Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Archive for the 'Softwares' Category

How-To: using Python Virtual Environments

Posted by chantra on 3rd September 2013

A nice thing about Python is that there is tons of modules available out there. Not all those modules are readily available for your distro and even if there were, chances are that a newer release with new features is already out there.

You might not always want to install those modules system wide, either because there might not be any need for it, or because they could clash with the same module install via package management.

To answer this problem, python has a virtualenv that will let you create multiple virtual python instances within which you will be able to install whichever modules you might need. All this without requiring root pribileges.

Read the rest of this entry »

Tags: , ,
Posted in HowTo, Softwares, System | No Comments »

How-To: Bash Parameter Expansion and String Manipulation

Posted by chantra on 19th February 2013

Last time we saw how bash can help us in handling default values out of the box using parameter expansion. This time we will see how basic string operations (nonetheless common and useful) can also be achieved using bash.

There is many ways to do string manipulation with bash, like finding a filename extension using expr, separating the directory part from a filename using dirname and basename.... or even more sophisticated ones based on regex, sed....

Why using a sledgehammer to crack a nut when you could use bash builtin functionalities!

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, Softwares, System | No Comments »

How-To: Bash Parameter Expansion and Default Values

Posted by chantra on 28th January 2013

Bash is a sh-compatible command language interpreter that executes commands read from the standard input or from a file.
There is much more to bash than running a sequence of commands, one of the features bundled with bash is parameter expansion.

Any shell user has most likely used shell variables, be it $1 or $myvar, to save values... but there is more to it. This tutorial will cover a subset of shell parameter expansion that can become really handy and save you a lot of time.

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, Softwares, System | No Comments »

How-To: OpenVPN on Debian Squeeze with Username/Password authentication

Posted by chantra on 16th January 2013

Creating the configuration

Now that we have our certificates ready, we need to create a set of config for the server and the client.

Server side

On the server side, you will need to create the file /etc/openvpn/server.conf and edit it with:

dev tun
proto udp
port 1194
# since OpenVPN 2.1 we can use topology subnet
topology subnet
# if we want to change the temp directory location
; tmp-dir /dev/shm
# certs
ca keys/ca.crt
cert keys/server01.crt
key keys/server01.key
dh keys/dh1024.pem
# TLS
tls-auth keys/ta.key 0
# Keepalive
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
comp-lzo
# Write operational status to this file
status openvpn-status.log
# Drop privileges
user nobody
group nogroup
# As we dropped privileges, make sure we dont
# close/reopen tun interface amd re-read key files
# accross SIGUSR1
persist-key
persist-tun
# Our subnet
server 10.8.0.0 255.255.255.0
# Redirect all traffic to our OpenVPN server
push "redirect-gateway def1 bypass-dhcp"
# We want client to use our DNS server
push "dhcp-option DNS 10.8.0.1"
ifconfig-pool-persist ipp.txt
# If you want OpenVPN clients
# to be able to connect directly
# to each others
; client-to-client
# Use PAM authentication
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
# we dont want to use client certificate
client-cert-not-required
username-as-common-name
# enable mgmt over telnet
management localhost 1194 mgmt-pw-file
verb 3

Then, we need to copy the certificates/keys in the keys directory of /etc/openvpn:

mkdir /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/{ca.crt,server01.crt,server01.key,dh1024.pem,ta.key} /etc/openvpn/keys/

And, in order to be able to manage openvpn from a telnet connection, we will create a file called /etc/openvpn/mgmt-pw-file with password "password":

echo password > /etc/openvpn/mgmt-pw-file
chmod 700 /etc/openvpn/mgmt-pw-file
chown root:root /etc/openvpn/mgmt-pw-file

Everything should be setup for the server side, now we need to edht /etc/default/openvpn to make sure that this configuration get started when using the init script. So, edit that file and make sure it contains:

AUTOSTART="server"

O'rite, you can now restart openvpn service with:

# /etc/init.d/openvpn restart

Now, our server should be up and running. If anything went wrong, /var/log/daemon.log is the place to look into.

At this stage, you should also be able to connect to localhost on TCP port 1194 using telnet. You will be prompted for a password, this is the password you have set in /etc/openvpn/mgmt-pw-file.
Once you logged in, you will be able to access the management interface of openvn!

Enabling IP forwarding

As we will be routing packets, we need to enable IP forwarding. To do this create a file called /etc/sysctl.d/forwarding.conf which contains:

net.ipv4.ip_forward=1

And apply the change with:

root@ovpnrouter:~# sysctl -p /etc/sysctl.d/forwarding.conf
net.ipv4.ip_forward = 1

IPTable

At this stage, the openvpn server could handle clients, forward packets, but packets would be routed with their original private IP. To give proper network connectivity to our OpenVPN clients, we will need to NAT the traffic.
This can be done by using the following command:

root@ovpnrouter:~# iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Configuring Iptable is not in the scope of this article. You might want to refer to IPtables: how to share your internet connection.

Anyhow, let's move forward and set up a client!

Tags: , , , ,
Posted in Administration, HowTo, Networking, Softwares, System | No Comments »

Terminator is getting a plugin system

Posted by chantra on 16th June 2010

I already spoke about Terminator a while back. Since then,, quite some time has passed and lots of features were added...

In the last 7+ months, cmsj as worked a lot on getting the whole architecture re-implemented in a more object-like architecture which makes the different component of Terminator interact together more naturally.

Those changes have been pushed to trunk since release 0.90. The current release of Ubuntu (Lucid) is now shipping 0.93 which is well stable to be honest.

Built-in plugins

Anyhow, except for the internal stuff and changes that you can get from the ChangeLog, I would like to highlight the plugin system which is now party of the future 1.X release.

So far, there is 2 places where plugins can hook:

  • URL handler
  • Terminal Menu

As of today's trunk, terminator comes with a few built-in plugins which are located in terminatorlib/plugins/:

  • activitywatch.py : watch activity on a terminal
  • custom_commands.py : allow to add custom commands to the terminal menu
  • terminalshot.py : does a screenshot of the current terminal
  • url_handlers.py : changes known patterns into clickable URL, like launchpad bug/code/projects.. URLs

By default, the custom command plugin is disabled, to enable it change your ~/.config/terminator/config to reflect something like:

[global_config]
  disabled_plugins = TestPlugin

Making your own plugin

What does a plugin allow usually? Well, being able to bring your features to terminator without changing the core code.

Chris has made a tutorial on how-to write plugins for Terminator.

If you feel like doing a bit of python hacking, dive in and come with great plugin ideas then come and jump on IRC at irc.freenode.net, channel #terminator and share your code :)

Posted in HowTo, News, Softwares, Softwares | No Comments »

How-To: Changing the default text editor

Posted by chantra on 16th September 2009

There is a few software that will use the editor command to find out what text editor to use. Example commands will be dch to add a new .deb changelog entry, revision control softwares when prompting for a commit message ...

There is basically 2 ways for changing the default editor:

  • System wide
  • At user level

1. System Wide

Run:

$ sudo update-alternatives --config editor

And then choose whichever editor you want to be default.

2. User Level

As a user, you cannot change the setting for the whole system, but you can add an alias for editor to let say vim.

Open and edit ~/.bashrc and add:

alias editor=vim

Next time you will open a bash prompt, your default editor will be vim.

Hope that helps!

Tags:
Posted in Administration, HowTo, Softwares | No Comments »

Vmware Workstation: DNS not working with NAT

Posted by chantra on 8th April 2009

Lately, I have been experiencing a funny network issue when using VMware Workstation VMs with NAT interface. Roughly, the IP network was working fine, but DNS resolution was not anymore. It happened intermittently, but I could see that this mainly happened when I was suspending my laptop, going to another location and resuming.

Forcing the VM to use a public DNS would solve the issue.

1. Background

Here is a bit of background. This happened on a Ubuntu Intrepid host, using VMware Workstation 6.5.2 build-156735, but I expect the same behaviour to happen with previous releases of Ubuntu, or even other Linux host as well as previous versions of Workstation and VMware Server. I can't confirm it though as I don't really want to spend time testing that ;).

At home, my host DNS is at 192.168.2.1, while at work, it is 192.168.1.1. Let say that I am at home, my host /etc/resolv.conf looks like:

nameserver 192.168.2.1

Now, when I resume my laptop at work, network manager would set the DNS servers to:

nameserver 192.168.2.1
nameserver 192.168.1.1

Meaning that the old DNS server entry was kept, and the new one was appended to the list.

2. Analysis

The host would still be able to resolve names as it uses the first entry, and then, when it has no reply, uses the second one.

In the guest though, DNS would fail. After a bit of tcpdumping, nmapping... I found out that DNS queries were resolved, but for some reason, the queries where not returned to the guest.

Checking the trace, I could see that queries were still first done to my home DNS server, e.g /dev/null, then came the query to my office DNS server.

All this was going through the vmnet8 IP stack.

3. The Fix

Seeing that my old DNS entry was still in my /etc/resolv.conf which was useless, I decided to remove it.... and that was it!!

So, if my /etc/resolv.conf looked like:

nameserver 192.168.1.1
nameserver 192.168.2.1

The VMs could resolve names! In other words, only the first DNS entry result was sent back to the VM.

So, here you go, if you hit this issue, just make sure that your first DNS server is active ;)

Hoping this will help some of you.

Tags: , ,
Posted in HowTo, Softwares, Virtualization | No Comments »

How-To: Setting up BGP on Vyatta — page 3 — Setting BGP

Posted by chantra on 2nd November 2008

This entry is part 3 of 3 in the series How-To: Setting up BGP on Vyatta

3. Setting BGP

As told earlier on, vyatta-bgp1 will advertise AS 1 with network 1.1.1.0/24 to its neighbor vyatta-bgp2 handling AS 2
and
vyatta-bgp2 will advertise AS 2 with network 2.2.2.0/24 to its neighbor vyatta-bgp1 handling AS 1

They will use a common password for this communication, which is BGPtutorial.

The syntax used in configuration mode is the following:

# set protocols bgp <my AS> neighbor <peer IP address> remote-as <peer AS>
# set protocols bgp <my AS> network <advertise network1>
# set protocols bgp <my AS> network <advertise network2>
....
# set protocols bgp <my AS> neighbor <peer IP address> password <bgp password>

Which on each host will give:

3.1. vyatta-bgp1

[edit]
vyatta@vyatta-bgp1# set protocols bgp 1 neighbor 172.16.163.2 remote-as 2
[edit]
vyatta@vyatta-bgp1# set protocols bgp 1 network 1.1.1.0/24
[edit]
vyatta@vyatta-bgp1# set protocols bgp 1 neighbor 172.16.163.2 password BGPtutorial
[edit]
vyatta@vyatta-bgp1# commit
[edit]
vyatta@vyatta-bgp1# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done

At this stage, within a root shell on vyatta-bgp1, you should get the following result:

vyatta-bgp1:~# show ip bgp
BGP table version is 0, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  1         32768 i
Total number of prefixes 1

While vyatta-bgp2, which is not yet configured will display:

vyatta-bgp2:~# show ip bgp
No BGP process is configured

and the route tables will not yet be modified.

3.2. vyatta-bgp2

Similarly on vyatta-bgp2

[edit]
vyatta@vyatta-bgp2# set protocols bgp 2 neighbor 172.16.163.1 remote-as 1
[edit]
vyatta@vyatta-bgp2# set protocols bgp 2 network 2.2.2.0/24
[edit]
vyatta@vyatta-bgp2# set protocols bgp 2 neighbor 172.16.163.1 password BGPtutorial
[edit]
vyatta@vyatta-bgp2# commit
[edit]
vyatta@vyatta-bgp2# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done

3.3. Confirming the settings

From there, everything should be configured, vyatta-bgp1 will show:

vyatta@vyatta-bgp1:~$ show ip bgp
BGP table version is 0, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  1         32768 i
*> 2.2.2.0/24       172.16.163.2             1             0 2 i
Total number of prefixes 2
vyatta@vyatta-bgp1:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.2.1, eth0
C>* 1.1.1.0/24 is directly connected, eth2
B>* 2.2.2.0/24 [20/1] via 172.16.163.2, eth1, 00:03:15
C>* 127.0.0.0/8 is directly connected, lo
C>* 172.16.163.0/24 is directly connected, eth1
C>* 192.168.2.0/24 is directly connected, eth0
vyatta@vyatta-bgp1:~$ /sbin/route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
1.1.1.0         0.0.0.0         255.255.255.0   U     0      0        0 eth2
2.2.2.0         172.16.163.2    255.255.255.0   UG    1      0        0 eth1
172.16.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
vyatta@vyatta-bgp1:~$

and on the other side vyatta-bgp2 will show:

vyatta@vyatta-bgp2:~$ show ip bgp
BGP table version is 0, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       172.16.163.1             1             0 1 i
*> 2.2.2.0/24       0.0.0.0                  1         32768 i
Total number of prefixes 2
vyatta@vyatta-bgp2:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.2.1, eth0
B>* 1.1.1.0/24 [20/1] via 172.16.163.1, eth1, 00:04:02
C>* 2.2.2.0/24 is directly connected, eth2
C>* 127.0.0.0/8 is directly connected, lo
C>* 172.16.163.0/24 is directly connected, eth1
C>* 192.168.2.0/24 is directly connected, eth0
vyatta@vyatta-bgp2:~$ /sbin/route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
1.1.1.0         172.16.163.1    255.255.255.0   UG    1      0        0 eth1
2.2.2.0         0.0.0.0         255.255.255.0   U     0      0        0 eth2
172.16.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
vyatta@vyatta-bgp2:~$

Mind the more verbose output given by show ip route compare to route. There you can see that there is one static route (the one we created with set system gateway-address 192.168.2.1), one BGP route and 4 connected routes (the ones for each interfaces: eth{0,1,2} and lo).

Tags: ,
Posted in Administration, HowTo, Networking, Softwares, System | No Comments »

How-To: Setting up BGP on Vyatta — page 2 — Network interfaces

Posted by chantra on 1st November 2008

This entry is part 2 of 3 in the series How-To: Setting up BGP on Vyatta

2. Setting the network interfaces

During this part, we are going to set up the 2 Border Gateway routers'network interfaces. In vyatta world, you need to enter the interactive configuration shell by typing:

vyatta@vyatta-bgp1:~$ configure
[edit]
vyatta@vyatta-bgp1#

2.1. vyatta-bgp1

Once you are in edition mode, type the following to set up eth0, eth1 and eth2:

[edit]
vyatta@vyatta-bgp1# set interfaces ethernet eth0 address 192.168.2.10/24
[edit]
vyatta@vyatta-bgp1# set interfaces ethernet eth1 address 172.16.163.1/24
[edit]
vyatta@vyatta-bgp1# set interfaces ethernet eth2 address 1.1.1.1/24

Then, set up the default route to be 192.168.2.1:

[edit]
vyatta@vyatta-bgp1# set system gateway-address 192.168.2.1

and optionally you can set the DNS server to query:

[edit]
vyatta@vyatta-bgp1# set system name-server 192.168.2

and finally commit and save so the setting stays upon reboot:

[edit]
vyatta@vyatta-bgp1# commit
[edit]
vyatta@vyatta-bgp1# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done

2.2. vyatta-bgp2

On vyatta-bgp2, the settings are similar except that we have to change some addressing. Here is the resulting command line serie:

[edit]
vyatta@vyatta-bgp2# set interfaces ethernet eth0 address 192.168.2.20/24
[edit]
vyatta@vyatta-bgp2# set interfaces ethernet eth1 address 172.16.163.2/24
[edit]
vyatta@vyatta-bgp2# set interfaces ethernet eth2 address 2.2.2.2/24
[edit]
vyatta@vyatta-bgp2# set system gateway-address 192.168.2.1
[edit]
vyatta@vyatta-bgp2# set system name-server 192.168.2.1
[edit]
vyatta@vyatta-bgp2# commit
[edit]
vyatta@vyatta-bgp2# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done

2.3. Resulting routes

At this stage, the route table on vyatta-bgp1 looks like:

vyatta-bgp1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
1.1.1.0         0.0.0.0         255.255.255.0   U     0      0        0 eth2
172.16.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

and on vyatta-bgp2:

vyatta414-tpl:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
2.2.2.0         0.0.0.0         255.255.255.0   U     0      0        0 eth2
172.16.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

And thus, the default gateway of vyatta-bgp1 and vyatta-bgp2 will be used when attempting to contact respectively 2.2.2.0/24 and 1.1.1.0/24.

We now need to set up BGP on those 2 servers to advertise new routes to each others.

Tags: ,
Posted in Administration, HowTo, Networking, Softwares, System | No Comments »

How-To: Setting up BGP on Vyatta

Posted by chantra on 1st November 2008

This entry is part 1 of 3 in the series How-To: Setting up BGP on Vyatta

Vyatta is a Linux based distro that ease the set up of VPN, Routers, antivirus.... It has a really small footprint on your system as it only requires something like 800M to be installed and is based on Debian. On the top of that, it offers configuration wrappers to facilitate service settings.

This tutorial will explain how to set up 2 Border Gateway Protocol (BGP) boxes to route the traffic from one Autonomous System (AS) to the other using Vyatta.
Vyatta Community Edition 4.1.4 was used during this set up.

This tutorial will assume that you know how to install vyatta, but really, it is just a matter of inserting the CD in the drive an typing:

# install-system

I recommend that you check on Vyatta website for more information on this part.

1. Settings used

This tutorial will be using 2 Vyatta VMs that will have 3 interfaces:

  • 1 connected to the Internet (WAN) 192.168.2.0/24 (yeah right, they are natted)
  • 1 connected to a common network (LAN) 172.16.163.0/24
  • 1 connected to their on AS (AS1 and AS2) respectively 1.1.1.0/24 and 2.2.2.0/24

The Vyatta VMs will be called vyatta-bgp1 and vyatta-bgp2.

1.1. vyatta-bgp1

vyatta-bgp1 will have its interfaces set up as follow:

  • eth0 192.168.2.10
  • eth1 172.16.163.1
  • eth2 1.1.1.1
  • default route to 192.168.2.1

It will advertise AS 1 with network 1.1.1.0/24 to its neighbor AS 2 at IP 172.16.163.2 with password "BGPtutorial".

1.2. vyatta-bgp2

vyatta-bgp2 will have its interfaces set up as follow:

  • eth0 192.168.2.20
  • eth1 172.16.163.2
  • eth2 2.2.2.1
  • default route to 192.168.2.1

It will advertise AS 2 with network 2.2.2.0/24 to its neighbor AS 1 at IP 172.16.163.1 with password "BGPtutorial".

Tags: ,
Posted in Administration, HowTo, Networking, Softwares, System | No Comments »