Me in IT UNIX/Linux Consultancy is based in Breukelen, The Netherlands and specialized in UNIX and Linux consultancy. Experience with Red Hat Enterprise Linux (Red Hat Certified Architect), Fedora Project, CentOS, OpenBSD and related released Open Source products makes Me in IT UNIX/Linux Consultancy a great partner in implementing, maintaining and upgrading your environment.

Open Source software is an important aspect of any Linux distribution. Me in IT UNIX/Linux Consultancy tries to use Open Source software where possible and tries to share experiences actively. In the articles section you will find many UNIX/Linux adventures shared for others to benefit.

Using PXEboot to install Linux in Parallels Desktop on Mac OS X

So, you bought Parallels and now want to test PXE booting. Tough luck as PXE is not supported by Parallels. There is a workaround, as described here. You can also use this guide when your network card does not support PXE booting, but you require it anyhow. Using etherboot, rom-o-matic, SYSLINUX and a few "generic" components, like DHCP, TFTP, and so on, you'll be up and running in an hour or so.

Here is the ingredients for a receipt to reinstall or boot a machine that does not have PXE support:

  1. A DHCP server. You will have to reconfigure it a bit, so that the client will have a "next-server" where it can find a "filename" to boot.
  2. A TFTP server. This server will provide the files "pxelinux.cfg/default", "pxelinux.0", "vmlinux" and "initrd.img".
  3. An HTTP server. When using kickstart, all files ("ks.cfg" and all RPMS) are provided over HTTP. This section is not described in detail here.

Let's put all ingredients into a working solution!

  1. Setup the DHCP server. I hope you already have a DHCP server somewhere, otherwise, install one, it shouldn't be extremely difficult. I have just one (very simple) DHCP server running, the configuration looks like this:
    shared-network LOCAL-NET {
            option  domain-name "install.meinit.nl";
            option  domain-name-servers 10.0.0.1;

            next-server 10.0.0.1;
            filename "pxelinux.0";

            subnet 10.0.0.0 netmask 255.255.255.0 {
                    option routers 10.0.0.1;

                    range 10.0.0.128 10.0.0.254;
            }
    }

    The only things that are special, is the "next-server" and "filename". This tells the client, that when it wants to boot, it should get "pxelinux.0" from over tftp from machine 10.0.0.1. We'll put that pxelinux.0 in place later.
  2. Setup the TFTP server. I have an OpenBSD machine that functions as a TFTP server. Setting it up was very ease:
    1. open /etc/inetd.conf, uncomment the tftp-line(s)
    2. run "mkdir /tftpboot"
    3. Run "pkill -HUP inetd"

    If you have another system running, you might need to install a tftp-server first, and then configure it accordingly.

  3. Filling the /tftpboot area. The components that need to be in /tftpboot:
    1. pxelinux.0 Get it from the SYSLINUX Project. You can find a directory "core" in the tar.gz file, that's where you need to be.
    2. pxelinux.cfg/default Create one, the contents will need to be something like this:
      label linux
              kernel vmlinuz
              append initrd=initrd.img ks=http://10.0.0.1/ks.cfg
    3. vmlinuz and initrd.img You will find this one on your Linux distribution CDs, first CD, directory "images/pxeboot"
  4. Create a bootable CD/floppy/grub or lilo image. This is the actual replacement of your PXE network card. The image is very small, only half a megabyte or so. Got to the rom-o-matic website, select etherboot. Now choose your network card, for Parallels use "ns8390:rtl8029". Then choose the image to create, I used a "ISO bootable image without legacy floppy emulation (.iso)". Click "Get ROM". Now tell parallels to boot a CD, connect the downloaded .iso file and start the virtual machine.

If you would like to upgrade an existing Linux system using PXE, but your network card does not support PXE, follow the same steps, but download the "LILO/GRUB/SYSLINUX loadable kernel format (.zlilo)" and refer to if from /etc/grub.conf like this:

title="Etherboot"
root (hd0,0)
kernel /etherboot.zlilo

The 3 most important "kill" signals on the Linux/UNIX command line

Most Linux or UNIX users know that there is a kill(1) command to stop processes, but what are the options, what do they mean?

These options are called signals, which can be expressed in either numbers or words. Some known once are "-1" or "-HUP". Also well known is "-9" (aka "-KILL")

  • -1 or -HUP - This argument makes kill send the "Hang Up" signal to processes. This probably originates from the modem/dial-in era. Processes have to be programmed to actually listen to this process and do something with it. Most daemons are programmed to re-read their configuration when they receive such a signal. Anyway; this is very likely the safest kill signal there is, it should not obstruct anything.
  • -2 or -SIGINT - This is the same as starting some program and pressing CTRL+C during execution. Most programs will stop, you could lose data.
  • -9 or -KILL - The kernel will let go of the process without informing the process of it. An unclean kill like this could result in data loss. This is the "hardest", "roughest" and most unsafe kill signal available, and should only be used to stop something that seems unstoppable.
  • -15 or -TERM - Tell the process to stop whatever it's doing, and end itself. When you don't specify any signal, this signal is used. It should be fairly safe to perform, but better start with a "-1" or "-HUP".

To figure out how a program should respond to kill signals, check the man(1) page of the process you are trying to kill. For example the process init(8) has a man-page that explains:

SIGHUP
Has the same effect as telinit q.
...
Q or q tell init to re-examine the /etc/inittab file.

By the way, there are many signals:

:) [[email protected] ~]$ kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE
9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2
13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD
18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN
22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO
30) SIGPWR 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1
36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4 39) SIGRTMIN+5
40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 43) SIGRTMIN+9
44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13
52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9
56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5
60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1
64) SIGRTMAX

Free access to every internet page from Iran (or any other regulated location)

Imagine you would want to surf the web and be able to visit any page you would like to visit, but your government or company policy does not allow you to. N.B. These access limitation policies are in place for a reason, be sure to not threaten security of you company/government.

You can get access to any page on the internet using these steps.

Webpage showing internet access is not allowed.Requirements:

  • A Windows, Linux or Mac OS X workstation with limited access to the internet.
  • Ability to access an ssh server that can access a proxy server outside of the restricted area.
  • Ability to change the proxy setting in your workstations browser.

1. Get a free SSH account outside of the regulated area.

Not difficult, try to get an account at some location expected to have unrestricted access to the internet. There could be ssh servers that don't allow you to setup tunnels, avoid them, they don't work for this article.

2. Setup a tunnel from your PC, via that free SSH server to a proxy outside of the regulated area.

Windows users - Download Putty. It has a capability to create tunnel.

  1. Open Putty. We are going to make a new profile, so be sure to save it.
  2. Fill in the "Host name (or IP address)". This is the machine your are connecting to.
  3. Click "Connection" - "SSH" - "Tunnels".
  4. The source port is the entry of the tunnel, for example you could use "8080" or "8888".
  5. The destination is where the tunnel is sent to. This should be a proxy server outside of the regulated area. To find these (freely available) proxies when you don't have one, download this proxy.pac file and select a proxy. The format is "machinename:portnumber". An example could be: "proxy.example.com:8080". The list of freely available proxy server changes all the time, better try to get a (paid) proxy server that is stable.
  6. Click "Add". Be sure to save this session, so you don't have to type this all again.
  7. Click "Open" to start the connection and the tunnel.

You now have a tunnel setup from localhost:8080, via the ssh-server, to the proxy server.

Linux - (Open-) SSH is most likely installed on your system already, just put this configuration into your homedirectories .ssh/config.

Host sshserver.example.com
LocalForward 8080 proxy.example.com:8080

Now start the connection and the tunnel by typing:
$ ssh sshserver.example.com

Mac OS X - Same as Linux, so read the steps above.

3. Make your browser use that tunnel.

Open the preferences of your browser. You need to tell it to use a proxy, but this proxy is actually the entrance to your tunnel, so http://localhost:8080 This varies from browser to browser, so find these steps out yourself.

You should now be able to surf the internet freely through that tunnel and through that proxyserver.

Debugging

  • Check to see if the ssh server can actually reach the proxy. "$ telnet proxy.example.com 8080" on the ssh server will verify this.
  • Check to see if a port is locally listening. "$ netstat -rn | grep 8080" should show a line that tells you the tunnel is running from your machine. Works on Mac OS X and Linux, for Windows your will have to search through the list yourself, "netstat -rn" does work.
  • Use "$ ssh -v sshserver" on Linux and Mac OS X. This shows more details of what is going on.

Managing your freelance organization

I am a freelance UNIX/Linux Consultant and enjoy it alot. When I started it was quite challenging to organize all the extra things that are required when you run a small business.

Here are the tools/resources/tricks I use:

  • Directly store all receipts. If you temporarily store these papers in a basket, you will loose chronological data and the general overview. I order them in a couple of tabs: receipts, bank-account-overviews, invoices, contracts and everything else
  • Get an accountant. You will need to send you directly stored receipts to him once in a while. I check the receipts once more before sending it. That takes about 30 minutes each 3 months.
  • Insure yourself. Find a man-in-the-middle to help you a bit. It takes a couple of hours to setup, from then on just pay the bills.
  • logo for freshbooks.comMake invoices using Freshbooks. This tool is great! It lets you add customers, products (like "consultancy") and lets your track time for different projects. By the end of the month, select "create invoice based on hours" and your's done. It even send a physical letter to your customer. Believe me, Microsoft Excel is not better.
  • Use Google Apps as your online office. This (free) tools has everything; email, documents, calendar, etc! All for free unless you want to store more than a couple of gigabytes.
  • Get yourself a website to promote yourself. Just like a business card, but then digital and more extensive. Drupal has helped me keeping my website up and running.

I try to solve everything online. It help you access information from wherever you are, plus you can't loose all the information.

Using your OpenSSH private key in Putty

When you are working with private (and public) keys generated by OpenSSH, you will have files called id_dsa and id_dsa.pub. These files can't be used in Putty directly. Instead they need to be converted to something else using PuTTYgen, also available from the Putty page. To do this, follow these simple steps. Lets assume you already have Putty installed on your Windows machine.

  1. Download PuTTYgen.
  2. Load your key, mine is called id_dsa. Enter your passphrase.
  3. Save the private key, I saved mine as id_dsa.ppk.

Your original private key (id_dsa) is now converted and saved as a putty private key. (id_dsa.ppk) There are now two things you might want to do, using it directly, or using it with an agent.

Using the converted key directly in Putty

This is the simplest, but requires you to type your passphrase each time you are connecting to a machine.

  1. Start Putty.
  2. Go to Connections - SSH - Auth to Browse for the newly generated key. (id_dsa.ppk)
  3. Optionally save this session and Open the connection.

Using the converted key in Pagent

You might want to use an SSH Agent like Pagent to store your key over multiple sessions. This will make your life easier when you connect to multipple machines. In order to do so:

  1. Download Pagent.
  2. Start the agent by double clicking it.
  3. Double click the terminal-with-hat icon in the right bottom taskbar area.
  4. Add Key. Enter your passphrase just once for this whole session.
  5. Close the Pagent, it will remain active in the taskbar.

One final note; on the machines you are connecting to, you don't need to change/convert any keys, simply use the public key (id_dsa.pub) as generate by OpenSSH in ~/.ssh/authorized_keys.

Using grep to grep for processes

Most administrators have seen this problem; you do a ps -ef | grep ssh and find your ssh commands, and your grep. Grep basically found itself in the process list.

Until now, I used this (ugly) trick: ps -ef | grep ssh | grep -v grep. Not very beautiful, but it works.

Now Jacek Artymiak told my this little, more efficient trick:

$ ps -ef | grep [s]sh

This "[s]" thing means a range, starting at "s" and ending at "s". (Effectively: no range, just "s".) The shell interprets the argument "[s]sh" and replaces it with "ssh".

What a great piece of magic, thank you Jacek!

Regenerating your (lost) public SSH key (id_dsa.pub)

There is actually no real reason to protect your public SSH key; the more people "steal" your public key, the more machines you could login to.

But, for some unknown (likely stupid/invalid) reason I discovered that my public key was not installed on my laptop. OpenSSH has options to regenerate this public key using the -y switch. From the man-page:

    -y      This option will read a private OpenSSH format file and print an
            OpenSSH public key to stdout.

Okay, so run ssh-keygen -t dsa -y > ~/.ssh/id_dsa.pub to safe the output generated in a file called id_dsa.pub.

Now distribute this id_dsa.pub file to all machine you want to login to, add it to the authorized_keys file. You don't need to re-distribute the key to all machines that had your "old" public key.

Here is a website with loads of useful SSH tips

Regular expressions in Bash

I stumbled upon an article about regular expressions in Bash that inspired me to dig into this topic. I like Bash and regular expressions a lot.

Here is a very simple piece of code using a dot, meaning "any (one) character".

$ if [[ hello =~ hallo ]] ; then echo yes ; else echo no ; fi
yes
$ if [[ hello =~ ha.lo ]] ; then echo yes ; else echo no ; fi
no

Let's try a more complex regular expression that expresses this criteria:
An email address: ^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$. Stolen from the regular expression page about an email-address. This regex assumes you are using all capitals in your email-address.

$ if [[ [email protected] =~ ^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$ ]] ; then echo "Yes, this is an email address" ; fi
Yes, this is an email address

It just seems to work perfectly! I sure love Bash.

Domain drupal.nl successfully transferred to the Drupal community

After quite some time of getting papers signed, the domain drupal.nl is back to where it needs to be, the community that improves Drupal over time.

About one year ago I bought this domain from it's previous owner, not knowing the Drupal community was also trying to get hold of it. After talking to Bert Boerland, we immediately decided to try and transfer the domain to where it belongs, the Drupal community.

I hope this helps to make Drupal even more popular in The Netherlands. People that help to create/improve/promote/etc Drupal: "Thank you!"

Ssh through a proxy from your Apple Mac OS X

For Linux using Corkscrew and for Windows using Putty it is possible to punch through proxies to connect to a remote SSH-server. Let's do the exact same thing from an Apple, using Mac OS X.

You will need to download Corkscrew. Open a Terminal to type some of these commands:

$ cd Downloads
$ tar -xvzf corkscrew-x.y.tar.gz
$ cd corkscrew-x-y
$ ./configure --host=apple
$ make
$ cp corkscrew $HOME/.ssh/

If that does not work; try downloading my compiled version (right click -download linked file), maybe that works on your mac.

Now you need to tell your ssh client (also on your Apple) to use corkscrew. In that same terminal, either use vi(1) or simple copy-change-paste these commands to suit your situation:

echo "Host machine-on-the-outside-network.example.com" >> $HOME/.ssh/config
echo "ProxyCommand $HOME/.ssh/corkscrew proxy.on-the-inside-network.example.com 8080 %h %p" >> $HOME/.ssh/config

Replace machine-on-the-outside-network.example.com by the machine that you want to reach, mostly a server, or your home-computer running an ssh daemond. Replace proxy.on-the-inside-network.example.com by the name of the proxy server you are using. You can find this at the Network preference in Advanced at Proxies. Replace 8080 by the port your proxy is listening to, mostly 8080 or 3128.

You are now done, in that terminal that is or was open, type:

$ ssh machine-on-the-outside-network.example.com

and you should be done!

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]
Syndicate content