesn’t run properly, you’ll probably get a “Bad Exit” error. This means that something isn’t configured correctly or something isn’t where the script is looking for it. Take a look at the code.  Hopefully the author put comments in the script, explaining what's needed.

3) You might also try “munin-run ejabberd_connections”. Sometimes it’ll return a line number for where (or near where) the script is failing.  Again, you'll need to look at the code.

For info, the eJabberd plugin that was giving me fits (above) wasn’t working because I hadn’t made an env.vhosts entry, under [ejabberd*] in /etc/munin/plugin-conf/munin-node.

Thursday, November 24, 2011

Spectrum.IM oddness

Okay, it _is_ my fault that I get into these predicaments, but it's so much fun to find this stuff out... Notes will be in the wiki shortly. Just so's you know, my rig in the following discussion looks like:

 XChat2 -> Bitlbee -> Openfire or eJabberd -> Spectrum -> GTalk or IRC

I've been playing with the Spectrum.IM gateway, getting it to work with my rig. Spent most of my free time today in a futile attempt to get Spectrum to work with Openfire. It does show up in the External Connections sessions but it doesn't accept direction from Openfire (hint: if you want to see what Spectrum is doing, don't run it as a daemon. Instead, run "spectrum -n /etc/spectrum/xmpp.cfg").

Finally gave up on Openfire and switched to eJabberd. Spectrum started playing nicely with XMPP-to-XMPP traffic right away. I was able to log into GTalk and play with various bots.

Ran into trouble when playing with IRC. Took another couple hours before I realized that eJabberd has its own IRC modules. (Hint: if you want to use Spectrum's IRC capabiltities, you'll want to move mod_irc.beam and mod_irc_connection.beam out of the /usr/lib/ejabberd/ebin/ directory and restart eJabberd.)

Removing those two files from the eJabberd ebin directory cleared up the access to Spectrum but then I couldn't open the chat room in Bitlbee. I could use another client, connected directly to the IRC server, and see that Spectrum had connected. It just wasn't showing up in Bitlbee.

Here's what I was doing. In the &bitlbee command channel, I was running:

 chat add 9 #geeks%irc.757.org@irc.uranus.joat geeks2
 /join #geeks2

No additional window would open, though Spectrum and the second IRC client was showing proper access. Here's where the oddness creeps in: after playing with various commands, figured out that if I join the command channel for "geeks2", the chat window for "geeks2" also opens. In other words, if I run the following in &bitlbee:

 /join &geeks2

then two windows open: one for &geeks2 and the other for #geeks2. It's probably a Bitlbee feature but it's still odd.

One nice thing is that I can then close &geeks2 and #geeks2 will stay open. (Wonder if this is scriptable in XChat2.)  Another is that Spectrum doesn't require additional windows in XChat2. I can now monitor channels on different IRC servers without having to switch server tabs in XChat2 (i.e., they're all in one tab now).

The one drawback to all this fun is: I now have to go back and configure eJabberd to provide the services that used to be provided by Openfire (presence, Asterisk interface, etc.).

Sunday, November 20, 2011

Chrome not liking Alfresco?

Just in case anyone else is experiencing this...

I've been experimenting with Alfresco 4.0b and 4.0c. I've noticed an
issue that pops up when using the Google Chrome browser to access
Alfreso Share. Primarily, it occurs when moving files from the
desktop to the repository, using the drag and drop feature. After a
certain number of files, Chrome refuses to talk further with Alfresco
and whatever page I was on has the Alfresco equivalent of the Mac
beachball of death. The page never times out and the browser cannot
load any other Alfresco page.

At first, I'd thought that it was an Alfresco issue as Alfresco
appeared to be crashing. Restarting the service seemed to fix it.
Adding memory to the server also appeared to make the issue less
frequent. However, it didn't make it go away.

This morning, I watched the system load while the error shows up. The
issue showed up but the system load appears to be independent of the
stall. As a short test, I closed the browser, waited a few seconds,
and started a new browser. The login page appeared after a normal
delay.

So, the short version is that it appears that there's something that
makes Chrome ignore Alfresco after a certain amount of traffic. Is
anyone else experiencing this?

Sunday, October 2, 2011

Compiling Asterisk SCF

(for the "note to self" bucket) I was attempting to build Asterisk SCF
and cmake was failing with the following error:

Linking CXX shared library ../../lib/libastscf-ice-util-cpp-pjlib.so /root/gitall/pjproject/pjlib/lib/libpj-asteriskscf.a(guid_uuid.o): In function `pj_generate_unique_string': /root/gitall/pjproject/pjlib/build/../src/pj/guid_uuid.c:45: undefined reference to `uuid_generate' /root/gitall/pjproject/pjlib/build/../src/pj/guid_uuid.c:46: undefined reference to `uuid_unparse' collect2: ld returned 1 exit status make[2]: *** [lib/libastscf-ice-util-cpp-pjlib.so] Error 1 make[1]: *** [ice-util-cpp/src/CMakeFiles/astscf-ice-util-cpp-pjlib.dir/all] Error 2 make: *** [all] Error 2

The fix is simple. Simply add "-DEXTRA_LIBS='-luuid'" to the cmake command. In other words, the command line should look like:

cmake -DEXTRA_LIBS='-luuid' --build ./build

Monday, September 19, 2011

davfs2 and filenames with spaces

One of the tricks in using Alfresco, Apache, Gallery, or Knowledgetree
is mounting their webdav access as part of the Linux file system. One
of the problems with Alfresco is that, by default, it has a space in
its filename path (i.e., "User Homes"). There are two ways around
this:

1) Write a proxy in Apache. Covered elsewhere and is a lot of extra work.

2) Delimit the space(s) in the path. After experimenting with percent
codes and leading the space(s) with a backslash (which didn't work), I
consulted the man page for fstab (yeah, I know...). The proper way to
indicate spaces in paths in fstab is to convert them to "40" so that

http://192.168.2.177:8080/alfresco/webdav/User Homes/tim

ends up looking like

http://192.168.2.177:8080/alfresco/webdav/User40Homes/tim

There appears to be one drawback to using Alfresco's WebDAV interface: Alfresco needs to be started before attempting to mount WebDAV.  Since it takes a few minutes for Alfresco to start, mounting WebDAV can't be part of the boot sequence.

Sunday, September 18, 2011

VaBch Hamfest 2011

The Virginia Beach Hamfest was held at the Convention Center yesterday
(17 Sep 2011). The weather was absolutely dismal, in the 60, rainy
and very windy. This caused the "outdoor vendors" section to be
closed. A number of local clubs and orgs had tables. 757labs did
not, due to mechanical failure.

Only a handful of vendors participated. However, I did managed to
spend the cash that I'd been saving for months. Got what I needed (a
new battery for my Icom W32a) and what I wanted (TNC-X), so I now have
everything needed for a mobile packet radio rig. Notes later.

Spent the remainder of the day at 757labs. Crashed the How to Solder
class. Apparently there's no end of expert-how-to-solder videos on
YouTube, made by non-expert solderers. The class was quite
entertaining.

Thursday, September 15, 2011

Something is not right (in the API)

This is a test email for posting through a long string of APIs. About
six months ago, my connection between Posterous and Identica. This
morning, it was suggested that I attempt to authorized the connection
again.

It appears that the API for Posterous is a bit wonky because, when I
use "http://identi.ca/api" for the link, the authorization fails.
However, if I leave the link blank, it defaults to the same URL and
authorizes the connection.

WTF?

Tuesday, September 6, 2011

Coherence and Gallery3

Spent a few days playing with DLNA and WebDAV services. Ended up focusing on Gallery3 and Coherence. Wrote a start-up script for Coherence and developed a work-around to get Coherence to work with Gallery3.

Coherence

Wrote a start-up script for Coherence, based on the skeleton script found in /etc/init. Not too many changes were required:

 1) I moved /root/.coherence to /etc/coherence/coherence.conf
 
 2) Edited the startup script so that:

 DESC="Coherence UPnP service"
 NAME=coherence
 DAEMON=/usr/bin/$NAME
 DAEMON_ARGS=" -c /etc/coherence/coherence.conf"
 
 3) I then added "-b" to the start-stop-daemon lines in "do_start" and  removed "--pidfile $PIDFILE" from all lines in do_start() and  do_stop().

The addition of "-b" causes start-stop-daemon to move coherence to the background, once it's started. Without, Coherence never releases control back to the system (you'd continuously see the output of Coherence and the boot sequence would never reach the login prompt). (Hint: hit Control-C if you manage to do this.)

Removal of "--pidfile $PIDFILE" is more of a personal choice. If you want to continue to use PIDs, leave "--pidfile $PIDFILE" in and add "-m" to the line. "-m" forces the start-up script to create a PID for Coherence because Coherence isn't written to return a PID to the start-up script. This works fine as long as you never run the start-up script while the service is already running. If you do this, a new PID is created that has nothing to do with the currently running service (i.e., you won't be able to stop Coherence with "service coherence stop").

Removing "--pidfile $PIDFILE" forces the script to act more like the "kill" function, where the start-up script looks for functions with the same name as itself and "kill -15"s the process. It's less elegant, but Coherence doesn't have a shutdown function so the two methods are more or less equivalent.

In any case, my version of the start-up script is here.

Coherence and Gallery3

Coherence has a few modules, one of which allows you to show Gallery2-hosted graphics on your UPnP-enabled media player. Notice that I've said "Gallery2". Apparently, it plays nicely with Coherence. Unfortunately, some time in the past, I decided to be "cutting edge", installed Gallery3, and uploaded close to 500 pictures into it.

The problem with Gallery3 is that it's still in development and only recently acquired the Gallery_Remote module which allows Gallery2 to work with Coherence. I spent a few hours experimenting with Gallery_Remote, trying to get it to function. It appears to be very version specific and won't work with my build of Gallery3. At this point, I went looking for work-arounds.

My work-around idea involved setting up WebDAV so that Coherence and using davfs2 to trick Coherence into believing that it was serving files from a local dircectoy. A quick search of Gallery3 modules revealed that it did have a WebDAV module (one based on SabreDAV). I was somewhat successful in getting it to run but, for some reason, it refuses to serve up the first folder of pictures in the directory (works well with all others). Finding this unsuccessful, I removed the module.

My next approach was to use the DAV module that's built into Apache2. This turned out to be the proper approach. I used Adam Shand's notes in configuring Apache2. The only thing that Adam doesn't mention is that you need to run a2enmod for dav, dav_fs, and dav_lock. My version of the Apache2 configuration is here.  Drop it in /etc/apache2/conf.d and restart Apache.

After that, mounting the WebDAV folder is quite easy. It is the same approach that I employed to get Knowledgetree to work as file storage for the in-house wiki. You only have to add a line to /etc/davfs2/secrets (e.g., "http://192.168.2.144/gallery-dav tim pAsSwOrD") and a line to /etc/fstab (e.g., "http://192.168.2.144/gallery-dav /var/www/gallerydav davfs rw,user,auto 0 0"). See the man page for davfs2 for more details.

After all of that work, I now have a media server which can supposedly speak to my wife's TV and my son's PS3. It's configured to serve up: music via Ampache, family photos via Gallery3, movie trailers from Apple iTunes, and streams from various Shoutcast stations. Keeping the service will probably be based on my wife's and son's reactions as the interface is a bit to rigid for my use (I prefer more flexibie solutions like Savonet).

Monday, September 5, 2011

An identity crisis?

Suffered a bit of an identity crisis this past weekend. (Note: Sparks, I blame you!! You too, Jim!)

It started by my going to the SouthEast LinuxFest (AKA SELF), this past June. Jim and Charmaine Brady, owners of Morning Dew Coffee Roasters, were there, giving away free samples of caffeine (good tasting ones!). They were also selling various coffee-themed cups and t-shirts. I managed to buy one of their t-shirts before they ran out. It has "sudo make coffee" printed on the front, over a steaming cup of coffee. On the back is a flow chart for making coffee.

In any case, I was wearing the t-shirt during the weekly run to Walmart, thinking nothing of it. Should have known that it'd draw a comment, my "Evilution" having previously triggered comments by an offended manager. As I started to unload my cart onto the conveyor, the young cashier commented that she "got" the "sudo" joke. The older lady in line ahead of me quipped, "You should see the back of his shirt. It's the algorithm for making coffee." While the cashier was processing my choices, she went on about how she like Linux and how she's not been able to convince her husband to abandon Win7.

The short version of the story is that I'm worried that I've ceased being cutting edge and have faded into "mainstream". What are the odds of three random geeks being in the same checkout line? Could it be that Linux is more popular that currently assumed? In any case, I was unnerved enough that I spent the remainder of the weekend building Xen kernels and bridging various XMPP services together.

Monday, July 25, 2011

Trying out new feature

Going to try out Delicious's daily links feature, over the next few days. Yell at me if it
gets out of hand?

Monday, July 4, 2011

Sometimes spam isn't a bad thing

Finally discovered a plus for spam: a SEO spammer recommended that I
add specific links to a page that I wrote over a decade ago. I
hadn't realized that it was still online. (Thanks, spammer!). Take
down of the page is now on my "to do" list.

Monday, June 27, 2011

Lessons learned for ESXi home users

With apologies for rambling, the following is a collection of “lessons
learned”, garnered over the last two years while employing ESXi 4.x in
a home network.

Online file storage

NFS is extremely slow when run in a VM (think FreeNAS in a VM). Only
thing slower is connecting USB storage to a VM. Other storage
protocols are tolerable but they are noticeably slower. Note: this is
not to say that it should never be done. Sometimes it's unavoidable.
For us home users, it’s not uncommon to have FreeNAS running in a VM.

You get what you pay for

When you build our a server, it's better to use a new system than
reuse an existing one. However, the you-get-what-you-pay-for rule
applies. Buying the low end vanilla box, and adding non-standard
drivers, is likely to end in pain and sadness.  My HP a1540n has
chugged along for 2 years without complaint.  The eMachines
EL-1352-07e died a noisy death, involving a number of lockups and
PSODs.

The idea had been that I could replace the 5+ year old machine with
one with equitable specs and smaller size.  I'd save $700 and have a
server that was small enough that it could travel to conferences.  I'm
hoping that it's just a power supply issue.

Make backups

Always (always!) make a backup before making any changes. This even
applies to simple patching and updates. It especially applies if you
experimenting with software, even more so if that software is
packaged. All it takes is one wrong dependency and some of your
installed software either disappears or ceases to function. Making a
backup is easy, though it may take a little time. A 100 GB SATA
disk-to-SATA disk backup can take about 90 minutes to create but it's
less time than having to recover or rebuild inadvertently destroyed
data.

Don’t use snapshots

Snapshots should never be used in production environments. Snapshots
can cause your VM to run slower, especially when you have multiple
large snapshots.  I'm of the belief that snapshots can remove any
speed advantage gained by using paravirtualization.

If you use snapshots and need to export a VM for any reason, there's
extra work involved in merging all snapshots back into their parents.
There are no tools, outside of the vSphere client, that handle ESXi
snapshots.  You need the flat file before you can export the VM to
some other hypervisor.  This is done by using the scary sounding
"Delete All" button in the snapshot manager.  What it actually does is
merge all snapshots back into the core disk, by merging snapshot #3
into #2, #2 into #1, and then #1 into the core.  For large VMs,
merging can require an obscene amount of storage (a couple TB of
storage can be consumed quickly).

Use scratch VMs
Always install software in a test VM before installing the software in
a production VM, especially when handling packaged software with
dependencies.  You never know what you'll break.  Example:
KnowledgeTree requires the Zend server package to provide PHP vice the
standard PHP package.  Installing anything that requires the normal
PHP package breaks KnowledgeTree.  (Note: this is also a support for
the "Make backups" recommendation.)

Know your tools
Finally, become familiar with your tools before you need them.  Think
of it as continuity planning.  It minimizes anxiety.  If you're having
to look for tools to handle a problem, after the problem has already
occurred, you'll probably use the first cheesy tool that you can find,
vice the proper tool.

Hope this helps.

Reinitializing OpenQRM's connection to ESXi

Note to self: if you run the following

/usr/share/openqrm/plugins/vmware-esx/bin/openqrm-vmware-esx init -i [ip-address-of-the-esx-server]

and it tells you to remove the file /var/run/openqrm-resource.conf, what's not said is that openqrm-resource.conf resides on the ESXi server, not the host running OpenQRM. (Docs need a tweak.)

Sunday, June 19, 2011

Interruption

The web site may drop out for a short while as I switch DNS registrars.  Apologies for any inconvenience.

Thursday, June 16, 2011

OpenFire, Pidgin, and MySQL

Realized this week that I'm extremely rusty with MySQL queries.  Was
chatting with bearm on #openfire this week, troubleshooting an issue
with a "last logged in" feature that he's working on.  Turns out that,
if you leave the "Resource" field blank in the Pidgin client, Pidgeon
or Openfire autogenerates a random string to put there.  Trouble is,
that string is unique for each session.  This causes the userStatus
field to contain multiple entries for the same user, when there should
only be one.

There's two fixes for this issue:

  1. if there's only a handful of users, have them enter something in the client's resource field, or 
  2. if there's a large number of users, write a work-around to ignore the issue.  

Bearm had the latter issue.  Because he wanted to list all users, even 
ones that had never connected with a Jabber client, we had to come
up with a MySQL query that would include all system users and would
filter them so that only the most recent incidence would be shown (i.e.,
the resource field would be ignored).  The following query seems to fit
the bill: 


select u.username,us1.lastLoginDate from (ofUser as u left join
ofGroupUser as gu on u.username=gu.username) left join userStatus as
us1 on u.username=us1.username left join userStatus as us2 on
(us1.username=us2.username and us1.lastLoginDate < us2.lastLoginDate)
where us2.username is NULL;

Thanks for hints for the above go to artful software for the "left self exclusion join".

Sunday, May 29, 2011

My monit recipes

Monit is one of my favorite tools. While it is a nice monitoring tool
for politely behaved services, it is also a quick work-around for
those services which don't play well in the normal boot sequence. For
me, these include the Statusnet daemons and Openfire. I have no good
startup script for the Statusnet daemons (xmppdaemon and queuedaemon)
and Openfire absolutely refuses to be part of the normal boot
sequence, though manually running "/etc/init.d/openfire start" always
works. In any case, the following monit recipies work for me:

 # xmppdaemon
 check process xmppdaemon with pidfile /var/run/xmppdaemon.generic.pid
 group statusnet
 start program = "/var/www/sn/scripts/startdaemons.sh"
 stop program = "/var/www/sn/scripts/stopdaemons.sh"
 if 5 restarts within 5 cycles then timeout
 
 # queuedaemon
 check process queuedaemon with pidfile /var/run/queuedaemon.generic.pid
 group statusnet
 start program = "/var/www/sn/scripts/startdaemons.sh"
 stop program = "/var/www/sn/scripts/stopdaemons.sh"
 if 5 restarts within 5 cycles then timeout
 
 # openfire
 check process openfire with pidfile /var/run/openfire.pid
 group openfire
 start program = "/etc/init.d/openfire start"
 stop program = "/etc/init.d/openfire stop"
 if failed host localhost port 9090
 protocol HTTP request "/login.jsp" then restart
 if 5 restarts within 5 cycles then timeout

The only shortcoming I see with the tool is that alerts are limited to
email only. I'd love to have the ability to post alerts via StatusNet
or IM/IRC. Guess I need to brush up on my C (or borrow someone else's
code). I know of a very cheesy system call that will post alerts to
Statusnet.

Tuesday, May 24, 2011

Getting rid of the Ubuntu splash screen on a LTSP thin client

One of the problems with running Ubuntu thin clients is that, when things go wrong, the splash screen gets in the way. To turn off the splash screen for a specific thin client, do the following:

1) Acquire root on the LTSP server

2) cd to the directory which holds the boot config file

cd /var/lib/tftpboot/ltsp/i386/pxelinux.cfg

3) There should be a file called “default” there. Copy that file to one that starts with 01, followed by the MAC address of the target thin client (change the colons to dashes).

cp default 01–00–0c-29-e1-a2–55

4) Open the new file with your favorite editor. The contents should look something like the following:

default ltsp label ltsp kernel vmlinuz append ro initrd=initrd.img quiet splash nbdport=2000

5) From that last line, remove the words “quiet splash” and save the file.

6) Your thin client should now boot without the splash screen (no need to restart the server), allowing you to see where in the boot sequence it’s crashing.

Above is adapted from the 28 Aug 2008 entry in the bootpolish blog

Saturday, May 21, 2011

Adding HDMI Audio to Ubuntu on the Acer Revo

Finally got around to attempting to get audio working through HDMI on
the little Acer Revo that I'd acquired a few months back. Turns out
it wasn't all that difficult, under Ubuntu 10.4.2.

The HDMI video worked when I plugged it in. It took a little while to
figure out that HDMI video wouldn't work unless I unplugged the SVGA
cable (this isn't mentioned in any online docs that I could find).

Audio took just a little more work than did video. First, I had to
update the nVidia driver and reboot. For some reason, version 173
doesn't support HDMI audio.

Next I added the following line to /etc/modprobe.d/alsa-base.conf
(this assumes that you have alsa-base installed):

  options snd-hda-intel model=auto

After that, I ran the following (as root) and rebooted after it was done:

  update-initramfs -k all -u

From there, I just needed to bring up the PulseAudio Volume Control
window, select the "Configuration" tab, and choose "Digital Stereo
(HDMI) Output" under the "Internal Audio" chooser. That's it.

There's a few minor problems with the new install. First, I can't
tell you what version of the proprietary driver. It's listed as
"(version current)", with the parens.

Second, where my monitor used to detect the video signal as 1920x1080
(using version 173 of the driver), it now detects the video signal as
"1080p". For some reason, this change causes the top and bottom of
the display to be off the screen (i.e., the Gnome panels are off the
screen). They're not visible unless I tell the Revo to use a 1440x900
resolution. I haven't yet decided which is the greater inconvenience:
having to switch headsets when listening to videos or the computer, or
having to employ a slightly less dense display resolution. For now, I
like not having to switch headsets. I'm still researching the video
resolution issue.

Lastly, and I'm not sure that it's actually a problem, I need to use
the monitor's control, vice the computer's, to control the audio
volume. It's going to take a little getting used to, reaching for the
remote control, vice the knob on my keyboard.

My thanks to Christopher Youde, who posted the howto as a bug on the
Ubuntu Laundpad bug page.

Wednesday, May 11, 2011

WikiPublisher side effects

It took a little wedging, but have WikiPublisher server up and running on home PmWiki (on top of Ubuntu 10.4 LTS). Have noted a couple side effects/oddities:

  • anything using the HTML strikethrough tag becomes invisible in the output PDF
  • PDF documents attached to a wiki page become included in the output PDF, while linked documents become footnotes

The latter one is probably a feature, though I don't know that I can determine "why".  In any case, I'm enjoying myself, working through the "How to Produce a Book" howto.  Anyone know of any other pitfalls/gotchas?

 

Saturday, May 7, 2011

The Little Things II

There are a couple nice work-arounds to counter the two previously-noted side effects, produced by de-selecting raise_on_click. Older Unix users will probably find them familiar and like them more than veteran Windows users. One is "focus follows mouse" and the other is the ability to use a combintation of keyboard and mouse to move a window. 

By clicking on System -> Preferences -> Windows, you're presented with the following screen. By selecting the first two check boxes and adjusting the slider, you can tweak the "focus follows mouse" function. You can also put that darned "Windows" key (or the Alt key) to work, allowing you to hold down the key, in conjunction with a left-click, to move a window.

A lot of people have asked about disabling the "raise on click" feature. If you're one of them, I hope this and the previous post make your life just a bit easier.

Screenshot-window_preferences

Friday, April 29, 2011

The little things...

One of the things that has annoyed me to no end is Chrome's theft of
window focus when you click on a link in XChat or some other
non-Chrome application.  It's not Chrome's fault.

Because I pull Twitter and Identi.ca into XChat (via Bip and Bitlbee), I
normally have a bunch of links waiting for me when I open my chat
client. Any attempt at opening more than one link at a time causes
frustration because you have to jump back to the XChat window to click
the next one. It adds a lot of mouse movement and extra clicks to
refocus.

In any case, I think I found the solution at about 4 a.m. this morning
(at the cost of a few spouse points). By opening gconf-editor and
de-selecting /apps/metacity/general/raise_on_click, Chrome no longer
jumps to the front when an URL is clicked on in XChat.

Please note that this isn't without an annoying side effect. You can
no longer click anywhere in a window to bring it to the front. You
must either click on the title bar at the top of the window, the
application's button in the window list, or use Alt-Tab to jump to the
desired app. It's something that I can live with, though.

Sunday, April 24, 2011

Lessons learned for ESXi home users

With apologies for rambling, the following is a collection of “lessons
learned”, garnered over the last two years while employing ESXi 4.x in
a home network.

Online file storage

NFS is extremely slow when run in a VM (think FreeNAS in a VM). Only
thing slower is connecting USB storage to a VM. Other storage
protocols are tolerable but they are noticeably slower. Note: this is
not to say that it should never be done. Sometimes it's unavoidable.
For us home users, it’s not uncommon to have FreeNAS running in a VM.

You get what you pay for

When you build our a server, it's better to use a new system than
reuse an existing one. However, the you-get-what-you-pay-for rule
applies. Buying the low end vanilla box, and adding non-standard
drivers, is likely to end in pain and sadness.  My HP a1540n has
chugged along for 2 years without complaint.  The eMachines
EL-1352-07e died a noisy death, involving a number of lockups and
PSODs.

The idea had been that I could replace the 5+ year old machine with
one with equitable specs and smaller size.  I'd save $700 and have a
server that was small enough that it could travel to conferences.  I'm
hoping that it's just a power supply issue.

Make backups

Always (always!) make a backup before making any changes. This even
applies to simple patching and updates. It especially applies if you
experimenting with software, even more so if that software is
packaged. All it takes is one wrong dependency and some of your
installed software either disappears or ceases to function. Making a
backup is easy, though it may take a little time. A 100 GB SATA
disk-to-SATA disk backup can take about 90 minutes to create but it's
less time than having to recover or rebuild inadvertently destroyed
data.

Don’t use snapshots

Snapshots should never be used in production environments. Snapshots
can cause your VM to run slower, especially when you have multiple
large snapshots.  I'm of the belief that snapshots can remove any
speed advantage gained by using paravirtualization.

If you use snapshots and need to export a VM for any reason, there's
extra work involved in merging all snapshots back into their parents.
There are no tools, outside of the vSphere client, that handle ESXi
snapshots.  You need the flat file before you can export the VM to
some other hypervisor.  This is done by using the scary sounding
"Delete All" button in the snapshot manager.  What it actually does is
merge all snapshots back into the core disk, by merging snapshot #3
into #2, #2 into #1, and then #1 into the core.  For large VMs,
merging can require an obscene amount of storage (a couple TB of
storage can be consumed quickly).

Use scratch VMs

Always install software in a test VM before installing the software in
a production VM, especially when handling packaged software with
dependencies.  You never know what you'll break.  Example:
KnowledgeTree requires the Zend server package to provide PHP vice the
standard PHP package.  Installing anything that requires the normal
PHP package breaks KnowledgeTree.  (Note: this is also a support for
the "Make backups" recommendation.)

Know your tools

Finally, become familiar with your tools before you need them.  Think
of it as continuity planning.  It minimizes anxiety.  If you're having
to look for tools to handle a problem, after the problem has already
occurred, you'll probably use the first cheesy tool that you can find,
vice the proper tool.

Hope this helps.

Monday, April 18, 2011

Learning about low-end systems, the hard way

Apologies for the delayed (and rambling) update.  Have been very busy.  Following is an update on the experiments with installing various virtualization technologies.  The common theme is: the video card on the older box isn't recognized by any of the software installs.  I believe this to be associated with the removal of the frame buffer as a default device on many install disks.  Ubuntu is only now adding it back.

The issue with Proxmox 1.7 turned out to be the video driver. The built-in video on the motherboard wasn't recognized by Proxmox. I got around this by putting the hard drive in a newer computer (have I said that I really like BlacX?), installing there, and moving the drive back to the original computer.

CentOS 5.5 just doesn't like my boxes, either of them. The install (net or DVD based) completes successfully but, upon reboot, hangs when udev starts up. I'm probably missing a boot option or two. Again, it's more work than I care to do at this point.

XenServer 5.6.1 installs nicely on the older hardware. One drawback is that the official management program (XenCenter) requires Windows to run. A decent alternative appears to be Open XenCenter. If I end up using this, I'll need to figure out how to load ISOs onto the server as there's no upload tool like what vSphere has.

Which brings me to a side topic: management software. One of the drawbacks for most commercial hypervisors is that you need Windows to run some sort of management software. For an all-Unix shop, this can have drastic affects on production networks (think required infrastructure to support that one Windows box). Fortunately, a number of non-Windows management pieces are available:

solutionadvantagesdisadvantages
home grown - easy to customize - must be customized for each install
- extremely limited feature set without a large investment of time
vSphere - I'm familiar with it - requires a Windows box
- requires moderately powerful hardware
XenCenter - similar to vSphere in function - requires a Windows box
Open XenCenter - doesn't require Windows - somewhat limited feature set

What each needs most:

solutionfeature
vSphere A non-Windows version of vSphere
XenCenter A non-Windows version of XenCenter
Open XenCenter A built-in means for uploading ISOs into local storage

The delay in posting was mostly caused by a hardware failure.  I'd been wanting to move the house ESXi server off of the main box and run it on a smaller system.  For this purpose, I had purchased an eMachines EL-1352-07e.  It's a 64-bit dual core AMD system with 4GB of memory and a 300 gig hard drive.  I successfully modified the ESXi install disk (I'm getting good at this) and had moved the VMs onto the new server.

To be on the safe side, I didn't erase anything from the old server, deciding to run the new server for 3 days, just in case of a failure.  Three days went by without a hick-up, so I downloaded and installed Fedora 14 with the idea that I would experiment with KVM.  That's when karma stepped in.  When I attempted to connect to the new server with the vSphere client, the connection would time out.  Checking the console, I discovered that it was frozen.  

My only recourse was to hold the power button in to trigger a hard reboot.  The system returned to normal operation.  About two hours after that, the console froze again.  Then again, after about 30 minutes.  This time, the system complained about a corrupted file system and PSOD'd.

After a couple hours of panic (I'd erased the old server, the new one had a bad file system, and the last backup was done over a month ago), I remembered that ESXi sets up a number partitions on the hard drive (the OS is separate from the datastore). I started researching what could be done to pull the VMs off of the corrupted disk.

The short version of a 2-week long story is that the VMs are now running on the old server, without any loss of data.  The month-old backup was not needed.  I'd discovered a number of tools which aided in the recovery or just made things interesting:
  • vmfs-fuse, part of vmfs-tools allows you to mount VMFS formatted hard drives under Linux
  • qemu-img allows you to convert VMs to other formats (not just qemu's)
  • vde provides a distributed (even over the Internet) soft switch
For awhile, I had the VMs running under KVM on my workstation. VMFS-fuse allowed me to mount the original data stores and qemu-img allowed me to convert the VMs to QCOW2 format. However, qemu-img could not include ESXi's snapshots in the file system conversion, so it was only useful for accessing data even older than the backup.

So, for now, the VMs are back on the old server, running under ESXi. They'll stay there at least until the "Build an Open Source Cloud Day" Friday at the SouthEast LinuxFest (SELF). Hopefully, I'll be learning a bit more about deploying/managing Xen servers (appears to be the currently supported "cloud" in CloudStack) then.

Saturday, April 16, 2011

What RAID isn't...

I periodically have to discuss what RAID is and what it isn't.  I have this discussion with management, IA, and even experienced system administrators.  Last years Information Storage and Management class allowed me to order my thoughts and come up with a more concise statement:  

Although RAID can support a back-up solution (as a separate storage solution), it's main reasons for existence is high availability or high bandwidth.  It is not (in itself) a backup solution as it does not take snapshots in time.  

If you're using RAID as your primary and you've configured it to mirror itself (on the same system), you're only one horrible accident away from losing everything.  The mirror will only save you from hardware failures.

Thoughts?  Arguments?

Monday, March 21, 2011

Reply to all

Note to the whole effin' planet:

Method for Replying to Messages Sent to "All Users"

1) Click on "Reply" vice "Reply to All".

2) Check the list of recipients before hitting send. If recipient is a distro address, delete it and enter the address of the ONE person who sent you the email.

3) Type in your message. (Note: this step cannot be performed before #2 as doing so encourages you to not check recipients before #4.)

4) Click "Send".

== End of Tutorial ==

Warning!!! Anyone who sends "Stop replying to all" messages to the "All User" distro will be added to my short list. When I come to power, QWERTY keyboards will be outlawed and you will be forced to use 14.4K dial-up. (Dvorak keyboards and 10-second connection negotiations should slow you down enough to check things before hitting "Send".)

Bah! To heck with it...  You're all on my short list.

Friday, March 4, 2011

SHA-3 competition - round 2

For the crypto types: NIST has published the "Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition". Short version:
  • five finalists remain
  • comment period for round two is one year
  • finalist to be chosen some time in 2012
The report discusses how the five were selected from the fourteen from round one. For those that worry about it, Skein (the one that has Bruce Schneier as a team member) is still in the running.

Sunday, February 27, 2011

Breaking KnowledgeTree

(For my own benefit also) In trying to aggregate some of the web servers I have deployed in VMs, I managed to break KnowledgeTree and had to re-install. On Ubuntu, it's a real P.I.T.A. At one point, I couldn't get past the following error:

Warning: include_once(DB/.php) [function.include-once]: failed to open stream: No such file or directory in /usr/share/knowledgetree-ce/thirdparty/pear/DB.php on line 371

The fix for the above is easy. It's usually an indication that there's extra kruft in the config-path file. To fix it, delete all of the lines in /usr/share/knowledgetree-ce/config/config-path except for /etc/knowledgetree-ce/config.ini.

Also, if you're working with the Chrome browser, you'll probably get into the condition where "control.php" downloads instead executing on the server. The point to remember is that even if you fix it, this condition will continue until to erase your browser history.

Yeah, it's been that kind of day.

Sunday, February 20, 2011

Playing with virtual tech

I spent a good portion of yesterday evening experimenting with various virtual technologies in an attempt to see what I could get running on my old HP desktop. The idea is that VMware is talking about discontinuing the paravirtualization feature in ESXi. I'm looking for an alternative to ESXi, preferably an open source one with a graphical management tool.

Note: I'm able to play with multiple technologies due to having a couple BlacX eSATA docks. In other words, I can experiment without overwriting the installed ESXi hypervisor.

The issue is that I bought the HP right when they started including hardware virtualization in commercial desktop systems. The problem is that the hardware is an early version of what's under hypervisors nowadays. The end result is a very finicky system. Some things work and some don't.
  • ESXi 4.x runs nicely on it, with more than a little driver customization (it took about 8 hours to get it working). This is the tool that I'm trying to move away from.
  • Proxmox 1.7 refuses to install.
  • CentOS 5.5 (required for HyperVM's use of Xen or Proxmox) installs but refuses to boot (even before installing HyperVM).
  • While Xen 4.0 does compile properly on Ubuntu 10.4.1, there's something wrong in the kernel that causes it to run very slow. It's well beyond my ability to troubleshoot (i.e., n00b).
  • Xen 4.0 on Debian Squeeze builds and runs nicely, but needs a front end for management.
  • XCP 1.0 installs nicely but also needs a front end. Also, the syntax is slightly different than regular Xen's, enough to be painful.
  • Citrix's XenServer installs nicely but is a commercial product
  • Virtualbox runs nicely but runs at the OS level.
  • KVM runs but I can't get the storage to resize and there's no good web front end.

Ignoring the learning curve, I've been spoiled by ESXi. The feature set just isn't there for most of the non-commercial offerings. I'll keep you posted on how it's going.

For now, you can list me as "still looking". In the long run, I'll probably settle on the Debian Squeeze solution. If anyone knows of a good web-based management tool for Xen 4.0 (running on Debian Squeeze), please let me know.

Friday, February 11, 2011

Paper.li

Just discovered a tool to extract some of the intelligence from the Twitter firehose: Paper.li. It appears to aggregate linked-to articles that people tweet about, focusing on a specific hash tag or stuff in your own tweet stream.

If you're reading my blog directly, in the "Daily Papers" menu to the right, I've added links to various "papers" for my "favorite" topics.

Saturday, February 5, 2011

Point of note

Point of note: it's not just Google's search results that Bing is "borrowing". The way MS describes what's going on, the toolbar will forward data from any search performed by the user.

For those looking to argue the point, you have to answer the following question first: Did (or did not) Bing "borrow" search data? Call it silly, call it nitpicking, I don't want to know what label you want to hang on the act.

In the end, they were caught doing something that equates to copying someone else's homework. They can't go to jail for it but I think the nun at the front of the class (the one with the firm grip on the yard stick) might ask 'em to hold out their hands...

Monday, January 31, 2011

Shmoocon 2011

Dave and I have returned from Shmoocon 2011. Again, Shmoocon was a loose-knit collections of contests, linked together by various technical talks and general mischief. My wife has already confiscated all of the swag pens and all of the t-shirts. I have the following comments about various talks:
  • The "Hacking SmartWater" talk was just scary enough.
  • As always, a talk by Johnny Long can't/shouldn't be missed. This was no exception. He's asking for help.
  • I successfully resisted the urge to argue with Tara Whalen during her discussion on Google's wireless issues.
  • we were able to grab one of the cases offered during the interesting Zigbee Security talk.
  • Richard Friedberg's talk on Flow caused me to want to take another look at it (it's been around for a long, long time).
  • the talk on Hedy Lamar's technical work was interesting (it goes with this year's idea that certain applications of FHSS are about to be overcome).
  • The talk on URL shorteners should be a source of fun for months to come.

One of the themes for this year (more than two talks on the topic) is that Frequency Hopping Spread Spectrum (FHSS) is no longer as secure as it once was. Various people have been working on ways to determining the hop pattern and doing other things with homemade boards. Bluetooth is going to take a beating this year. I managed to snag one of Travis Goodspeed's GoodFET boards.

I embarrassed myself only twice this year: 1) My apologies for the snoring during the talk on the second day (Dave says I was quite loud). 2) Dave Marcus pointed out one of my accounts during his FireTalk about recon'ing via social media. Apparently, I'm the only one at Shmoocon who tweets with location turned on. (heh) He should have won the iPod.

My neighbor, in the room next to mine, embarrassed himself at 6 a.m. on Saturday. I woke to the middle stages of a the classic porcelain prayer, "Please God! I promise I'll never do it again." Dude, whatever it was that you were doing the night before, you weren't doing it right.

(Following was told to me by someone who made me promise not to give up his name) As always, Telmnstr brought something to the con. This year, it was a retired bomb disposal robot. TJ (a grown man) was playing with it in one of the public areas of the hotel, learning how to pick up and drop a Shmooball. He was pwned a short while later by the youngster (4-6 year old girl) who commandeered the controller and showed off the robot's ball capturing capabilities much better than anyone else (sorry TJ). We suspect that she had prior training.

We're sorry that we missed the closing session as we had to get on the road. Fortunately, someone has the closing talk up on uStream (also below). It's proof that actually work gets accomplished during the con (other than Josh Wright writing code for a speaker's prototype system while the talk is in progress). It takes about an hour to give out the prizes and say the various thank-you's. All in all, the con was fun.

[ustream vid=12355746 hid=0 w=480 h=296]

Saturday, January 22, 2011

KnowledgeTree and PmWiki

I managed to get KnowledgeTree 3.7 working on Ubuntu 10.4 (notes here). I also managed to bridge PmWiki to KT's WebDAV back end using davfs2 (notes here). To make a long story short, I can:
  • store my digital magazines (Linux Journal, Hakin9, BSD Magazine, etc.) in KT
  • search them via KT or Namazu
  • read them via KT, Namazu, or PmWiki
  • or put them on display in PmWiki
I can also point a WebDAV-capable file manager at the back end and move files around. As always, it's a bit overkill for my uses, but it's fun doing it.

Monday, January 17, 2011

Breaking Koha

(following is mostly for my benefit)  In playing with the test version of Koha (just doing the simple things), I managed to break it.  After deleting a record, OPAC searches return the following error:

Can't call method "as_usmarc" on an undefined value at /usr/share/koha/lib/C4/Search.pm line 2384.

It took a bit of search in Google but I did come across this post from Mason James.  His recommendation is to run:

./bin/migration_tools/rebuild_nozebra.pl *or*./bin/migration_tools/rebuild_zebra.pl

Problem is that if you run the above from /usr/share/koha, you receive complaints about not being able to find the Perl module C4::Context. The solution is to run the script with the full path, like:

/usr/share/koha/bin/migration_tools/rebuild_nozebra.pl

The above rebuilds the BIBLIO and AUTHORITIES indexes and you should be able to search via the OPAC page again.

Sunday, January 16, 2011

Koha

Thanks to Tomas Cohen, Koyami, and Shadower SC at the Koha Wiki, I now have a working instance of the Koha ILS on one of my scratchboxes.  ("ILS" is short for "Integrated Library System".)  While there's a couple formatting issues (bad wiki markup?), their article includes 99% of the info needed to get an instance up and running from source.

I was having a lot of trouble with getting the Koha VM running under ESXi 4.1.  Frustration set in and I resorted to building it from source.  Other than adjusting usernames, database names, and tweaking Apache a few times, their article works pretty well for an install on a paravirtualized Ubuntu Server 10.4.

Notes in the wiki shortly...  Still need to wade through the tutorials.  Then there's a number of extensions that "need playing with".

Wednesday, January 12, 2011

Updates to the wiki - old articles

I've been caught slacking.  I still haven't reposted all of the wiki articles.  This morning, I've added some of the older articles, dealing with hardware.  Most of the NSLU2 stuff is now re-posted.

Class starts this week so I should have time to finish the updates. (Does that make sense?  I have to be busier to have free time?)  Enjoy!

Friday, January 7, 2011

Cr48

Was allowed to play with the Cr48 laptop last night.  It was quite interesting.  For the geeky types, it makes for a nice instant-on-I-just-have-to-check-a-web-page tool but it's impossible to do anything that isn't available via a web page.  I probably like it because I've spent the last year slapping web front-ends on everything from IRC to ESXi VM controls.

The guy that had brought the laptop in, to show it off, said it best: "The techies will hate it but the non-techies will absolutely love it."  All in all, if it sells for about $150, Google will eat both Microsoft's and Apple's lunch for the year or so that it takes them to catch up.  If it sells for about $300, I don't think it'll go far (for an extra $100, you can have acquire a full-featured, albeit cheap quality, laptop).

I managed to get it to log into the OpenVPN-ALS management page but didn't have enough time to get to access the internal wiki or any other service at the house.  I get the impression that it's running OpenJDK, 'cause it generated the same errors as OpenVPN-ALS-on-OpenJDK.

Someone else was able to play a Pogo game on it.  If it is OpenJDK, it's a quite recent one.

It is able to play YouTube videos so it has Flash.  However, at 480 resolution, it just jerky enough to be noticeable (skips a frame every now and then).  This could have been caused by the wireless bandwidth which was being shared with a half-dozen other laptops.  (Anyone else get this impression?).

No one thought to click on the Market icon to see what was available.  Next time maybe.

Overall, I think it'll make a good "cloud" interface for people who primarily surf the web, blog, and/or use Google apps.