Linux
Upgrade from LSI Logic SAS adapter to VMWare Paravirtual on existing VM
by Brian on May.25, 2021, under Computer Stuff, General Info, Linux, Windows Info
By default, when you add a hard drive to a VMWare virtual machine, the SCSI adapter default choice is LSI Logic SAS. For speed and optimization, the VMWare Paravirtual driver is the better choice. However, you need to have the driver installed in the guest OS before just flipping your controller to a new type. If you just change the controller type to VMWare Paravirtual, and the driver is not installed in the guest OS, your VM may not boot.
- Edit settings on the VM, and add a new SCSI controller to slot 1, selecting “VMWare Paravirtual” as the type.
- Add a 1gb disk to the VM, adding it to the new slot 1 controller you created in step 1.
- Check compmgmt.msc on the VM to ensure that you see the new SCSI controller driver under “Storage Controllers”
- Optionally, update the driver on the guest OS by searching online for an updated version. I found one from 2019.
- Shut the machine down, and edit settings again. Remove the 1gb disk you created earlier.
- Click on the old SCSI controller in slot 0 and expand it. Change the type to “VMware Paravirtual”
- Remove the additional SCSI controller added in step 1.
- Click OK, and boot the server again.
- Once the server is booted, it should report that it found and installed a new driver, (again) and will request a reboot.
- Reboot the server.
Let’s Encrypt certificates with WordPress MultiSite
by Brian on Jan.27, 2020, under Computer Stuff, Linux
Lately, everyone seems to be moving to WordPress. It’s a rock-solid platform for publishing, with a low cost of administration. To securely allow a remote login to your WordPress site, you MUST use an SSL certificate to encrypt the login communications.
I’ve found that LetsEncrypt.org really solves that problem, and with minimal setup required. The biggest catch that I found to using LetsEncrypt.org certificates with my domains was this:
You need a DNS host that supports CAA records. SSLMate publishes a list of those hosts here.
So first, you MAY need to move your authoritative DNS zone to a host that supports CAA records. I’ll wait.
After that, you need a CAA record for the root of your domain name.
It should look something like this:
@ CAA 6h 0 issue “letsencrypt.org”
Once your record is in place, you can validate it using DNSSpy here
Now that your DNS record is answering correctly, it’s time to address the WordPress installation. WordPress can be installed in any number of ways. I usually use Apache2, MySQL, PHP, etc.. A common Linux LAMP stack.
Traditionally, when installing multiple WordPress sites on the same web server, I’d create a separate virtual host and directory for each site. Things have changed, though, and now, I can use WordPress Multisite. This allows(requires that) all of your sites use the same virtual directory. (In most cases, that’s the main web root of your server. On most Linux OSs, that’s /var/www/html )
For a basic WordPress installation, see this link.
For a deep-dive into the WordPress Network creation and enabling Multisite, see this link.
Since Apache2 comes with a default virtual directory and a default virtual host definition that covers the root of the web server, you don’t *need* to add a virtual host directive for each site you add using WordPress Multisite, because WordPress Multisite handles requests for each site. However, if you want to take advantage of a free, auto-renewing 3-month SSL certificate from Let’s Encrypt, you need an Apache virtualhost entry for each site in WordPress Multisite.
So, we’ve just installed WordPress Multisite, and we’ve created our first site of testdomain.com.
In Apache2 on Ubuntu 18, you need to edit 2 files. They are:
/etc/apache2/sites-available/000-default.conf
/etc/apache2/sites-available/000-default-le-ssl.conf
##/etc/apache2/sites-available/000-default.conf##
(this is the default, leave it alone)
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html <- same root for all sites
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
(you’re going to add this for each new site, changing the site name)
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName testdomain.com
ServerAlias www.testdomain.com
DocumentRoot /var/www/html <- same root for all sites
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =testdomain.com [OR]
RewriteCond %{SERVER_NAME} =www.testdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
##/etc/apache2/sites-available/000-default-le-ssl.conf##
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName testdomain.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
After you install and run certbot, you’ll see these lines added to the end of each virtual host in the SSL config file above:
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/testdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/testdomain.com/privkey.pem
Building a linux terminal server with vncserver
by Brian on Jun.09, 2017, under Computer Stuff, Linux
Sometimes you need to allow multiple people to login to a linux server, and run something that requires Xorg/X11/Xwhatever they’re calling it these days. (xenocara if you’re cool ;)
So, from the start. Install your OS, (I’m using Ubuntu) install gnome, xfce4, openssh-server and vncserver, and add your users.
-
Setting up your user accounts for VNCserver
Log in as your first user, and run the command: vncserver
in a terminal. This will start an instance of the vncserver, and allocate an available port to you. It should look something like this:
username@laptop:/home/username$ vncserver
You will require a password to access your desktops.
Password: (enter password)
Verify: (verify password)
xauth: file /home/username/.Xauthority does not exist
New 'laptop:1 (username)' desktop is laptop:1
Creating default startup script /home/username/.vnc/xstartup
Starting applications specified in /home/username/.vnc/xstartup
Log file is /home/username/.vnc/laptop:1.log
Immediately after this, you’ll want to kill the server with:
username@laptop:/home/username$ vncserver -kill :1
You’ll want to do that for each user account, so later, we can use their passwd file to start the vncserver as a system service, so it will run the vncserver every time the server boots up. The next user you add and run vncserver
for should get port :2 (or, 5902)
We can see that this was the first instance of vncserver to run on this server, because we were assigned port :1 (technically, port 5901)
This will also create the .vnc folder in your home dir. In my case, this is ‘/home/username/.vnc’. Inside this hidden folder, you’ll find the passwd file you created when setting your password for vncserver, and the xstartup file that is created by default.
It doesn’t tend to be extremely useful out of the box, so we’ll replace the contents of it with this for a Gnome desktop in your vnc session:
#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
gnome-session &
gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &
Replace it with this for an xfce4 desktop in your vnc session:
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey &
One you’ve got your xstartup configured the way you want it, run vncserver once more, and make sure that you get the desktop you expect when connecting.
Immediately after this, you’ll want to kill the server with:
username@laptop:/home/username$ vncserver -kill :1
-
Configure vncserver as a system service for each user
As of right now, each user would need to first ssh to the server, and start their instance of vncserver manually to take over an X desktop. This is not what we want. We want their individual vncserver instances to run every time the server boots, and this way, we can restart the vncserver instance for each individual user, rather than having to kill the entire server to reset one connection.
For that, we need to install some init scripts in /etc/init.d/ You need to be root to do this, or able to use sudo.
(at this point I wonder if I should outline how to edit files.. I feel like if you’ve read this far, you already know, or are googling it as I speak.. )
username@laptop:/home/username# vi /etc/init.d/vncserver-username
Insert the following into the newly created file:
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: vncserver:1
# Required-Start: networking
# Required-Stop:
# Default-Start: S
# Default-Stop: 0 6
### END INIT INFO
# The Username:Group that will run VNCserver
export USER=”username”
#${RUNAS}
# The display that VNC will use
DISPLAY=”1″
# Color depth (between 8 and 32)
DEPTH=”16″
# The name that the VNC Desktop will have.
NAME=”username on Laptop”
. /lib/lsb/init-functions
case “$1” in
start)
log_action_begin_msg “Starting vncserver for user ‘$USER’ on localhost:$DISPLAY”
su username -c “/usr/bin/vncserver :1 -geometry 1920×1080 -geometry 1280×1024 -geometry 1024×768 -f ~/.vnc/passwd”
;;
stop)
log_action_begin_msg “Stoping vncserver for user ‘$USER’ on localhost:$DISPLAY”
su username -c “/usr/bin/vncserver -kill :1”
;;
restart)
$0 stop
$0 start
;;
esac
exit 0
IMPORTANT: To add another service for another user, you’ll need to copy /etc/init.d/vncserver-username to /etc/init.d/vncserver-newuser, and then edit the file for the new username and port info. Especially important is the “Provides: vncserver:1” line, as this is the name that the system uses to identify the service, and it must be unique for each instance of the service that you want to run. Name each user’s service for the port that they were assigned when they first ran vncserver. So, assuming that newuser got port :2, you’d replace ALL of the “username” with “newuser” and all of the “:1” with “:2”. Read carefully. ;)
Save and exit this file, and then make it executable:
chmod +x /etc/init.d/vncserver-username
Anytime you make a change to the init scripts, you have to tell the system:
systemctl daemon-reload
Now, update the runlevels:
update-rc.d vncserver-username defaults 99
Last, start your system service:
/etc/init.d/vncserver-username start
Upgrading VMWare ESXi hosts from the vSphere CLI
by Brian on Jun.25, 2012, under Computer Stuff, Linux
1. Download the vSphere CLI, and the ESXi upgrade file you need from vmware.com.(~200MB)
(install the CLI, and save the ESXi update file as c:update.zip)
2. Place the ESXi host in Maintenance Mode and either power off or migrate all VMs on the host
3. Launch the vSphere CLI. (Start -> All Programs -> VMware -> VMware vSphere CLI -> Command Prompt)
4. type cd bin
5. Enter this command:
## For ESXi 4.x to 5.0:
vihostupdate.pl -b c:esxiupdate.zip -url https://SERVER_NAME_OR_IP/sdk/webservice -i
## For ESXi 5.0 to 5.0.x:
esxcli --server=SERVER_NAME_OR_IP software vib install --depot="[DATASTORE_NAME]esxiupdate.zip"
Provide the root account username and password when prompted.
After the install completes, you will be instructed to reboot your ESXi Host.
After your host comes back, exit maintenance mode, and start up your VMs
**UPDATE for ESXi 5.0 machines**
ESXi 5.0 uses a single installer wizard for fresh installations and upgrades.
ESXi 5.0 also provides a new option for deploying ESXi directly into the host
memory with vSphere Auto Deploy. The vihostupdate and esxupdate utilities
are not supported for ESXi 5.0. You cannot upgrade or migrate to ESXi 5.0 by
using any command-line utility. After you have upgraded or migrated to
ESXi 5.0, you can upgrade or patch ESXi 5.0 hosts using vCLI esxcli commands
such as:
Install all new VIBs from a ZIP file on the target server, copied into a datastore
esxcli --server=SERVER_NAME_OR_IP software vib install --depot="[DATASTORE_NAME]esxiupdate.zip"
##IMPORTANT##
After you upgrade or migrate your host to ESXi 5.0, you cannot
roll back to your version 4.x ESX or ESXi software. Back up your host before
you perform an upgrade or migration, so that, if the upgrade or migration fails,
you can restore your 4.x host.
DMARC/DKIM is coming. You're all gonna have to learn about encryption.
by Brian on Apr.15, 2012, under Computer Stuff, Linux, Mac OSX, Networking, OpenBSD, Windows Info
HAHAHAHAHAHAHA
Told ya.
Here it comes, check this out. If you work in the technology field, you need to read this:
http://dmarc.org/
Ubuntu 11.04 rocks mah werld.
by Brian on May.01, 2011, under Linux
So, a couple of days ago, I did an in-place version upgrade to 11.04 on my laptop.
(Lenovo SL510 Core2Duo, 6GB of RAM, 300gb SATA)
Now, I *use* my laptop.. A lot. Every day. There are several applications at work that require Windows, so I boot virtual machines using Virtualbox, and bridge them to wherever I need them. After upgrading and rebooting, I logged in, and started a Windows 7 Enterprise VM, bridged to the wireless card. It started, I opened a web browser on the VM, and my homepage opened. This is not the cool part. Read on.
In the past, whenever I allowed my laptop to sleep, it would hang the X server, hang the VM, and sometimes even corrupt the disk image that was booted at the time. I haven’t been able to “sleep” this laptop since it was new. It *always* caused problems.
While my laptop was sitting there, freshly upgraded, with the VM booted and running and connected, I had an idea.
“Why not close the lid?” I thought. So, of course, I immediately did. I’m impulsive. whatever. ;)
I fully expected to open it up, have to switch to another virtual terminal, kill the X server, and start over.
This time, however, It. Just. Worked. tm
When I opened the lid, not only did the X server come back quickly, I logged in, was still online, and so was the *STILL WORKING* Windows 7 VM!! I had to do it 3 more times to make sure it wasn’t a fluke!! Since I probably spend somewhere near 6 hours a week shutting it down, and booting it up, this is fantastic!
Canonical rocks! Thank you for this release!!
Just installed Virtualbox 4.0 on Ubuntu 10.10
by Brian on Feb.19, 2011, under Linux, Mac OSX, Networking, OpenBSD, Windows Info
1 Comment more...Linux as a Windows domain member server
by Brian on Sep.06, 2010, under Linux, Networking
I’m not going to try to write a how-to on this, but suffice to say that it finally works!
I configured Samba3, PAM, and Kerberos on Ubuntu 9.10, and I can share folders to Windows client workstations using their existing authentication to the domain controller. I can even set ACLs that seem to be obeyed, and use Windows group membership to determine access rights.
Here are some links with relevant information:
The Samba WIKI (geared towards RHEL, but still helpful.)
How To Integrate Samba Using Active Directory For Authentication (geared towards Gentoo linux, but still helpful)
Ubuntu Samba info
I’ll certainly try to answer any questions you’ve got, just post ’em.
*kick-ass* personal streaming media server
by Brian on Jul.15, 2010, under Amusement, Computer Stuff, Linux
I just installed Ampache on Ubuntu-10.04 LTS. All I can say is WOW. You need this… Right now…
I’ve got an mp3 archive somewhere in the neighborhood of 135GB, making it too large for traditional file sharing.
Ampache is the answer.
Ubuntu Eye Candy
by Brian on Jul.11, 2009, under Linux
Linux has become a very utilitarian object for me. I use it in lots of places and situations to make life easier. In fact, most large OEM computer manufacturers have realised this, and use/ship Linux boot CDs to install firmware and low-level drivers. (some even facilitate the installation of a Windows OS to disk using GNU tools.)
Anyway, I’ve been running Ubuntu Linux (Intrepid) as a host OS on a Lenovo X61 tablet. It has everything I need for network engineering, security analysis, troubleshooting, and programming, right there up against the hardware. For tasks requiring the use of Windows, I can boot a virtual machine in Virtualbox, and use that. Today, after booting up, I noticed that I’ve been running the default Intrepid theme since install. I decided it’s time for a change. I went looking for themes, and found:
Nice work, Mr. Vogelweith. Easy to install, beautiful to see. Thank you for sharing. I hope you don’t mind that I changed your logo just slightly, it wouldn’t show up here otherwise!