Monday, October 22, 2012

passwd: Authentication token manipulation error

There are times when you will entirely left out a box in the dark and then one day it suddenly becomes the jagging hinge pulling out all the steam to a project you have or to a legacy system that has recoiled from it since its very inception.  What do you do when you can no longer retrieve your password?

In this post I am going to lay down simple steps to allow you to retrieve passwords from both virtual systems (vmachines) and physical ones.

  1. LiveCD -- it is best that you have a liveCD kept somewhere for emergency.  This CD either in physical media and/or ISO image will go along way.
  2. A good procedure to work on. 

Procedure:
----------------------------------------

  1. If it is a physical box, configure your BIOS to boot to your CD/DVD-ROM drive.  If it is a virtual machine, you will have to configure it to boot from an ISO image somewhere in you system. 
  2. Do this as root.  Identify the partition which needs to be accessed via "chroot".
  3. Create a staging directory for the system you intend to recover.
  4. Mount that system using this command:    e.g. mount -rw -t ext4 /dev/sda4 /mnt/
  5. chroot /mnt/  -- this would drop you to the chrooted environment of the system you intend to recover.
  6. Issue the command:   "pwconv"  (The "pwconv" command creates shadow from passwd and an optionally existing shadow)
Thats it, issue fixed.

Cheers!!!
Posted by RAVTSOFT CORP. at 12:18 AM 0 comments

Wednesday, September 26, 2012

ERROR: Failed to build gem native extension

If you happen to have an error whilst installing gems with chef.  similar to this one
-----------------------------------------------------------------------------------------------------------------------
gem install zliby chef-solr --no-ri --no-rdoc
Successfully installed zliby-0.0.5
Building native extensions.  This could take a while...
ERROR:  Error installing chef-solr:
    ERROR: Failed to build gem native extension.

/usr/bin/ruby1.9.1 extconf.rb
creating Makefile

make
sh: make: not found


Gem files will remain installed in /var/lib/gems/1.9.1/gems/yajl-ruby-1.1.0 for inspection.
Results logged to /var/lib/gems/1.9.1/gems/yajl-ruby-1.1.0/ext/yajl/gem_make.out
----------------------------------------------------------------------------------------------------------------------------
 To fix it you just need to install "make".


Here is the entire completed installation for this problem.

-----------------------------------------------------------------------------------------------------------------------------
chef-solo -c ~/solo.rb -j ~/chef.json -r bootstrap-latest.tar.gz
[2012-09-27T14:38:48+08:00] INFO: *** Chef 10.14.2 ***
[2012-09-27T14:38:48+08:00] INFO: Setting the run_list to ["recipe[chef-server::rubygems-install]"] from JSON
[2012-09-27T14:38:48+08:00] INFO: Run List is [recipe[chef-server::rubygems-install]]
[2012-09-27T14:38:48+08:00] INFO: Run List expands to [chef-server::rubygems-install]
[2012-09-27T14:38:48+08:00] INFO: Starting Chef Run for chefsvr.sulit.net
[2012-09-27T14:38:48+08:00] INFO: Running start handlers
[2012-09-27T14:38:48+08:00] INFO: Start handlers complete.
[2012-09-27T14:38:49+08:00] INFO: Processing user[chef] action create (chef-server::rubygems-install line 30)
[2012-09-27T14:38:49+08:00] INFO: Processing package[erlang-nox] action install (erlang::default line 25)
[2012-09-27T14:38:49+08:00] INFO: Processing package[erlang-dev] action install (erlang::default line 26)
[2012-09-27T14:38:49+08:00] INFO: Processing package[couchdb] action install (couchdb::default line 37)
[2012-09-27T14:38:49+08:00] INFO: Processing template[/etc/couchdb/local.ini] action create (couchdb::default line 45)
[2012-09-27T14:38:49+08:00] INFO: Processing directory[/var/lib/couchdb] action create (couchdb::default line 55)
[2012-09-27T14:38:49+08:00] INFO: Processing service[couchdb] action enable (couchdb::default line 67)
[2012-09-27T14:38:49+08:00] INFO: Processing service[couchdb] action start (couchdb::default line 67)
[2012-09-27T14:38:49+08:00] INFO: Processing ruby_block[set-env-java-home] action create (java::openjdk line 36)
[2012-09-27T14:38:49+08:00] INFO: ruby_block[set-env-java-home] called
[2012-09-27T14:38:49+08:00] INFO: Processing ruby_block[update-java-alternatives] action nothing (java::openjdk line 43)
[2012-09-27T14:38:49+08:00] INFO: Processing package[openjdk-6-jdk] action install (java::openjdk line 82)



[2012-09-27T15:12:55+08:00] INFO: package[openjdk-6-jdk] sending create action to ruby_block[update-java-alternatives] (immediate)
[2012-09-27T15:12:55+08:00] INFO: Processing ruby_block[update-java-alternatives] action create (java::openjdk line 43)
[2012-09-27T15:12:55+08:00] INFO: ruby_block[update-java-alternatives] called
[2012-09-27T15:12:55+08:00] INFO: Processing package[sun-java6-jdk] action purge (java::default line 25)
[2012-09-27T15:12:55+08:00] INFO: Processing package[sun-java6-bin] action purge (java::default line 25)
[2012-09-27T15:12:55+08:00] INFO: Processing package[sun-java6-jre] action purge (java::default line 25)
[2012-09-27T15:12:55+08:00] INFO: Processing package[rabbitmq-server] action install (chef-server::rabbitmq line 43)
[2012-09-27T15:13:19+08:00] INFO: Processing service[rabbitmq-server] action enable (chef-server::rabbitmq line 46)
[2012-09-27T15:13:19+08:00] INFO: Processing service[rabbitmq-server] action start (chef-server::rabbitmq line 46)
[2012-09-27T15:13:19+08:00] INFO: Processing execute[rabbitmqctl add_vhost /chef] action run (chef-server::rabbitmq line 56)
Creating vhost "/chef" ...
...done.
[2012-09-27T15:13:20+08:00] INFO: execute[rabbitmqctl add_vhost /chef] ran successfully
[2012-09-27T15:13:20+08:00] INFO: Processing execute[rabbitmqctl add_user chef testing] action run (chef-server::rabbitmq line 61)
Creating user "chef" ...
...done.
[2012-09-27T15:13:20+08:00] INFO: execute[rabbitmqctl add_user chef testing] ran successfully
[2012-09-27T15:13:20+08:00] INFO: Processing execute[rabbitmqctl set_permissions -p /chef chef ".*" ".*" ".*"] action run (chef-server::rabbitmq line 67)
Setting permissions for user "chef" in vhost "/chef" ...
...done.
[2012-09-27T15:13:20+08:00] INFO: execute[rabbitmqctl set_permissions -p /chef chef ".*" ".*" ".*"] ran successfully
[2012-09-27T15:13:20+08:00] INFO: Processing execute[apt-get-update] action run (apt::default line 22)
Ign http://ph.archive.ubuntu.com oneiric InRelease
Ign http://ph.archive.ubuntu.com oneiric-updates InRelease
Ign http://ph.archive.ubuntu.com oneiric-backports InRelease
Hit http://ph.archive.ubuntu.com oneiric Release.gpg
Get:1 http://ph.archive.ubuntu.com oneiric-updates Release.gpg [198 B]
Hit http://ph.archive.ubuntu.com oneiric-backports Release.gpg
Hit http://ph.archive.ubuntu.com oneiric Release
Get:2 http://ph.archive.ubuntu.com oneiric-updates Release [40.8 kB]
Hit http://ph.archive.ubuntu.com oneiric-backports Release
Hit http://ph.archive.ubuntu.com oneiric/main Sources
Hit http://ph.archive.ubuntu.com oneiric/restricted Sources
Hit http://ph.archive.ubuntu.com oneiric/universe Sources
Hit http://ph.archive.ubuntu.com oneiric/multiverse Sources
Hit http://ph.archive.ubuntu.com oneiric/main amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/restricted amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/universe amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/multiverse amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/main i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/restricted i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/universe i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/multiverse i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/main TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/multiverse TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/restricted TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/universe TranslationIndex
Get:3 http://ph.archive.ubuntu.com oneiric-updates/main Sources [157 kB]
Ign http://security.ubuntu.com oneiric-security InRelease
Get:4 http://security.ubuntu.com oneiric-security Release.gpg [198 B]
Get:5 http://ph.archive.ubuntu.com oneiric-updates/restricted Sources [3349 B]
Get:6 http://ph.archive.ubuntu.com oneiric-updates/universe Sources [61.6 kB]
Get:7 http://security.ubuntu.com oneiric-security Release [40.8 kB]
Get:8 http://ph.archive.ubuntu.com oneiric-updates/multiverse Sources [3665 B]
Get:9 http://ph.archive.ubuntu.com oneiric-updates/main amd64 Packages [394 kB]
Get:10 http://security.ubuntu.com oneiric-security/main Sources [57.2 kB]
Get:11 http://security.ubuntu.com oneiric-security/restricted Sources [1964 B]
Get:12 http://security.ubuntu.com oneiric-security/universe Sources [22.0 kB]
Get:13 http://security.ubuntu.com oneiric-security/multiverse Sources [1633 B]
Get:14 http://security.ubuntu.com oneiric-security/main amd64 Packages [206 kB]
Get:15 http://ph.archive.ubuntu.com oneiric-updates/restricted amd64 Packages [6651 B]
Get:16 http://ph.archive.ubuntu.com oneiric-updates/universe amd64 Packages [130 kB]
Get:17 http://security.ubuntu.com oneiric-security/restricted amd64 Packages [3995 B]
Get:18 http://security.ubuntu.com oneiric-security/universe amd64 Packages [55.0 kB]
Get:19 http://security.ubuntu.com oneiric-security/multiverse amd64 Packages [3202 B]
Get:20 http://security.ubuntu.com oneiric-security/main i386 Packages [207 kB]
Get:21 http://ph.archive.ubuntu.com oneiric-updates/multiverse amd64 Packages [6205 B]
Get:22 http://ph.archive.ubuntu.com oneiric-updates/main i386 Packages [395 kB]
Get:23 http://security.ubuntu.com oneiric-security/restricted i386 Packages [4062 B]
Get:24 http://security.ubuntu.com oneiric-security/universe i386 Packages [55.1 kB]
Get:25 http://security.ubuntu.com oneiric-security/multiverse i386 Packages [3381 B]
Hit http://security.ubuntu.com oneiric-security/main TranslationIndex
Hit http://security.ubuntu.com oneiric-security/multiverse TranslationIndex
Hit http://security.ubuntu.com oneiric-security/restricted TranslationIndex
Hit http://security.ubuntu.com oneiric-security/universe TranslationIndex
Hit http://security.ubuntu.com oneiric-security/main Translation-en
Hit http://security.ubuntu.com oneiric-security/multiverse Translation-en
Hit http://security.ubuntu.com oneiric-security/restricted Translation-en
Hit http://security.ubuntu.com oneiric-security/universe Translation-en
Get:26 http://ph.archive.ubuntu.com oneiric-updates/restricted i386 Packages [6645 B]
Get:27 http://ph.archive.ubuntu.com oneiric-updates/universe i386 Packages [131 kB]
Get:28 http://ph.archive.ubuntu.com oneiric-updates/multiverse i386 Packages [6359 B]
Hit http://ph.archive.ubuntu.com oneiric-updates/main TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-updates/universe TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/main Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/universe Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/main amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/universe amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/main i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/universe i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/main TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/universe TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric/multiverse Translation-en
Hit http://ph.archive.ubuntu.com oneiric/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric/universe Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/universe Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/universe Translation-en
Fetched 2005 kB in 25s (78.6 kB/s)
Reading package lists...
[2012-09-27T15:13:49+08:00] INFO: execute[apt-get-update] ran successfully
[2012-09-27T15:13:49+08:00] INFO: Processing execute[apt-get update] action nothing (apt::default line 29)
[2012-09-27T15:13:49+08:00] INFO: Processing package[update-notifier-common] action install (apt::default line 36)
[2012-09-27T15:13:54+08:00] INFO: package[update-notifier-common] sending run action to execute[apt-get-update] (immediate)
[2012-09-27T15:13:54+08:00] INFO: Processing execute[apt-get-update] action run (apt::default line 22)
Ign http://ph.archive.ubuntu.com oneiric InRelease
Ign http://ph.archive.ubuntu.com oneiric-updates InRelease
Ign http://ph.archive.ubuntu.com oneiric-backports InRelease
Ign http://security.ubuntu.com oneiric-security InRelease
Hit http://ph.archive.ubuntu.com oneiric Release.gpg
Hit http://security.ubuntu.com oneiric-security Release.gpg
Hit http://ph.archive.ubuntu.com oneiric-updates Release.gpg
Hit http://security.ubuntu.com oneiric-security Release
Hit http://ph.archive.ubuntu.com oneiric-backports Release.gpg
Hit http://security.ubuntu.com oneiric-security/main Sources
Hit http://ph.archive.ubuntu.com oneiric Release
Hit http://security.ubuntu.com oneiric-security/restricted Sources
Hit http://security.ubuntu.com oneiric-security/universe Sources
Hit http://security.ubuntu.com oneiric-security/multiverse Sources
Hit http://security.ubuntu.com oneiric-security/main amd64 Packages
Hit http://security.ubuntu.com oneiric-security/restricted amd64 Packages
Hit http://security.ubuntu.com oneiric-security/universe amd64 Packages
Hit http://security.ubuntu.com oneiric-security/multiverse amd64 Packages
Hit http://security.ubuntu.com oneiric-security/main i386 Packages
Hit http://security.ubuntu.com oneiric-security/restricted i386 Packages
Hit http://security.ubuntu.com oneiric-security/universe i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates Release
Hit http://security.ubuntu.com oneiric-security/multiverse i386 Packages
Hit http://security.ubuntu.com oneiric-security/main TranslationIndex
Hit http://security.ubuntu.com oneiric-security/multiverse TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports Release
Hit http://ph.archive.ubuntu.com oneiric/main Sources
Hit http://ph.archive.ubuntu.com oneiric/restricted Sources
Hit http://ph.archive.ubuntu.com oneiric/universe Sources
Hit http://ph.archive.ubuntu.com oneiric/multiverse Sources
Hit http://ph.archive.ubuntu.com oneiric/main amd64 Packages
Hit http://security.ubuntu.com oneiric-security/restricted TranslationIndex
Hit http://security.ubuntu.com oneiric-security/universe TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/restricted amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/universe amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/multiverse amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric/main i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/restricted i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/universe i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/multiverse i386 Packages
Hit http://ph.archive.ubuntu.com oneiric/main TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/multiverse TranslationIndex
Hit http://security.ubuntu.com oneiric-security/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric/restricted TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/universe TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-updates/main Sources
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted Sources
Hit http://ph.archive.ubuntu.com oneiric-updates/universe Sources
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse Sources
Hit http://security.ubuntu.com oneiric-security/multiverse Translation-en
Hit http://security.ubuntu.com oneiric-security/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/main amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/universe amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/main i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/universe i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-updates/main TranslationIndex
Hit http://security.ubuntu.com oneiric-security/universe Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-updates/universe TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/main Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/universe Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse Sources
Hit http://ph.archive.ubuntu.com oneiric-backports/main amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/universe amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse amd64 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/main i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/universe i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse i386 Packages
Hit http://ph.archive.ubuntu.com oneiric-backports/main TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric-backports/universe TranslationIndex
Hit http://ph.archive.ubuntu.com oneiric/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric/multiverse Translation-en
Hit http://ph.archive.ubuntu.com oneiric/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric/universe Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/multiverse Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric-updates/universe Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/main Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/multiverse Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/restricted Translation-en
Hit http://ph.archive.ubuntu.com oneiric-backports/universe Translation-en
Reading package lists...
[2012-09-27T15:13:59+08:00] INFO: execute[apt-get-update] ran successfully
[2012-09-27T15:13:59+08:00] INFO: Processing execute[apt-get-update-periodic] action run (apt::default line 40)
[2012-09-27T15:13:59+08:00] INFO: Processing directory[/var/cache/local] action create (apt::default line 50)
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local] created directory /var/cache/local
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local] owner changed to 0
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local] group changed to 0
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local] mode changed to 644
[2012-09-27T15:13:59+08:00] INFO: Processing directory[/var/cache/local/preseeding] action create (apt::default line 50)
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local/preseeding] created directory /var/cache/local/preseeding
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local/preseeding] owner changed to 0
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local/preseeding] group changed to 0
[2012-09-27T15:13:59+08:00] INFO: directory[/var/cache/local/preseeding] mode changed to 644
[2012-09-27T15:13:59+08:00] INFO: Processing apt_package[libgecode-dev] action upgrade (gecode::package line 44)

[2012-09-27T15:28:29+08:00] INFO: apt_package[libgecode-dev] upgraded from uninstalled to 3.5.0-2
[2012-09-27T15:28:29+08:00] INFO: Processing package[zlib-devel] action install (zlib::default line 20)
[2012-09-27T15:28:50+08:00] INFO: Processing package[libxml2-dev] action install (xml::default line 27)


[2012-09-27T15:29:26+08:00] INFO: Processing package[libxslt-dev] action install (xml::default line 27)
[2012-09-27T15:29:26+08:00] INFO: package[libxslt-dev] is a virtual package, actually acting on package[libxslt1-dev]
[2012-09-27T15:29:58+08:00] INFO: Processing gem_package[chef-server-api] action install (chef-server::rubygems-install line 89)
[2012-09-27T15:31:44+08:00] INFO: Processing gem_package[chef-solr] action install (chef-server::rubygems-install line 89)
[2012-09-27T15:31:44+08:00] INFO: Processing gem_package[chef-expander] action install (chef-server::rubygems-install line 89)
[2012-09-27T15:32:29+08:00] INFO: Processing gem_package[chef-server-webui] action install (chef-server::rubygems-install line 89)
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/log/chef] action create (chef-server::rubygems-install line 104)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/log/chef] created directory /var/log/chef
[2012-09-27T15:33:02+08:00] INFO: directory[/var/log/chef] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/log/chef] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/log/chef] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/lib/chef] action create (chef-server::rubygems-install line 104)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef] created directory /var/lib/chef
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/cache/chef] action create (chef-server::rubygems-install line 104)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/cache/chef] created directory /var/cache/chef
[2012-09-27T15:33:02+08:00] INFO: directory[/var/cache/chef] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/cache/chef] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/cache/chef] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/lib/chef/backup] action create (chef-server::rubygems-install line 104)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/backup] created directory /var/lib/chef/backup
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/backup] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/backup] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/backup] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/run/chef] action create (chef-server::rubygems-install line 104)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/run/chef] created directory /var/run/chef
[2012-09-27T15:33:02+08:00] INFO: directory[/var/run/chef] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/run/chef] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/run/chef] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/etc/chef] action create (chef-server::rubygems-install line 104)
[2012-09-27T15:33:02+08:00] INFO: directory[/etc/chef] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: Processing template[/etc/chef/server.rb] action create (chef-server::rubygems-install line 112)
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/server.rb] updated content
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/server.rb] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/server.rb] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/server.rb] mode changed to 600
[2012-09-27T15:33:02+08:00] INFO: Processing link[/etc/chef/webui.rb] action create (chef-server::rubygems-install line 119)
[2012-09-27T15:33:02+08:00] INFO: link[/etc/chef/webui.rb] created
[2012-09-27T15:33:02+08:00] INFO: Processing link[/etc/chef/expander.rb] action create (chef-server::rubygems-install line 123)
[2012-09-27T15:33:02+08:00] INFO: link[/etc/chef/expander.rb] created
[2012-09-27T15:33:02+08:00] INFO: Processing template[/etc/chef/solr.rb] action create (chef-server::rubygems-install line 112)
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/solr.rb] updated content
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/solr.rb] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/solr.rb] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: template[/etc/chef/solr.rb] mode changed to 600
[2012-09-27T15:33:02+08:00] INFO: Processing link[/etc/chef/webui.rb] action create (chef-server::rubygems-install line 119)
[2012-09-27T15:33:02+08:00] INFO: Processing link[/etc/chef/expander.rb] action create (chef-server::rubygems-install line 123)
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/lib/chef] action create (chef-server::rubygems-install line 128)
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/lib/chef/cache] action create (chef-server::rubygems-install line 135)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/cache] created directory /var/lib/chef/cache
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/cache] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/cache] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/cache] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/lib/chef/search_index] action create (chef-server::rubygems-install line 135)
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/search_index] created directory /var/lib/chef/search_index
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/search_index] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/search_index] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/var/lib/chef/search_index] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/etc/chef/certificates] action create (chef-server::rubygems-install line 142)
[2012-09-27T15:33:02+08:00] INFO: directory[/etc/chef/certificates] created directory /etc/chef/certificates
[2012-09-27T15:33:02+08:00] INFO: directory[/etc/chef/certificates] owner changed to 999
[2012-09-27T15:33:02+08:00] INFO: directory[/etc/chef/certificates] group changed to 0
[2012-09-27T15:33:02+08:00] INFO: directory[/etc/chef/certificates] mode changed to 700
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/run/chef] action create (chef-server::rubygems-install line 148)
[2012-09-27T15:33:02+08:00] INFO: Processing execute[chef-solr-installer] action run (chef-server::rubygems-install line 155)

Creating Solr Home Directory
  mkdir -p /var/lib/chef/solr/home
  entering /var/lib/chef/solr/home
  tar zxvf /var/lib/gems/1.9.1/gems/chef-solr-10.14.2/solr/solr-home.tar.gz
Creating Solr Data Directory
  mkdir -p /var/lib/chef/solr/data
  chown -R chef:root /var/lib/chef/solr/data
Unpacking Solr Jetty
  mkdir -p /var/lib/chef/solr/jetty
  entering /var/lib/chef/solr/jetty
  tar zxvf /var/lib/gems/1.9.1/gems/chef-solr-10.14.2/solr/solr-jetty.tar.gz
  chown -R chef:root /var/lib/chef/solr/jetty

Successfully installed Chef Solr.
[2012-09-27T15:33:02+08:00] INFO: execute[chef-solr-installer] ran successfully
[2012-09-27T15:33:02+08:00] INFO: Processing directory[/var/run/chef] action create (chef-server::rubygems-install line 182)
[2012-09-27T15:33:02+08:00] INFO: Processing template[/etc/init.d/chef-solr] action create (chef-server::rubygems-install line 205)
[2012-09-27T15:33:02+08:00] INFO: template[/etc/init.d/chef-solr] updated content
[2012-09-27T15:33:02+08:00] INFO: template[/etc/init.d/chef-solr] mode changed to 755
[2012-09-27T15:33:02+08:00] INFO: Processing file[/etc/default/chef-solr] action create (chef-server::rubygems-install line 210)
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-solr] mode changed to 644
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-solr] created file /etc/default/chef-solr
[2012-09-27T15:33:03+08:00] INFO: Processing link[/usr/sbin/chef-solr] action create (chef-server::rubygems-install line 215)
[2012-09-27T15:33:03+08:00] INFO: link[/usr/sbin/chef-solr] created
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-solr] action enable (chef-server::rubygems-install line 219)
[2012-09-27T15:33:03+08:00] INFO: service[chef-solr] enabled
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-solr] action start (chef-server::rubygems-install line 219)
[2012-09-27T15:33:03+08:00] INFO: Processing template[/etc/init.d/chef-expander] action create (chef-server::rubygems-install line 205)
[2012-09-27T15:33:03+08:00] INFO: template[/etc/init.d/chef-expander] updated content
[2012-09-27T15:33:03+08:00] INFO: template[/etc/init.d/chef-expander] mode changed to 755
[2012-09-27T15:33:03+08:00] INFO: Processing file[/etc/default/chef-expander] action create (chef-server::rubygems-install line 210)
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-expander] mode changed to 644
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-expander] created file /etc/default/chef-expander
[2012-09-27T15:33:03+08:00] INFO: Processing link[/usr/sbin/chef-expander] action create (chef-server::rubygems-install line 215)
[2012-09-27T15:33:03+08:00] INFO: link[/usr/sbin/chef-expander] created
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-expander] action enable (chef-server::rubygems-install line 219)
[2012-09-27T15:33:03+08:00] INFO: service[chef-expander] enabled
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-expander] action start (chef-server::rubygems-install line 219)
[2012-09-27T15:33:03+08:00] INFO: Processing template[/etc/init.d/chef-server] action create (chef-server::rubygems-install line 205)
[2012-09-27T15:33:03+08:00] INFO: template[/etc/init.d/chef-server] updated content
[2012-09-27T15:33:03+08:00] INFO: template[/etc/init.d/chef-server] mode changed to 755
[2012-09-27T15:33:03+08:00] INFO: Processing file[/etc/default/chef-server] action create (chef-server::rubygems-install line 210)
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-server] mode changed to 644
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-server] created file /etc/default/chef-server
[2012-09-27T15:33:03+08:00] INFO: Processing link[/usr/sbin/chef-server] action create (chef-server::rubygems-install line 215)
[2012-09-27T15:33:03+08:00] INFO: link[/usr/sbin/chef-server] created
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-server] action enable (chef-server::rubygems-install line 219)
[2012-09-27T15:33:03+08:00] INFO: service[chef-server] enabled
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-server] action start (chef-server::rubygems-install line 219)
[2012-09-27T15:33:03+08:00] INFO: Processing template[/etc/init.d/chef-server-webui] action create (chef-server::rubygems-install line 205)
[2012-09-27T15:33:03+08:00] INFO: template[/etc/init.d/chef-server-webui] updated content
[2012-09-27T15:33:03+08:00] INFO: template[/etc/init.d/chef-server-webui] mode changed to 755
[2012-09-27T15:33:03+08:00] INFO: Processing file[/etc/default/chef-server-webui] action create (chef-server::rubygems-install line 210)
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-server-webui] mode changed to 644
[2012-09-27T15:33:03+08:00] INFO: file[/etc/default/chef-server-webui] created file /etc/default/chef-server-webui
[2012-09-27T15:33:03+08:00] INFO: Processing link[/usr/sbin/chef-server-webui] action create (chef-server::rubygems-install line 215)
[2012-09-27T15:33:03+08:00] INFO: link[/usr/sbin/chef-server-webui] created
[2012-09-27T15:33:03+08:00] INFO: Processing service[chef-server-webui] action enable (chef-server::rubygems-install line 219)
[2012-09-27T15:33:04+08:00] INFO: service[chef-server-webui] enabled
[2012-09-27T15:33:04+08:00] INFO: Processing service[chef-server-webui] action start (chef-server::rubygems-install line 219)
[2012-09-27T15:33:04+08:00] INFO: Chef Run complete in 3255.07702181 seconds
[2012-09-27T15:33:04+08:00] INFO: Running report handlers
[2012-09-27T15:33:04+08:00] INFO: Report handlers complete


Posted by RAVTSOFT CORP. at 7:25 PM 0 comments

Wednesday, August 15, 2012

Terminal Terminator

There are tons of tools to get you moving via the terminal, you have the nifty Yakuake, which drops from the top of you screen like blind shade.

However what if moment calls that you be able to execute commands in a sync with several servers?  Terminator to the rescue.  Terminator is an excellent tool for firing-up several connections in one instance and be able to cascade your executed commands to all the rest those you connected.

To install it all you need is just do a simply apt-get for Debian based systems, for RedHat versions you have to install the EPEL repos to download and install the package.  




Posted by RAVTSOFT CORP. at 2:33 AM 0 comments

Site Reputation Checkers

There are times that you will be baffled by reports from users telling you that your site is a staging for Malware, Bots and Viruses.  If you believe you are free from these known vulnerabilities, take the time to step-back and check the links provided below.  It will pretty give you a summary of things hidden away from your eyes.

  1. http://safeweb.norton.com
  2. http://www.trustedsource.org
  3. http://www.alken.nl/web-security-check.htm
  4. http://www.unmaskparasites.com/security-report/
  5. http://www.avg.com.au/resources/web-page-scanner

Posted by RAVTSOFT CORP. at 1:15 AM 0 comments

Friday, August 3, 2012

The Fiber Optic Association - Tech Topics


The Truth about Fiber Optic and Copper Wires 


Copper or Fiber? What's the real story? (Here is a specific look at fiber vs copper in LANs)
Every time we read another article about copper and fiber cabling that was written by someone who was either ignorant or prejudiced - or both - it is full of pure, unadulterated garbage. What is the real comparison of fiber and copper? Let's take a more careful look.
Point of view: Well, everybody has a point of view. We're the professional society of fiber optics, aren't we? But we have an interest in both technologies and know they are complementary in many ways, so if we're prejudiced, it's toward making sure everybody uses lots of both of them, but gets trained so they install either properly!
And as part of the point of view, we are focusing on premises cabling for communications, although we'll look at some other applications like outside plant telephones.

Start With Phones
First of all, telephone wire is over a century old. The actual way a phone works is that old too!
The telephone wire used for POTS (plain old telephone service, like in your home or a small office) goes to a switch, where the analog voice signal is digitized and most probably sent off on a fiber optic cable. It it isn't now, it will be soon.
The copper phone wire has very limited bandwidth. It was designed to provide 3,000 Hz bandwidth, perfectly adequate for a voice signal. The modem has to play some pretty sophisticated games to get higher bit rates over the limited bandwidth of the POTS line. Two digital systems work on this old cable style: ISDN and xDSL. ISDN is a low bit rate digital signal that never caught on - since analog modems are just as fast and a lot cheaper and easier to set up. xDSL or digital subscriber loop is faster - as high as 1.5 Mb/s - but only if you are close to the phone switch - less than about 15,000 feet.
So the phone system is mostly fiber optics beyond the short subscriber link. Fiber links offer over 1,000 times as much bandwidth over distances over 100 times further. Specifically, you can have:
 Distance Bandwidth Voice Channels
 Copper 2.5 km1.5 Mb/s 24
 Fiber 200 KM2.5+ Gb/s 32,000 +

That tremendously higher capacity comes at a price. But even if it costs 1000 times as much for two fibers (one to transmit and receive), it is still 1/100th the cost of copper per voice channel. And it has other advantages, like a fiber optic cable being a fraction of the size and weight of a copper cable, a big point in underground conduits in crowded cities!
Depending on the application, fiber costs are typically 1-5% as much as copper in the backbone.
In the subscriber loop, where one connection only is used, the economics are quite different. A drop to the home is less than $100, while a fiber to the home would cost over $1000 and require an onsite way to power the transceivers. So fiber to the home is a non-player, except in rural areas where the line is long and would require a repeater. Then the longer distance capability of fiber makes it cheaper to run fiber than have copper with repeaters and providing power to the repeater.

 CATV?
What about the coax cable used for CATV? Well, it has lots of bandwidth (100 MHz to 1000 MHz depending on how old the installation is), but it even cheaper than telephone wire to install. CATV systems are using this coax for everything, (television signals, Internet connections, and even telephones) but it too is quickly converted to fiber, which provides the backbone connectivity due to lower loss (and subsequently longer runs betweem repeaters) and much greater reliabilityBoth those features translate into cost savings, of course. And the fiber backbones are bi-directional to allow for all the new services being offered.
In both telephone and CATV systems, fiber and copper coexist, with each being used where the economics dictate.

 The Real Controversy:
When most people talk about copper vs. fiber, they are talking about LANs or premises cabling. Here there is a lot of controversy, a lot of "positioning" and a lot of misinformation.
The wire we use for LANs is a lot younger than fiber optics. Fiber use is over 20 years old, but computer networks on unshielded-twisted-pair cable (UTP) have only been around about 15 years. In that time, UTP has gone through at least 5 generations, each time to keep up with the increasing bandwidth requirements of LANs. Today, it's hardly the "telephone wire" that some people think it is.
In that time, LANs have grown in capacity via: 
 LANBandwidth
Ethernet10 Mb/s
FDDI100 Mb/s
Fast Ethernet100 Mb/s
ATM55, 155 Mb/s
Gigabit Ethernet1,000 Mb/s (1 gigabit/s)
10 Gigabit Ethernet 10 Gb/s

The copper cabling manufacturers should be praised for their technical efforts to expand the capacity of UTP cabling. And the hardware manufacturers deserve a pat on the back too! They have been able to keep up with networks by some really sophisticated product development (including the electronics that perform the miracles of getting signals on and off the cabling.)
But all their efforts have produced a product that is not easily installed if one needs the maximum performance offered. Recently, a number of magazine articles and even a representative of AMP was quoted as saying that as much as 80-90% of all Cat 5 cabling was improperly installed and would not provide the rated performance. Contractors have told us that 40% of their Cat 6 installations pass certification tests.
The performance of the Cat 5 cable is dependent on close control of the physical characteristics of the cable and the materials used in the insulation. Untwist the wires too much at a connection or remove too much jacket and the cable may fail crosstalk testing. Pull it too hard (only 25 pounds tension allowed!) or kink it and loss the performance you paid for.
Even if top performance is not necessary, getting all 8 of the wires connected correctly requires a lot of care. 1-5% of all connections will not be correct first time around, according to the installers I have talked with. And did we mention the problem of electromagnetic interference (EMI) from motors, flourescent light ballasts, etc.?
But most networks only run at Ethernet at 10 Mb/s to the desktop. Even if you use 10/100 Ethernet cards, they will fall back to 10 Mb/s if the cabling won't support the faster speeds. And I'm told quite a few networks do. It's hard to tell unless you have a sophisticated network management system.
So what about fiber ? Fiber is not that easy to install either. Pulling the cable is easy - in fact it can be pulled at 8 times the pulling tension of Cat 5 and the typical cables used include strength members and stiffeners that make it hard to kink and damage. Fiber, by the way, is a lot stronger than steel - remember they don't reinforce fiber glass boats, airplanes, or even tires now with steel - they use glass fiber or aramid fibers, the strength members used in fiber optic cable.
Terminating fiber optic cable is not as simple as copper. While manufacturers have developed crimp-on connectors, they are expensive, high loss and have not been very reliable. Fiber optic connectors need adhesives for reliability and low cost. And most installation involves stripping fibers, injecting adhesives and polishing the ends. No IDC (insulation displacement connectors) here. Any good installer can learn how to terminate fiber in less than 2 hours.
Fiber does not have infinite bandwidth either! At least not the multimode fiber used in most premises networks. It's a lot higher than copper, but as you approach gigabit speeds, you are limiting the distances available for links to 500 meters or so.
Singlemode fiber, as used in telco and CATV networks, practically has infinite bandwidth. But it uses higher cost components and can be pricey for shorter links. It's not necessary for today's networks but may be for the next generation. (You've heard they are working on 10 GB Ethernet, haven't you?)
How about cost? Isn't that the bottom line for copper vs. fiber? Well, fiber prices continue to fall while copper prices (and the more sophisticated hardware needed to support high bandwidth transmission) rise. The cable plant is a wash - comparing Cat 5 and multimode fiber - both are about the same price by the time you consider everything (including fiber testers at $995 and copper testers at $4,000-6,000 and going up for Cat 6, 7 etc.)
It's the electronics that make the difference. A 10/100 Ethernet card for Cat 5 is $10-100, while a 10/100 fiber card (the new 100BASE-SX style) is $100-200 or so. And double the difference because you have to have electronics at each end of the link. Media converters from copper to fiber sell for as little as $100 and solve the problem of getting a fiber connection where a copper one now exists.
The additional cost of fiber is usually offset by the additional cost imposed by copper hubs (with the limited distance of copper - 90m - you need local telecom closets) and the cost of conditioned, uninterruptable power supplies (UPS), data-quality grounds and HVAC for every closet! These costs made one job estimate only $9 per desktop more with fiber - yet the customer still chose copper! Here's another viewpoint.
So why are 99% of all desktops connected with copper? The comfort factor. Installers and customers are both more comfortable with that old familiar copper wire (even if what they install has little in common with their simplistic perception!) and they like the fact that they save $100 or so on every desktop with copper.
The majority of backbones in large companies are fiber. They want the bandwidth and reliability of fiber, and the networking equipment vendors recommend fiber for the backbone. They expect to upgrade to higher bandwidth in the future, and only fiber offers upgradeability.

 So what do we think you should do?
If you are a typical user, Cat 5e to the desk is fine. You probably use Fast Ethernet and might use Gigabit Ethernet in the future, and that's what Cat 5e is designed for. However, I suggest you make sure it is installed properly - or you are wasting your money.
Power users should go fiber to the desk today, running a cable with 2 multimode 62.5/125 fibers of the new high bandwidth 50/125 laser-optimized type (>500 MH-km at 850 and 1300 nm) for future 10 GBE applications. Will you need 10 GBE at the desk? Not unless you are a heavy graphics user, like CAD or prepress? Not designing airliners or cars on the desktop? Go back to Cat 5e.

 What about Cat 5E or Cat 6?
Right now, Cat 6 is in limbo - no network calls for it and it needs a boost in performance for 10GbE. You get more performance, but no network is yet designed to operate on it. If you want a higher performance UTP cabling system - buy a complete solution from one vendor, require documentation on performance, and hope it has a purpose someday!

 Can't I future-proof my network?
At the desktop -no. Flatly, no. You have no guarantee that anything you install for cabling today, Category "whatever" copper or multimode fiber, will be useful in another few years. That's why manufacturers offer 15-25 year warranties - they know you will not be using that cabling more than another few years! A lifetime warranty is the only one that makes sense, since its lifetime is very short! Maybe you could install multimode and singlemode fiber, but you would be the first!
In the backbone, maybe, if you install a large fiber count optical fiber cable with lots of spare singlemode fibers, you probably have a good chance of supporting your network for ten or twenty years. The backbone is easier to deal with since it changes a lot less than the desktop connection.

 Silly Move Dept.
For some reason, the LAN migrated away from coax cable to UTP. Granted old "thicknet" Ethernet was a pain to deal with and expensive, but RG-58 ("thinnet" or "cheapernet") was cheap and reliable. GBE would run like a charm over CATV RG-6, and it's cheaper than everything but string!
Oh well, nobody said it was gonna make sense!

reference:  
http://www.thefoa.org/tech/fo-or-cu.htm
Posted by RAVTSOFT CORP. at 6:31 PM 1 comments

Tuesday, July 24, 2012

Using mod_rewrite to redirect web pages

There are plenty of tutorials to get this done but in its simpliest form redirecting an entire page to a different url all all together allows for greater internal security.  This can be done by using htaccess file to create a re-write rule.  A good example of code would look like this:

================================

   RewriteEngine on

   RewriteCond %{HTTP_HOST} ^x\.x\.x\.x$
   RewriteRule ^(.*)$ https://x.x.x.x/myapp/$1 [L,R=301]

   RewriteRule    ^$ app/webroot/    [L]
   RewriteRule    (.*) app/webroot/$1 [L]



======================================

Where "x" is the IP address separated by the dotted "." notation

Cheers!!!





Posted by RAVTSOFT CORP. at 3:58 AM 0 comments

Bash Internals a Researchers Eye View

Bash info, scripting examples, regex parameter substitution, interactive shell, and morekeywords:bash,shell,commmand,parameter,file,name,path,regular,expression,glob,login,mingetty,tty,console,terminal,screen,prompt,sudo,stdout,permission,permissionsdescription:Shell trivia and scripting examples including file name and path substitutions, as well as how to detect a live human logging in, and how to fix the session title and titlebar.Table of contents-----------------IntroductionLink to list of hintsDisabling xon xoff and detecting interactive loginRegular expressions and globbingChecking return status (return value) of programsCan't write a fileFixing the session titleUsing dd and gmime-uuencode to create passwordsA little rant about examplesIntroduction------------Shell programming and expecially shell variables are weird things. Therules are bizarre to those of use schooled in normal programminglanguages such as C, Perl, or Java. I'm not a shell programmer, butafter much painful, irritating, frustrating trial and error, (andhours of Google searches) I've managed to glean a few really usefulfacts. This document assumes that you are facile with the Linux shellbash, and that you are comfortable with shell commands and withviewing files, and comfortable viewing (and searching) man pages.By the way, it appears that the man page for bash is missing most ofthe available content. Heaven only knows why. For instance the manpage says "Expressions are composed of the primaries described aboveunder CONDITIONAL EXPRESSIONS." There is no heading "CONDITIONALEXPRESSIONS" in the man page.I couldn't find the list of CONDITIONAL EXPRESSIONS via the "infobash" command either. However, hope is not lost. Fedora (and probablymost distros of Linux) have full docs on the hard drive. Mine are at:file:///usr/share/doc/bash-3.1/bash.htmlSimply use your web browser to read the docs off your hard drive. ForFedora these docs are mostly in HTML format. They also appear to becomplete.You can always search Google, and many web sites will have the fulldocs.If you are frustrated with the shell, I feel your pain. Except for themost trivial operations, I use Perl for all sysadmin scriptingtasks. (I don't want to start a religious war here: if you like shellprogramming I'm happy for you. However, most of us will be moreproductive in Perl.) Perl makes sense and has many examples andencyclopedic documentation. For those times where Perl does't makesense (which I will readily admit occur on a regular basis), checkGoogle or "man perltoc" for the Perl docs table of contents.For examples of shell scripts, check out the scripts in /etc/init.d. Link to list of hints---------------------This information is implied by the bash man page (which is lackingexamples). There are also home nice hints at:http://linuxgazette.net/issue18/bash.htmlDisabling xon xoff and detecting interactive login--------------------------------------------------As of KDE4 (2008 and 2009) the terminal application konsole isbroken. It no longer accepts -ls. See my work around below.Reading between the lines, the -ls may have been added by one of thekonsole developers, and then removed by another developer (who Ipresume did not understand the implications).http://www.linuxquestions.org/questions/slackware-14/kde-konsole-gone-after-installing-kde4-608652/The work around is simple enough, and I hope you haven't wasted anhour looking for the solution.1) Run konsole2) Settings menu -> Edit Current Profile... -> General tab -> Command:3) Change to /bin/bash --loginThis changes a KDE config file Shell (probably some where such as/home/mst3k/.kde/share/apps/konsole/Shell.profile) that konsole usesat startup. By invoking bash as --login, shopt login_shell will be"on".Now your .bashrc or whatever will be able to distinguish when a humanis logged in, and when a script is running. The reason for this wouldbe to disable xon/xoff flow control for the human.From the bash prompt, "konsole -e /bin/bash --login" seems to work,but gives an interesting KDE error:[zeus ~]$ konsole -e /bin/bash --loginkonsole(659): Attempt to use QAction "change-profile" with KXMLGUIFactory![zeus ~]$ Undecodable sequence: \001b(hex)[?1034hAlso "/bin/bash -i" does *not* create an interactive session. I'mguessing this is due to shopt login_shell being somehow inherited bychild processes.Note: This information has subtle inaccuracies in the distinctionbetween "interactive shells" and "login shells". I hope to clarifythis soon. The Bash documentation says there is a difference, but doesnot get around to giving the reason(s) for the distinction.This example shows the solution two problems: how to disable the veryirritating software flow control xon and xoff mapped to keys control-x(C-x) and control-s (C-s). I'm an emacs user, and in emacs I use thosekeys constantly. Bash is set up for emacs command line editing, so allmy emacs reactions get used on the command line too, but co-minglingemacs with the semi-emacs keystroke support in bash can lead toissues. The big one was accidentally stopping i/o by hitting the xoffkey. This key hasn't been needed since they days of dedicated CRTterminals (without scroll back buffers). Heaven only knows why it isstill the bash default. I don't even use flow control on a runlevel 3non-graphical console session.Using shopt -q login_shell seems to be the modern and reliable way todetect interactive shell sessions. When the session is interactive,disable start and stop which are xon and xoff. ******Note: -ls only applies to older versions of konsole. See above.******There is a potential problem with this. The default state of terminal(console) applications such as KDE's konsole is *not* as a loginshell. This seems like a bug. To cure this obscure issue launchKonsole as:konsole -lsChange how Konsole is run in you start menu. Right click your startbutton (Fedora button, KDE button, whatever you call it). Select "MenuEditor". Click on one or more of the Terminal (konsole) entries, andadd " -ls" at the end of the "Command".******Note: -ls only applies to older versions of konsole. See above.******You can see the output of shopt in human readable form by leaving offthe -q option (-q for quiet):shopt login_shellor shopt# The newer (?) method of detecting an interactive shell.# This works with Fedora Core 6, and probably most modern versions of# Linux. Disable xon xoff, and alias rm to rm -iif shopt -q login_shell ; then      stty stop undef      stty start undef     alias rm='rm -i'fiBelow is another technique for testing to see if a login is aninteractive session. For reasons not quite clear, Apple's OSX has a problem setting and resetting the session name. It works under Linux,but not with OSX, and I can't figure out why Linux worksseamlessly. In any case, I created a weak workaround for OSX.The character strings being echoed are "escape sequences" for theterminal program. This seems to be more or less the same betweenxterm, "linux" (a terrible name for a tty since this is also the trueand real name of the operating system/kernel(?)), vt100, and mabe even"ansi" (another terrible name for a tty).# This works for OSX and should be fine for Linux too.# if [ ! -z "$(echo $- | grep i)" ]# Similar to the line above, but tests for 1 match instead of a# non-zero length return string. The shell variable $- contains the# values of the "set" command (which is different in Bash than in# csh(?) or some other shells). Do this:echo $-The result in my shell is "himBH". The "i" undocumented, but meansthat the shell is "interactive". The bash man page describes the otheroptions under the "set" section (try searching the man page for setwith multiple spaces in front "    set " or better yet forget man anduse browse the docs with Firefox from /usr/share/doc/ )Bash's "if" command with [ ] checks the boolean result. The shoptmethod is checking the command return value. Therefore using "echo"piped to "grep" you must check against equivalence to 1.I don't know why the command has to be surrounded by double quotes,parentheses, and preceded by $. if [ "$(echo $- | grep -c i)" == 1 ]then    stty stop undef    stty start undef    alias rm='rm -i'    # Don't echo except for a tty. Non-ttys (like scp) will break if    # you echo text to them.    # hostname -s    # id -nu    # echo -e -n  is bash specific (as opposed to a feature of /bin/echo)    # http://www.mit.edu/afs/sipb/project/outland/doc/rxvt/html/refer.html#XTerm    # 0 window title and icon name(?)    # 1 icon name    # 2 window title    # 30 type-of(?), usually Shell    #echo -ne "\033]1;one\007"    #echo -ne "\033]2;two\007"    echo -ne "\033]0;`id -nu`@`hostname -s`\007"fi# The following older code worked for a while, or at least in some cases.# This checks to see if the session has a prompt string of non-zero# length.# http://www.faqs.org/docs/bashman/bashref_68.html# Perhaps it stopped working when I made a small modification to my prompt.# In any case, it is less robust than the method above.# For interactive shells disable xon and xoff, and alias rm to rm -i# Use the a modern test.if [ ! -z "$PS1" ]then    stty stop undef    stty start undef    alias rm='rm -i'fiThis older method didn't work when scp'ing into the machine.I got the following result when using scp into the machine:[mst3k@zeus ~]$ scp tmp.txt hera.example.com:stty: standard input: Invalid argumentstty: standard input: Invalid argumenttmp.txt                                                       100% 1919     1.9KB/s   00:00[mst3k@zeus ~]$ scp x_next.txt hera.example.com:Regular expressions and globbing--------------------------------Globbing is use of * as a wildcard to glob file name listtogether. Use of wildcards is not a regular expression.These following examples should also work inside bash scripts. These may or maynot be compatible with sh. These are "interesting" regex or globbingexamples. I say "interesting" because they don't seem to follow thepath of "true" regular expressions used by Perl.[mst3k@zeus ~]$ echo ${HOME/\/home\//}mst3k[mst3k@zeus ~]$ echo ${HOME##home}/home/mst3k[mst3k@zeus ~]$ echo ${HOME##/home}/mst3k[mst3k@zeus ~]$ echo ${HOME##/home/}mst3k[mst3k@zeus ~]$ echo ${HOME##*}[mst3k@zeus ~]$ echo ${HOME##*/}mst3k[mst3k@zeus ~]$Checking return status (return value) of programs-------------------------------------------------Linux and unix-like systems are not inclined to tell you the returnstatus of commands you run at the shell prompt. Use this little oneline shell if statement to check true/false return values.[zeus ~]$ if  shopt -q login_shell; then echo "yes"; fi;yes[zeus ~]$ if !  shopt -q login_shell; then echo "yes"; fi;[zeus ~]$   Here is a better example, and includes a Perl script with differentexit values.Create a Perl script try.pl just like my try.pl that I've cat'edbelow. Here is a session transcript that should be clear. Yes, thePerl script is 6 lines. Yes, I strongly prefer my curly braces onseparate lines.[zeus ~]$ cat try.pl#!/usr/bin/perlif ($ARGV[0]){    exit(0);}exit(1);[zeus ~]$ if ./try.pl stuff ; then echo "yes"; else echo "no"; fi;yes[zeus ~]$ if ./try.pl ; then echo "yes"; else echo "no"; fi;no[zeus ~]$Can't write a file------------------There are cases (especially with Apache and CGI scripts) where you (atthe shell command line) or one or your scripts is unable to write to afile due to permissions. This will be true even when you sudo thewriting command. The short answer is: the shell permissions controlfile writing, not the permissions of the command. We will use anexample of a user www (think: apache) trying to write to a file ownedby mst3k. In reality mst3k wrote the script but due to variousconfiguration issues, the CGI scripts are running as www.Here is the solution (more explanation below). Add a tee command toyour sudoers file:www  ALL=(ALL) NOPASSWD:  /usr/bin/teeOr perhaps the more secure version:www  ALL=(ALL) NOPASSWD:  /usr/bin/tee -a /var/log/text.txtUse this command in your script:/bin/echo "i like pie" | sudo /usr/bin/tee -a /var/log/test.txt >/dev/nullFor instance you have a CGI script written in Perl, and www is insudoers for /bin/echo and the following does *not* work. I'll use aPerl script, but it is probably true even at the bash prompt. Note:adding /bin/echo to your sudoers doesn't solve the problem. You mightsolve the problem by using another shell and su'ing or sudo'ing thenew shell.#!/usr/bin/perl`/bin/echo "i like pie" | sudo /usr/bin/tee -a /var/log/test.txt > /dev/null`;my $id = `/usr/bin/id`;print "Content-type: text/html\n\nScript runs as:$id\n";exit(0);Keep in mind when trying to diagnose this problem that your script hasto run. The debugging processs has steps such as:1) Does the command work at the bash command line for the owner of the   directory/file?2) Does the command work at the bash command line for non-owners in sudoers?3) Did the CGI script run? CGI scripts can silently fail. There won't   be any http output, but you'll get no errors in your web browser   (unless you've got CGI::Carp enabled). There will be messages in   the Apache logs. Apache won't run scripts with group-write or   other-write privs, directories with group-write or other-write   privs, or that aren't owned by the directory owner   (/home/mst3k/public_html has to be owned by mst3k) and won't run   scripts that have no AddHandler or if ExecCGI is not enabled. There   are details about this elsewhere in these readme and mini howto   documents, but your .htaccess should include:Options +ExecCGIAddHandler cgi-script .plFixing the session title------------------------Most xterm software will put a session title in the windowtitlebar. The bash shell has an environment variable PROMPT_COMMANDthat is run every time the prompt is printed. This env var is missingon Apple Mac OSX, but you can easily add it to your .bashrc on anysystem.Briefly, the format is:export PROMPT_COMMAND='echo -ne "\033]0;title; echo -ne "\007"'Usually, we want this to be the userid, hostname, and current directory (pwdis "print working directory").export PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\007"'Put the line above into your .bashrc file. You can test this two ways:1) "source" .bashrc by typing ". .bashrc"2) enter the export command at the bash promptThis is how the prompt changes correctly when you log off a host. Thismight also be called fixing the prompt, fixing the titlebar, titlebar, session name, xterm session name, konsole session name, changesession name, change title bar, change session when logging off,logoff session change, terminal session name change, titlebar tweaks,escape sequence to change titlebar, vt100 sequence, vt102 sequences. Related information is:shell variables, environment variables, env,set, bash, .bashrc, bashrc, .bash_profile.Not related to this (at least not directly related) is.bash_logout. There is no magic at logout that "resets" the prompt ortitle bar. Each shell knows what its prompt and title bar should be,and the prompt and titlebar commands are run every time bash printsthe prompt. However you *must* have the shell variable PROMPT_COMMANDset and this is one of many fundamental features that OSX fails to set.Note that the env command doesn't show PROMPT_COMMAND. This is becausePROMPT_COMMAND is a variable. You can only see PROMPT_COMMAND's valuewith the "set" command or with "echo $PROMPT_COMMAND". In fact, if you really want to know all about your environment (in thegeneral sense of the word) you need two commands, and I like to havethe env vars sorted (set automatically sorts):env | sortsetWhen I export PROMPT_COMMAND is it both an env var and a set var. I'mmissing the distinction between the two kinds of variables. Using dd and gmime-uuencode to create passwords-----------------------------------------------Use /dev/urandom instead of /dev/random. Urandom gives better data andworks better with dd.if=file  is read from file instead of rading from stdinibs=n  is read n bytes at a timecount=n   is copy n input blocksGetting the random input is easy, however, it is binary. We need toconvert to normal printing characters to produce a random stringuseful as a password. Encoding as uuencode or base64 handles thisproblem. dd if=/dev/urandom ibs=6 count=1 | base64dd if=/dev/urandom ibs=6 count=1 | gmime-uuencode -m -A little rant about examples----------------------------Authors of documentation, need to include a large number of examples.If you love your operating system then please include examples. Theoperating system with the most documentation examples will win thewar.

Posted by RAVTSOFT CORP. at 3:52 AM 0 comments
Labels:

Saturday, July 21, 2012

Building Subversion from Bleeding Edge Repos (CentOS/RHE)

There are times that you wanted to get the latest stable release software packages available, but is not readily found via the repos of your distribution of choice.  RHE and CentOS are know for its notoriety of  using very old and stable packages, albeit to say -- they carry older stocks.  RHE Engineers pride themselves for being well known in compiling source to RPM packages with security in mind.

Now, if you are the type of sysadmin/developer who wants to try out "bleeding edge" technologies you can always turn to downloading the source packages and doing the necessary leg-work to get what you wanted.   One such package that technical people can't live without is subversion.  Subversion technology allows for greater versioning control and code audit trail.  If you use RHE / CentOS you may want to look into these repos for some new features that may interest you.

http://pkgs.repoforge.org/subversion/

http://subversion.apache.org/download/

Cheers!!!


Posted by RAVTSOFT CORP. at 7:26 AM 0 comments

Permanent Redirection to HTTPS


Redirection of HTTP to HTTPS (80 - 443) is a nasty business and some of the items seen from the Internet would not really give you the exact procedure on how to do it. In this post I am going to give-away my "secret recipe" to totally do just that.   So without further introduction lets go down the details:

Requirement is that you have your mod_rewrite module loaded by apache so I won't show you how to that here since its already elementary.

Look at this piece of code and its one of those tadah moments!

==========================================================

#########################################
#### XXX: BEGIN EDIT FOR MOD_REWRITE ####
#### This is intended to force HTTPS ####
#### for all inbound HTTP requests ####


####
# This module (mod_rewrite) simply tells Apache2 that all connections to
# port 80 need to go to port 443 – SSL – No exceptions
####



    LoadModule rewrite_module modules/mod_rewrite.so


   RewriteEngine on


####
# The line below sets the rewrite condition for mod_rewrite.so.
# That is, if the server port does not equal 443, then this condition is true
####


ReWriteCond %{SERVER_PORT} !^443$


####
# The line below is the rule, it states that if above condition is true,
# and the request can be any url, then redirect everything to https:// plus
# the original url that was requested.
####


RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]



#### XXX: END EDIT FOR MOD_REWRITE ####
#######################################

I guess the rest of the story resides in your ability to learn this promptly. Cheers!!!
Posted by RAVTSOFT CORP. at 6:24 AM 0 comments

Sunday, March 4, 2012

ip_conntrack: table full, dropping packet

There are times when you need to increase a key value to your system to get tcp traffic as expected.

For this this type of problem:

Mar 4 22:21:05 viking1 kernel: printk: 4883 messages suppressed.
Mar 4 22:21:05 viking1 kernel: ip_conntrack: table full, dropping packet.
Mar 4 22:21:10 viking1 kernel: printk: 4654 messages suppressed.
Mar 4 22:21:10 viking1 kernel: ip_conntrack: table full, dropping packet.
Mar 4 22:21:15 viking1 kernel: printk: 3943 messages suppressed.
Mar 4 22:21:15 viking1 kernel: ip_conntrack: table full, dropping packet.
Mar 4 22:21:20 viking1 kernel: printk: 3392 messages suppressed.

------------------
CentOS 5 Solution:
------------------

Increase your ip_conntrack_max value from the default of

cat /proc/sys/net/ipv4/ip_conntrack_max
65536

to:

cat /proc/sys/net/ipv4/ip_conntrack_max
1131072

Issue the command:

echo 1131072 > /proc/sys/net/ipv4/ip_conntrack_max


To check the number of current sessions open for this host:

wc -l /proc/net/ip_conntrack

------------------
CentOS 6 Solution:
------------------

To print current limit type:

# sysctl net.nf_conntrack_max

Output:

65536

To increase this limit to e.g. 100000, type:

# sysctl -w net.nf_conntrack_max = 100000

To make this settings permanent add the following line to /etc/sysctl.conf file:

net.nf_conntrack_max = 100000

The following will tell you how many sessions are open right now:

# wc -l /proc/net/nf_conntrack


Done! Cheers!!!
Posted by RAVTSOFT CORP. at 8:37 PM 2 comments

Thursday, March 1, 2012

Remote Linux Desktop Sharing: NoMachine

I have used tools in the past that allows me remotely manage shared linux desktop sessions with NoMachine.

For 64bit machines: http://www.nomachine.com/download-package.php?Prod_Id=3592

You will have to install three (3) components: a) nxclient; b) nxnode; c) nxserver

Cheers!!!
Posted by RAVTSOFT CORP. at 8:55 PM 0 comments

Friday, February 24, 2012

RAID status check for CentOS/RH/Fedora

For those who want a quick/elegant way of checking the software RAID status of your disk in RH/CentOS/Fedora use this command. "mdadm"

e.g.

mdadm --detail /dev

(the /dev, pertains to the device block that currently holds your RAID)

Cheers!!!
Posted by RAVTSOFT CORP. at 12:37 AM 0 comments

Tuesday, February 21, 2012

ERROR: /var/cache/apt/archives/gstreamer0.10-plugins-bad_0.10.22-3_amd64.deb: trying to overwrite '/usr/lib/gstreamer-0.10/libgstxvid.so', which is also in package gstreamer0.10-plugins-really-bad 0.10.22-0.1

There is a critical bug with the new LinuxMint Debian edition of 11. During an initial apt-get upgrade if you get this error:

/var/cache/apt/archives/gstreamer0.10-plugins-bad_0.10.22-3_amd64.deb: trying to overwrite '/usr/lib/gstreamer-0.10/libgstxvid.so', which is also in package gstreamer0.10-plugins-really-bad 0.10.22-0.1

To get around this issue the resolution would be to install all gstreamer plugins.

apt-get install gstreamer0.10-plugins

Once this has been installed retry the upgrade process, it should successfully install.

Cheers!!!
Posted by RAVTSOFT CORP. at 10:48 PM 0 comments

Sunday, January 29, 2012

Postfix "+" configuration How To

For you to get a wildcard domain to start working under postfix you need to add this critical piece of information via your "main.cf"

recipient_delimiter = +

Add the email you want for this to work. Add an Alias entry to acting as a catch basin for the email account. Afterwards reload postfix.

Done.
Posted by RAVTSOFT CORP. at 10:51 PM 0 comments

Tuesday, January 24, 2012

IPv6 Quick check your system

Here is a one liner quick check to Ipv6 your system.

At the command prompt:

[ -f /proc/net/if_inet6 ] && echo 'IPv6 ready system!' || echo 'No IPv6 support found! Re-Compile the kernel!!'


Neat. :)
Posted by RAVTSOFT CORP. at 9:32 PM 0 comments
Subscribe to: Posts (Atom)