YiBi's Life|Live Log

This Easter Egg has been around for a while, but I just discovered it from Wikipedia. Really geeky. :)

It’s really strange why nothing shows up when I googled for “pps client for linux”.

I discover the official client only when I went to http://pps.tv.

Anyway these are the links for Fedora and Ubuntu.

I guess the Ubuntu version should work for Debian but I haven’t tried them packages myself.

Now the missing piece is an official client for Mac. Meanwhile, I’m enjoying it on my iPad. :)

Came across some interesting and useful stuff when doing HA on my Linux boxes. I thought I share it here.

Heartbeat, Corosync, Pacemaker?

This article talks about the functions of the various functions of the different components, namely Heartbeat, Corosync and Pacemaker. This should clear the doubt for beginners on the functions of the various components in a Linux HA setup.

http://theclusterguy.clusterlabs.org/post/1262495133/pacemaker-heartbeat-corosync-wtf

A tool that I discovered from LinBits, i.e. the folks behind DRBD.

DRBD Management Console

http://www.drbd.org/download/drbd-mc/

This DRBD management console is named wrongly. It should be called the Linux System Management Console. With this GUI, you can:

1. Manage your disks. This includes creating/deleting/resizing the volume group/logical volume, the underlying DRBD resource, the filesystem, all in one action.

2. Manage Virtual Machines. KVM is supported.

3. Setting up and managing HA clusters from scratch. No struggling with the “crm configure” mumbo-jumbo.

This significantly lowers the bar for people who wants to try out clustering, DRBD etc.

I’m building a HA cluster running a couple of services right now. After which i will share the details of my setup with everyone here.

It can be a pain sometimes to try to read tcpdump results on the fly when you only have SSH access. The usual way is to write the capture into a file and have Wireshark read and analyse the file subsequently.

There’s another way to have Wireshark read tcpdump output on the fly though by sending the dump to a named pipe and sending it via ssh to your local machine with Wireshark for real-time analysis. But be warned that this might take up significant bandwidth if the machine are sniffing has high network utilization. This is the command for sniffing all the remote network traffic on eth0.

ssh root@tcpdump -i eth0 -s 1500 -w –  | wireshark -k -i -

You can apply additional filters on the tcpdump command to reduce the data sent over the network. There are other ways to do this but I think this is the simplest most straightforward way to get work done.

What is NX?

NoMachine NX is an enterprise-class solution for secure remote access, desktop virtualization, and hosted desktop deployment built around the self-designed and self-developed NX suite of components. Thanks to its outstanding compression, session resilience and resource management and its integration with the powerful audio, printing and resource sharing capabilities of the Unix world, NX makes it possible to run any graphical application on any operating system across any network connection. Via NX accessing remote desktops, servers and applications, whatever their location, is just as fast, easy and secure as if you were sitting in front of them. Together with easy-to-use management, deployment, and monitoring tools, NoMachine NX makes it possible to transform any traditional desktop computing environment into a centrally managed, globally accessible, virtual desktop infrastructure.

In short, it’s like VNC, but much more powerful and versatile. The data compression between the client and server is excellent, allowing the users to connect over flaky connections. eg 3G. The users can also resume their previous login session and continue their work where they left off. NX works on SSH, there’s no oddball firewall adjustments. Whatever machine that allows SSH will work with NX.

NX server is a commercial software. There’s a community version available for free, but it can only support 2 concurrent users. So, the natural alternative is FreeNX.

There are 2 ways to get FreeNX installed on RHEL 6.

1. Install the readily compiled packages from ATRPM

2. Get the source rpms from ATRPM and rebuild them.

Option 1 is the way to go for most people. It’s painless and fast.

In my environment however, I can’t add external repositories into my servers because there’s no direct internet connection for all the machines. So I’m going on Option 2. I have a mixture of RHEL5 and RHEL6 machine in my network, so I opt to maintain my own repositories for certain software to maintain consistency. And why ATRPM? Simply because I can’t find any repositories that has freeNX rpms.

So here’s the quick and dirty guide to get FreeNX running.

1. Get all the neccesary source rpms

wget http://dl.atrpms.net/all/nx-3.3.0-38.src.rpm

 

wget http://dl.atrpms.net/all/freenx-server-0.7.3-18.src.rpm

2. Rebuild the source rpms.

rpmbuild –rebuild nx-3.3.0-38.src.rpm

 

rpmbuild –rebuild freenx-server-0.7.3-18.src.rpm

3. Install the built rpms in the following order

yum -y localinstall /root/rpmbuild/RPMS/x86_64/nx-3.3.0-38.el6.x86_64.rpm

 

yum -y localinstall /root/rpmbuild/RPMS/x86_64/freenx-server-0.7.3-18.el6.x86_64.rpm

4. Initialize NX. Choose ‘No’  when the script prompts for custom keypair.

root# /usr/libexec/nx/nxsetup –install ——> It is recommended that you use the NoMachine key for easier setup. If you answer “y”, FreeNX creates a custom KeyPair and expects you to setup your clients manually. “N” is default and uses the NoMachine key for installation.

 

Do you want to use your own custom KeyPair? [y/N] N Setting up /etc/nxserver …done

That’s it! FreeNX setup is done. This will work on all Red Hat like distros like CentOS, Fedora.

On the client side, download the NX client from http://www.nomachine.com/download.php.

The rest of the steps are straightforward and can be found from the NX website.

Due to some very unfortunate incidents a few years back, I had to have home surveillance at my doorstep. Being a techie, I would never pay for the expensive licenses home surveillance software and solution, so I got to doing it myself.

This is a simple illustration of my setup.

Zoneminder is an open source project for video surveillance. The main highlights and advantages in my opinion are:

1. The server side motion detection features and capabilities is excellent. It’s comparable many commercial products that will cost an arm and a leg.

2. The access to the system is via the internet. That makes accessing the system very simple.

3. ZoneMinder works with a myriad of network cameras, from the very expensive cameras to my cheap China Foscam network camera.

The server is a reasonably power machine running on CentOS. CPU utilization is not an issue yet with 2 cameras and motion detection turned on.

My initial setup was using an ADSL line for the internet link. The uplink was pathetic, so I could only do 1 frame per second. Anything higher than that, my uplink will be congested.

Just 2 weeks ago however, my FTTH line was activated. My current plan is a 50Mbps down / 25 Mbps up plan from M1. With this major speed improvement, I’m currently doing 10 frames per second. That’s the max my camera can go, otherwise I would like to try 15 frames or more. The current utilization is about 3Mbps per camera because ZoneMinder is pulling MJPEG. I’m now contemplating getting a another camera that supports H.264 for better image quality.

Here’s a few links for reference if anyone wants to get your hands dirty. :)

http://www.zoneminder.com

http://www.howtoforge.com/video_surveillance_zoneminder_ubuntu

Sometime I wonder why I’m paying for license and support when I don’t get/need them.

Anyway, I’m trying to get OpenVas on my server for VA tests. The packages recommended by OpenVAS doesn’t work because of failed dependencies, I have to get down to compiling it myself.

Preparation for all the following compilations:

> yum -y install libpcap-devel.x86_64 glib2-devel gnutls-devel gpgme-devel libuuid-devel sqlite-devel libmicrohttpd-devel libxml2-develyum libxslt-devel qt-devel qt-webkit-devel

This is for openvas-libraries-4.0.5

> cmake -DCMAKE_INSTALL_PREFIX=/opt/openvas
> make && make doc && make install

This is for openvas-scanner-3.2.4 / openvas-manager-2.0.4 / openvas-administrator-1.1.1 / greenbone-security-assistant-2.0.1 / openvas-cli-1.1.2 / gsd-1.1.1

> export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/openvas/lib/pkgconfig
> cmake -DCMAKE_INSTALL_PREFIX=/opt/openvas
> make && make doc && make install

Because we have installed OpenVAS in /opt/openvas, we have to add /opt/openvas/lib into the LDPATH. I did it by creating a file call /etc/ld.so.conf.d/openvas.conf and add /opt/openvas/lib in the file and run ldconfig to load the contents of openvas.conf.

The rest of the setup, you can download openvas-check-setup from http://wald.intevation.org/plugins/scmsvn/viewcvs.php/*checkout*/trunk/tools/openvas-check-setup?root=openvas and follow the instructions until you get no more errors from the check script.

More information can be found from this link – http://www.openvas.org/setup-and-start.html

Compiling this thing is pretty painful. :)

I had sat through the entire video, but I will be coming back to this soon. After some consolidation in my network, I’m going to end up with a couple of spare machines and alot of computing power. This will be the next project after the consolidation.

I have gotten a few people asking about the problems they are having with their LDAP configurations on RHEL 6 based on my previous post on this topic. I must say it’s a quite a pain having come from RHEL 5.

To summarise,

1. Take out sssd if you don’t need offline authentication

2. RHEL 6 defaults to TLS for LDAP authentication. Disable this behaviour by changing FORCELEGACY=YES in /etc/sysconfig/authconfig if you really do not want TLS between your client and the LDAP server.

3. nslcd is a neccesary component for LDAP authentication. Install nss_pam_ldapd nss-pam-ldapd and make sure nslcd is running.

Hope this helps anyone who is stuck with this issue.

*Edited – 20110805: Thanks to Frank M for pointing out the typo in the nss-pam-ldapd package.

I just got myself a bluetooth keyboard to get rid of all the wires running on my desk. First thing I tried was to pair it with my notebook running Ubuntu 10.10. Pairing was ok. And that’s about it?! It was painful trying to get the keyboard properly connected. There’s no indication in dmesg that a keyboard is found, and after a few tries restarting bluetooth, restarting the keyboard, dmesg showed HID device detected, ie the keyboard, but it still doesn’t work.

At first I thought it could be the keyboard itself. Afterall, I got it from http://ww.taobao.com. So, I decided to pair it with my iPhone. Seamless. Paired, got it working right away. Switched off the keyboard, turned it on again and iPhone connected the keyboard automatically. My Macbook was the ultimate. Even in sleep mode, it was holding on to the connection to the keyboard. and I could wake the Macbook from sleep mode with this keyboard. The experience was perfect!

So, what’s wrong with Ubuntu? I know, with some troubleshooting and tinkering, I can definitely get it to work eventually, but it’s so much more troublesome compared to Mac. The Ubuntu desktop experience has improved and surpassed other Linux distros, but it’s still way way way behind Mac.

Enough of rants, I still need to try to get the keyboard to work. Shall update the blog once I solve the problem.