Guacamole + Nginx + SSL on Debian Jessie

Guacamole is a very, very nice opensource project. I allows to execute Remote Desktop (RDP), VNC and even SSH via HTML5. Ideal for clientless connections or with network restrictions (like a firewall or proxy).

This time I will show you how to install Guacamole on Debian 8, using it with Nginx as frontend and with SSL enabled.

First install all basic packages.

zerick@irc:~$ sudo apt-get update && sudo apt-get install -y libcairo2-dev libjpeg62-turbo-dev libjpeg62-turbo libpng12-dev libossp-uuid-dev libssl-dev 

additionally, install thw following packages:

zerick@irc:~$ sudo apt-get install libvncserver-dev libtelnet-dev libssh2-1-dev libpango1.0-dev  libfreerdp-dev libvorbis-dev libwebp-dev libpulse-dev libvncserver-dev

Now, download Guacamole server, in this ocassion we’ll use version 0.98

https://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.8.tar.gz/download

zerick@irc:~$ cd ~
zerick@irc:~$ wget 'https://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.8.tar.gz'
zerick@irc:~$ tar zxf guacamole-server-0.9.8.tar.gz
zerick@irc:~$ mv guacamole-server-0.9.8 guacamole-server
zerick@irc:~$ cd guacamole-server

Continue reading

Upgrading Debian Wheezy to Jessie

Today I needed to use python 2.7.9 or higher on my Debian box, I’m currently using Debian Wheezy, where 2.7.3 is the latest version. Luckily, Debian Jessie comes with 2.7.9 by default.

I’m really happy with Wheezy, it’s been a solid rock through this time that I even didn’t think to upgrade it. But, upgrading Debian seems to be the only way.

It is wise to check any application or package you have currently installed before making a major OS upgrade. In my case many of my apps are upgradable.

First, update sources and then get updated the entire system with latest packages.

zerick@irc:~$ sudo apt-get update && apt-get && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

Once finished, you need to update your repository files. First take backup.

zerick@irc:~$ sudo cp /etc/apt/sources.list /etc/apt/sources.list.wheezy

Make changes.

zerick@irc:~$ sudo sed -i 's/wheezy/jessie/g' /etc/apt/sources.list

Now, start upgrade process.

zerick@irc:~$ sudo apt-get update && sudo apt-get upgrade

Remember to check carefully for each configuration change from new packages, this process is handled by the installation itself. Check differences between current files against files coming from new packages, then decide. Take your time. But don’t worry, in the worst scenery current config files are backed up.

After this, we will need to perform full system upgrade.

zerick@irc:~$ sudo apt-get dist-upgrade

Once finished only need to reboot.

zerick@irc:~$ sudo reboot

Also, remember upgrading to Jessie any other third-party repository you might have.

And that was all I had to do. A happy upgraded Debian box is online.

zerick@irc:~$ sudo hostnamectl 
[sudo] password for zerick: 
   Static hostname: irc.quassel.zerick.me
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 33f46101703a10c5fc6fa4f451840101
           Boot ID: 02288700b2404db29593cf35fa7ea291
    Virtualization: kvm
  Operating System: Debian GNU/Linux 8 (jessie)
            Kernel: Linux 3.16.0-4-amd64
      Architecture: x86-64

[UPDATE]

After upgrading, Thin server was in a sort of way disabled. Noticed that after starting Thin service, any process was initiated.

Restarting Thin service seemed not to work again. Even that systemctl status shows that it has started successfully.

zerick@irc:~$ sudo systemctl status thin
[sudo] password for zerick: 
● thin.service - LSB: thin initscript
   Loaded: loaded (/etc/init.d/thin)
   Active: active (running) since Sat 2016-01-23 19:46:50 PET; 3h 55min ago
   CGroup: /system.slice/thin.service
           └─21181 thin server (/var/run/thin/thin.0.sock) [thin-server]
Jan 23 19:46:50 irc.quassel.zerick.me systemd[1]: Started LSB: thin initscript.

It said it started. Ok. But it wasn’t started at all.

Continue reading

Add your custom tag button on text editor in WordPress

Pretty long tittle isn’t it?. Anyway. I few times ago I was so tired about the limited options that you can use while editing some post in text mode (you have two, Visual and Text). I needed some custom and tags, and, well, to be honest I’m a pretty lazy guy.

I’m not a web developer, but this worked pretty well for me. What I tried to achieve was to have my own QuickTag button. Where basically any HTML can be used at your convenience.

You have to go to your WordPress current Theme directory, in my case I’m using TwentyFourteen Theme. And edit functions.php file.

zerick@irc:~ $ cd wp-content/themes/twentyfourteen
zerick@irc:~ $ sudo vim functions.php

In the last line, before the ending curly brace, add the following:


/** Adding this to enable QuickTag buttons**/
add_action('admin_print_footer_scripts','eg_quicktags');
function eg_quicktags() {
<script type="text/javascript" charset="utf-8">
/* Adding Quicktag buttons to the editor WordPress ver. 3.3 and above
* - Button HTML ID (required)
* - Button display, value="" attribute (required)
* - Opening Tag (required)
* - Closing Tag (required)
* - Access key, accesskey="" attribute for the button (optional)
* - Title, title="" attribute (optional)
* - Priority/position on bar, 1-9 = first, 11-19 = second, 21-29 = third, etc. (optional)
*/
QTags.addButton( 'eg_pre', 'code','<code>', '</code>', 'q' );
</script>
}

You only will have to replace one this attributes, for each new button you want to add.

eg_pre: To any other value, this acts as a identifier.
code: This will be the name displayed on the button.
<code>: Begin of the tag.
</code>: End of the tag (was obvious).

Obtener WWN en RHEL 6.x

Para encontrar el WWN de un HBA que usa Fibre Channel en RHEL/CentOS puede realizarse varias formas. Lo primero necesario es validar cuantos HBAs se poseen.

[root ~]# lspci | grep -i fibre
44:00.0 Fibre Channel: QLogic Corp. ISP8324-based 16Gb Fibre Channel to PCI Express Adapter (rev 02)
44:00.1 Fibre Channel: QLogic Corp. ISP8324-based 16Gb Fibre Channel to PCI Express Adapter (rev 02)
84:00.0 Fibre Channel: QLogic Corp. ISP8324-based 16Gb Fibre Channel to PCI Express Adapter (rev 02)
84:00.1 Fibre Channel: QLogic Corp. ISP8324-based 16Gb Fibre Channel to PCI Express Adapter (rev 02)

En caso de no obtener resultado, probar con lspci | grep -i hba,

A partir de esto sabremos que tenemos 4 HBAs, cada uno con un WWN diferente.

[root ~]# ls /sys/class/scsi_host/
host0  host1  host2  host3  host4

Por cada ‘host’, sera necesario hacer lo siguiente

[root ~]# cat /sys/class/scsi_host/host0/device/fc_host/host0/port_name
cat: /sys/class/scsi_host/host0/device/fc_host/host0/port_name: No such file or directory
[root ~]# cat /sys/class/scsi_host/host1/device/fc_host/host1/port_name
0x50014380231e3f0c
[root ~]# cat /sys/class/scsi_host/host2/device/fc_host/host2/port_name
0x50014380231e3f0e
[root ~]# cat /sys/class/scsi_host/host3/device/fc_host/host3/port_name
0x50014380231e288c
[root ~]# cat /sys/class/scsi_host/host4/device/fc_host/host4/port_name
0x50014380231e288e

Una manera mas breve de hacer lo mismo es:

[root ~]# cat /sys/class/scsi_host/host*/device/fc_host/host*/port_name

Installing and configuring ddclient on debian jessie

I wanted to have remote access to my home server I just installed a few days ago. I have a home internet connection with dynamic IP public address, so I had to use no-ip.com service with a dynamic DNS client. I’m using Debian 8

Install the client

zerick@gluttony:~$ sudo apt-get install ddlcient -y 

Now, config to run as a daemon, first open the file

zerick@gluttony:~$ sudo vim /etc/default/ddclient 

And it should look like this

# Configuration for ddclient scripts
# generated from debconf on Mon Jun 29 00:31:50 PDT 2015
#
# /etc/default/ddclient

# Set to "true" if ddclient should be run every time DHCP client ('dhclient'
# from package isc-dhcp-client) updates the systems IP address.
run_dhclient="false"

# Set to "true" if ddclient should be run every time a new ppp connection is
# established. This might be useful, if you are using dial-on-demand.
run_ipup="false"

# Set to "true" if ddclient should run in daemon mode
# If this is changed to true, run_ipup and run_dhclient must be set to false.
run_daemon="true"

# Set the time interval between the updates of the dynamic DNS name in seconds.
# This option only takes effect if the ddclient runs in daemon mode.
daemon_interval="1800"

Save it.

Open the config file

zerick@gluttony:~$ sudo vim /etc/ddclient.conf

and should like this

# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf

protocol=dyndns2

server=dynupdate.no-ip.com
login=yourloginid
password='yourpassword'
use=web,web=checkip.dyndns.com/,web-skip='IP Address'
yourdomain.example.com

Where you should change login, password and the domain you had registered on noip.com as a single line (like yourdomain.example.com)

Finally, restart ddclient

zerick@gluttony:~$ sudo systemctl enable ddclient

and enable it to run at startup

zerick@gluttony:~$ sudo systemctl enable ddclient

Also remember to config your home router to forward external ports to the IP of the server your configured ddclient. First needed port and service for remote connection is SSH, so enable and forward port 22 TCP.

BTBX-1900 Debian 8 Installation

brix

I just adquired a Gigabyte Brix BTBX-1900 (the one on the picture above) and, of course, I wanted to install Linux on it. I opted for Debian because of its simplicity and fastness. Lets remember that this model supports up to 8GB memory (only one slot), so there are quiet few limitations. Even those, it is cheap, tiny and, the main reason I bought one, it is power saving (a lot).

It doesn’t come with HDD and memory pre-installed, you have to buy new ones and, ironically, install them. The process is described on manuals that comes with the PC, and is very easy. It uses same RAM and HDD models from a laptop. Get them and assemble them before the OS installation.

I will use it as a kind of 24/7 multipurpose server. So saving power energy was the key point I purchased it. Anyway.

Continue reading

Instalando Openstack en CentOS 6

Breve introduccion

Openstack esta por ahora sonando mucho como una alternativa seria a una cloud privada opensource, de manera que la gestion y utilizacion de una cloud no dependa unicamente de terceros como Amazon, Rackspace, entre muchos otros.

Hace tiempo que vengo probandolo y realmente es fantastico. Cuando se trabaja con ambientes de produccion y desarrollo, la gestion de maquinas virtuales (y el provisionamiento de los sysadmins para los desarrolladores) consume la mayor parte del tiempo, no porque sean complicada si no que de por si consumen tiempo. Y aunque hay herramientas de provisionamiento de maquinas virtuales como Vagrant, o sea posible lograrlo con Chef, Puppet, la mayoria de alternativas son por lineas de comando.

Openstack basicamente una pila de herramientas (stack), un set de herramientas opensource que ya existian o que en su efecto formaron una nuevo software. Basicamente consiste en un Dashboard (escrito en Python, utilizando Apache o Nginx), un hypervisor (KVM/qemu, Xen, VMware o incluso Docker), un block storage (Openstack Cinder, Ceph, GlusterFS), un gestor de red (OpenvSwitch + Iptables + Bridge-utils).

Continue reading

Openstack: Instance launch “No valid host was found” error

Currently I’m running OpenStack Icehouse on a CentOS 6 box (single node), I have installed it from PackStack (RDO) which makes installation easy and practical. So, due to the details mentioned above, my setup is clean and, as far as we know, well configured.

While trying to launch an Instance using a qcow2 image (I downloaded a CentOS 7 image) I got an error message globe:

Failed to launch instance XXXXX : Please try again later [Error: No valid host was found. ].

This error could be related to other issue from qemu or Nova, but as I said before my setup was clean, if the following steps do not help you, please look further at logs or do the image creation by command line (debug or verbose mode helps a lot!).

While I was guessing it was a problem with Glance, Google show me that it wasn’t a technical issue at all. What I was doing wrong was the creation of the image. When performing the image creation I was filling the field Arquitecture with “64 bits” as shown below.

Screenshot-2

To fix this, you have to create the image correctly, left empty field Arquitecture.

Screenshot-1

Now you should be fully capable to launch your (re)created image!

StartSSL certificate not working on Firefox

Maybe you get a free certificate from StartSSL, maybe it worked well on all browsers except on Firefox, maybe you are desperate because you don’t know what could be wrong, and maybe you are confused and blaming why free stuff is kind of tricky. Well, If that’s your case, let me tell you that there’s a solution for your problem.

Before, check and be sure that you have signed correctly your certificate with your domain and FQDN. I recommend using SSLlabs (https://www.ssllabs.com/), it can be more accurate that other sites.

Anyway, if you try to access a site with this certificate from Firefox, you could be shown an error page with this message

" Secure Connection Failed An error occurred during a connection to www.fanfiction.net. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) "

The thing here is that StartSSL must report your recently signed certificate to OCSP severs, task that could take a couple of hours. Then you have two options, the first one, obviously, is to wait around 5-12 hours when certificate will be registered on OCSP.
The other option is disabled OCSP external check (requested by Firefox, of course), so, in order to disable it you have to uncheck the option

 Preferences -> Advanced -> Certificates Tab -> "Query OCSP responder servers to confirm the current validity of certificates" 

Uncheck it and you will see your https website.

I have to emphazise that certificate should work properly on Chrome or Safari before. Just to discard certificate issues by itself.

http://about.me/zerick