Posts Tagged ‘Start’

Install Zabbix Agent client on CentOS 9 Stream Linux, Disable Selinux and Firewalld on CentOS9 to make zabbix-agentd send data to server

Thursday, April 14th, 2022

https://pc-freak.net/images/zabbix_agent_active_passive-zabbix-agent-centos-9-install-howto

Installing Zabbix is usually a trivial stuff, you either use the embedded distribution built packages if such are available this is for example defetch the right zabbix release repository  that configures the Zabbix official repo in the system, configure the Zabbix server or Proxy if such is used inside /etc/zabbix/zabbix_agentd.conf and start the client, i.e. I expected that it will be a simple and straight forward also on the freshly installed CentOS 9 Linux cause placing a zabbix-agent monitroing is a trivial stuff however installing came to error:

Key import failed (code 2). Failing package is: zabbix-agent-6.0.3-1.el8.x86_64

 

This is what I've done

1. Download and install zabbix-release-6.0-1.el8.noarch.rpm directly from zabbix

I've followed the official documentation from zabbix.com and ran:
 

[root@centos9 /root ]# rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm


2. Install  the zabbix-agent RPM package from the repositry

[root@centos9 rpm-gpg]# yum install zabbix-agent -y
Last metadata expiration check: 0:02:46 ago on Tue 12 Apr 2022 08:49:34 AM EDT.
Dependencies resolved.
=============================================
 Package                               Architecture                Version                              Repository                      Size
=============================================
Installing:
 zabbix-agent                          x86_64                      6.0.3-1.el8                          zabbix                         526 k
Installing dependencies:
 compat-openssl11                      x86_64                      1:1.1.1k-3.el9                       appstream                      1.5 M
 openldap-compat                       x86_64                      2.4.59-4.el9                         baseos                          14 k

Transaction Summary
==============================================
Install  3 PackagesTotal size: 2.0 M
Installed size: 6.1 M
Downloading Packages:
[SKIPPED] openldap-compat-2.4.59-4.el9.x86_64.rpm: Already downloaded
[SKIPPED] compat-openssl11-1.1.1k-3.el9.x86_64.rpm: Already downloaded
[SKIPPED] zabbix-agent-6.0.3-1.el8.x86_64.rpm: Already downloaded
Zabbix Official Repository – x86_64                                                                          1.6 MB/s | 1.7 kB     00:00
Importing GPG key 0xA14FE591:
 Userid     : "Zabbix LLC <packager@zabbix.com>"
 Fingerprint: A184 8F53 52D0 22B9 471D 83D0 082A B56B A14F E591
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
Key import failed (code 2). Failing package is: zabbix-agent-6.0.3-1.el8.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by e
xecuting 'yum clean packages'.
Error: GPG check FAILED


3. Work around to skip GPG to install zabbix-agent 6 on CentOS 9

With Linux everything becomes more and more of a hack …
The logical thing to was to first,  check and it assure that the missing RPM GPG key is at place

[root@centos9 rpm-gpg]# ls -al  /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
-rw-r–r– 1 root root 1719 Feb 11 16:29 /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591

Strangely the key was in place.

Hence to have the key loaded I've tried to import the gpg key manually with gpg command:

[root@centos9 rpm-gpg]# gpg –import /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591


And attempted install again zabbix-agent once again:
 

[root@centos9 rpm-gpg]# yum install zabbix-agent -y
Last metadata expiration check: 0:02:46 ago on Tue 12 Apr 2022 08:49:34 AM EDT.
Dependencies resolved.
==============================================
 Package                               Architecture                Version                              Repository                      Size
==============================================
Installing:
 zabbix-agent                          x86_64                      6.0.3-1.el8                          zabbix                         526 k
Installing dependencies:
 compat-openssl11                      x86_64                      1:1.1.1k-3.el9                       appstream                      1.5 M
 openldap-compat                       x86_64                      2.4.59-4.el9                         baseos                          14 k

Transaction Summary
==============================================
Install  3 Packages

Total size: 2.0 M
Installed size: 6.1 M
Downloading Packages:
[SKIPPED] openldap-compat-2.4.59-4.el9.x86_64.rpm: Already downloaded
[SKIPPED] compat-openssl11-1.1.1k-3.el9.x86_64.rpm: Already downloaded
[SKIPPED] zabbix-agent-6.0.3-1.el8.x86_64.rpm: Already downloaded
Zabbix Official Repository – x86_64                                                                          1.6 MB/s | 1.7 kB     00:00
Importing GPG key 0xA14FE591:
 Userid     : "Zabbix LLC <packager@zabbix.com>"
 Fingerprint: A184 8F53 52D0 22B9 471D 83D0 082A B56B A14F E591
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
Key import failed (code 2). Failing package is: zabbix-agent-6.0.3-1.el8.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED


Unfortunately that was not a go, so totally pissed off I've disabled the gpgcheck for packages completely as a very raw bad and unrecommended work-around to eventually install the zabbix-agentd like that.

Usually the RPM gpg key failures check on RPM packages could be could be workaround with in dnf, so I've tried that one without success.

[root@centos9 rpm-gpg]# dnf update –nogpgcheck
Total                                                                                                        181 kB/s | 526 kB     00:02
Zabbix Official Repository – x86_64                                                                          1.6 MB/s | 1.7 kB     00:00
Importing GPG key 0xA14FE591:
 Userid     : "Zabbix LLC <packager@zabbix.com>"
 Fingerprint: A184 8F53 52D0 22B9 471D 83D0 082A B56B A14F E591
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
Is this ok [y/N]: y
Key import failed (code 2). Failing package is: zabbix-agent-6.0.3-1.el8.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

Further tried to use the –nogpgpcheck 
which according to its man page:


–nogpgpcheck 
Skip checking GPG signatures on packages (if RPM policy allows).


In yum the nogpgcheck option according to its man yum does exactly the same thing


[root@centos9 rpm-gpg]# yum install zabbix-agent –nogpgcheck -y
 

Dependencies resolved.
===============================================
 Package                             Architecture                  Version                               Repository                     Size
===============================================
Installing:
 zabbix-agent                        x86_64                        6.0.3-1.el8                           zabbix                        526 k

Transaction Summary
===============================================

Total size: 526 k
Installed size: 2.3 M
Is this ok [y/N]: y
Downloading Packages:

Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                     1/1
  Running scriptlet: zabbix-agent-6.0.3-1.el8.x86_64                                                                                     1/2
  Reinstalling     : zabbix-agent-6.0.3-1.el8.x86_64                                                                                     1/2
  Running scriptlet: zabbix-agent-6.0.3-1.el8.x86_64                                                                                     1/2
  Running scriptlet: zabbix-agent-6.0.3-1.el8.x86_64                                                                                     2/2
  Cleanup          : zabbix-agent-6.0.3-1.el8.x86_64                                                                                     2/2
  Running scriptlet: zabbix-agent-6.0.3-1.el8.x86_64                                                                                     2/2
  Verifying        : zabbix-agent-6.0.3-1.el8.x86_64                                                                                     1/2
  Verifying        : zabbix-agent-6.0.3-1.el8.x86_64                                                                                     2/2

Installed:
  zabbix-agent-6.0.3-1.el8.x86_64

Complete!
[root@centos9 ~]#

Voila! zabbix-agentd on CentOS 9 Install succeeded!

Yes I know disabling a GPG check is not really secure and seems to be an ugly solution but since I'm cut of time in the moment and it is just for experimental install of zabbix-agent on CentOS
plus we already trusted the zabbix package repository anyways, I guess it doesn't much matter.

4. Configure Zabbix-agent on the machine

Once you choose how the zabbix-agent should sent the data to the zabbix-server (e.g. Active or Passive) mode the The minimum set of configuration you should
have at place should be something like mine:

[root@centos9 ~]# grep -v '\#' /etc/zabbix/zabbix_agentd.conf | sed /^$/d
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=192.168.1.70,127.0.0.1
ServerActive=192.168.1.70,127.0.0.1
Hostname=centos9
Include=/etc/zabbix/zabbix_agentd.d/*.conf

5. Start and Enable zabbix-agent client

To have it up and running

[root@centos9 ~]# systemct start zabbix-agent
[root@centos9 ~]# systemctl enable zabbix-agent

6. Disable SELinux to prevent it interfere with zabbix-agentd 

Other amazement was that even though I've now had configured Active check and a Server and correct configuration the Zabbix-Server could not reach the zabbix-agent for some weird reason.
I thought that it might be selinux and checked it and seems by default in the fresh installed CentOS 9 Linux selinux is already automatically set to enabled.

After stopping it i made sure, SeLinux would block for security reasons client connectivity to the zabbix-server until you either allow zabbix exception in SeLinux or until completely disable it.
 

[root@centos9 ~]# sestatus

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31

To temporarily change the mode from its default targeted to permissive mode 

[root@centos9 ~]# setenforce 0

[root@centos9 ~]# sestatus

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31


That would work for current session but won't take affect on next reboot, thus it is much better to disable selinux on next boot:

[root@centos9 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected. 
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

 

To disable selinux change:

SELINUXTYPE=disabled

[root@centos9 ~]# grep -v \# /etc/selinux/config

SELINUX=disabled
SELINUXTYPE=targeted


To make the OS disable selinux and test it is disabled you will have to reboot 

[root@centos9 ~]# reboot


Check its status again, it should be:

[root@centos9 ~]# sestatus
SELinux status:                 disabled


7. Enable zabbix-agent through firewall or disable firewalld service completely

By default CentOS 9 has the firewalld also enabled and either you have to enable zabbix to communicate to the remote server host.

To enable access for from and to zabbix-agentd in both Active / Passive mode:

#firewall settings:
[root@centos9 rpm-gpg]# firewall-cmd –permanent –add-port=10050/tcp
[root@centos9 rpm-gpg]# firewall-cmd –permanent –add-port=10051/tcp
[root@centos9 rpm-gpg]# firewall-cmd –reload
[root@centos9 rpm-gpg]# systemctl restart firewalld
[root@centos9 rpm-gpg]# systemctl restart zabbix-agent


If the machine is in a local DMZ-ed network with tightly configured firewall router in front of it, you could completely disable firewalld.

[root@centos9 rpm-gpg]# systemctl stop firewalld
[root@centos9 rpm-gpg]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

 

Next login to Zabbix-server web interface with administrator and from Configuration -> Hosts -> Create the centos9 hostname and add it a template of choice. The data from the added machine should shortly appear after another zabbix restart:

[root@centos9 rpm-gpg]#  systemctl restart zabbix-agentd


8. Tracking other oddities with the zabbix-agent through log

If anyways still zabbix have issues connectin to remote node, increase the debug log level section
 

[root@centos9 rpm-gpg]# vim /etc/zabbix/zabbix_agentd.conf
DebugLevel 5

### Option: DebugLevel
#       Specifies debug level:
#       0 – basic information about starting and stopping of Zabbix processes
#       1 – critical information
#       2 – error information
#       3 – warnings
#       4 – for debugging (produces lots of information)
#       5 – extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3

[root@centos9 rpm-gpg]# systemctl restart zabbix-agent

Keep in mind that debugging will be too verbose, so once you make the machine being seen in zabbix, don't forget to comment out the line and restart agent to turn it off.

9. Testing zabbix-agent, How to send an alert to specific item key

Usually when writting userparameter scripts, data collected from scripts is being sent to zabbix serveria via Item keys.
Thus one way to check the zabbix-agent -> zabbix server data send works fine is to send some simultaneous data via a key
Once zabbix-agent is configured on the machine 

In this case we will use something like ApplicationSupport-Item as an item.
 

[root@centos9 rpm-gpg]# /usr/bin/zabbix_sender -c "/etc/zabbix/zabbix_agentd.conf" -k "ApplicationSupport-Item" -o "here is the message"

Assuming you have created the newly prepared zabbix-agent host into Zabbix Server, you should be shortly able to see the data come in Latest data.

Exaltation of the Holy Cross day in the Bulgarian Orthodox Church / Veneration of the Holy cross church feast

Saturday, April 3rd, 2021

Exaltation of the Holy Christ Cross icon, day in the Bulgarian Orthodox ChurchThe Universal Exaltation of the precious and life-giving Cross XVII century – icon from village of Belovo Trqvna region

he Universal Exaltation of the Precious and Life-Giving Cross (Elevation of the Cross)'s day is feted on 14th of September each year in accordance to the new calendar order, according to old church calendar, the Church celebrated it on 27th of September.

The day is marked by a strong fasting, for short we refer in Bulgarian to this big Church feast as (The day of the Cross / Krystov den).
The Holy Orthodox Christian Church does worship the cross 4 times a year on:

  • Third Sunday after the start of the Great Lent
  • Holy Friday (Good Friday)
  • 1st of August
  • and

  • 14th of September – The Exaltation of the Holy life giving Cross

On this day, we the orthodox christians go to the Church and admirationally bow and kiss the Holy Cross on which our Saviour Jesus Christ suffered for our salvation.Through his cross suffering our Lord has granted to all of us the Christians an unbeatable "weapon" against evil and sin.
Through cross Christ has been victorious over sin and death.

According to old Church tradition, on the day Christian people were asking for the priest to go to their homes and do vodosvet (sprinkle their houses with a blessed holy water).Vodosvet is one of the Orthodox Church mystics, there is a specific prayers begging God for forgiveness of sins, asking for good health and blessing. The prayers are being red over a vessel containing clean water. Finally he blesses the vessel with Water with the life Giving cross 3 times (as a symbol of the Holy Trinity). Then the priest uses a the cross and a tiny piece of twig to sprinkle all the people and objects in the house.

On the holy exaltation of the holy cross feast we also celebrate also the following 3 events:

1. The miraculous appearance of the Holy Cross to emper st. Constantine
2. The finding in Jerusalem of the Holy life-giving cross in Golgotha
3. The return of the Life-giving cross from persian captivity
On 14th of September, according to Church tradition saint John of John Chrysostom has give away his spirit and joined the assembly of saints of God, however because of the Exaltation great significance, the church holy fathers decided that this is celebrated on 13th of September.

The Antiphon for the Exaltation of the Cross feast is singed and translated from Slavonic its meaning goes like this:

Troparion-Vyzdvizhenie-na-Svetiq-Kryst-Gospoden-Exalation-of-the-Cross-Church-slavonic

 

Troparion of the Exaltation of the Holy Cross voice 1 / Тропар на светия Кръст, глас 1

Спаси, Господи, люди Твоя и благослови достояние Твое, победы на сопротивныя даруя, и Твое сохраняя Крестом Твоим жительство.

Troparion voice 1

Save Oh Lord, your people and bless possession, grant us oh Lord a victory over our enemies and save your inheritance with your Cross

Troparion voice 2

You've been lifted willingly on the cross, grant you mercies to your inheritance oh Christ our Lord,
stregthen the spirits of the pious king and to your people,
grant us victory against our enemies,
Surround us with peace and with peace give us unbeatable victory

In the Glorification part of the Holy Liturgy feast service its singed:

We magnify you, oh Christ life giver,
and your Holy cross, because you have saved us from the enemy.

What does the Church tradition says about the finding of the holy cross of Christs sufferings?

After the Church crucifixion of Christ, according to the tradition of that times, the weapon for punishment from this kinds – the cross tree was buried in the ground on the same place, where the punishment was executed.
Following the tradition on Gologthas where Christ was crucified was buried the cross used for crucifixion.
In later times, emperor Adrian in his attempt to destroy christianity and the place of pilgrimage of Golgotha has issued an order to built a pagan shrine on the same place.
Later under the reign of Emperor st. Constantine the cross appeared in the sky in a miraculous way and again under his reign the Golgotha place which means literally translated( the place of the Skulls) was discovered.

Third Sunday after start of the Great Lent – Sunday of the Veneration of the Holy Cross

Today 03.04.2021 we the orthodox are in the blessed period of the Great Lent. It is no coincidence the Church has set this feast on exactly this date. It is set on 3rd week of the 43 days (7 Weeks) that lasts the fasting period on the Eastern Orthodox Christian church because this is a little bit less than the half of the lent period. We know by the experience of spiritual fathers that once we start the job the hardest periods are nearby in 40% once the work is done and in that times it is a desire of the person to leave and quit the job but if he perseveres suddenly when the set goal is progressing this is overcome but then again in the end of the period of the goal to complete we start desiring to quit the started job and loose all energy put together, as a plan of the evil which wants us to always loose energy (both spiritual and physical) and never gain anything. Thus the Church set the feast of the Exaltation of the Cross to give us a way to attain new energy for the cross to be able to goodly continue in the deed of the lent. By the cross and his glorious power hence the spirit of despondency is crashed down and we're strenghtened and rejoice for the great glory our God has given us.
The_Exaltation-of-the-Holy-Cross-of-Christ-bishop-Polikarp-Bulgarian-Orthodox-Church
 

The exaltation of the cross is also a feast of everyone celebrating his own cross. The victory over death and everything was once fulfilled by Christ on the Cross. The humanity is saved already but it is up to everyone's free will to accept this salvation or not. The path is set it is the path of the Cross of Christ, meaning acceptance (humility) of all the unpleasant life events and situations, accepting everydays unexpected changes believing that this is God's providence and cross for each one of us, accepting the pain and suffering that is part of the personal cross we hold, accepting that one day our beloved and friends will pass away from this life, accepting the fact we age and the aging guarantees sufferings of the body but the spirit is refreshed by the grace of God, accepting all and enduring everyhing for the sake of the cross … 

Sunday-of-the-Veneration-of-the-Holy-Cross-Bulgarian_Orthodox-Church

The cross is a holder of the Universe and there is no power that will ever overwhelm it as it is said in the Church singings The Cross is the Holder (binds together) the whole universe. It is by the Cross all the evil has been conquered and life eternal has been giving. The path of the cross is the suffering, this is hard for the modern man to accept as we have been set to believe the only measure for success is prosperity, personal well being, physical health, posessing things. On the contrary the Christian says the most blessed and best thing one can have is the cross meaning personal suffering for and with Christ. By the suffering of the Cross Christ has glorified the bodily flesh he was possessing while being on earth in the body. By the Cross Christ has become the one begotten of all the sons of God. By the cross saints has conquered all evils and has sanctified, by the cross we still continue to progress in the goodness. 
Let with the Holy miracle making power of our Saviour's cross by the prayers of all the Saints and our Theotokos (Holy Virgin Merry) God grant to all of us christians victory of our enemies! Amen

 

Howto Upgrade IBM Spectrum Protect Backup Client TSM 7.X to 8.1.8, Update Tivoli 8.1.8 to 8.1.11 on CentOS and Redhat Linux

Thursday, December 3rd, 2020

 

IBM-spectrum-protect-backup-logo-tivoli-tsm-logo

Having another day of a system administrator boredom, we had a task to upgrade some Tivoli TSM Backup clients running on a 20+ machines powered by CentOS and RHEL Linux to prepare the systems to be on the latest patched IBM Spectrum Backup client version available from IBM. For the task of patching I've used a central server where, I've initially downloaded the provided TSM client binaries archives. From this machine, we have copied TivSM*.tar to each and every system that needs to be patched and then patched. The task is not too complex as the running TSM in the machines are all at the same version and all running a recent patched version of Linux. Hence to make sure all works as expected we have tested TSM is upgraded from 7.X.X to 8.X.X on one machine and then test 8.1.8 to 8.1.11 upgrade on another one. Once having confirmed that Backups works as expected after upgrade. We have proceeded to do it massively on each of the rest 20+ hosts.
Below article's goal is to help some lazy sysadmin with the task to prepare an TSM Backup upgrade procedure to standartize TSM Upgrade, which as many of the IBM's softwares is very specific and its upgrade requires, a bit of manual work and extra cautious as there seems to be no easy way (or at least I don't know it), to do the upgrade by simply adding an RPM repository and doing, something like yum install tivsm*.


0. Check if there is at least 2G free of space

According to documentation the minimum space you need to a functional install without having it half installed or filling up your filesystem is 2 Gigabytes of Free Memory on a filesystem where the .tar and rpms will be living.

Thus check what is the situation with your filesystem where you wills store the .tar archice and extract .RPM files / install the RPM files.

# df -h

1. Download the correct tarball with 8.1 Client

On one central machine you would need to download the Tivoli you can do that via wget / curl / lynx whatever is at hand on the Linux server.

As of time of writting this article TSM's 8.1.11 location is at
URL:

http://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/client/v8r1/Linux/LinuxX86/BA/v8111/

I've made a local download mirror of Tivoli TSM 8.1.11 here.
In case you need to install IBM Spectrum Backup Client to a PCI secured environment to a DMZ-ed LAN network from a work PC you can Download it first from your local PC and via Citrix client upload program or WinSCP upload it to a central replication host from where you will later copy to each of the other server nodes that needs to be upgraded.

Lets Copy archive to all Server hosts where you want it later installed, using a small hack

Assuming you already have an Excel document or a Plain text document with all the IPs of the affected hosts where you will need to get TSM upgraded. Extract this data and from it create a plain text file /home/user/hosts.txt containing all the machine IPs lined up separated with carriage return separations (\n), so you can loop over each one and use scp to send the files.

– Replicate Tivoli tar to all machine hosts where you want to get IBM Spectrum installed or upgraded.
Do it with a loop like this:

# for i in $(cat hosts.txt); do scp 8.1.11.0-TIV-TSMBAC-LinuxX86.tar user@$i:/home/user/; done

 Copy to a Copy buffer temporary your server password assuming all your passwords to each machine are identical and paste your login user pass for each host to initiate transfer
 

2. SSH to each of the Machine hosts IPs

Once you login to the host you want to upgrade
Go to your user $HOME /home/user and create files where we'll temporary store Tivoli archive files and extract RPMs

[root@linux-server user]# mkdir -p ~/tsm/TSM_BCK/
[root@linux-server user]# mv 8.1.11.0-TIV-TSMBAC-LinuxX86.tar ~/tsm
[root@linux-server user]# cd tsm
[root@linux-server user]# tar -xvvf 8.1.11.0-TIV-TSMBAC-LinuxX86.tar
gskcrypt64-8.0.55.17.linux.x86_64.rpm
GSKit.pub.pgp
gskssl64-8.0.55.17.linux.x86_64.rpm
README_api.htm
README.htm
RPM-GPG-KEY-ibmpkg
TIVsm-API64.x86_64.rpm
TIVsm-APIcit.x86_64.rpm
TIVsm-BAcit.x86_64.rpm
TIVsm-BAhdw.x86_64.rpm
TIVsm-BA.x86_64.rpm
TIVsm-filepath-source.tar.gz
TIVsm-JBB.x86_64.rpm
TIVsm-WEBGUI.x86_64.rpm
update.txt

3. Create backup of old backup files

It is always a good idea to keep old backup files

[root@linux-server tsm]# cp -av /opt/tivoli/tsm/client/ba/bin/dsm.opt ~/tsm/TSM_BCK/dsm.opt_bak_$(date +'%Y_%M_%H')
[root@linux-server tsm]# cp -av /opt/tivoli/tsm/client/ba/bin/dsm.sys ~/tsm/TSM_BCK/dsm.sys_bak_$(date +'%Y_%M_%H')

[root@linux-server tsm]# [[ -f /etc/adsm/TSM.PWD ]] && cp -av /etc/adsm/TSM.PWD ~/TSM_BCK/ || echo 'file doesnt exist'

/etc/adsm/TSM.PWD this file is only there as legacy for TSM it contained encrypted passwords inver 7 for updates. In TSM v.8 encryption file is not there as new mechanism for sensitive data was introduced.
Be aware that from Tivoli 8.X it will return error
exist'

!! Note – if dsm.opt , dsm.sys files are on different locations – please use correct full path locations !!

4. Stop  dsmcad – TSM Service daemon

[root@linux-server tsm]# systemctl stop dsmcad

5. Locate and deinstall all old Clients

Depending on the version to upgrade if you're upgrading from TSM version 7 to 8, you will get output like.

[root@linux-server tsm]# rpm -qa | grep 'TIVsm-'
TIVsm-BA-7.1.6-2.x86_64
TIVsm-API64-7.1.6-2.x86_64

If you're one of this paranoid admins you can remove TIVsm packs  one by one.

[root@linux-server tsm]# rpm -e TIVsm-BA-7.1.6-2.x86_64
[root@linux-server tsm]# rpm -e TIVsm-API64-7.1.6-2.x86_64

Instead if upgrading from version 8.1.8 to 8.1.11 due to the Security CVE advisory recently published by IBM e.g. (IBM Runtime Vulnerability affects IBM Spectrum Backup archive Client) and  vulnerability in Apache Commons Log4J affecting IBM Spectrum Protect Backup Archive Client.

[root@linux-server tsm]# rpm -qa | grep 'TIVsm-'
TIVsm-API64-8.1.8-0.x86_64
TIVsm-BA-8.1.8-0.x86_64

Assuming you're not scared of a bit automation you can straight do it with below one liner too 🙂

# rpm -e $(rpm -qa | grep TIVsm)

[root@linux-server tsm]# rpm -qa | grep gsk
[root@linux-server tsm]# rpm -e gskcrypt64 gskssl64

6. Check uninstallation success:

[root@linux-server tsm]# rpm -qa | grep TIVsm
[root@linux-server tsm]# rpm -qa | grep gsk

Here you should an Empty output, if packages are not on the system, e.g. Empty output is good output ! 🙂

7. Install new client IBM Spectrum Client (Tivoli Storage Manager) and lib dependencies

[root@linux-server tsm]# rpm -ivh gskcrypt64-8.0.55.4.linux.x86_64.rpm
[root@linux-server tsm]# rpm -ivh gskssl64-8.0.55.4.linux.x86_64.rpm

 If you're lazy to type you can do as well

[root@linux-server tsm]# rpm -Uvh gsk*

Next step is to install main Tivoli SM components the the API files and BA (The Backup Archive Client)

[root@linux-server tsm]# rpm -ivh TIVsm-API64.x86_64.rpm
[root@linux-server tsm]# rpm -ivh TIVsm-BA.x86_64.rpm

If you have to do it on multiple servers and you do it manually following a guide like this, you might instead want to install them with one liner.

[root@linux-server tsm]# rpm -ivh TIVsm-API64.x86_64.rpm TIVsm-BA.x86_64.rpm

There are some Not mandatory "Common Inventory Technology" components (at some cases if you're using the API install it we did not need that), just for the sake if you need them on your servers due to backup architecture, install also below commented rpm files.

## rpm -ivh TIVsm-APIcit.x86_64.rpm

## rpm -ivh TIVsm-BAcit.x86_64.rpm

These packages not needed only for operation WebGUI TSM GUI management, (JBB) Journal Based Backup, BAhdw (the ONTAP library)


— TIVsm-WEBGUI.x86_64.rpm
— TIVsm-JBB.x86_64.rpm
— TIVsm-BAhdw.x86_64.rpm

8. Start and enable dsmcad service

[root@linux-server tsm]# systemctl stop dsmcad

You will get

##Warning: dsmcad.service changed on disk. Run 'systemctl daemon-reload' to reload units.

[root@linux-server tsm]# systemctl daemon-reload

[root@linux-server tsm]# systemctl start dsmcad


## enable dsmcad – it is disabled by default after install

[root@linux-server ~]# systemctl enable dsmcad

[root@linux-server tsm]# systemctl status dsmcad

9. Check dmscad service is really running

Once enabled IBM TSM will spawn a process in the bacground dmscad if it started properly you should have the process backgrounded.

[root@linux-server tsm]# ps -ef|grep -i dsm|grep -v grep
root      2881     1  0 18:05 ?        00:00:01 /usr/bin/dsmcad

If process is not there there might be some library or something not at place preventing the process to start …

10. Check DSMCAD /var/tsm logs for errors

After having dsmcad process enabled and running in background

[root@linux-server tsm]# grep -i Version /var/tsm/sched.log|tail -1
12/03/2020 18:06:29   Server Version 8, Release 1, Level 10.000

 

[root@linux-server tsm]# cat /var/tsm/dsmerror.log

To see the current TSM configuration files we can  grep out comments *

[root@linux-server tsm]# grep -v '*' /opt/tivoli/tsm/client/ba/bin/dsm.sys

Example Configuration of the agent:
—————————————————-
   *TSM SERVER NODE Location
   Servername           tsm_server
   COMMmethod           TCPip
   TCPPort              1400
   TCPServeraddress     tsmserver2.backuphost.com
   NodeName             NODE.SERVER-TO-BACKUP-HOSTNAME.COM
   Passwordaccess       generate
   SCHEDLOGNAME         /var/tsm/sched.log
   SCHEDLOGRETENTION    21 D
   SCHEDMODE            POLLING
   MANAGEDServices      schedule
   ERRORLOGNAME         /var/tsm/dsmerror.log
   ERRORLOGRETENTION    30 D
   INCLEXCL             /opt/tivoli/tsm/client/ba/bin/inclexcl.tsm

11. Remove tsm install directory tar ball and rpms to save space on system

The current version of Tivoli service manager is 586 Megabytes.

[root@linux-server tsm]# du -hsc 8.1.11.0-TIV-TSMBAC-LinuxX86.tar
586M    8.1.11.0-TIV-TSMBAC-LinuxX86.tar

Some systems are on purpose configured to have less space under their /home directory,
hence it is a good idea to clear up unnecessery files after completion.

Lets get rid of all the IBM Spectrum archive source files and the rest of RPMs used for installation.

[root@linux-server tsm]# rm -rf ~/tsm/{*.tar,*.rpm,*.gpg,*.htm,*.txt}

12. Check backups are really created on the configured remote Central backup server

To make sure after the upgrade the backups are continuously created and properly stored on the IBM Tivoly remote central backup server, either manually initiate a backup or wait for lets say a day and run dsmc client to show all created backups from previous day. To make sure you'll not get empty output you can on purpose modify some file by simply opening it and writting over without chaning anything e.g. modify your ~/.bashrc or ~/.bash_profile

## List all backups for '/' root directory from -fromdate='DD/MM/YY'

[root@linux-server tsm]# dsmc
Protect>
IBM Spectrum Protect
Command Line Backup-Archive Client Interface
  Client Version 8, Release 1, Level 11.0
  Client date/time: 12/03/2020 18:14:03
(c) Copyright by IBM Corporation and other(s) 1990, 2020. All Rights Reserved.

Node Name: NODE.SERVER-TO-BACKUP-HOSTNAME.COM
Session established with server TSM2_SERVER: AIX
  Server Version 8, Release 1, Level 10.000
  Server date/time: 12/03/2020 18:14:04  Last access: 12/03/2020 18:06:29
 
Protect> query backup -subdir=yes "/" -fromdate=12/3/2020
           Size        Backup Date                Mgmt Class           A/I File
           —-        ———–                ———-           — —-
         6,776  B  12/03/2020 01:26:53             DEFAULT              A  /etc/freshclam.conf
         6,685  B  12/03/2020 01:26:53             DEFAULT              A  /etc/freshclam.conf-2020-12-02
         5,602  B  12/03/2020 01:26:53             DEFAULT              A  /etc/hosts
         5,506  B  12/03/2020 01:26:53             DEFAULT              A  /etc/hosts-2020-12-02
           398  B  12/03/2020 01:26:53             DEFAULT              A  /opt/tivoli/tsm/client/ba/bin/tsmstats.ini
       114,328  B  12/03/2020 01:26:53             DEFAULT              A  /root/.bash_history
           403  B  12/03/2020 01:26:53             DEFAULT              A  /root/.lesshst

Windows 7 fix menu messed up cyrillic – How to fix cyrillic text in Windows

Friday, July 22nd, 2016

faststone-viewer-messed-up-menu-cyrillic-windows-7-screenshot

How to fix Cyrillic text on Windows 7

I've reinstalled my HP provided company work notebook with Windows 7 Enterprise x86 and had troubles with seeing Cyrillic written text, letters and fonts.
The result after installing some programs and selecting as a default language Bulgarian during installation setup prompt let me to see in some programs and in some of my old written text file names and Cyrillic WIN CP1251 content to be showing a cryptic letters like in above screenshot.

If you're being curious what is causing the broken encoding cyrillic text, it is the fact that in past a lot of cyrillic default encoding was written in KOI-8R and WIN-CP1251 encoding which is not unicode e.g. not compatible with the newer standard encoding for cyrillic UTF-8. Of course the authors of some old programs and documents are not really responsbie for the messed up cyrillic as noone expected that every Cyrillic text will be in UTF-8 in newer times.

Thanksfully there is a way to fix the unreadable / broken encoding cyrillic text by:

Going too menus:

Start menu -> Control Panel -> Change display language -> Clock, Language and Religion

Once there click the Administratibe tab

and choose

Change system locale.

windows-7_administrative_tab_change-system-locale

Here if you're not logged in with administrator user you will be prompted for administrative privileges.

select-system-locale-choose-bulgarian-and-hit-ok-windows-7

Being there choose your language (country) to be:

Bulgarian (Bulgaria) – if you're like me a Bulgarian or Russian (if you're Russian / Belarusian / Ukrainian) or someone from the countries of ex-USSR.
Click OK

And reboot (restart) your computer in order to make the new settings active.
 

This should be it from now on all cyrillic letters in all programs / documents and file names on your PC should visualize fine just as it was intended more or less by the cyrillic assumed creator Saint Climent Ohridski who was a  who reformed Cyrillic from Glagolic alphabet.

How to change / reset lost or forgot TightVNC administrator password

Tuesday, May 24th, 2011

how-to-change-reset-lost-TightVNC-administrator-password

I have installed TightVNC to a Windows host just a few weeks ago in order to be able to manage remotely a Windows host and forgot to write down the administrator password 🙂 (stoopid!)

I had to explain to a friend remotely how to change the TightVNC admin password and it was a complete nightmare!

Shortly here is the exact menus one who wants to reset the password of a TigthVNC server after forgotten:

Start -> All Programs -> TightVNC
-> TightVNC Server (Service Mode) ->
TightVNC Service - Offline Configuration.

In the configuration dialog to popup there are the Server and Administration tabs through which a new password can be set.

After the password is change either a restart of the TightVNC server is necessery or a restart of the Windows PC.

Start Event Viewer from Command Line (Prompt) – eventvwr.msc to Debug Windows server issues

Friday, November 6th, 2015

eventvwrmsc-event-viewer-windows-7-screenshot-view-windows-log-and-dianose-errors

If you’re a sysadmin which needs to deal with Microsoft Windows servers locally or remotely via Remote Desktop RDP client (MSTSC.EXE) or inside a Windows Domain Controller, you will have to frequently debug Windows isseus or Application caused errors by reviewing debug information stored in Event Logs.

Event Viewer is a precious tool to debug often errors with missing libraries or failing programs on Windows boot and thus on M$ Windows it is the Swiss Army knife of sysadmin.
However as staring Event Viewer using the GUI menus, takes a lot of step and looses you time, e.g., you have to navigate to menus:

1. Start button Picture of the Start button
2. clicking Control Panel
3. clicking System and Security
4. clicking Administrative Tools
5.then double-clicking Event Viewer.‌
6. Granting Administrator permission required If you’re prompted for an administrator password or confirmation

It is much handier to just start it with a shortcut:

Press Windows (Button) + R
– To invoke run prompt

and type:

eventvwr.msc

In case if you’re running eventvwr.msc to connect to remote Windows Server run from command prompt (cmd.exe):

eventvwr-run-from-command-prompt-with-a-smart-shortcut-to-save-time-when-administrating-windows-servers

eventvwr.msc /computer=OTHER_Computer_Name

event-viewer-log-reader-and-debug-tool-for-windows-PC-and-windows-servers-adminsitration

How to install nginx webserver from source on Debian Linux / Install Latest Nginx on Debian

Wednesday, March 23rd, 2011

Nginx install server logo
If you're running a large website consisting of a mixture of php scripts, images and html. You probably have noticed that using just one Apache server to serve all the content is not that efficient

Each Apache child (I assume you're using Apache mpm prefork consumes approximately (20MB), this means that each client connection would consume 20 mb of your server memory.
This as you can imagine is truly a suicide in terms of memory. Each request for a picture, css or simple html file would ask Apache to fork another process and will consume (20mb of extra memory form your server mem capacity)!.

Taking in consideration all this notes and the need for some efficiency here, the administrator should normally think about dividing the processing of the so called static content from the dynamic content served on the server.

Apache is really a nice webserver software but with all the loaded modules to serve dynamic content, for instance php, cgi, python etc., it's becoming not the best solution for handling a (css, javascript, html, flv, avi, mov etc. files).

Even a plain Apache server installation without (libphp, mod_rewrite mod deflate etc.) is still not dealing efficiently enough with the aforementioned static files content

Here comes the question if Apache is not that quick and efficient in serving static files, what then? The answer is caching webserver! By caching the regular static content files, your website visitors will benefit by experiencing shorter webserver responce files in downloading static contents and therefore will generally hasten your website and improve the end user's experience.

There are plenty of caching servers out there, some are a proprietary software and some are free software.

However the three most popular servers out there for static file content serving are:

  • Squid,
  • Varnish
  • Nginx

In this article as you should have already found out by the article title I'll discuss Nginx

You might ask why exactly Nginx and not some of the other twos, well simply cause Squid is too complicated to configure and on the other hand does provide lower performance than Nginx. On the other hand Varnish is also a good solution for static file webserver, but I believe it is not tested enough. However I should mention that my experience with testing varnish on my own home router is quite good by so far.

If you're further interested into varhisn cache I would suggest you checkout www.varhisn-cache.org .

Now as I have said a few words about squid and varhisn let's proceed to the essence of the article and say few words about nginx

Here is a quote describing nginx in a short and good manner directly extracted from nginx.com

nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including Rambler (RamblerMedia.com). According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010. Here are some of success stories: FastMail.FM, WordPress.com.

By default nginx is available ready to be installed in Debian via apt-get, however sadly enough the version available for install is pretty much outdated as of time of writting the nginx debian version in lenny's deb package repositories is 0.6.32-3+lenny3

This version was release about 2 years ago and is currently completely outdated, therefore I found it is not a good idea to use this old and probably slower release of nginx and I jumped further to install my nginx from source:
Nginx source installation actually is very simple on Linux platforms.

1. As a first step in order to be able to succeed with the install from source make sure your system you have installed the packages:

debian:~# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libssl-dev zlib1g-dev build-essential

2. Secondly download latest nginx source code tarball

Check out on http://nginx.com/download the latest stable release of nginx and further issue the commands below:

debian:~# cd /usr/local/src
debian:/usr/local/src# wget http://nginx.org/download/nginx-0.9.6.tar.gz

3.Unarchive nginx source code

debian:/usr/local/src#tar -zxvvf nginx-0.9.6.tar.gz
...

The nginx server requirements for me wasn't any special so I proceeded and used the nginx ./configure script which is found in nginx-0.9.6

4. Compline nginx server

debian:/usr/local/src# cd nginx-0.9.6
debian:/usr/local/src/nginx-0.9.6# ./configure && make && make install
+ Linux 2.6.26-2-amd64 x86_64
checking for C compiler ... found
+ using GNU C compiler
+ gcc version: 4.3.2 (Debian 4.3.2-1.1)
checking for gcc -pipe switch ... found
...
...

The last lines printed by the nginx configure script are actually the major interesting ones for administration purposes the default complation options in my case were:

Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ md5: using system crypto library
+ sha1 library is not used
+ using system zlib library

nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"

If you want to setup nginx server to support ssl (https) and for instance install nginx to a different server path you can use some ./configure configuration options, for instance:

./configure –sbin-path=/usr/local/sbin –with-http_ssl_module

Now before you can start the nginx server, you should also set up the nginx init script;

5. Download and set a ready to use script with cmd:

debian:~# cd /etc/init.d
debian:/etc/init.d# wget https://www.pc-freak.net/files/nginx-init-script
debian:/etc/init.d# mv nginx-init-script nginx
debian:/etc/init.d# chmod +x nginx

6. Configure Nginx

Nginx is a really easy and simple server, just like the Russians, Simple but good!
By the way it's interesting to mention nginx has been coded by a Russian, so it's robust and hard as a rock as all the other Russian creations 🙂
Nginx configuration files in a default install as the one in my case are to be found in /usr/local/nginx/conf

In the nginx/conf directory you're about to find the following list of files which concern nginx server configurations:

deiban:/usr/local/nginx:~# ls -1
fastcgi.conf
fastcgi.conf.default
fastcgi_params
fastcgi_params.default
koi-utf
koi-win
mime.types
mime.types.default
nginx.conf
nginx.conf.default
scgi_params
scgi_params.default
uwsgi_params
uwsgi_params.default
win-utf

The .default files are just a copy of the ones without the .default extension and contain the default respective file directives.

In my case I'm not using fastcgi to serve perl or php scripts via nginx so I don't need to configure the fastcgi.conf and fastcgi_params files, the scgi_params and uwsgi_params conf files are actually files which contain nginx configuration directives concerning the use of nginx to process SSI (Server Side Include) scripts and therefore I skip configuring the SSI conf files.
koi-utf and koi-win are two files which usually you don't need to configure and aims the nginx server to support the UTF-8 character encoding and the mime.types conf is a file which has a number of mime types the nginx server will know how to handle.

Therefore after all being said the only file which needs to configured is nginx.conf

7. Edit /usr/local/nginx/conf/nginx.conf

debian:/usr/local/nginx:# vim /usr/local/nginx/conf/nginx.conf

Therein you will find the following default configuration:

#gzip on;

server {
listen 80;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

In the default configuration above you need to modify only the above block of code as follows:

server {
listen 80;
server_name yoursitedomain.com;

#charset koi8-r;

#access_log logs/access.log main;

location / {
root /var/www/yoursitedomain.com/html;
index index.html index.htm;
}

Change the yoursitedomain.com and /var/www/yoursitedomain.com/html with your directory and website destinations.

8. Start nginx server with nginx init script

debian:/usr/local/nginx:# /etc/init.d/nginx start
Starting nginx:

This should bring up the nginx server, if something is miss configured you will notice also some error messages, as you can see in my case in above init script output, thanksfully there are no error messages.
Note that you can also start nginx directly via invoking /usr/local/nginx/sbin/nginx binary

To check if the nginx server has properly started from the command line type:

debian:/usr/local/nginx:~# ps ax|grep -i nginx|grep -v grep
9424 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx
9425 ? S 0:00 nginx: worker process

Another way to check if the web browser is ready to serve your website file conten,t you can directly access your website by pointing your browser to with http://yoursitedomain.com/, you should get your either your custom index.html file or the default nginx greeting Welcome to nginx

9. Add nginx server to start up during system boot up

debian:/usr/local/nginx:# /usr/sbin/update-rc.d -f nginx defaults

That's all now you have up and running nginx and your static file serving will require you much less system resources, than with Apache.
Hope this article was helpful to somebody, feedback on it is very welcome!

Play Dune2 on Debian Linux with dosbox – Dune 2 Mother of all Real Time Strategy games

Saturday, March 1st, 2014

medium_1809-dune-ii-the-building-of-a-dynasty_one_of_best_games_ever_linux_windows.gif

Dune II: The Building of a Dynasty (known also as Dune II: Battle for Arrakis in Europe is a game that my generation will never forget. Dune 2 is the "first" computer Real Time Strategy (RTE) game of the genre of the Warcraft I and Warcraft II / III and later Command and Conquer – Red Aleart, Age of Empires I / II and Starcraft …

dune2-unit-destroyed

I've grown up with Dune2 and the little computer geek community in my school was absolutely crazy about playing it. Though not historically being the first Real Time Strategy game, this Lucas Inc. 
game give standards that for the whole RTE genre for years and will stay in history of Computer Games as one of best games of all times.

I've spend big part of my teenager years with my best friends playing Dune2 and the possibility nowadays to resurrect the memories of these young careless years is a blessing.  Younger computer enthusiasts and gamers probably never heard of Dune 2 and this is why I decided to place a little post here about this legendary game.

dune-2-tank-vehicle - one of best games computer games ever

Its worthy out of curiosity or for fun to play Dune 2 on modern OS be it Windows or Linux. Since Dune is DOS game, it is necessary to play it via DOS emulator i.e. – (DosBox). 
Here is how I run dune2 on my Debian Linux:

1. Install dosbox DOS emulator

apt-get install --yes dosbox

2. Download Dune2 game executable

You can download my mirror of dune2 here

Note that you will need unzip to uanrchive it, if you don't have it installed do so:

apt-get install --yes unzip

cd ~/Downloads/
wget https://www.pc-freak.net/files/dune-2.zip

3.  Unzip archive and create directory to mount it emulating 'C:\' drive

mkdir -p ~/.dos/Dune2
cd ~/.dos/Dune2

unzip ~/Downloads/dune-2.zip
 

4. Start dosbox and create permanent config for C: drive auto mount


dosbox

To make C:\ virtual drive automatically mounted you have to write a dosbox config from inside dbox console

config -writeconf /home/hipo/.dosbox.conf

My home dir is in /home/hipo, change this with your username /home/username

Then exit dosbox console with 'exit' command

To make dune2 game automatically mapped on Virtual C: drive:

echo "mount c /home/hipo/.dos" >> ~/.dosbox.conf

Further to make dosbox start each time with ~/.dosbox.conf add alias to your ~/.bashrc 

vim ~/.bashrc
echo "alias dosbox='dosbox -conf /home/hipo/.dosbox.conf'" >> ~/.bashrc
source ~/.bashrc

Then to run DUNE2 launch dosbox:

dosbox

and inside console type:

c:
cd Dune2
Dune2.exe

dune2-first-real-time-strategy-game-harkonen-screenshot

For the lazy ones who would like to test dune you can play dune 2 online on this website

Make QMAIL with vpopmail vchkpw, courier-authlib and courier-imap auth work without MySQL on Debian Linux qmailrocks Thibs install

Friday, September 28th, 2012

How to make qmail vpopmail vchkpw courier-authlib and courier-imap work storing mails on hard disk with qmailrocks Thibs install

Recently installed a new QMAIL, following mostly Thibs Qmailrocks install guide. I didn’t followed literally Thibs good guide, cause in his guide in few of the sections like Install Vpopmail he recommends using MySQL as a Backend to store Vpopmail email data and passwords; I prefer storing all vpopmail data on the file system as I believe it is much better especially for tiny QMAIL mail servers with less than 500 mail box accounts.

In this little article I will explain, how I made Vpopmail courier-authlib and courier-imap play nice together without storing data in SQL backend.

1. Compile vpopmail with file system data storage support

So here is how I managed to make vpopmail + courier-authlib + courier-imap, work well together:

First its necessery to compile Vpopmailin store all its users data and mail data on file system. For this in Thibs Vpopmail Intsall step compiled Vpopmail without support for MySQL, e.g. instead of using his pointed compile time ./configure, arguments I used:


# cd /downloads/vpopmail-5.4.33
# ./configure \
--enable-qmaildir=/var/qmail/ \
--enable-qmail-newu=/var/qmail/bin/qmail-newu \
--enable-qmail-inject=/var/qmail/bin/qmail-inject \
--enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \
--enable-tcprules-prog=/usr/bin/tcprules \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-clear-passwd \
--enable-many-domains \
--enable-qmail-ext \
--enable-logging=y \
--enable-auth-logging \
--enable-libdir=/usr/lib/ \
--disable-roaming-users \
--disable-passwd \
--enable-domainquotas \
--enable-roaming-users
....
....
# make && make install-strip
# cat > ~vpopmail/etc/vusagec.conf < < __EOF__
Server:
Disable = True;
__EOF__
echo 'export PATH=$PATH:/var/qmail/bin/:/home/vpopmail/bin/' > /etc/profile.d/extrapath.sh
chmod +x /etc/profile.d/extrapath.sh
source /etc/profile

A tiny shell script with all above options to compile (qmail) vpopmail without MySQL / PostgreSQL support is here

For other steps concerning creation of vpopmail/vchkpw – user/group just follow as Thibs suggests.

2. Compile and install courier-authlib-0.59.1

I’ve made mirror of courier-authlib.0.59.1.tar.gz cause this version includes support for vchkpw without mysql, its a pity newer versions of courier-authlib not any more have support for vpopmail to store its data directly on the hard disk.

Then on downlaod, compile && install courier-authlib:

Download authlib courier-authlib.0.59.1.tar.gz – (I made mirror of courier-authlib.0.59.1.tar.gz you can use my mirror or download it somewhere else from the net):


# cd /usr/local/src
# wget -q https://www.pc-freak.net/files/courier-authlib.0.59.1.tar.gz
# tar -zxvvf courier-authlib.0.59.1.tar.gz

Compile courier-authlib

# ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib
....
# make && make install && make install-strip && make install-configure
....

On Debian Squeeze, this version of courier-authlib compiles fine, on Debian Lenny I use it too and there it is okay.

Unless above commands returns a compile error authlib will be installed inside /usr/local/libexec. If you get any errors it is most likely due to some missing header files. The error should be self explanatory enough, but just in case you have troubles to find what deb is necessery to install, please check here the complete list of installed packages I have on the host . In case of problems the quickest way (if on Debian Squeeze) is to install same packages, type:


# wget -q https://www.pc-freak.net/files/list_of_all_deb_necessery_installed_packages_for_authlib.txt
# for i in $(cat list_of_all_deb_necessery_installed_packages_for_authlib.txt |awk '{ print $2 }'); do
apt-get install --yes $i;
done

This is for the lazy ones though it might install you some packs you don’t like to have on your host, so just install it in case you know what you’re doing 🙂

Next step is to set proper configuration for courier-authdaemon.

3. Configure courier-authlib in /usr/local/etc/authlib

Again for the lazy ones I have prepared a good config which is working 100% with vpopmail configured to store mails on the file system, to install the “good” configs, fetch mine and put them in proper location, e.g.:


# cd /usr/local/etc
# wget -q https://www.pc-freak.net/files/authlib-config-for-qmail-with-hdd-directory-stored-userdata.tar.gz
# tar -zxvvf authlib-config-for-qmail-with-hdd-directory-stored-userdata.tar.gz
....

For those who prefer not to use my configuration as pointed above, here is what you will need to change manually in configs:

Edit /usr/local/etc/authlib/authdaemonrc and make sure there variable authmodulelist and authmodulelist and daemons=5
equals to:


authmodulelist="authvchkpw"


authmodulelistorig="authuserdb authpgsql authldap authmysql authcustom authvchkpw authpipe"


daemons=10

Bear in mind here the setting daemons, will set how many maximum parallel connections should be possible to authdaemond on new IMAP fetch mail user requests. Setting it to 10 will allow your mail server to support up to 10 users to paralelly check your mail for a tiny mail server this setting is okay if you expect higher number of parallel mail users raise the setting to some setting fitting your needs.

P.S. On some qmail installations this value has created weird problems and took me hours to debug the whole mess is caused by this setting, make sure you plan it now unless you don’t to loose some time in future.

4. Stop debian courier-authdaemon and start custom compiled one

Now all is ready and authdaemond can be started, but before that if you have installed courier-authlib as a debian package you need to stop it via init script and only when completely sure old default Debian courier-authdaemon is stopped launch the new installed one:


# /etc/init.d/courier-authdaemon stop
# s ax |grep -i authdaemond |grep -v grep
#
# /usr/local/sbin/authdaemond start
#

To make the newly custom source installed courier-authdaemon to load itself on system boot instead of the debian installed package


# dpkg -l |grep -i courier-authdaemon
ii courier-authdaemon 0.63.0-3 Courier authentication daemon

open /etc/init.d/courier-authdaemond, after line:


. /lib/lsb/init-functions

add


/usr/local/sbin/authdaemond start
exit 0

This will make the script exit once launches cmd /usr/local/sbin/authdaemond start

5. Compile and Install courier-imap

You will also have to install from courier-imap archive source, I have tested it and know Qmail + Vpopmail + Courier-Imap works for sure with version courier-imap-4.1.2.tar.bz2

As of time of writing this post courier-imap-4.11.0.tar.bz2 is the latest available for download from Courier-imap download site unfortunately this version requires higher version of >= courier-authlib-0.63

In order install courier-imap-4.1.2.tar.bz2


# cd /usr/local/src
# wget -q https://www.pc-freak.net/files/courier-imap-4.1.2.tar.bz2
# tar -jxvvf courier-imap-4.1.2.tar.bz2
...
# chown -R hipo:hipo courier-imap-4.1.2
# su hipo
$ cd courier-imap-4.1.2/
$ export CFLAGS="-DHAVE_OPEN_SMTP_RELAY -DHAVE_VLOGAUTH"
$ export COURIERAUTHCONFIG=/usr/local/bin/courierauthconfig
$ export CPPFLAGS=-I/usr/local/courier-authlib/include
$ ./configure --prefix=/usr/local/courier-imap --disable-root-check
...
$ exit
# make
...
# make install
...
# make install configure

It is recommended courier-imap to be compiled with non root username. In above code I use my username hipo, other people have to use any non-root user.

6. Set proper configuration and new init script for courier-imap

In /usr/lib/courier-imap, download following working configs (for convenience I’ve made tar with my configs):


# cd /usr/lib/courier-imap
# rm -rf etc
# wget -q https://www.pc-freak.net/files/courier-imap-config-etc.tar.gz

Then you will have to overwrite default courier-imap init script in /etc/init.d/courier-imap with another one to start the custom compiled one instead of debian default installed courier-imap


# mv /etc/init.d/courier-imap /root
# cd /etc/init.d
# wget -q https://www.pc-freak.net/files/debian-courier-imap
# mv debian-courier-imap courier-imap
# chmod +x courier-imap

This init script is written use /var/lock/subsys/courier-imap, so you will have to also create /var/lock/subsys/


# mkdir -p /var/lock/subsys

7. Start custom installed courier-imap

The start/stop init script of newly installed courier-imap is /usr/lib/courier-imap/libexec/imapd.rc


/usr/lib/courier-imap/libexec/imapd.rc start

Since a new /etc/init.dcourier-imap is installed too, it can be also used to control courier-imap start/stop.

Well thats should be enough for Courier-authlib and Courier-Authlib to communicate fine between each other and be able to connect and fetch e-mail stored in file system by vpopmail.

8. Test if Qmail IMAP proto finally works


# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=CRAM-MD5 ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information.
a login username@mail-domain.com my-username-password
a OK LOGIN Ok.
a LIST "" "*"
* LIST (\HasNoChildren) "." "INBOX.Sent"
* LIST (\Marked \HasChildren) "." "INBOX"
* LIST (\HasNoChildren) "." "INBOX.Drafts"
* LIST (\HasNoChildren) "." "INBOX.Trash"
a OK LIST completed
a EXAMINE Inbox
* FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)
* OK [PERMANENTFLAGS ()] No permanent flags permitted
* 6683 EXISTS
* 471 RECENT
* OK [UIDVALIDITY 1272460837] Ok
* OK [MYRIGHTS "acdilrsw"] ACL
a OK [READ-ONLY] Ok
* 1 FETCH (BODY[] {2619}
Return-Path:
Delivered-To: hipo@my-domain-name.com
Received: (qmail 22304 invoked by uid 1048); 24 Apr 2012 14:49:49 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
by mail.my-domain-name.com with SMTP; 24 Apr 2012 14:49:49 -0000
Delivered-To: hipo@my-domain-name.com
Received: from localhost [127.0.0.1]
......
......

That’s all it works. Enjoy 🙂

Install TorrentFlux Bit Torrent Web management interface on Debian / Ubuntu Linux

Tuesday, July 15th, 2014

torrent flux logo
Torrentflux
is web based, feature-rich BitTorrent download manager.
Torrentflux is a must have installed server software for anyone who does regular torrent downloads and want to access the downloads from anywhere on the internet.

TorrentFlux is a PHP based BitTorrent controller that runs on a web
 server. It can manage all of your BitTorrent downloads from anywhere
 through a convenient and easy-to-use web interface.
 .
 TorrentFlux uses a MySQL database to manage the downloads.

 TorrentFlux enables you to run BitTorrent downloads unattended on a monitor-less or remote server 24 hours a day, while still maintaining complete control from any web browser. Now you can control your  downloading on your firewall, or keep up with downloads while on  vacation. It uses the BitTornado client to download files, and also  requires a web server with PHP.
 
 Some of the Torrentflux features:

   * Upload Torrents via URL or File Upload
   * Start, Stop, and Delete Torrents with ease
   * Advanced Torrent start options (ports, speeds, etc.)
   * Multi-user interface
   * RSS Feeds, download Torrents files with a click
   * Run several torrents at once
   * View Download Progress of all torrents at a glance
   * View drive space at a glance
   * View Torrent file meta information
   * Built-in User management and Security
   * Private Messaging
   * Themes (selectable per user)
   * Upload History

 

Before installing Bittorrent you will need to have a running version of Debian, Ubuntu or any other debian derivative (though it can easily be run on any Linux distro). To install AMP (Apache MySQL Server, PHP) you can follow first part of my previous article Installing Usual PHP Apache MySQL for new Debian GNU / Linux installs.

So what for is TorrentFlux Useful?
Torrenflux is precious and must have if you have to access filtered torrent from outside of your homecountry and you have a running server already in your home country in that I was using TorrentFlux to access Bulgarian Zamunda.Net Torrent Tracker from Holland and was downloading first movies from the Bulgarian Torrent Tracker to my Fluxbox installed on my Dobrich home router and then used FTP to transfer movies to the Netherlands. Talking about many people choose to also install VSFTP and use it together with Torrentflux …

1. Install TorrentFlux and its dependencies (BitTornado, Bittorrent, Zip, Unzip, Bzip etc.) the "Debian Way"


On my Debian 7 Wheezy home machine  I run

apt-get install –yes bzip2 php5-gd php5-cli unrar-free grep python net-tools mawk wget unzip cksfv vlc-nox uudeview python-crypto libxml-simple-perl libxml-dom-perl libdbd-mysql-perl bittorrent bittornado


a) Install TorrentFlux the Debian Way

apt-get install –yes torrentflux


You will be prompted with a coule of screens, to set a new MySQL database user and password and SQL database, as well as offered to restart Apache to make Torrentflux accessible like as on below screenshots.

configuring-torrentflux-debian-linux-screenshot-2


configuring-torrentflux-debian-linux-screenshot 3

configuring-torrentflux-debian-linux-screenshot-4

To make new installed torrentflux accessible from web you will either have to configure it via some new Apache VirtualHost or make a symbolic link to /usr/share/torrentflux/www :
 

cd /var/www/
ln -sf /usr/share/torrentflux/www/ torrentflux


That's all you're all done to access torrentflux either access it via your default configured webserver domain name or via localhost if you're logged in to same pc where installing.

http://www.your-domain.com/torrentflux

or

http://127.0.0.1/torrentflux

configuring-torrentflux-after-first-login-in-web-debian-linux

2. Install latest Torrentflux version from source

Alternatively if you want to have the latest version (because the Debian version is part of the stable distribution is a little bit outdated you will have to fetch Torrentflux-b4rt and unarchive it:

cd /tmp/
wget http://download.berlios.de/tf-b4rt/torrentflux-b4rt_1.0-beta2.tar.bz2

tar -xjf torrentflux-b4rt_1.0-beta2.tar.bz2

mv torrentflux-b4rt_1.0-beta2 /opt/torrentflux

Then to make torrentflux visible from web server I had to create a symbolic link to installation directory:
 

ln -sf /opt/torrentflux/html /var/www/torrentflux

For further initial configuration its necessery to make Torrentflux config writtable by www-data (the user with which Apache is running on Debian).

 

chown -R www-data:www-data /var/www/torrentflux/inc/config/


Next it its required to create somewhere download folder where TorrentFlux will keep downloaded Torrents

mkdir /var/lib/torrentflux


Apache HTTP server will have to have write ther:

chown -R www-data:www-data /var/lib/torrentflux


If you already haven't restarted Apache earlier in installing TorrentFlux pre-requirements, you will have to do it now:

 

/etc/init.d/apache2 restart


As TorrentFlux depends on its MySQL backend, we need to also create manually TorrentFlux database username and a password
 

export SQL_DB='torrentflux';
TFLUXSQL_USERNAME='torrentflux';
TFLUX_SQL_PWD='any-secret-password';

echo "CREATE DATABASE IF NOT EXISTS $SQL_DB DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_unicode_ci"
| mysql –user=root –password

echo "GRANT ALL PRIVILEGES ON $SQL_DB.*
TO $TFLUXSQL_USERNAME@localhost
IDENTIFIED BY $TFLUX_SQL_PWD;" | mysql –user=root –password

 

Substitute with your Database, Username and Password above shell variables – $SQL_DB, $TFLUX_USERNAME, $TFLUX_SQL_PWD

To configure TorrentFlux access it in browser:

http://your-domain.com/torrentflux
 

By accessing it for a first time, you will redirected to setup.php, in case something goes wrong and yuo're not redirected (probably some mod_rewrite issues add setup.php to url – e.g., acess –

http://your-domain.com/torrentflux/setup.php

I will not enter details, about Web config, because everything there is pretty clear.

Just in short – you will have to now choose:

Choose Database
Choose Database Information of database (put in the exact name of TorrentFlux databse previously created)
Uncheck the box for "Create new database"
Choose as a download location upper created directory – /var/lib/torrentflux

If you get an error on software dependencies screen for missing unrar – just install it
VLC may show an error as well, that's not a problem because VLC is probably not to be used.
Finally after completion of all, you will get an error that setup.php cannot be deleted.
 

To prevent, someone to re-configure it through http://your-domain/torrentflux/setup.php URL remove setup.php


rm /var/www/torrentflux/setup.php

To prevent someone rewrite anything in config file from web we have to revert back config/ folder not to be writable by Apache


chown -R root:root /var/www/torrentflux/inc/config/

Now in browser to access torrentflux type:


http://ipofyourbox/torrentflux

/torrentflux should redirect you to login.php if for some reason it doesn't type it manually in URL.

First account you will login is the super user account, you can allow multiple users to use it by adding multiple accounts.

torrentflux-install-on-debian-ubuntu-gnu-linux-web-management-torrent-interface

As you will see there is plety of configuration options to play with.

You will definitely want to look in Server Page, some very important page to look is the Transfer Page – from there you can adjust the bandwidth of your connection on 100Mbit network this would be 12500 – to use the maximum possible connection provided by your ISP set the max bandwidth to 0. You have the option to also set a default bittorrent client, by default this will be bittornado.


If you have troubles downloading from TorrentTrackers make sure your router is configured to forward port 49160 to 49300

Now if you have a lot of storage create accounts also for your friends and enjoy torrentflux 🙂