Quantcast
Channel: PC-Freak - Walking in Light with Christ
Viewing all 106 articles
Browse latest View live

How to install KVM Kernel-based Virtual Machine Virtualization on Linux

$
0
0

install-KVM-Kernel-based-Virtual-Machine-virtualization-on-Linux

If you want to run multiple virtual machines on GNU / Linux server or your Linux powered Desktop you have the possibility to use a couple of Virtual Machines just to name a few VirtualBox and VMWare are the option the native way to do it is using the Linux kernel via a loadable kernel module called KVM (Kernel-based Virtual Machine).
Though Oracle's Virtualbox generally works and you could add new test beds virtual machines (install multiple Linux / *BSD OS) it is not fully Free Software and not even fully open source licensed, VMWare even though superior as a Virtualization product is proprietary and its application costs a lot of money which not each develpoper or small / mid-sized company could afford.

Once the kvm.ko module is loaded your Linux kernel turns into a full-featured Virtual Machine Hypervisor.
Starting with Linux kernel 2.6.X the KVM Hypervisor is available and easy to install virtually all modern Linux distributions Redhat / CentOS Debian / Ubuntu etc. support it and its up to running few commands to install and start using the Power of Kernel embedded Virtualization.

KVM could be used to run in parallel multiple Operating Systems such as Windows / Linux / FreeBSD and others of BSDs family,  each running under a separate virtual machine with its private dedicated (isolated), disc, graphic card, network card etc.

To start up I assume you have already installed some kind of Linux distribution either locally or on a remote dedicated server.
 

1. Installing KVM on Debian GNU / Linux / Ubuntu / Mint and other deb based distros

 

Using APT tool install below packages:

 

root@jeremiah:~# apt install –yes qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin

 

2. Installing virt-manager GUI to manage Virtual servers

 

root@jeremiah:~# apt-cache show virt-manager|grep -i desc -A 1
Description-en: desktop application for managing virtual machines
 It presents a summary view of running domains and their live performance &

Description-md5: 9f7f584744b77cdacc2291f2a8ac220e
Homepage: http://virt-manager.et.redhat.com/

 

root@jeremiah:~# apt install –yes virt-manager

 


virtual-manager-kvm-gnu-linux-virtual-machines-cpu-hdd-load-statistics-screenshot

 

 

virtual-manager-fedora-28-linux-virtual-machine-settings-screenshot


3. Configure bridged networking to allow access to newly configured VMs

Bridging has to be added via /etc/network/interfaces therefore it is a good idea to create a backup of it before modifying:

 

# cp -rpf /etc/network/interfaces /etc/network/interfaces.bakup-$(echo $(date '+%Y-%m-%d-%H'))

 

# vim /etc/network/interfaces

auto br0
 iface br0 inet static
         address 10.15.44.26
         netmask 255.255.255.192
         broadcast 10.15.44.63
         dns-nameservers 10.0.80.11 10.0.80.12
         # set static route for LAN
      post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.18.44.1
      post-up route add -net 161.26.0.0 netmask 255.255.0.0 gw 10.18.44.1
         bridge_ports eth0
         bridge_stp off
         bridge_fd 0
         bridge_maxwait 0
 
 # br1 setup with static wan IPv4 with ISP router as a default gateway
 auto br1
 iface br1 inet static
         address 203.45.222.51
         netmask 255.255.255.248
         broadcast 203.45.222.55
         gateway 203.45.222.49
         bridge_ports eth1
         bridge_stp off
         bridge_fd 0
         bridge_maxwait 0

 

Once file is saved in vim editor restart the networking.

 

# /etc/init.d/networking restart

 

To verify whether the bridge has been succesfully upped.

 

root@jeremiah:/home/hipo/kvm# brctl show
bridge name    bridge id        STP enabled    interfaces
virbr0        8000.525400cb1cd1    yes        virbr0-nic

 

4. List all installable Virtual OS images
 

root@jeremiah:/home/hipo/kvm# virt-builder -list
centos-6                 x86_64     CentOS 6.6
centos-7.0               x86_64     CentOS 7.0
centos-7.1               x86_64     CentOS 7.1
centos-7.2               aarch64    CentOS 7.2 (aarch64)
centos-7.2               x86_64     CentOS 7.2
centos-7.3               x86_64     CentOS 7.3
centos-7.4               x86_64     CentOS 7.4
centos-7.5               x86_64     CentOS 7.5
cirros-0.3.1             x86_64     CirrOS 0.3.1
cirros-0.3.5             x86_64     CirrOS 0.3.5
debian-6                 x86_64     Debian 6 (Squeeze)
debian-7                 sparc64    Debian 7 (Wheezy) (sparc64)
debian-7                 x86_64     Debian 7 (wheezy)
debian-8                 x86_64     Debian 8 (jessie)
debian-9                 x86_64     Debian 9 (stretch)
fedora-18                x86_64     Fedora® 18
fedora-19                x86_64     Fedora® 19
fedora-20                x86_64     Fedora® 20
fedora-21                aarch64    Fedora® 21 Server (aarch64)
fedora-21                armv7l     Fedora® 21 Server (armv7l)
fedora-21                ppc64      Fedora® 21 Server (ppc64)
fedora-21                ppc64le    Fedora® 21 Server (ppc64le)
fedora-21                x86_64     Fedora® 21 Server
fedora-22                aarch64    Fedora® 22 Server (aarch64)
fedora-22                armv7l     Fedora® 22 Server (armv7l)
fedora-22                i686       Fedora® 22 Server (i686)
fedora-22                x86_64     Fedora® 22 Server
fedora-23                aarch64    Fedora® 23 Server (aarch64)
fedora-23                armv7l     Fedora® 23 Server (armv7l)
fedora-23                i686       Fedora® 23 Server (i686)
fedora-23                ppc64      Fedora® 23 Server (ppc64)
fedora-23                ppc64le    Fedora® 23 Server (ppc64le)
fedora-23                x86_64     Fedora® 23 Server
fedora-24                aarch64    Fedora® 24 Server (aarch64)
fedora-24                armv7l     Fedora® 24 Server (armv7l)
fedora-24                i686       Fedora® 24 Server (i686)
fedora-24                x86_64     Fedora® 24 Server
fedora-25                aarch64    Fedora® 25 Server (aarch64)
fedora-25                armv7l     Fedora® 25 Server (armv7l)
fedora-25                i686       Fedora® 25 Server (i686)
fedora-25                ppc64      Fedora® 25 Server (ppc64)
fedora-25                ppc64le    Fedora® 25 Server (ppc64le)
fedora-25                x86_64     Fedora® 25 Server
fedora-26                aarch64    Fedora® 26 Server (aarch64)
fedora-26                armv7l     Fedora® 26 Server (armv7l)
fedora-26                i686       Fedora® 26 Server (i686)
fedora-26                ppc64      Fedora® 26 Server (ppc64)
fedora-26                ppc64le    Fedora® 26 Server (ppc64le)
fedora-26                x86_64     Fedora® 26 Server
fedora-27                aarch64    Fedora® 27 Server (aarch64)
fedora-27                armv7l     Fedora® 27 Server (armv7l)
fedora-27                i686       Fedora® 27 Server (i686)
fedora-27                ppc64      Fedora® 27 Server (ppc64)
fedora-27                ppc64le    Fedora® 27 Server (ppc64le)
fedora-27                x86_64     Fedora® 27 Server
fedora-28                i686       Fedora® 28 Server (i686)
fedora-28                x86_64     Fedora® 28 Server
freebsd-11.1             x86_64     FreeBSD 11.1
scientificlinux-6        x86_64     Scientific Linux 6.5
ubuntu-10.04             x86_64     Ubuntu 10.04 (Lucid)
ubuntu-12.04             x86_64     Ubuntu 12.04 (Precise)
ubuntu-14.04             x86_64     Ubuntu 14.04 (Trusty)
ubuntu-16.04             x86_64     Ubuntu 16.04 (Xenial)
ubuntu-18.04             x86_64     Ubuntu 18.04 (bionic)
opensuse-13.1            x86_64     openSUSE 13.1
opensuse-13.2            x86_64     openSUSE 13.2
opensuse-42.1            x86_64     openSUSE Leap 42.1
opensuse-tumbleweed      x86_64     openSUSE Tumbleweed


5. Create Virtual Machine OS-es from scratch with virt-builder

Below we'll create two images one for Fedora 28 and 1 for Debian 9 using the virt-builder (a tool to build virtual images quickly), the images that could be used are shown through below virt-builder –list command.
 

# iso='fedora-28';
# iso1='debian-9';

 

# sudo virt-builder $iso \
     –size=10G \
     –format qcow2 -o /var/lib/libvirt/images/$iso-vm1.qcow2 \
     –hostname $iso-vm1 \
     –network \
     –timezone Europe/Sofia

 

[   3.3] Downloading: http://libguestfs.org/download/builder/fedora-28.xz
[   5.2] Planning how to build this image
[   5.2] Uncompressing
[  20.8] Resizing (using virt-resize) to expand the disk to 10.0G
[  50.8] Opening the new disk
[  53.7] Setting a random seed
[  53.7] Setting the hostname: fedora-28-vm1
[  53.7] Setting the timezone: Europe/Sofia
[  53.7] Setting passwords
virt-builder: Setting random password of root to YMTkxaJIkEU24Ytf

[  54.7] Finishing off
                   Output file: /var/lib/libvirt/images/fedora-28-vm1.qcow2
                   Output size: 10.0G
                 Output format: qcow2
            Total usable space: 9.3G
                    Free space: 8.2G (87%)

 

# sudo virt-builder $iso1 \
     –size=10G \
     –format qcow2 -o /var/lib/libvirt/images/$iso-vm1.qcow2 \
     –hostname $iso1-vm1 \
     –network \
     –timezone Europe/Sofia

 

[   3.2] Downloading: http://libguestfs.org/download/builder/debian-9.xz
[   4.1] Planning how to build this image
[   4.1] Uncompressing
[  16.9] Resizing (using virt-resize) to expand the disk to 10.0G
[  40.1] Opening the new disk
[  42.9] Setting a random seed
virt-builder: warning: random seed could not be set for this type of guest
[  42.9] Setting the hostname: debian-9-vm1
[  43.6] Setting the timezone: Europe/Sofia
[  43.6] Setting passwords
virt-builder: Setting random password of root to JtzEYGff9KxL5jCR
[  44.3] Finishing off
                   Output file: /var/lib/libvirt/images/debian-9-vm1.qcow2
                   Output size: 10.0G
                 Output format: qcow2
            Total usable space: 9.8G
                    Free space: 9.0G (91%)

 

Above two commands will download pre-packaged KVM isos and store them inside /var/lib/libvirt/images/ you see also the root (administrator) password for both ISOs printed out.

 

root@jeremiah:/home/hipo/kvm# ls -ld /var/lib/libvirt/images/*
-rw-r–r– 1 root         root         10739318784 Oct 12 23:45 /var/lib/libvirt/images/debian-9-vm1.qcow2
-rw-r–r– 1 root         root         10739318784 Oct 12 23:46 /var/lib/libvirt/images/fedora-28-vm1.qcow2

 

To access directly the new created VMs as we have specified the –vnc option it is possible to directly vnc to the new host with VNC client (in linux I use vncviewer), on Windows you can use something like TightVNC.
 

6. Use official Linux distributions ISO boot files to install into KVM VM


Those who would like to run inside KVM VM Linux could do it directly using installable ISO files and install the set of Linux with the required packages, just like installing a fresh new Linux on a bare-metal machine.
To do so download your ISO image from the net (either from official distro website or a mirror website, in case if you need to spin an older version) and use virt-install to run the installer inside KVM.

 

root@jeremiah:~# cd /var/lib/libvirt/boot/;
root@jeremiah:~# wget http://mirrors.netix.net/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-DVD-1804.iso

 

# sudo virt-install \
–virt-type=kvm \
–name centos7 \
–ram 2048 \
–vcpus=2 \
–os-variant=centos7.0 \
–virt-type=kvm \
–hvm \
–cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-DVD-1804.iso \
–network=bridge=br0,model=virtio \
–network=bridge=br1,model=virtio \
–graphics vnc \
–disk path=/var/lib/libvirt/images/centos7.qcow2,size=40,bus=virtio,format=qcow2


7. List newly created VMs with Virsh command

 

root@jeremiah:/home/hipo/kvm# virsh list –all
 Id    Name                           State
—————————————————-
 3     fedora-28                      running
 –     debian9                        shut off

 

The –all parameter lists all available VMs ready to spin, if you want to check what are the VMs that are only running use instead:

 

root@jeremiah:/home/hipo/kvm# virsh list
 Id    Name                           State
—————————————————-
 3     fedora-28                      running

 

8. Install Virtual Machine OS-es

Below lines will install 2 Virtual machines one Fedora 28 and Debian 9

 

 os='fedora-28';
virt-install –import –name $os \
    –ram 2048 \
    –vcpu 2 \
    –disk path=/var/lib/libvirt/images/$os-vm1.qcow2,format=qcow2 \
    –os-variant fedora-unknown \
    –network=bridge=br0,model=virtio \
    –noautoconsole \
  –hvm \
  –graphics vnc

os='debian9';
virt-install –import –name $os     \
–ram 2048     \
–vcpu 2     \
–disk path=/var/lib/libvirt/images/$os-vm1.qcow2,format=qcow2     \
–os-variant debian9     –network=bridge=br0,model=virtio     \
–noautoconsole \
–hvm \
–graphics vnc


To deploy more just change the virtual machine type in os variable and modify the –os-variant variable to match the distribution name, to get the correct –os-variant variables that can be passed use osinfo-query below is output of the cmd:

 

root@jeremiah:/home/hipo/kvm# osinfo-query os
 Short ID             | Name                                               | Version  | ID                                      
———————-+—————————————————-+———-+—————————————–
 altlinux1.0          | Mandrake RE Spring 2001                            | 1.0      | http://altlinux.org/altlinux/1.0        
 altlinux2.0          | ALT Linux 2.0                                      | 2.0      | http://altlinux.org/altlinux/2.0        
 altlinux2.2          | ALT Linux 2.2                                      | 2.2      | http://altlinux.org/altlinux/2.2        
 altlinux2.4          | ALT Linux 2.4                                      | 2.4      | http://altlinux.org/altlinux/2.4        
 altlinux3.0          | ALT Linux 3.0                                      | 3.0      | http://altlinux.org/altlinux/3.0        
 altlinux4.0          | ALT Linux 4.0                                      | 4.0      | http://altlinux.org/altlinux/4.0        
 altlinux4.1          | ALT Linux 4.1                                      | 4.1      | http://altlinux.org/altlinux/4.1        
 altlinux5.0          | ALT Linux 5.0                                      | 5.0      | http://altlinux.org/altlinux/5.0        
 altlinux6.0          | ALT Linux 6.0                                      | 6.0      | http://altlinux.org/altlinux/6.0        
 altlinux7.0          | ALT Linux 7.0                                      | 7.0      | http://altlinux.org/altlinux/7.0        
 centos6.0            | CentOS 6.0                                         | 6.0      | http://centos.org/centos/6.0            
 centos6.1            | CentOS 6.1                                         | 6.1      | http://centos.org/centos/6.1            
 centos6.2            | CentOS 6.2                                         | 6.2      | http://centos.org/centos/6.2            
 centos6.3            | CentOS 6.3                                         | 6.3      | http://centos.org/centos/6.3            
 centos6.4            | CentOS 6.4                                         | 6.4      | http://centos.org/centos/6.4            
 centos6.5            | CentOS 6.5                                         | 6.5      | http://centos.org/centos/6.5            
 centos6.6            | CentOS 6.6                                         | 6.6      | http://centos.org/centos/6.6            
 centos6.7            | CentOS 6.7                                         | 6.7      | http://centos.org/centos/6.7            
 centos6.8            | CentOS 6.8                                         | 6.8      | http://centos.org/centos/6.8            
 centos6.9            | CentOS 6.9                                         | 6.9      | http://centos.org/centos/6.9            
 centos7.0            | CentOS 7.0                                         | 7.0      | http://centos.org/centos/7.0            
 debian1.1            | Debian Buzz                                        | 1.1      | http://debian.org/debian/1.1            
 debian1.2            | Debian Rex                                         | 1.2      | http://debian.org/debian/1.2            
 debian1.3            | Debian Bo                                          | 1.3      | http://debian.org/debian/1.3            
 debian2.0            | Debian Hamm                                        | 2.0      | http://debian.org/debian/2.0            
 debian2.1            | Debian Slink                                       | 2.1      | http://debian.org/debian/2.1            
 debian2.2            | Debian Potato                                      | 2.2      | http://debian.org/debian/2.2            
 debian3              | Debian Woody                                       | 3        | http://debian.org/debian/3              
 debian3.1            | Debian Sarge                                       | 3.1      | http://debian.org/debian/3.1            
 debian4              | Debian Etch                                        | 4        | http://debian.org/debian/4              
 debian5              | Debian Lenny                                       | 5        | http://debian.org/debian/5              
 debian6              | Debian Squeeze                                     | 6        | http://debian.org/debian/6              
 debian7              | Debian Wheezy                                      | 7        | http://debian.org/debian/7              
 debian8              | Debian Jessie                                      | 8        | http://debian.org/debian/8              
 debian9              | Debian Stretch                                     | 9        | http://debian.org/debian/9              
 debiantesting        | Debian Testing                                     | testing  | http://debian.org/debian/testing        
 fedora-unknown       | Fedora                                             | unknown  | http://fedoraproject.org/fedora/unknown
 fedora1              | Fedora Core 1                                      | 1        | http://fedoraproject.org/fedora/1       
 fedora10             | Fedora 10                                          | 10       | http://fedoraproject.org/fedora/10      
 fedora11             | Fedora 11                                          | 11       | http://fedoraproject.org/fedora/11      
 fedora12             | Fedora 12                                          | 12       | http://fedoraproject.org/fedora/12      
 fedora13             | Fedora 13                                          | 13       | http://fedoraproject.org/fedora/13      
 fedora14             | Fedora 14                                          | 14       | http://fedoraproject.org/fedora/14      
 fedora15             | Fedora 15                                          | 15       | http://fedoraproject.org/fedora/15      
 fedora16             | Fedora 16                                          | 16       | http://fedoraproject.org/fedora/16      
 fedora17             | Fedora 17                                          | 17       | http://fedoraproject.org/fedora/17      
 fedora18             | Fedora 18                                          | 18       | http://fedoraproject.org/fedora/18      
 fedora19             | Fedora 19                                          | 19       | http://fedoraproject.org/fedora/19      
 fedora2              | Fedora Core 2                                      | 2        | http://fedoraproject.org/fedora/2       
 fedora20             | Fedora 20                                          | 20       | http://fedoraproject.org/fedora/20      
 fedora21             | Fedora 21                                          | 21       | http://fedoraproject.org/fedora/21      
 fedora22             | Fedora 22                                          | 22       | http://fedoraproject.org/fedora/22      
 fedora23             | Fedora 23                                          | 23       | http://fedoraproject.org/fedora/23      
 fedora24             | Fedora 24                                          | 24       | http://fedoraproject.org/fedora/24      
 fedora25             | Fedora 25                                          | 25       | http://fedoraproject.org/fedora/25      
 fedora26             | Fedora 26                                          | 26       | http://fedoraproject.org/fedora/26      
 fedora3              | Fedora Core 3                                      | 3        | http://fedoraproject.org/fedora/3       
 fedora4              | Fedora Core 4                                      | 4        | http://fedoraproject.org/fedora/4       
 fedora5              | Fedora Core 5                                      | 5        | http://fedoraproject.org/fedora/5       
 fedora6              | Fedora Core 6                                      | 6        | http://fedoraproject.org/fedora/6       
 fedora7              | Fedora 7                                           | 7        | http://fedoraproject.org/fedora/7       
 fedora8              | Fedora 8                                           | 8        | http://fedoraproject.org/fedora/8       
 fedora9              | Fedora 9                                           | 9        | http://fedoraproject.org/fedora/9       
 freebsd1.0           | FreeBSD 1.0                                        | 1.0      | http://freebsd.org/freebsd/1.0          
 freebsd10.0          | FreeBSD 10.0                                       | 10.0     | http://freebsd.org/freebsd/10.0         
 freebsd10.1          | FreeBSD 10.1                                       | 10.1     | http://freebsd.org/freebsd/10.1         
 freebsd10.2          | FreeBSD 10.2                                       | 10.2     | http://freebsd.org/freebsd/10.2         
 freebsd10.3          | FreeBSD 10.3                                       | 10.3     | http://freebsd.org/freebsd/10.3         
 freebsd10.4          | FreeBSD 10.4                                       | 10.4     | http://freebsd.org/freebsd/10.4         
 freebsd11.0          | FreeBSD 11.0                                       | 11.0     | http://freebsd.org/freebsd/11.0         
 freebsd11.1          | FreeBSD 11.1                                       | 11.1     | http://freebsd.org/freebsd/11.1         
 freebsd2.0           | FreeBSD 2.0                                        | 2.0      | http://freebsd.org/freebsd/2.0          
 freebsd2.0.5         | FreeBSD 2.0.5                                      | 2.0.5    | http://freebsd.org/freebsd/2.0.5        
 freebsd2.2.8         | FreeBSD 2.2.8                                      | 2.2.8    | http://freebsd.org/freebsd/2.2.8        
 freebsd2.2.9         | FreeBSD 2.2.9                                      | 2.2.9    | http://freebsd.org/freebsd/2.2.9        
 freebsd3.0           | FreeBSD 3.0                                        | 3.0      | http://freebsd.org/freebsd/3.0          
 freebsd3.2           | FreeBSD 3.2                                        | 3.2      | http://freebsd.org/freebsd/3.2          
 freebsd4.0           | FreeBSD 4.0                                        | 4.0      | http://freebsd.org/freebsd/4.0          
 freebsd4.1           | FreeBSD 4.1                                        | 4.1      | http://freebsd.org/freebsd/4.1          
 freebsd4.10          | FreeBSD 4.10                                       | 4.10     | http://freebsd.org/freebsd/4.10         
 freebsd4.11          | FreeBSD 4.11                                       | 4.11     | http://freebsd.org/freebsd/4.11         
 freebsd4.2           | FreeBSD 4.2                                        | 4.2      | http://freebsd.org/freebsd/4.2          
 freebsd4.3           | FreeBSD 4.3                                        | 4.3      | http://freebsd.org/freebsd/4.3          
 freebsd4.4           | FreeBSD 4.4                                        | 4.4      | http://freebsd.org/freebsd/4.4          
 freebsd4.5           | FreeBSD 4.5                                        | 4.5      | http://freebsd.org/freebsd/4.5          
 freebsd4.6           | FreeBSD 4.6                                        | 4.6      | http://freebsd.org/freebsd/4.6          
 freebsd4.7           | FreeBSD 4.7                                        | 4.7      | http://freebsd.org/freebsd/4.7          
 freebsd4.8           | FreeBSD 4.8                                        | 4.8      | http://freebsd.org/freebsd/4.8          
 freebsd4.9           | FreeBSD 4.9                                        | 4.9      | http://freebsd.org/freebsd/4.9          
 freebsd5.0           | FreeBSD 5.0                                        | 5.0      | http://freebsd.org/freebsd/5.0          
 freebsd5.1           | FreeBSD 5.1                                        | 5.1      | http://freebsd.org/freebsd/5.1          
 freebsd5.2           | FreeBSD 5.2                                        | 5.2      | http://freebsd.org/freebsd/5.2          
 freebsd5.2.1         | FreeBSD 5.2.1                                      | 5.2.1    | http://freebsd.org/freebsd/5.2.1        
 freebsd5.3           | FreeBSD 5.3                                        | 5.3      | http://freebsd.org/freebsd/5.3          
 freebsd5.4           | FreeBSD 5.4                                        | 5.4      | http://freebsd.org/freebsd/5.4          
 freebsd5.5           | FreeBSD 5.5                                        | 5.5      | http://freebsd.org/freebsd/5.5          
 freebsd6.0           | FreeBSD 6.0                                        | 6.0      | http://freebsd.org/freebsd/6.0          
 freebsd6.1           | FreeBSD 6.1                                        | 6.1      | http://freebsd.org/freebsd/6.1          
 freebsd6.2           | FreeBSD 6.2                                        | 6.2      | http://freebsd.org/freebsd/6.2          
 freebsd6.3           | FreeBSD 6.3                                        | 6.3      | http://freebsd.org/freebsd/6.3          
 freebsd6.4           | FreeBSD 6.4                                        | 6.4      | http://freebsd.org/freebsd/6.4          
 freebsd7.0           | FreeBSD 7.0                                        | 7.0      | http://freebsd.org/freebsd/7.0          
 freebsd7.1           | FreeBSD 7.1                                        | 7.1      | http://freebsd.org/freebsd/7.1          
 freebsd7.2           | FreeBSD 7.2                                        | 7.2      | http://freebsd.org/freebsd/7.2          
 freebsd7.3           | FreeBSD 7.3                                        | 7.3      | http://freebsd.org/freebsd/7.3          
 freebsd7.4           | FreeBSD 7.4                                        | 7.4      | http://freebsd.org/freebsd/7.4          
 freebsd8.0           | FreeBSD 8.0                                        | 8.0      | http://freebsd.org/freebsd/8.0          
 freebsd8.1           | FreeBSD 8.1                                        | 8.1      | http://freebsd.org/freebsd/8.1          
 freebsd8.2           | FreeBSD 8.2                                        | 8.2      | http://freebsd.org/freebsd/8.2          
 freebsd8.3           | FreeBSD 8.3                                        | 8.3      | http://freebsd.org/freebsd/8.3          
 freebsd8.4           | FreeBSD 8.4                                        | 8.4      | http://freebsd.org/freebsd/8.4          
 freebsd9.0           | FreeBSD 9.0                                        | 9.0      | http://freebsd.org/freebsd/9.0          
 freebsd9.1           | FreeBSD 9.1                                        | 9.1      | http://freebsd.org/freebsd/9.1          
 freebsd9.2           | FreeBSD 9.2                                        | 9.2      | http://freebsd.org/freebsd/9.2          
 freebsd9.3           | FreeBSD 9.3                                        | 9.3      | http://freebsd.org/freebsd/9.3          
 freedos1.2           | FreeDOS 1.2                                        | 1.2      | http://freedos.org/freedos/1.2          
 gnome-continuous-3.10 | GNOME 3.10                                         | 3.10     | http://gnome.org/gnome-continuous/3.10  
 gnome-continuous-3.12 | GNOME 3.12                                         | 3.12     | http://gnome.org/gnome-continuous/3.12  
 gnome-continuous-3.14 | GNOME 3.14                                         | 3.14     | http://gnome.org/gnome-continuous/3.14  
 gnome3.6             | GNOME 3.6                                          | 3.6      | http://gnome.org/gnome/3.6              
 gnome3.8             | GNOME 3.8                                          | 3.8      | http://gnome.org/gnome/3.8              
 macosx10.0           | MacOS X Cheetah                                    | 10.0     | http://apple.com/macosx/10.0            
 macosx10.1           | MacOS X Puma                                       | 10.1     | http://apple.com/macosx/10.1            
 macosx10.2           | MacOS X Jaguar                                     | 10.2     | http://apple.com/macosx/10.2            
 macosx10.3           | MacOS X Panther                                    | 10.3     | http://apple.com/macosx/10.3            
 macosx10.4           | MacOS X Tiger                                      | 10.4     | http://apple.com/macosx/10.4            
 macosx10.5           | MacOS X Leopard                                    | 10.5     | http://apple.com/macosx/10.5            
 macosx10.6           | MacOS X Snow Leopard                               | 10.6     | http://apple.com/macosx/10.6            
 macosx10.7           | MacOS X Lion                                       | 10.7     | http://apple.com/macosx/10.7            
 mageia1              | Mageia 1                                           | 1        | http://mageia.org/mageia/1              
 mageia2              | Mageia 2                                           | 2        | http://mageia.org/mageia/2              
 mageia3              | Mageia 3                                           | 3        | http://mageia.org/mageia/3              
 mageia4              | Mageia 4                                           | 4        | http://mageia.org/mageia/4              
 mageia5              | Mageia 5                                           | 5        | http://mageia.org/mageia/5              
 mageia6              | Mageia 6                                           | 6        | http://mageia.org/mageia/6              
 mandrake10.0         | Mandrake Linux 10.0                                | 10.0     | http://mandriva.com/mandrake/10.0       
 mandrake10.1         | Mandrake Linux 10.1                                | 10.1     | http://mandriva.com/mandrake/10.1       
 mandrake10.2         | Mandrake Linux 10.2                                | 10.2     | http://mandriva.com/mandrake/10.2       
 mandrake5.1          | Mandrake Linux 5.1                                 | 5.1      | http://mandriva.com/mandrake/5.1        
 mandrake5.2          | Mandrake Linux 5.2                                 | 5.2      | http://mandriva.com/mandrake/5.2        
 mandrake5.3          | Mandrake Linux 5.3                                 | 5.3      | http://mandriva.com/mandrake/5.3        
 mandrake6.0          | Mandrake Linux 6.0                                 | 6.0      | http://mandriva.com/mandrake/6.0        
 mandrake6.1          | Mandrake Linux 6.1                                 | 6.1      | http://mandriva.com/mandrake/6.1        
 mandrake7.0          | Mandrake Linux 7.0                                 | 7.0      | http://mandriva.com/mandrake/7.0        
 mandrake7.1          | Mandrake Linux 7.1                                 | 7.1      | http://mandriva.com/mandrake/7.1        
 mandrake7.2          | Mandrake Linux 7.2                                 | 7.2      | http://mandriva.com/mandrake/7.2        
 mandrake8.0          | Mandrake Linux 8.0                                 | 8.0      | http://mandriva.com/mandrake/8.0        
 mandrake8.1          | Mandrake Linux 8.1                                 | 8.1      | http://mandriva.com/mandrake/8.1        
 mandrake8.2          | Mandrake Linux 8.2                                 | 8.2      | http://mandriva.com/mandrake/8.2        
 mandrake9.0          | Mandrake Linux 9.0                                 | 9.0      | http://mandriva.com/mandrake/9.0        
 mandrake9.1          | Mandrake Linux 9.1                                 | 9.1      | http://mandriva.com/mandrake/9.1        
 mandrake9.2          | Mandrake Linux 9.2                                 | 9.2      | http://mandriva.com/mandrake/9.2        
 mandriva2006.0       | Mandriva Linux 2006.0                              | 2006.0   | http://mandriva.com/mandriva/2006.0     
 mandriva2007         | Mandriva Linux 2007                                | 2007     | http://mandriva.com/mandriva/2007       
 mandriva2007.1       | Mandriva Linux 2007 Spring                         | 2007.1   | http://mandriva.com/mandriva/2007.1     
 mandriva2008.0       | Mandriva Linux 2008                                | 2008.0   | http://mandriva.com/mandriva/2008.0     
 mandriva2008.1       | Mandriva Linux 2008 Spring                         | 2008.1   | http://mandriva.com/mandriva/2008.1     
 mandriva2009.0       | Mandriva Linux 2009                                | 2009.0   | http://mandriva.com/mandriva/2009.0     
 mandriva2009.1       | Mandriva Linux 2009 Spring                         | 2009.1   | http://mandriva.com/mandriva/2009.1     
 mandriva2010.0       | Mandriva Linux 2010                                | 2010.0   | http://mandriva.com/mandriva/2010.0     
 mandriva2010.1       | Mandriva Linux 2010 Spring                         | 2010.1   | http://mandriva.com/mandriva/2010.1     
 mandriva2010.2       | Mandriva Linux 2010.2                              | 2010.2   | http://mandriva.com/mandriva/2010.2     
 mandriva2011         | Mandriva Linux 2011                                | 2011     | http://mandriva.com/mandriva/2011       
 mbs1.0               | Mandriva Business Server 1.0                       | 1.0      | http://mandriva.com/mbs/1.0             
 mes5                 | Mandriva Enterprise Server 5.0                     | 5.0      | http://mandriva.com/mes/5.0             
 mes5.1               | Mandriva Enterprise Server 5.1                     | 5.1      | http://mandriva.com/mes/5.1             
 msdos6.22            | Microsoft MS-DOS 6.22                              | 6.22     | http://microsoft.com/msdos/6.22         
 netbsd0.8            | NetBSD 0.8                                         | 0.8      | http://netbsd.org/netbsd/0.8            
 netbsd0.9            | NetBSD 0.9                                         | 0.9      | http://netbsd.org/netbsd/0.9            
 netbsd1.0            | NetBSD 1.0                                         | 1.0      | http://netbsd.org/netbsd/1.0            
 netbsd1.1            | NetBSD 1.1                                         | 1.1      | http://netbsd.org/netbsd/1.1            
 netbsd1.2            | NetBSD 1.2                                         | 1.2      | http://netbsd.org/netbsd/1.2            
 netbsd1.3            | NetBSD 1.3                                         | 1.3      | http://netbsd.org/netbsd/1.3            
 netbsd1.4            | NetBSD 1.4                                         | 1.4      | http://netbsd.org/netbsd/1.4            
 netbsd1.5            | NetBSD 1.5                                         | 1.5      | http://netbsd.org/netbsd/1.5            
 netbsd1.6            | NetBSD 1.6                                         | 1.6      | http://netbsd.org/netbsd/1.6            
 netbsd2.0            | NetBSD 2.0                                         | 2.0      | http://netbsd.org/netbsd/2.0            
 netbsd3.0            | NetBSD 3.0                                         | 3.0      | http://netbsd.org/netbsd/3.0            
 netbsd4.0            | NetBSD 4.0                                         | 4.0      | http://netbsd.org/netbsd/4.0            
 netbsd5.0            | NetBSD 5.0                                         | 5.0      | http://netbsd.org/netbsd/5.0            
 netbsd5.1            | NetBSD 5.1                                         | 5.1      | http://netbsd.org/netbsd/5.1            
 netbsd6.0            | NetBSD 6.0                                         | 6.0      | http://netbsd.org/netbsd/6.0            
 netbsd6.1            | NetBSD 6.1                                         | 6.1      | http://netbsd.org/netbsd/6.1            
 netbsd7.0            | NetBSD 7.0                                         | 7.0      | http://netbsd.org/netbsd/7.0            
 netbsd7.1            | NetBSD 7.1                                         | 7.1      | http://netbsd.org/netbsd/7.1            
 netbsd7.1.1          | NetBSD 7.1.1                                       | 7.1.1    | http://netbsd.org/netbsd/7.1.1          
 netware4             | Novell Netware 4                                   | 4        | http://novell.com/netware/4             
 netware5             | Novell Netware 5                                   | 5        | http://novell.com/netware/5             
 netware6             | Novell Netware 6                                   | 6        | http://novell.com/netware/6             
 openbsd4.2           | OpenBSD 4.2                                        | 4.2      | http://openbsd.org/openbsd/4.2          
 openbsd4.3           | OpenBSD 4.3                                        | 4.3      | http://openbsd.org/openbsd/4.3          
 openbsd4.4           | OpenBSD 4.4                                        | 4.4      | http://openbsd.org/openbsd/4.4          
 openbsd4.5           | OpenBSD 4.5                                        | 4.5      | http://openbsd.org/openbsd/4.5          
 openbsd4.8           | OpenBSD 4.8                                        | 4.8      | http://openbsd.org/openbsd/4.8          
 openbsd4.9           | OpenBSD 4.9                                        | 4.9      | http://openbsd.org/openbsd/4.9          
 openbsd5.0           | OpenBSD 5.0                                        | 5.0      | http://openbsd.org/openbsd/5.0          
 openbsd5.1           | OpenBSD 5.1                                        | 5.1      | http://openbsd.org/openbsd/5.1          
 openbsd5.2           | OpenBSD 5.2                                        | 5.2      | http://openbsd.org/openbsd/5.2          
 openbsd5.3           | OpenBSD 5.3                                        | 5.3      | http://openbsd.org/openbsd/5.3          
 openbsd5.4           | OpenBSD 5.4                                        | 5.4      | http://openbsd.org/openbsd/5.4          
 openbsd5.5           | OpenBSD 5.5                                        | 5.5      | http://openbsd.org/openbsd/5.5          
 openbsd5.6           | OpenBSD 5.6                                        | 5.6      | http://openbsd.org/openbsd/5.6          
 openbsd5.7           | OpenBSD 5.7                                        | 5.7      | http://openbsd.org/openbsd/5.7          
 openbsd5.8           | OpenBSD 5.8                                        | 5.8      | http://openbsd.org/openbsd/5.8          
 openbsd5.9           | OpenBSD 5.9                                        | 5.9      | http://openbsd.org/openbsd/5.9          
 openbsd6.0           | OpenBSD 6.0                                        | 6.0      | http://openbsd.org/openbsd/6.0          
 openbsd6.1           | OpenBSD 6.1                                        | 6.1      | http://openbsd.org/openbsd/6.1          
 openbsd6.2           | OpenBSD 6.2                                        | 6.2      | http://openbsd.org/openbsd/6.2          
 opensolaris2009.06   | OpenSolaris 2009.06                                | 2009.06  | http://sun.com/opensolaris/2009.06      
 opensuse-factory     | openSUSE                                           | factory  | http://opensuse.org/opensuse/factory    
 opensuse-unknown     | openSUSE                                           | unknown  | http://opensuse.org/opensuse/unknown    
 opensuse10.2         | openSUSE 10.2                                      | 10.2     | http://opensuse.org/opensuse/10.2       
 opensuse10.3         | openSUSE 10.3                                      | 10.3     | http://opensuse.org/opensuse/10.3       
 opensuse11.0         | openSUSE 11.0                                      | 11.0     | http://opensuse.org/opensuse/11.0       
 opensuse11.1         | openSUSE 11.1                                      | 11.1     | http://opensuse.org/opensuse/11.1       
 opensuse11.2         | openSUSE 11.2                                      | 11.2     | http://opensuse.org/opensuse/11.2       
 opensuse11.3         | openSUSE 11.3                                      | 11.3     | http://opensuse.org/opensuse/11.3       
 opensuse11.4         | openSUSE 11.4                                      | 11.4     | http://opensuse.org/opensuse/11.4       
 opensuse12.1         | openSUSE 12.1                                      | 12.1     | http://opensuse.org/opensuse/12.1       
 opensuse12.2         | openSUSE 12.2                                      | 12.2     | http://opensuse.org/opensuse/12.2       
 opensuse12.3         | openSUSE 12.3                                      | 12.3     | http://opensuse.org/opensuse/12.3       
 opensuse13.1         | openSUSE 13.1                                      | 13.1     | http://opensuse.org/opensuse/13.1       
 opensuse13.2         | openSUSE 13.2                                      | 13.2     | http://opensuse.org/opensuse/13.2       
 opensuse42.1         | openSUSE Leap 42.1                                 | 42.1     | http://opensuse.org/opensuse/42.1       
 opensuse42.2         | openSUSE Leap 42.2                                 | 42.2     | http://opensuse.org/opensuse/42.2       
 opensuse42.3         | openSUSE Leap 42.3                                 | 42.3     | http://opensuse.org/opensuse/42.3       
 opensusetumbleweed   | openSUSE Tumbleweed                                | tumbleweed | http://opensuse.org/opensuse/tumbleweed
 rhel-atomic-7.0      | Red Hat Enterprise Linux Atomic Host 7.0           | 7.0      | http://redhat.com/rhel-atomic/7.0       
 rhel-atomic-7.1      | Red Hat Enterprise Linux Atomic Host 7.1           | 7.1      | http://redhat.com/rhel-atomic/7.1       
 rhel-atomic-7.2      | Red Hat Enterprise Linux Atomic Host 7.2           | 7.2      | http://redhat.com/rhel-atomic/7.2       
 rhel2.1              | Red Hat Enterprise Linux 2.1                       | 2.1      | http://redhat.com/rhel/2.1              
 rhel2.1.1            | Red Hat Enterprise Linux 2.1 Update 1  
/etc/bind/masters/elinvent.com            | 2.1.1    | http://redhat.com/rhel/2.1.1            
 rhel2.1.2            | Red Hat Enterprise Linux 2.1 Update 2              | 2.1.2    | http://redhat.com/rhel/2.1.2            
 rhel2.1.3            | Red Hat Enterprise Linux 2.1 Update 3              | 2.1.3    | http://redhat.com/rhel/2.1.3            
 rhel2.1.4            | Red Hat Enterprise Linux 2.1 Update 4              | 2.1.4    | http://redhat.com/rhel/2.1.4            
 rhel2.1.5            | Red Hat Enterprise Linux 2.1 Update 5              | 2.1.5    | http://redhat.com/rhel/2.1.5            
 rhel2.1.6            | Red Hat Enterprise Linux 2.1 Update 6              | 2.1.6    | http://redhat.com/rhel/2.1.6            
 rhel2.1.7            | Red Hat Enterprise Linux 2.1 Update 7              | 2.1.7    | http://redhat.com/rhel/2.1.7            
 rhel3                | Red Hat Enterprise Linux 3                         | 3        | http://redhat.com/rhel/3                
 rhel3.1              | Red Hat Enterprise Linux 3 Update 1                | 3.1      | http://redhat.com/rhel/3.1              
 rhel3.2              | Red Hat Enterprise Linux 3 Update 2                | 3.2      | http://redhat.com/rhel/3.2              
 rhel3.3              | Red Hat Enterprise Linux 3 Update 3                | 3.3      | http://redhat.com/rhel/3.3              
 rhel3.4              | Red Hat Enterprise Linux 3 Update 4                | 3.4      | http://redhat.com/rhel/3.4              
 rhel3.5              | Red Hat Enterprise Linux 3 Update 5                | 3.5      | http://redhat.com/rhel/3.5              
 rhel3.6              | Red Hat Enterprise Linux 3 Update 6                | 3.6      | http://redhat.com/rhel/3.6              
 rhel3.7              | Red Hat Enterprise Linux 3 Update 7                | 3.7      | http://redhat.com/rhel/3.7              
 rhel3.8              | Red Hat Enterprise Linux 3 Update 8                | 3.8      | http://redhat.com/rhel/3.8              
 rhel3.9              | Red Hat Enterprise Linux 3 Update 9                | 3.9      | http://redhat.com/rhel/3.9              
 rhel4.0              | Red Hat Enterprise Linux 4.0                       | 4.0      | http://redhat.com/rhel/4.0              
 rhel4.1              | Red Hat Enterprise Linux 4.1                       | 4.1      | http://redhat.com/rhel/4.1              
 rhel4.2              | Red Hat Enterprise Linux 4.2                       | 4.2      | http://redhat.com/rhel/4.2              
 rhel4.3              | Red Hat Enterprise Linux 4.3                       | 4.3      | http://redhat.com/rhel/4.3              
 rhel4.4              | Red Hat Enterprise Linux 4.4                       | 4.4      | http://redhat.com/rhel/4.4              
 rhel4.5              | Red Hat Enterprise Linux 4.5                       | 4.5      | http://redhat.com/rhel/4.5              
 rhel4.6              | Red Hat Enterprise Linux 4.6                       | 4.6      | http://redhat.com/rhel/4.6              
 rhel4.7              | Red Hat Enterprise Linux 4.7                       | 4.7      | http://redhat.com/rhel/4.7              
 rhel4.8              | Red Hat Enterprise Linux 4.8                       | 4.8      | http://redhat.com/rhel/4.8              
 rhel4.9              | Red Hat Enterprise Linux 4.9                       | 4.9      | http://redhat.com/rhel/4.9              
 rhel5.0              | Red Hat Enterprise Linux 5.0                       | 5.0      | http://redhat.com/rhel/5.0              
 rhel5.1              | Red Hat Enterprise Linux 5.1                       | 5.1      | http://redhat.com/rhel/5.1              
 rhel5.10             | Red Hat Enterprise Linux 5.10                      | 5.10     | http://redhat.com/rhel/5.10             
 rhel5.11             | Red Hat Enterprise Linux 5.11                      | 5.11     | http://redhat.com/rhel/5.11             
 rhel5.2              | Red Hat Enterprise Linux 5.2                       | 5.2      | http://redhat.com/rhel/5.2              
 rhel5.3              | Red Hat Enterprise Linux 5.3                       | 5.3      | http://redhat.com/rhel/5.3              
 rhel5.4              | Red Hat Enterprise Linux 5.4                       | 5.4      | http://redhat.com/rhel/5.4              
 rhel5.5              | Red Hat Enterprise Linux 5.5                       | 5.5      | http://redhat.com/rhel/5.5              
 rhel5.6              | Red Hat Enterprise Linux 5.6                       | 5.6      | http://redhat.com/rhel/5.6              
 rhel5.7              | Red Hat Enterprise Linux 5.7                       | 5.7      | http://redhat.com/rhel/5.7              
 rhel5.8              | Red Hat Enterprise Linux 5.8                       | 5.8      | http://redhat.com/rhel/5.8              
 rhel5.9              | Red Hat Enterprise Linux 5.9                       | 5.9      | http://redhat.com/rhel/5.9              
 rhel6.0              | Red Hat Enterprise Linux 6.0                       | 6.0      | http://redhat.com/rhel/6.0              
 rhel6.1              | Red Hat Enterprise Linux 6.1                       | 6.1      | http://redhat.com/rhel/6.1              
 rhel6.2              | Red Hat Enterprise Linux 6.2                       | 6.2      | http://redhat.com/rhel/6.2              
 rhel6.3              | Red Hat Enterprise Linux 6.3                       | 6.3      | http://redhat.com/rhel/6.3              
 rhel6.4              | Red Hat Enterprise Linux 6.4                       | 6.4      | http://redhat.com/rhel/6.4              
 rhel6.5              | Red Hat Enterprise Linux 6.5                       | 6.5      | http://redhat.com/rhel/6.5              
 rhel6.6              | Red Hat Enterprise Linux 6.6                       | 6.6      | http://redhat.com/rhel/6.6              
 rhel6.7              | Red Hat Enterprise Linux 6.7                       | 6.7      | http://redhat.com/rhel/6.7              
 rhel6.8              | Red Hat Enterprise Linux 6.8                       | 6.8      | http://redhat.com/rhel/6.8              
 rhel6.9              | Red Hat Enterprise Linux 6.9                       | 6.9      | http://redhat.com/rhel/6.9              
 rhel7.0              | Red Hat Enterprise Linux 7.0                       | 7.0      | http://redhat.com/rhel/7.0              
 rhel7.1              | Red Hat Enterprise Linux 7.1                       | 7.1      | http://redhat.com/rhel/7.1              
 rhel7.2              | Red Hat Enterprise Linux 7.2                       | 7.2      | http://redhat.com/rhel/7.2              
 rhel7.3              | Red Hat Enterprise Linux 7.3                       | 7.3      | http://redhat.com/rhel/7.3              
 rhel7.4              | Red Hat Enterprise Linux 7.4                       | 7.4      | http://redhat.com/rhel/7.4              
 rhl1.0               | Red Hat Linux 1.0                                  | 1.0      | http://redhat.com/rhl/1.0               
 rhl1.1               | Red Hat Linux 1.1                                  | 1.1      | http://redhat.com/rhl/1.1               
 rhl2.0               | Red Hat Linux 2.0                                  | 2.0      | http://redhat.com/rhl/2.0               
 rhl2.1               | Red Hat Linux 2.1                                  | 2.1      | http://redhat.com/rhl/2.1               
 rhl3.0.3             | Red Hat Linux 3.0.3                                | 3.0.3    | http://redhat.com/rhl/3.0.3             
 rhl4.0               | Red Hat Linux 4.0                                  | 4.0      | http://redhat.com/rhl/4.0               
 rhl4.1               | Red Hat Linux 4.1                                  | 4.1      | http://redhat.com/rhl/4.1               
 rhl4.2               | Red Hat Linux 4.2                                  | 4.2      | http://redhat.com/rhl/4.2               
 rhl5.0               | Red Hat Linux 5.0                                  | 5.0      | http://redhat.com/rhl/5.0               
 rhl5.1               | Red Hat Linux 5.1                                  | 5.1      | http://redhat.com/rhl/5.1               
 rhl5.2               | Red Hat Linux 5.2                                  | 5.2      | http://redhat.com/rhl/5.2               
 rhl6.0               | Red Hat Linux 6.0                                  | 6.0      | http://redhat.com/rhl/6.0               
 rhl6.1               | Red Hat Linux 6.1                                  | 6.1      | http://redhat.com/rhl/6.1               
 rhl6.2               | Red Hat Linux 6.2                                  | 6.2      | http://redhat.com/rhl/6.2               
 rhl7                 | Red Hat Linux 7                                    | 7        | http://redhat.com/rhl/7                 
 rhl7.1               | Red Hat Linux 7.1                                  | 7.1      | http://redhat.com/rhl/7.1               
 rhl7.2               | Red Hat Linux 7.2                                  | 7.2      | http://redhat.com/rhl/7.2               
 rhl7.3               | Red Hat Linux 7.3                                  | 7.3      | http://redhat.com/rhl/7.3               
 rhl8.0               | Red Hat Linux 8.0                                  | 8.0      | http://redhat.com/rhl/8.0               
 rhl9                 | Red Hat Linux 9                                    | 9        | http://redhat.com/rhl/9                 
 sled10               | SUSE Linux Enterprise Desktop 10                   | 10       | http://suse.com/sled/10                 
 sled10sp1            | SUSE Linux Enterprise Desktop 10 SP1               | 10.1     | http://suse.com/sled/10.1               
 sled10sp2            | SUSE Linux Enterprise Desktop 10 SP2               | 10.2     | http://suse.com/sled/10.2               
 sled10sp3            | SUSE Linux Enterprise Desktop 10 SP3               | 10.3     | http://suse.com/sled/10.3               
 sled10sp4            | SUSE Linux Enterprise Desktop 10 SP4               | 10.4     | http://suse.com/sled/10.4               
 sled11               | SUSE Linux Enterprise Desktop 11                   | 11       | http://suse.com/sled/11                 
 sled11sp1            | SUSE Linux Enterprise Desktop 11 SP1               | 11.1     | http://suse.com/sled/11.1               
 sled11sp2            | SUSE Linux Enterprise Desktop 11 SP2               | 11.2     | http://suse.com/sled/11.2               
 sled11sp3            | SUSE Linux Enterprise Desktop 11 SP3               | 11.3     | http://suse.com/sled/11.3               
 sled11sp4            | SUSE Linux Enterprise Desktop 11 SP4               | 11.4     | http://suse.com/sled/11.4               
 sled12               | SUSE Linux Enterprise Desktop 12                   | 12       | http://suse.com/sled/12                 
 sled12sp1            | SUSE Linux Enterprise Desktop 12 SP1               | 12.1     | http://suse.com/sled/12.1               
 sled12sp2            | SUSE Linux Enterprise Desktop 12 SP2               | 12.2     | http://suse.com/sled/12.2               
 sled9                | SUSE Linux Enterprise Desktop 9                    | 9        | http://suse.com/sled/9                  
 sles10               | SUSE Linux Enterprise Server 10            
/etc/bind/masters/elinvent.com        | 10       | http://suse.com/sles/10                 
 sles10sp1            | SUSE Linux Enterprise Server 10 SP1                | 10.1     | http://suse.com/sles/10.1               
 sles10sp2            | SUSE Linux Enterprise Server 10 SP2                | 10.2     | http://suse.com/sles/10.2               
 sles10sp3            | SUSE Linux Enterprise Server 10 SP3                | 10.3     | http://suse.com/sles/10.3               
 sles10sp4            | SUSE Linux Enterprise Server 10 SP4                | 10.4     | http://suse.com/sles/10.4               
 sles11               | SUSE Linux Enterprise Server 11                    | 11       | http://suse.com/sles/11                 
 sles11sp1            | SUSE Linux Enterprise Server 11 SP1                | 11.1     | http://suse.com/sles/11.1               
 sles11sp2            | SUSE Linux Enterprise Server 11 SP2                | 11.2     | http://suse.com/sles/11.2               
 sles11sp3            | SUSE Linux Enterprise Server 11 SP3                | 11.3     | http://suse.com/sles/11.3               
 sles11sp4            | SUSE Linux Enterprise Server 11 SP4                | 11.4     | http://suse.com/sles/11.4               
 sles12               | SUSE Linux Enterprise Server 12                    | 12       | http://suse.com/sles/12                 
 sles12sp1            | SUSE Linux Enterprise Server 12 SP1                | 12.1     | http://suse.com/sles/12.1               
 sles12sp2            | SUSE Linux Enterprise Server 12 SP2                | 12.2     | http://suse.com/sles/12.2               
 sles9                | SUSE Linux Enterprise Server 9                     | 9        | http://suse.com/sles/9                  
 solaris10            | Solaris 10                                         | 10       | http://sun.com/solaris/10               
 solaris11            | Oracle Solaris 11                                  | 11       | http://oracle.com/solaris/11            
 solaris9             | Solaris 9                                          | 9        | http://sun.com/solaris/9                
 ubuntu10.04          | Ubuntu 10.04 LTS                                   | 10.04    | http://ubuntu.com/ubuntu/10.04          
 ubuntu10.10          | Ubuntu 10.10                                       | 10.10    | http://ubuntu.com/ubuntu/10.10          
 ubuntu11.04          | Ubuntu 11.04                                       | 11.04    | http://ubuntu.com/ubuntu/11.04          
 ubuntu11.10          | Ubuntu 11.10                                       | 11.10    | http://ubuntu.com/ubuntu/11.10          
 ubuntu12.04          | Ubuntu 12.04 LTS                                   | 12.04    | http://ubuntu.com/ubuntu/12.04          
 ubuntu12.10          | Ubuntu 12.10                                       | 12.10    | http://ubuntu.com/ubuntu/12.10          
 ubuntu13.04          | Ubuntu 13.04                                       | 13.04    | http://ubuntu.com/ubuntu/13.04          
 ubuntu13.10          | Ubuntu 13.10                                       | 13.10    | http://ubuntu.com/ubuntu/13.10          
 ubuntu14.04          | Ubuntu 14.04 LTS                                   | 14.04    | http://ubuntu.com/ubuntu/14.04          
 ubuntu14.10          | Ubuntu 14.10                                       | 14.10    | http://ubuntu.com/ubuntu/14.10          
 ubuntu15.04          | Ubuntu 15.04                                       | 15.04    | http://ubuntu.com/ubuntu/15.04          
 ubuntu15.10          | Ubuntu 15.10                                       | 15.10    | http://ubuntu.com/ubuntu/15.10          
 ubuntu16.04          | Ubuntu 16.04                                       | 16.04    | http://ubuntu.com/ubuntu/16.04          
 ubuntu16.10          | Ubuntu 16.10                                       | 16.10    | http://ubuntu.com/ubuntu/16.10          
 ubuntu17.04          | Ubuntu 17.04                                       | 17.04    | http://ubuntu.com/ubuntu/17.04          
 ubuntu17.10          | Ubuntu 17.10                                       | 17.10    | http://ubuntu.com/ubuntu/17.10          
 ubuntu4.10           | Ubuntu 4.10                                        | 4.10     | http://ubuntu.com/ubuntu/4.10           
 ubuntu5.04           | Ubuntu 5.04                                        | 5.04     | http://ubuntu.com/ubuntu/5.04           
 ubuntu5.10           | Ubuntu 5.10                                        | 5.10     | http://ubuntu.com/ubuntu/5.10           
 ubuntu6.06           | Ubuntu 6.06 LTS                                    | 6.06     | http://ubuntu.com/ubuntu/6.06           
 ubuntu6.10           | Ubuntu 6.10                                        | 6.10     | http://ubuntu.com/ubuntu/6.10           
 ubuntu7.04           | Ubuntu 7.04                                        | 7.04     | http://ubuntu.com/ubuntu/7.04           
 ubuntu7.10           | Ubuntu 7.10                                        | 7.10     | http://ubuntu.com/ubuntu/7.10           
 ubuntu8.04           | Ubuntu 8.04 LTS                                    | 8.04     | http://ubuntu.com/ubuntu/8.04           
 ubuntu8.10           | Ubuntu 8.10                                        | 8.10     | http://ubuntu.com/ubuntu/8.10           
 ubuntu9.04           | Ubuntu 9.04                                        | 9.04     | http://ubuntu.com/ubuntu/9.04           
 ubuntu9.10           | Ubuntu 9.10                                        | 9.10     | http://ubuntu.com/ubuntu/9.10           
 win1.0               | Microsoft Windows 1.0                              | 1.0      | http://microsoft.com/win/1.0            
 win10                | Microsoft Windows 10                               | 10.0     | http://microsoft.com/win/10             
 win2.0               | Microsoft Windows 2.0                              | 2.0      | http://microsoft.com/win/2.0            
 win2.1               | Microsoft Windows 2.1                              | 2.1      | http://microsoft.com/win/2.1            
 win2k                | Microsoft Windows 2000                             | 5.0      | http://microsoft.com/win/2k             
 win2k12              | Microsoft Windows Server 2012                      | 6.3      | http://microsoft.com/win/2k12           
 win2k12r2            | Microsoft Windows Server 2012 R2                   | 6.3      | http://microsoft.com/win/2k12r2         
 win2k3               | Microsoft Windows Server 2003                      | 5.2      | http://microsoft.com/win/2k3            
 win2k3r2             | Microsoft Windows Server 2003 R2                   | 5.2      | http://microsoft.com/win/2k3r2          
 win2k8               | Microsoft Windows Server 2008                      | 6.0      | http://microsoft.com/win/2k8            
 win2k8r2             | Microsoft Windows Server 2008 R2                   | 6.1      | http://microsoft.com/win/2k8r2          
 win3.1               | Microsoft Windows 3.1                              | 3.1      | http://microsoft.com/win/3.1            
 win7                 | Microsoft Windows 7                                | 6.1      | http://microsoft.com/win/7              
 win8                 | Microsoft Windows 8                                | 6.2      | http://microsoft.com/win/8              
 win8.1               | Microsoft Windows 8.1                              | 6.3      | http://microsoft.com/win/8.1            
 win95                | Microsoft Windows 95                               | 4.0      | http://microsoft.com/win/95             
 win98                | Microsoft Windows 98                               | 4.1      | http://microsoft.com/win/98             
 winme                | Microsoft Windows Millennium Edition               | 4.9      | http://microsoft.com/win/me             
 winnt3.1             | Microsoft Windows NT Server 3.1                    | 3.1      | http://microsoft.com/winnt/3.1          
 winnt3.5             | Microsoft Windows NT Server 3.5                    | 3.5      | http://microsoft.com/winnt/3.5          
 winnt3.51            | Microsoft Windows NT Server 3.51                   | 3.51     | http://microsoft.com/winnt/3.51         
 winnt4.0             | Microsoft Windows NT Server 4.0                    | 4.0      | http://microsoft.com/winnt/4.0          
 winvista             | Microsoft Windows Vista                            | 6.0      | http://microsoft.com/win/vista          
 winxp                | Microsoft Windows XP                               | 5.1      | http://microsoft.com/win/xp  

 

9. Start / Stop listed KVM Virtual Machine

 

root@jeremiah:~# virsh list –all
 Id    Name                           State
—————————————————-
 3     fedora-28                      running
 –     debian9                        shut off

 

To start debian9 linux virtual machine that is currently off

 

root@jeremiah:~# virsh start fedora-28
Domain fedora-28 started

 

root@jeremiah:/home/hipo# virsh start debian9
error: Failed to start domain debian9
error: Requested operation is not valid: network 'default' is not active

root@jeremiah:/home/hipo# virsh net-list –all
Name                 State      Autostart     Persistent
———————————————————-
br0                  active     yes           yes
default              inactive   no            yes

 

root@jeremiah:/home/hipo# virsh net-start default
Network default started

root@jeremiah:/home/hipo# virsh start debian9
Domain debian9 started

 

10. Attach to running VM with virsh or virt-manager

 

root@jeremiah:~# virsh list
 Id    Name                           State
—————————————————-
 1     fedora-28                      running
 3     debian9                        running

root@jeremiah:~# virsh connect debian9

 


Note that to make the login prompt appear you have to press enter once after the ^] connection string appears


kvm-connect-to-virtual-machine-with-virsh-command-screenshot-howto

An alternative way is to use virt-manager GUI KVM desktop management interface and click over the Virtual Machine Guest name, in same fashion like in VirtualBox.

virtual-manager-virt-manager-screenshot-with-Virtual-Machines-inside-on-Debian-Linux

virt-manager-gui-interface-connect-to-fedora-28-virtual-machine

If you have KVM running on your Linux desktop PC / notebook you can also connect via VNC with virsh command.

 

root@jericho:~# virsh vncdisplay centos7


Another handy thing is to expose the Virtualized Guest OS with VNC in order to be able to connect and manage installation or further Linux configuration via VNC using an SSH Tunnel with port forwarding:

 

$ ssh hipo@pc-freak.net -L 5901:127.0.0.1:5901

 

11.  Start / Shutdown / Suspend / Reboot (safe reboot) a VM guest machine domain

 

 

root@jericho:~# virsh shutdown debian9
root@jericho:~# virsh start fedora-28
root@jericho:~# virsh suspend debian9
root@jericho:~# virsh reboot fedora-28

 

12. Remove / Delete KVM Virtual Machines domain

 

root@jeremiah:~# virsh undefine fedora-28
root@jeremiah:~# virsh destroy fedora-28

 

 

 

The post How to install KVM Kernel-based Virtual Machine Virtualization on Linux appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.


Ansible Quick Start Cheatsheet for Linux admins and DevOps engineers

$
0
0

ansible-quick-start-cheetsheet-ansible-logo

Ansible is widely used (Configuration management, deployment, and task execution system) nowadays for mass service depoyments on multiple servers and Clustered environments like, Kubernetes clusters (with multiple pods replicas) virtual swarms running XEN / IPKVM virtualization hosting multiple nodes etc. .

Ansible can be used to configure or deploy GNU / Linux tools and services such as Apache / Squid / Nginx / MySQL / PostgreSQL. etc. It is pretty much like Puppet (server / services lifecycle management) tool , except its less-complecated to start with makes it often a choose as a tool for mass deployment (devops) automation.

Ansible is used for multi-node deployments and remote-task execution on group of servers, the big pro of it it does all its stuff over simple SSH on the remote nodes (servers) and does not require extra services or listening daemons like with Puppet. It combined with Docker containerization is used very much for later deploying later on inside Cloud environments such as Amazon AWS / Google Cloud Platform / SAP HANA / OpenStack etc.

Ansible-Architechture-What-Is-Ansible-Edureka

0. Instaling ansible on Debian / Ubuntu Linux


Ansible is a python script and because of that depends heavily on python so to make it running, you will need to have a working python installed on local and remote servers.

Ansible is as easy to install as running the apt cmd:

 

# apt-get install –yes ansible
 

The following additional packages will be installed:
  ieee-data python-jinja2 python-kerberos python-markupsafe python-netaddr python-paramiko python-selinux python-xmltodict python-yaml
Suggested packages:
  sshpass python-jinja2-doc ipython python-netaddr-docs python-gssapi
Recommended packages:
  python-winrm
The following NEW packages will be installed:
  ansible ieee-data python-jinja2 python-kerberos python-markupsafe python-netaddr python-paramiko python-selinux python-xmltodict python-yaml
0 upgraded, 10 newly installed, 0 to remove and 1 not upgraded.
Need to get 3,413 kB of archives.
After this operation, 22.8 MB of additional disk space will be used.

apt-get install –yes sshpass

 

Installing Ansible on Fedora Linux is done with:

 

# dnf install ansible –yes sshpass

 

On CentOS to install:
 

# yum install ansible –yes sshpass

sshpass needs to be installed only if you plan to use ssh password prompt authentication with ansible.

Ansible is also installable via python-pip tool, if you need to install a specific version of ansible you have to use it instead, the package is available as an installable package on most linux distros.

Ansible has a lot of pros and cons and there are multiple articles already written on people for and against it in favour of Chef or Puppet As I recently started learning Ansible. The most important thing to know about Ansible is though many of the things can be done directly using a simple command line, the tool is planned for remote installing of server services using a specially prepared .yaml format configuration files. The power of Ansible comes of the use of Ansible Playbooks which are yaml scripts that tells ansible how to do its activities step by step on remote server. In this article, I'm giving a quick cheat sheet to start quickly with it.
 

1. Remote commands execution with Ansible
 

First thing to do to start with it is to add the desired hostnames ansible will operate with it can be done either globally (if you have a number of remote nodes) to deploy stuff periodically by using /etc/ansible/hosts or use a custom host script for each and every ansible custom scripts developed.

a. Ansible main config files

A common ansible /etc/ansible/hosts definition looks something like that:

 

# cat /etc/ansible/hosts
[mysqldb]
10.69.2.185
10.69.2.186
[master]
10.69.2.181
[slave]
10.69.2.187
[db-servers]
10.69.2.181
10.69.2.187
[squid]
10.69.2.184

Host to execute on can be also provided via a shell variable $ANSIBLE_HOSTS
b) is remote hosts reachable / execute commands on all remote host

To test whether hour hosts are properly configure from /etc/ansible/hosts you can ping all defined hosts with:

 

ansible all -m ping


ansible-check-hosts-ping-command-screenshot

This makes ansible try to remote to remote hosts (if you have properly configured SSH public key authorization) the command should return success statuses on every host.

 

ansible all -a "ifconfig -a"


If you don't have SSH keys configured you can also authenticate with an argument (assuming) all hosts are configured with same password with:

 

ansible all –ask-pass -a "ip all show" -u hipo –ask-pass


ansible-show-ips-ip-a-command-screenshot-linux

If you have configured group of hosts via hosts file you can also run certain commands on just a certain host group, like so:

 

ansible <host-group> -a <command>

It is a good idea to always check /etc/ansible/ansible.cfg which is the system global (main red ansible config file).

c) List defined host groups
 

ansible localhost -m debug -a 'var=groups.keys()'
ansible localhost -m debug -a 'var=groups'

d) Searching remote server variables

 

# Search remote server variables
ansible localhost -m setup -a 'filter=*ipv4*'

 

 

ansible localhost -m setup -a 'filter=ansible_domain'

 

 

ansible all -m setup -a 'filter=ansible_domain'

 

 

# uninstall package on RPM based distros
ansible centos -s -m yum -a "name=telnet state=absent"
# uninstall package on APT distro
ansible localhost -s -m apt -a "name=telnet state=absent"

 

 

2. Debugging – Listing information about remote hosts (facts) and state of a host

 

# All facts for one host
ansible -m setup
  # Only ansible fact for one host
ansible
-m setup -a 'filter=ansible_eth*'
# Only facter facts but for all hosts
ansible all -m setup -a 'filter=facter_*'


To Save outputted information per-host in separate files in lets say ~/ansible/host_facts

 

ansible all -m setup –tree ~/ansible/host_facts

 

3. Playing with Playbooks deployment scripts

 

a) Syntax Check of a playbook yaml

 

ansible-playbook –syntax-check


b) Run General Infos about a playbook such as get what a playbook would do on remote hosts (tasks to run) and list-hosts defined for a playbook (like above pinging).

 

ansible-playbook –list-hosts
ansible-playbook
–list-tasks


To get the idea about what an yaml playbook looks like, here is example from official ansible docs, that deploys on remote defined hosts a simple Apache webserver.
 


– hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  – name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  – name: write the apache config file
    template:
      src: /srv/httpd.j2
      dest: /etc/httpd.conf
    notify:
    – restart apache
  – name: ensure apache is running
    service:
      name: httpd
      state: started
  handlers:
    – name: restart apache
      service:
        name: httpd
        state: restarted

To give it a quick try save the file as webserver.yml and give it a run via ansible-playbook command
 

ansible-playbook -s playbooks/webserver.yml

 

The -s option instructs ansible to run play on remote server with super user (root) privileges.

The power of ansible is its modules, which are constantly growing over time a complete set of Ansible supported modules is in its official documenation.

Ansible-running-playbook-Commands-Task-script-Successful-output-1024x536

There is a lot of things to say about playbooks, just to give the brief they have there own language like a  templates, tasks, handlers, a playbook could have one or multiple plays inside (for instance instructions for deployment of one or more services).

The downsides of playbooks are they're so hard to write from scratch and edit, because yaml syntaxing is much more stricter than a normal oldschool sysadmin configuration file.
I've stucked with problems with modifying and writting .yaml files and I should say the community in #ansible in irc.freenode.net was very helpful to help me debug the obscure errors.

yamllint (The YAML Linter tool) comes handy at times, when facing yaml syntax errors, to use it install via apt:
 

# apt-get install –yes yamllint


a) Running ansible in "dry mode" just show what ansible might do but not change anything
 

ansible-playbook playbooks/PLAYBOOK_NAME.yml –check


b) Running playbook with different users and separate SSH keys

 

ansible-playbook playbooks/your_playbook.yml –user ansible-user
 
ansible -m ping hosts –private-key=~/.ssh/keys/custom_id_rsa -u centos

 

c) Running ansible playbook only for certain hostnames part of a bigger host group

 

ansible-playbook playbooks/PLAYBOOK_NAME.yml –limit "host1,host2,host3"


d) Run Ansible on remote hosts in parallel

To run in raw of 10 hosts in parallel
 

# Run 10 hosts parallel
ansible-playbook <File.yaml> -f 10            


e) Passing variables to .yaml scripts using commandline

Ansible has ability to pre-define variables from .yml playbooks. This variables later can be passed from shell cli, here is an example:

# Example of variable substitution pass from command line the var in varsubsts.yaml if present is defined / replaced ansible-playbook playbooks/varsubst.yaml –extra-vars "myhosts=localhost gather=yes pkg=telnet"

 

4. Ansible Galaxy (A Docker Hub) like large repository with playbook (script) files

 

Ansible Galaxy has about 10000 active users which are contributing ansible automation playbooks in fields such as Development / Networking / Cloud / Monitoring / Database / Web / Security etc.

To install from ansible galaxy use ansible-galaxy

# install from galaxy the geerlingguy mysql playbook
ansible-galaxy install geerlingguy.mysql


The available packages you can use as a template for your purpose are not so much as with Puppet as Ansible is younger and not corporate supported like Puppet, anyhow they are a lot and does cover most basic sysadmin needs for mass deployments, besides there are plenty of other unofficial yaml ansible scripts in various github repos.

More helpful Articles

The post Ansible Quick Start Cheatsheet for Linux admins and DevOps engineers appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

How to install custom font files on Linux with font-viewer, fc-cache, font-manager

$
0
0

install-custom-fonts-on-linux-easily-linux-libertine-alphabet-typography-font-u-shaped

If you're regularly using GIMP for Image Editing or LibreOffice for Office stuff or any other program that you might use to add / edit fonts, then you certainly will come to a point wondering how to manually add new .TTF (TrueType Fonts) or .AFM .PBM.
Using apt-get  install tool multiple fonts can be searched in Debian / Ubuntu repos, but adding a third party fonts provided by some random graphics designer is a necessity.

For example earlier I've blogged on What is Church Slavonic and collected a large collection pack of Church Slavonic fonts ready which I used to install at that time on a Windows 7 PC, question comes how this fonts once downloaded can be added / installed so Xorg running and Font rendering programs on GNU / Linux are aware of the new downloaded fonts and can be used in various programs?

gnome-font-viewer-program-gnu-linux-screenshot

The easiest way to install font in Linux is to Double click over the new font you want to install that would run Font Viewer program in GNOME GUI environment when clicked over fonts the  gnome-font-viewer) opens, however it is tedicious task to install in that manner if you have to instal some new 100 or 200 fonts by clicking over each.

To make the new downloaded pack of fonts on a user level it is as simple as downloading the number of fonts and placing them in $HOME/fonts folder e.g. in ~/.fonts (in some distributions placing the new fonts under ~/usr/local/share/fonts makes them available for use on next Xsession login.

To make new fonts available system-wide (e.g. for all existing or logged in in Xorg) users it is as simple as copying all new font files (TTF, PFM, PFB etc.) you'd like to add to /usr/local/share/fonts:
 

# cp -rpf ~/Desktop/fonts-folder/* /usr/local/share/fonts/


And run fs-cache to rescan and build new font cache files based on the fonts copied

 

 fc-cache -f -v


To check whether the new fonts are present you can list all available fonts with:

 

fc-list

 

/usr/share/fonts/truetype/lato/Lato-Medium.ttf: Lato,Lato Medium:style=Medium,Regular
/usr/share/fonts/truetype/msttcorefonts/comicbd.ttf: Comic Sans MS:style=Bold,Negreta,tučné,fed,Fett,Έντονα,Negrita,Lihavoitu,Gras,Félkövér,Grassetto,
Vet,Halvfet,Pogrubiony,Negrito,Полужирный,Fet,Kalın,Krepko,Lodia
/usr/share/fonts/truetype/lato/Lato-SemiboldItalic.ttf: Lato,
Lato Semibold:style=Semibold Italic,Italic
/usr/local/share/fonts/TriKUcs.pfb: Triodion kUcs:style=Regular
/usr/share/fonts/truetype/dejavu/DejaVuSerif-Bold.ttf: DejaVu Serif:style=Bold
/usr/local/share/fonts/OglUcs8.ttf: Oglavie Ucs:style=Regular
/usr/share/fonts/truetype/noto/NotoSansThai-Regular.ttf: Noto Sans Thai:style=Regular
/usr/local/share/fonts/freefont-20080323/FreeSerifBold.ttf: FreeSerif:style=Bold,polkrepko
/usr/local/share/fonts/TITUSEN.TTF: Titus SyriacEstrangelo:style=Regular
/usr/local/share/fonts/feofanucs.ttf: Feofan Ucs:style=Regular
/usr/local/share/fonts/OstgDSoIEUcs8.ttf: Ostrog\-Dol ieUcs:style=SpacedOut
/usr/share/fonts/truetype/dejavu/DejaVuSansMono.ttf: DejaVu Sans Mono:style=Book
/usr/share/fonts/truetype/noto/NotoSansCypriot-Regular.ttf: Noto Sans Cypriot:style=Regular
/usr/local/share/fonts/ZlatUcs.pfb: Zlatoust Ucs:style=Regular
..
.

 


To look for a certain font supposed to be installed run cmd:

 

fc-list|grep -i "Times New Roman"
/usr/share/fonts/truetype/msttcorefonts/Times_New_Roman.ttf: Times New Roman:style=Regular,Normal,obyčejné,Standard,Κανονικά,
Normaali,Normál,Normale,Standaard,Normalny,Обычный,Normálne,Navadno,thường,Arrunta

 

fc-list|grep -i "slavonic"
/usr/local/share/fonts/TITUSN__.TTF: Titus Slavonic:style=Normal

 


gnome-font-viewer-program-gnu-linux-screenshot

Another good tool for GNOME users is font-manager if you don't have it already installed:

 

apt-get install font-manager


One of the cool things about it is it can show you Licensing of each of system installed fonts the full list of font character sets and could visualize you different pixel font sizes in the so called "waterfall" font view.

More helpful Articles

The post How to install custom font files on Linux with font-viewer, fc-cache, font-manager appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Build and install Docker Squid Open Proxy image on Kubernetes cluster

$
0
0

docker_container-virtualization-install-open-squid-cache-logo

As Docker containerization is starting to become a standard for installing a brand new servers especially servers who live in Self-Made Clusters based on Orchestration technologites like Kubernetes (k8s) (check out – http://kubernetes.io),

Recently, I've had the task to set-up a Squid Cache (Open Proxy) server on a custom Port number to make it harder for internet open proxy scanners to identify and ship it to a customer.

What is Squid Open Proxy?

An open proxy is a proxy server that is accessible by any Internet user, in other words anyone could access the proxy without any authentication.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP and other protocols.
It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.
Squid has extensive access controls and makes a great server accelerator.
It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
 

What is Docker?

For those who hear about Docker for a first time, Docker is an open-source software platform to create, deploy and manage virtualized application containers on a common OS such as GNU / Linux or Windows, it has a surrounding ecosystem of tools. Besides its open source version there is also a commercial version of the product by Docker Inc. the original company that developed docker and is today in active help of the project.

docker-engine-components-explained-flow
Docker components  – picture source docker.com

What is Kubernetes?
 

Kubernetes, in short, is an open source system for managing clusters of containers. To do this, it provides tools for deploying applications, scaling those application as needed, managing changes to existing containerized applications, and helps you optimize the use of the underlying hardware beneath your containers.
Kubernetes is designed to be extensible and fault-tolerant by allowing application components to restart and move across systems as needed.
 

Kubernetes is itself not a Platform as a Service (PaaS) tool, but it serves as more of a basic framework, allowing users to choose the types of application frameworks, languages, monitoring and logging tools, and other tools of their choice. In this way, Kubernetes can be used as the basis for a complete PaaS to run on top of; this is the architecture chosen by the OpenShift Origin open source project in its latest release.

Kubernetes-cloud-app-architecture
Kubernetes architecture (shortly explained) – picture source Wikipedia

The Kubernetes project is written in the Google developed Go programming language, and you can browse its source code on GitHub.


Hence, In this article I'll give a brief introuduction on what is Docker and show you, how to easily:

a. Build Docker Image with Ubuntu, Update the system and Install Squid inside the container
using a sample Dockerfile build file

b. Run Docker Image to test deployed Ubuntu Linux and Squid on top of it works fine

c. Push Docker Image to DockerHub (Docker Images Central Official repository)

d. Deploy (Pull and Run) the new built Docker Ubuntu / Squid Open Proxy Image to the Kubernetes Cluster slave nodes – the K8S Cluster was  created using Rancher Enterprise Kubernetes Platform (check out Rancher.net – a bleeding edge tool for k8s quick GUI cluster creation / integration)
 

1. Install Docker Containerization Software Community Edition


Docker containers are similar to virtual machines, except they run as normal processes (containers), that does not use a Hypervisor of Type 1 or Type 2 and consume less resources than VMs and are easier to manage, nomatter what the OS environment is.

Docker uses cgroups and namespace to allow independent containers to run within a single Linux instance.

docker-architecture-explained
Docker Architecture – Picture source docker.com

Below docker install instructions are for Debian / Ubuntu Linux, the instructions for RPM package distros Fedora / CentOS / RHEL are very similar except yum or dnf tool is to be used.

a) Uninstall older versions of docker , docker-engine if present
 

 

apt-get -y remove docker docker-engine docker.io

 

! Previously running docker stuff such as Volumes, Images and networks will be preserved in /var/lib/docker/

b) install prerequired packages and add apt repositories for doko
 

apt-get update
apt-get install -y apt-transport-https ca-certificates wget software-properties-common

 

wget https://download.docker.com/linux/debian/gpg
apt-key add gpg
rm -f gpg

 

Create docker.list apt sources file

 

echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee -a /etc/apt/sources.list.d/docker.list

 

apt-get update

 

c) check out the docker policy (will list you a multiple installable versoins of docker).

 

apt-cache policy docker-ce

docker-ce:
  Installed: (none)
  Candidate: 17.06.0~ce-0~debian
  Version table:
     17.06.0~ce-0~debian 500
        500 https://download.docker.com/linux/debian stretch/stable amd64 Packages
     17.03.2~ce-0~debian-stretch 500
        500 https://download.docker.com/linux/debian stretch/stable amd64 Packages
     17.03.1~ce-0~debian-stretch 500
        500 https://download.docker.com/linux/debian stretch/stable amd64 Packages
     17.03.0~ce-0~debian-stretch 500

 

d) Install and run docker

 

apt-get -y install docker-ce
systemctl start docker

systemctl-docker-containerization-status-gnu-linux-screenshot

 

systemctl status docker

 

Previously running docker stuff such as Volumes, Images and networks will be preserved in /var/lib/docker/
 

2. Build Docker image with Ubuntu Linux OS and Squid inside


To build a docker image all you need to do is have the Dockerfile (which is docker definitions build file), an Official image of Ubuntu Linux OS (that is provided / downloaded from dockerhub repo) and a bunch of docker commands to use apt / apt-get to install the Squid Proxy inside the Docker Virtual Machine Container

In dockerfile it is common to define for use an entrypoint.sh  which is file with shell script commands definitions, that gets executed immediately after Docker fetches the OS from its remote repository on top of the newly run OS. It is pretty much like you have configured your own Linux distribution like using Linux from Scratch! to run on a bare-metal (hardware) server and part of the installation OS process you have made the Linux to run a number of scripts or commands during install not part of its regular installation process.

a) Go to https://hub.docker.com/ and create an account for free

The docker account is necessery in order to push the built docker image later on.
Creating the account creates just few minutes time.

Build-Docker-Images-with-DockerFile-diagram

b) Create a Dockerfile with definitions for Squid Open Proxy setup

I'll not get into details on the syntax that Dockerfile accepts, as this is well documented on Docker Enterprise Platform official website but in general gettings the basics and starting it is up to a 30 minutes to maximum 1h time.

 

After playing a bit to achieve the task to have my Linux distribution OS (Ubuntu Xenial) with Squid on installed on top of it with the right configuration of SQUID Cacher to serve as Open Proxy I've ended up with the following Dockerfile.

 

FROM ubuntu:xenial
LABEL maintainer="hipo@pc-freak.net"

ENV SQUID_VERSION=3.5.12-1ubuntu7 \
    SQUID_CACHE_DIR=/var/spool/squid \
    SQUID_LOG_DIR=/var/log/squid \
    SQUID_USER=proxy

RUN apt-get update \
 && apt-get upgrade && apt-get dist-upgrade && DEBIAN_FRONTEND=noninteractive apt-get install -y squid=${SQUID_VERSION}* \
 && rm -rf /var/lib/apt/lists/*

COPY entrypoint.sh /sbin/entrypoint.sh
COPY squid.conf /etc/squid/squid.conf
RUN chmod 755 /sbin/entrypoint.sh

EXPOSE 3128/tcp
ENTRYPOINT [“/sbin/entrypoint.sh”]

You can download the Dockerfile here.

c) Create entrypoint.sh and squid.conf files

Apart from that I've used the following entrypoint.sh (which creates and sets necessery caching and logging directories and launches script on container set-up) permissions for SQUID proxy  file that is loaded from the Dockerfile on docker image build time.
To have the right SQUID configuration shipped up into the newly built docker container, it is necessery to prepare a template configuration file – which is pretty much a standard squid.conf file with the following SQUID Proxy configuration for Open Proxy

 

acl SSL_ports port 443
acl CONNECT method CONNECT

 

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

 

http_access allow localhost

http_access allow all

http_port 3128


coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

 

Once, I've created, the proper Dockerfile configuration, I've made a tiny shell script, that can create / re-create my docker image multiple times
Here is the build-docker-image.sh :
 

#!/bin/sh
username='hipod';
password='';
docker login –username="$username" –password=""
DOCKER_ACC=hipod
#DOCKER_REPO=squid-3.5.12-1ubuntu7
DOCKER_REPO=squid-ubuntu
IMG_TAG=latest

docker build -t $DOCKER_ACC/$DOCKER_REPO:$IMG_TAG .
docker push $DOCKER_ACC/$DOCKER_REPO:$IMG_TAG


You can download build-docker-image.sh script here

The script uses the docker login command to authenticate non-interactively to https://hub.docker.com
docker build
command with properly set DOCKER_ACC (docker account – which is the username of your hub.docker.com account as I've pointed earlier in article), then DOCKER_REPO (docker repository name) – you can get it either from a browser, after you've logged in to dockerhub or assuming you know your username, it should look like:
https://hub.docker.com/u/your-username-name – for example mine is hipod with repository name squid-ubuntu, my squid-ubuntu docker image build is here, you'll also need to provide the password inside the script or if you consider it a security concern, instead type manually from command line docker login and authenticate in advance before running the script, finally the last line docker push pushes to remote docker hub the new build of Ubuntu + SQUID Proxy with a predefined TAG that in my case is latest (as this is my latest build of Squid – if you need a multiple version number of Squid repository just change the tag to the version tag line number.

 

d) Use the script to build Squid docker image

build-docker-image-terminal-screenshot-linux

Next run the script to make and push into docker your new image:
 

sh build-docker-image.sh

 

Please consider that in order to work with docker hub push / pull, you will need to have a firewall that allows connection to dockerhub site repo, if for some reason the push / pull fails, check closely your firewall as it is the most likely cause for failure.

 

3. Run the new docker image to test Squid runs as expected

To make sure the docker image runs properly, you can test it on any machine that has docker.io installed, this is done with a simple cmd:
 

docker run -d –restart=always -p 3128:3128 hipod/squid-ubuntu:latest

 


The -d option tells docker to background process / run in detached mode
 -p option tells docker to expose port (e.g. make NAT with iptables from the docker virtual container with Linux OS + SQUID listening inside the container on port 3128 to the TCP / IP 3128 server port).
You can use iptables to check the created Network Address Translation rules.

–restart=always option sets the docker restart policy (e.g. when the container is terminating it tells the container to restart the container (OS) after exit), there, you can use as a resetart policy (no, on-failure[:max_retries] , unless-stopped)

For clarity I've created one liner script run-squid.sh you can download here.
 

sh run-squid.sh

You can use a
 

ps aux|grep -i docker
 

root     13169  0.2  0.4 591300 77984 ?        Ssl  13:50   0:09 /usr/bin/dockerd -H fd://
root     13176  0.0  0.2 408244 34972 ?        Ssl  13:50   0:03 docker-containerd –config /var/run/docker/containerd/containerd.toml
root     20875  0.0  0.0 132348   948 pts/1    S+   14:52   0:00 grep -i docker


to see it running as well as the:

 

docker ps -a
 

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
d2eb7ab635cf        c5b0f61227cd        "/bin/sh -c 'apt-get…"   12 minutes ago      Exited (1) 3 minutes ago                        trusting_elion
18476f546562        c5b0f61227cd        "/bin/sh -c 'apt-get…"   37 minutes ago      Exited (1) 37 minutes ago                       admiring_wilson


To connect to the running container later you can use docker attach ID_of_container

 

docker attach d2eb7ab635cf

 

 


command to see the new container runs as well as attach to the newly spawned container

 

4. Deploying Dockerized SQUID Open Proxy Cache server to Kubernetes cluster

 

My task was to deploy the newly built squid doko image to remote K8s cluster which was set as a default cluster via a context in  .kube/config/  or manually set via:

 

kubectl config use-context my.k8s-cluster.net


I've used the following YAML file with kubectl to deploy:

 


apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: squid-app-33128
  name: squid-app-33128
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: squid-app-33128
    spec:
      containers:
        – name: squid
          image: hipod/squid-ubuntu:latest
          imagePullPolicy: Always
          ports:
          – containerPort: 3128
            protocol: TCP
          volumeMounts:
            – mountPath: /var/spool/squid
              name: squid-cache
            – mountPath: /var/log/squid
              name: squid-log
          livenessProbe:
            tcpSocket:
              port: 3128
            initialDelaySeconds: 40
            timeoutSeconds: 4
      volumes:
        – name: squid-cache
          emptyDir: {}
        – name: squid-log
          emptyDir: {}


The task included to deploy two different Open Proxy squid servers on separate ports in order to add them external cluster Ingress load balancing via Amazon AWS, thus I actually used following 2 yaml files.

1. squid-app-33128.yaml
2. squid-app-33129.yaml

The actual deployment command was like that:

 

# deploys pods and adds services to kubernetes cluster

kubectl create -f squid-app-33129.yaml -f squid-app-33128.yaml -f squid-service-33129.yaml squid-service-33128.yaml

 

You can download the 2 squid-service .yaml below:

1. squid-service-33129.yaml
2. squid-service-33128.yaml

The service is externally exposed via later configured LoadBalancer to make the 2 squid servers deployed into k8s cluster accessible from the Internet by anyoneone without authorization (as a normal open proxies) via TCP/IP ports 33128 and 33129.
 

Conclusion


Below I explained a few easy steps to follow to;


build docker image Ubuntu + Squid
test the image
deploy the image into a previously prepared k8s cluster

Though it all looks quite simplistic I should say creating the .yaml file took me long. Creating system configuration is not as simple as using the good old .conf files and getting used with the identation takes time.

Now once the LB are configured to play with k8s, you can enjoy the 2 proxy servers. If you need to do some similar task and you don't have to do it for a small fee, contact me.

More helpful Articles

The post Build and install Docker Squid Open Proxy image on Kubernetes cluster appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Create and Configure SSL bundle file for GoGetSSL issued certificate in Apache Webserver on Linux

$
0
0

gogetssl-install-certificate-on-linux-howto-sslcertificatechainfile-obsolete

I had a small task to configure a new WildCard SSL for domains on a Debian GNU / Linux Jessie running Apache 2.4.25.

The official documentation on how to install the SSL certificate on Linux given by GoGetSSL (which is by COMODO was obsolete as of time of writting this article and suggested as install instructions:
 

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle


Adding such configuration to domain Vhost and testing with apache2ctl spits an error like:

 

root@webserver:~# apache2ctl configtest
AH02559: The SSLCertificateChainFile directive (/etc/apache2/sites-enabled/the-domain-name-ssl.conf:17) is deprecated, SSLCertificateFile should be used instead
Syntax OK

 


To make issued GoGetSSL work with Debian Linux, hence, here is the few things done:

The files issued by Gogetssl.COM were the following:

 

AddTrust_External_CA_Root.crt
COMODO_RSA_Certification_Authority.crt
the-domain-name.crt


The webserver had already SSL support via mod_ssl Apache module, e.g.:

 

root@webserver:~# ls -al /etc/apache2/mods-available/*ssl*
-rw-r–r– 1 root root 3112 окт 21  2017 /etc/apache2/mods-available/ssl.conf
-rw-r–r– 1 root root   97 сеп 19  2017 /etc/apache2/mods-available/ssl.load
root@webserver:~# ls -al /etc/apache2/mods-enabled/*ssl*
lrwxrwxrwx 1 root root 26 окт 19  2017 /etc/apache2/mods-enabled/ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 окт 19  2017 /etc/apache2/mods-enabled/ssl.load -> ../mods-available/ssl.load


For those who doesn't have mod_ssl enabled, to enable it quickly run:

 

# a2enmod ssl


The VirtualHost used for the domains had Apache config as below:

 

 

 

NameVirtualHost *:443

<VirtualHost *:443>
    ServerAdmin support@the-domain-name.com
    ServerName the-domain-name.com
    ServerAlias *.the-domain-name.com the-domain-name.com

    DocumentRoot /home/the-domain-namecom/www
    SSLEngine On
#    <Directory />
#        Options FollowSymLinks
#        AllowOverride None
#    </Directory>
    <Directory /home/the-domain-namecom/www>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Include /home/the-domain-namecom/www/htaccess_new.txt
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

#    Alias /doc/ "/usr/share/doc/"
#   <Directory "/usr/share/doc/">
#       Options Indexes MultiViews FollowSymLinks
#       AllowOverride None
#       Order deny,allow
#       Deny from all
#       Allow from 127.0.0.0/255.0.0.0 ::1/128
#   </Directory>
SSLCertificateKeyFile /etc/apache2/ssl/the-domain-name.com.key
SSLCertificateFile /etc/apache2/ssl/chain.crt

 

</VirtualHost>

The config directives enabling and making the SSL actually work are:
 

SSLEngine On
SSLCertificateKeyFile /etc/apache2/ssl/the-domain-name.com.key
SSLCertificateFile /etc/apache2/ssl/chain.crt

 

The chain.crt file is actually a bundle file containing a bundle of the gogetssl CA_ROOT and RSA_Certification_Authority 3 files, to prepare that file, I've used bundle.sh small script found on serverfault.com here I've made a mirror of bundle.sh on pc-freak.net here   the script content is as follows:

To prepare the chain.crt  bundle, I ran:

 

sh create-ssl-bundle.sh _iq-test_cc.crt chain.crt
sh create-ssl-bundle.sh _iq-test_cc.crt >chain.crt
sh create-ssl-bundle.sh COMODO_RSA_Certification_Authority.crt >> chain.crt
sh create-ssl-bundle.sh bundle.sh AddTrust_External_CA_Root.crt >> chain.crt


Then I copied the file to /etc/apache2/ssl together with the-domain-name.com.key file earlier generated using openssl command earlier explained in my article how to install RapidSSL certificate on Linux

/etc/apache2/ssl was not previously existing (on Debian Linux), so to create it:

 

root@webserver:~# mkdir /etc/apache2/ssl
root@webserver:~# ls -al /etc/apache2/ssl/chain.crt
-rw-r–r– 1 root root 20641 Nov  2 12:27 /etc/apache2/ssl/chain.crt
root@webserver:~# ls -al /etc/apache2/ssl/the-domain-name.com.key
-rw-r–r– 1 root root 6352 Nov  2 20:35 /etc/apache2/ssl/the-domain-name.com.key

 

As I needed to add the SSL HTTPS configuration for multiple domains, further on I've wrote and used a tiny shell script add_new_vhost.sh which accepts as argument the domain name I want to add. The script works with a sample Skele (Template) file, which is included in the script itself and can be easily modified for the desired vhost config.
To add my multiple domains, I've used the script as follows:
 

sh add_new_vhost.sh add-new-site-domain.com
sh add_new_vhost.sh add-new-site-domain1.com


etc.

Here is the complete script as well:

 

#!/bin/sh
# Shell script to add easily new domains for virtual hosting on Debian machines
# arg1 should be a domain name
# This script takes the domain name which you type as arg1 uses it and creates
# Docroot / cgi-bin directory for the domain, create seperate site's apache log directory
# then takes a skele.com file and substitutes a skele.com with your domain name and directories
# This script's aim is to easily enable sysadmin to add new domains in Debian
sites_base_dir=/var/www/jail/home/www-data/sites/;
# the directory where the skele.com file is
skele_dir=/etc/apache2/sites-available;
# base directory where site log dir to be created
cr_sep_log_file_d=/var/log/apache2/sites;
# owner of the directories
username='www-data';
# read arg0 and arg1
arg0=$0;
arg1=$1;
if [[ -z $arg1 ]]; then
echo "Missing domain name";
exit 1;
fi

 

# skele template
echo "#
#  Example.com (/etc/apache2/sites-available/www.skele.com)
#
<VirtualHost *>
        ServerAdmin admin@design.bg
        ServerName  skele.com
        ServerAlias www.skele.com


        # Indexes + Directory Root.
        DirectoryIndex index.php index.htm index.html index.pl index.cgi index.phtml index.jsp index.py index.asp

        DocumentRoot /var/www/jail/home/www-data/sites/skelecom/www/docs
        ScriptAlias /cgi-bin "/var/www/jail/home/www-data/sites/skelecom/cgi-bin"
        
        # Logfiles
        ErrorLog  /var/log/apache2/sites/skelecom/error.log
        CustomLog /var/log/apache2/sites/skelecom/access.log combined
#       CustomLog /dev/null combined
      <Directory /var/www/jail/home/www-data/sites/skelecom/www/docs/>
                Options FollowSymLinks MultiViews -Includes
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
#               RedirectMatch ^/$ /apache2-default/
        </Directory>

        <Directory /var/www/jail/home/www-data/sites/skelecom/www/docs/>
                Options FollowSymLinks ExecCGI -Includes
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

</VirtualHost>
" > $skele_dir/skele.com;

domain_dir=$(echo $arg1 | sed -e 's/\.//g');
new_site_dir=$sites_base_dir/$domain_dir/www/docs;
echo "Creating $new_site_dir";
mkdir -p $new_site_dir;
mkdir -p $sites_base_dir/cgi-bin;
echo "Creating sites's Docroot and CGI directory";
chown -R $username:$username $new_site_dir;
chown -R $username:$username $sites_base_dir/cgi-bin;
echo "Creating site's Log files Directory";
mkdir -p $cr_sep_log_file_d/$domain_dir;
echo "Creating sites's VirtualHost file and adding it for startup";
sed -e "s#skele.com#$arg1#g" -e "s#skelecom#$domain_dir#g" $skele_dir/skele.com >> $skele_dir/$arg1;
ln -sf $skele_dir/$arg1 /etc/apache2/sites-enabled/;
echo "All Completed please restart apache /etc/init.d/apache restart to Load the new virtual domain";

# Date Fri Jan 11 16:27:38 EET 2008


Using the script saves a lot of time to manually, copy vhost file and then edit it to change ServerName directive, for vhosts whose configuration is identical and only the ServerName listener has to change, it is perfect to create all necessery domains, I've created a simple text file with each of the domains and run it in a loop:
 

while :; do sh add_new_vhost.sh $i; done < domain_list.txt
 

 

More helpful Articles

The post Create and Configure SSL bundle file for GoGetSSL issued certificate in Apache Webserver on Linux appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Make laptop not to sleep on close on Microsoft Windows 10 / Disable notebook LID close sleep Windows

$
0
0

Windows10-Define-power-options-actions-settings

I have to use Windows 10 Enterprise on a notebook for Work purposes once again and use a Docking station connected to an external Display Monitor at the Company Office work location one of the first things to configure is to disable LID Display Sleep on laptop close because otherwise the notebook has to be left opened almost half opened in order to work with the PC to change that unwanted behavior there is an easy way via Windows Control Panel configuration, here is how:

Open

Windows Control Panel 

 


navigate to:

edit-plan-settings-power-settings-windows-10.png

 

 

 

Power Options


choose:

Change advanced power settings, scroll down a bit to:

power-options-power-buttons-and-lid-lid-close-action-do-nothing-windows-10-scresnshot

 

Power Buttons and lid (menu) 


press over it from sub-menu
 

Plugged in

 


Select

 

 

Do nothing

 


That's all from now on closing the notebook when plugged in to the Dock station or to a direct External Monitor will no longer do the sleep.

As you can see from the menus, there is a lot of triggering rules to configure further from Power Management (Advanced Settings) on how applications / USBs / Multimedia and Hard Disks should behave under different power conditions so if you have the time I recommend you go through them and check them for yourself.

More helpful Articles

The post Make laptop not to sleep on close on Microsoft Windows 10 / Disable notebook LID close sleep Windows appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Flight to Dresden German via Munchen and a few impressions about Dresden

$
0
0

Last week I've flew to Germany to start as a contractor for Itelligence AG a SAP contractor company on its own. 
I've been hired by a small bulgarian company called BST (Business Services and Technologies), but let me skip the details and go to the main goal of article to just share few impressions on my flight from Sofia Airport Terminal 2 (code named SOF), Bulgaria to Germany Munich Airport (Flughafen Munich – codename MMC).

Flight To Munich

My flight was an International one from Sofia to Munich and then a secondary (local Germany Shengen zone flight Dresden -> Munich) and this happens to be my second flight with Lufthansa, previous one was from Sofia -> Poland, Warsaw see my previous blog post Trip from Sofia Bulgaria to Minsk Belarus through Warsaw and how to issue VISA for Belarus.

a320-lufthansa-airbus-plane

Airbus-A320-LH-168-Lufthansa-passengers-placing
Both flights went pretty smoothly and I can confirm the general good reputation of Lufthansa as a flight company, the first flight was the longer one about 2 hours flight on a Airbus A320 which is a relatively big plane.

The second flight which was a short one about an 1 hour time was on a small Charter plane with the funny name Bombardier CRJ 900.

Bombardier_CRJ_900-airplane-Lufthansa_CityLine

Bombardier-CRJ900-plane-placing-Lufthansa

Well I thought good that I've been send for a Company Start-up training but I never planned bombing Germans 🙂 … But well enought jokes, its enough the hell they went through mainly from British and American bombings during  World War II …

Anyways the trip with both planes went smoothly thanks God. This time I travelled with my future colleague Hristos Hristov and as always the travel with someone is less scary and more enjoyable.

The Munich to Dresden flight

The Munich (the German word for Munchen) airport  is the second-busiest airport in Germany in terms of passenger traffic after Franfurt Airport and the 7th busiest airport in Europe and is in the top 40 biggest airports in the world, even though that if compared to Netherlands Schiphol airport it was a cozy and a very easy to orient, the passport control after the flight was a quick and efficient in a German way. We had to further reach for Terminal E on the airport and it happened that to reach the Terminal we need to pick-up a an S-Bahn train (a free one) which moved us to the other opposite passengers building.

Deutschland-DDR_flag

East Germany DDR Times Flag


An Airport Surprise The East German Car of Future 🙂 Trabant !

Arriving in Dresden around 12:30, my first impression was the Trabant car (old cardboard made of car produced in the times of DDR (Deutsche Demokratische Republic) / GDR or (German Democratic Republic) was state a part of the Eastern Bloc (Communist Bloc). 
 

Trabant-Dresden-airport-Germany
Trabant was like the car of the future, it was low cost cheap to produce, very light (a one person could move the car!) used little gasoline to run but it used a lot of oil 🙂
In Bulgaria it was a mass used car during Socialist Times. Nowadays the car is sold mostly in United States as an antique
for its low price. For example in Bulgaria one can buy one of this cardboard cars for 150 EUR or so 🙂

The problem with the car is if you enter an accident with 50 to 70 km you die 100%, so it is only suitable for small villages nowadays or maximum of a small town use for short distances.

Dresden-Trabbi-picture-the-Eastern-Block-cardboard-car

The car is super simplistic and surprisingly has even a baggage space in the back 🙂

Trabant_inside-the-car

Trabant_Engine_Block

For more check what wikipedia says about this magical car Trabant 🙂  …


The Transportation in Dresden (ticket fees and few impressions)

Immediately on Dresden's airport we head to information and asked the nice German old lady on how and where we can buy a monthly all transport ticket for Dresden and Surprise, Surprise the ticket was sold on Information Kiosk itself it costed 61.50 EURO (divided by 30 days that's about 2.05 eur per day), for Germany its a great price.
The normal ticket costs 2.80 eur per single trip and 6 euro for a daily ticket for all transports. 
To arrive to Dresden Central from Airport it was quite quick and efficient with the S-Bahn (S-Train) which is partially kinda of partially underground train similar to Metro for rapid transportation but not exactly. Iit seems this transport is very popular in Germany and Austria).

S-Bahn-Mehrverkehr_03-S-Train-rapid-transit-system

To arrive to Dresden Main (Central) Train Station, we had to travel to Haupbahnhof – the German Word for TrainStation and go down on Dresden Hbf.
Dresden-S-Bahn-Lines.svg

Schema for S-Bahn Dresden Germany


Dresden-autobahnohf-neustadt

We had reservation for Hotel Terrasenufer which is on old socialist times Hotel situated 5 minutes from the Dresden Old City (Alt City) with an unique sideview to Elba River.

Trams-in-Dresden-how-they-look-in-2018.jpg
To reach there, we had to walk about 300 meters and pick up a Tram number 3 and go down on stop the Synagogue tram stop.
Trams in Dresden are clean modern and very fast, so you have a speed which can be a concurrency of a normal Metro.
The overall infrastructure the bus stops and everything is outstanding and designed obviously by great Dresdners great engineering mind.
The city's transportation includes Bus / Tram and Trolley and the frequence of shuttles is really short about 3 / 5 to 10 minutes time.
For most important destinations New / Old / City, I've used Tram or bus number 3 / 7 or 8.

The Synagogue

The Synagogue stop is called that way for a reason as on those stop there is a new rebuild Jewish Synagogue ​
– The Fuhrer Adolf Hitler would definitely not been happy to see it in 2018, but as the War hell is over and German attitudes to Jewish are friendly that's not a problem.

Dresden-Synagogue-building-and-a-bus-station


Hotel Terrasenufer

As I've seen it being lighted and many people to go and go the building it seems the Synagogue is functioning.

Terrasenufer-hotel-near-Dresden-city-center-for-a-non-smoker-hotel

The Terrassenufer is an inner city street in the city center of Dresden directly on the left bank of the Elbe and part of an important inner-city east-west axis. It runs on the northern edge of the districts Inner Old Town and Pirnaische suburb, following the Elbbogen. It is named after the Brühl Terrace, which stands on its south side. On the terrace bank is the mooring of the Saxon steamship. Parts of the terraced shore are protected as a cultural monument.
 

Terrasenufer-hotel-sideview-over-window-and-the-hotel-room

Terrasenufer is famous for being a non-smoker hotel and even though being an old construction inside is a confortable and the big advantage of it is the rooms are big ones for a hotel rooms (in my opinion). As you can see from the picture the sideview to Elba River and City Center Gothic styled buildings is unique, especially in night time.

Am_Terrassenufer-Dresden-Aussenansicht-night-view-to-Dresden

What is impressing in Germany that it is genererally really clean in the city and obviously it is invested in maintaining the greenery parks, trees. People also are really polite and helpful and most of people speak a decent English.

Dresden food prices the old and new city

The prices of the Alt Stadt city center are a little bit expensive especially for us Bulgarians a decent Dinner costs about 10 to 15 euro, but the new city (Neue Stadt)'s is full of relatively cheap fast food a lot of small breakfast rooms offering Shoarma (Duners) / Pizza / Noodes most of which run and served by Pakistans / Turkish or people from far east and a couple of Asian / Viatnamese run by Chineese / Viatnamese.
To grab one of that "fast foods" costs about 3.50 to 6 euro, a food I tried on a few times is 30 Cm Pizza which costs 4.5 euro and the best thing is the beer's price is 1.50 / 2 euro, prices pretty much okay and not far different from Sofia.
We ate a couple of times at a small pizzeria ran by a Pakistani. The pizza price for that quality was fantastic.

donner_kebap-durum-buzek-pide-gozleme-Dresden

I've spend about 1 week now in Dresden and I can say the city is much calmer and "there is no feeling of stress in the air", people here perhaps of the good living standard seems more relaxed and stressed than in Bulgaria. 
As an ex Eastern Bloc country there are some remains of the Soviet times in Dresden before the fall of the Berlin Wall a building Communistic (Soviet) Mosaic near the square of the Old city is a good example of that.

Dresden Socialist Soviet Architecture remains

Dresden-Communism-socialism-mosaic-remains

Of course as a country which was almost a member of the Soviet Union, there is a lot of pannel construction near the end of the city, but even they are nowadays seriously renovated and doesn't look so scary like a lot of the old unmaintained buildings in Bulgaria, Ukraine (Smaller towns in Russia) and even partially Romania.

Dresden-old-communism-times-blocks


Churches in Dresden and few old city landmarks

A notable building in the city is the Frauenkirche (Protestant Cathedral Church) from year 1738 that was fully destroyed in World War 2.

frauenkirche-dresden-Protestant-Cathedral

and rebuild in 1993 – 1994.

Very near is found a majestic architectural master piece the Catholic Church

Kathedrale_Hofkirche-Dresden-Holy-Trinity

the Catholic Church Holy Trinity (Sanctissimae Trinitatis) of the royal court of Saxony / Katholische HofKirche

Near the Roman-Catholic Gothic Style Church is situated the Zwinger Palace, a unique peace of Barocue Art architecture.

Zwinger_palace-dresden2

Zwinger Palace Dresden

Zwinger-palace-dresden-garden
 

The Orthodox Russian Church

The Address of Orthodox Church in Dresden is Fritz-Löffler-Straße 19, 01069 Dresden and to reach there from Synague Tram stop near Synagogue I've to pick up Tram Number 3.
As an Orthodox Christian both of them does not hold any spiritual interest, even though I personally think Roman-Catholicism is closer to the true faith which is closer to ours the Holy Eastern Orthodoxy.

The best Architectural master piece in the city in my opinion is the Russian Church / Russisch Orthodoxe Kirche – des Heiligen Simeon vom wunderbaren Berge (Saint Simeon Styler the Younger)

Icon-Ikona-swjatogo-saint-Semiona-Divnogorca-Stylpnik-mladshi-Dresden

and just as a proof of the true faith in my opinion it was not a coincidence that those church was the only building within a wide area which remained relatively intact (only the bell tower suffered damge), through the brutal bombing of city in February 1945 by British / American Allied forces. The Church has a historical value as it was build in 1872 – 1874 before Soviet Revolution in 1917 During Russian Empire Tsarist times and (currently is about 147 years old). 

Russian-Church-Dresden-saint-Simeon-Divnogorec

The world famous Russian Composer Rachmaninov himself as he lived a 3 winters in Dresden donated money for a new gas installation of the Church which is in operation to this very day

saint-Simeon-Divnogorec-Orthodox-Christian-Church-in-Dresden

Russian-Eastern-Orthodox-Church-saint-Simeon-Stylpnik-the-Younger-Divnogorec

In 1875 the Russian Emperor Alexander II visited the Church a memory board donation by him is still present in.

This Sunday I visited the Church for a Sunday Holy Liturgy  and was nicely surprised to find the Church choire was singing like Angels.
The priest is an aged one and seems a very gracious man. The Church was full of people, among which were many young people and parents who brought their kids to receive the Holy Sacraments.

Russian-Church-Dresden-picture-11

Russian-Church-Dresden-picture-12

The Church alter is painted back in the day of Church cration by a German painter the Alter wall of iconostasis is made of marble.

Russian-Church-Dresden-picture-7

As it is often seen in Russian Church, there is a crucifix on one of the sides of the Church in those it was left side and in front as usual were burning candles for remember of deceased.

Russian-Church-Dresden-picture-4


Climate in Dresden

The Climate here is more moderate when compared to Bulgarian and even though at times it is a bit windy with a cold wind, the weather feels quite nice in Autumn seasen time and temperatures are more stable – the temporature is stable at least for my stay and it feels more like an Autumn should be and in that sense resembles Dutch climate. The weather is sunny enough so the Dresdener Germans are privileged to have less of that gloomy Netherlands cloudy weather.

The Military History Museum Dresden

Next after the Sunday Holy Liturgy service, I've visited the War Museum (The Bundeswehr Museum of Military History in Dresden) which on address Olbrichtplatz 2, 01099 Dresden.

Military-War-Museum-Dresden-Heavy-tanks-and-war-vehicles

To reach there the Tram number 7 goes from Synagogue Bus stop, the bus stops about 150 meters from the Musem.
The museum exhibits about 10000 military artefacts and things connected to pre and post WW2. 
In the museum coutryard as common for military objects are some old Tanks and heavy military vehicles, tanks, mine destroying machine, cutters, armored personnel carrier and even a Patriot rocket launcher platform and even a nuclear head transporter.
The tanks were mostly German tanks from 1955 'till late 1980s and few Russian machines T72 and other Soviet equipment.

Inside the museum are exhibited many traditional German flags, remains of Napeleon war times, a few Nazis equipment and more modern American one guns, uniforms etc.

German-War-Flag

Most impressing are the few enormous rockets that are directly in the building. The 5 stages show political stuff related to war, old military cars, nearly 10000 war related paintings, flamethowers and reconstruction dummy models of various submarines, tanks, helicopters, ships and pieces of military art and military time German life and propaganda posters from Nazi times ….
war-museum-1-anti-mining-heavy-vehicle

Mine searching and destroying heavy machine

war-museum-2-german-emperialistic-eagle

The German Eagle and Uniforms

war-museum-3-animals-and-war

Animals used in War – museum section

war-museum-4-rockets

Rockets

war-museum-4-russian-old-gazka

Soviet Union Gazka Emergy Medical Aid

war-museum-5-german-tank

German anti-aircraft missle tank with Radar on top

war-museum-6-rocket

Ballistic Rocket (Maybe?)

war-museum-7-miniature-ship

Model of Old Ship

war-museum-8-rocket-launcher

Rocket Launcher

war-museum-10-war-holder

Nuclear Head Transporter

war-museum-11-nato-military-guns

Machine gun rifles

There is perhaps much more to see on Dresden, the Zoo, the Porcelan Museum, the famous Dresden Painting Gall, the Royalty Zwinger Palace, The Semper Opera, The Socialist Museum, The Museum of Hygiene but I still have time for that once I see some more or get impressions I'll come back to update this article. 
 

More helpful Articles

The post Flight to Dresden German via Munchen and a few impressions about Dresden appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Prevent rsync cronjob to run multiple times via cronjob on Linux

$
0
0

prevent-rsync-rsync-to-run-multiple-times-via-cronjob-on-linux

Today I had a report of a server whose Load Avarage keeps at the high level of 86, the machine runs on a bare metal rock solid hardware and even with such high Loads of the kernel it runs fine, but due to the I/O overhead the SANs red from a remote NetApp storage device started to be sluggish and hence it needed to be reviewed, thus I jumped in via the hop station (jump host) into the server.
 

1. Short investation on root cause for high server load


After a short investigation, I've found an rsync job set by someone on a cron job to be routinely run every 30 minutes, thus the old scheduled rsync, which seemed to run multiple times on the server (about 50 processes) of same rsync (file system synchronization was running) and as expected the storage was saddled with mutiple Input / Output requests.

The root cron job was like that:
 

server:~# crontab -u root -l |grep -i rsync
/usr/bin/rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize


A process list showed the following high number of running mirrored rsyncs:

 

server:~# ps axuwwf | grep -i rsync | wc -l
80


 

2. The Fix – Set Rsync to only via cron only in case if it is not already running in background


In order to fix it, I had to kill all current running rsync (here luckily only same single instance of rsync was running, but generally I was cautious to check no other rsync jobs are running – otherwise I would have mistakenly killed some other rsync job ongoing …)

Then I set the following new cron job one liner quick shell script that does the job to assign a pid file that is created before rsync and deleted after rsync completion.
 

if [ ! -e /tmp/repo_dba_sync.lock ]; then touch /tmp/repo_dba_sync.lock; /usr/bin/rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize ; trap 'rm -f /tmp/repo_dba_sync.lock; fi' EXIT  >/dev/null 2>&1


The cron job looked like so:

 

*/30 * * * * if [ ! -e /tmp/repo_dba_sync.lock ]; then touch /tmp/repo_dba_sync.lock; /usr/bin/rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize ; trap 'rm -f /tmp/repo_dba_sync.lock; fi'  EXIT >/dev/null 2>&1

Just in case if you're wondering
a trap should be used to verify that the lock file is removed when the script is exited for any reason.
This way the lock file will be removed even if the script exits before the end of the script.

An alternative and more simple ways to do it is via:
 

pgrep rsync > /dev/null || rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize

 

Or if you don't want to use bash's:
 

if []; then; fi


condition but still use a file lock the flock command can be used like so:
 

flock -n lock_file -c "rsync …"

More helpful Articles

The post Prevent rsync cronjob to run multiple times via cronjob on Linux appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.


Putty load as default session another session – Save other Putty session configuration to default howto

$
0
0

putty-load-button-screenshot

Recently I had to use PuTTY which I haven't used for years to open a number of SSH Pernanent Tunnels necessery for my daily work as a SAP Consultant.

I've saved them under a certain new profile and saved the set SSH Tunnel configuration not in the default Session but in separate named one, therefore had to press Load button every time after clicking over my Putty shortcut icon. 

That was annoying and took few seconds out of my life every next morning for about a week, so finally I found osme time to google it and it seemed it is pretty easy to have any Putty sessoin loaded you like.

Here is how:

1. Create a new Putty Shortcut

putty-screenshot1

putty-shortcut-screenshot-windows

Click over Putty icon while holding CTRL + SHIFT (Control SHIFT keys simultaneously ) and move the mouse somewhere on the desktop to create the shortcut.
 

2. Right click on Putty Shortcut

putty-target-screenshot-windows1

putty-target-screenshot-windows2

 

"C:\Program Files\PuTTY\putty.exe" -load "your_saved_session" "username@your_server_address" -pw "your_password"


fill out "target" field of shortcut using above code (alter to your own properties).
click Apply button.

If you need to pass a user and password from Shortcut itself (which is a bad practice for security but sometimes useful, for not so important Tunnels – for example a tunnel to an Open Proxy), do it by typing in the target field like so:
 

"C:\Program Files\PuTTY\putty.exe" -load "your_saved_session" "username@your_server_address" -pw "your_password"

 

And Hooray !!! After that when you click on PuTTy shortcut it loads your session automatically using given username and password.

More helpful Articles

The post Putty load as default session another session – Save other Putty session configuration to default howto appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Create SFTP CHROOT Jail User for data transfer to better Linux shared web hosting server security

$
0
0

Adding user SFTP access to a Linux system is often required and therefore a must for multi users or web hosting environments it is an absolute requirement to have SFTP  user space separation ( isolation ) out of the basic Linux system environment this is done using a fake CHROOT Jail.

Purpose of this article is to show how to create SFTP Chroot JAIL in few easy configurations.

By isolating each user into his own space you will protect the users to not eventually steal or mistakenly leak information such as user credentials / passwords etc.

Besides that it is useful to restrict the User to his own File / Web Space to have granted only access to Secure FTP (SFTP) only and not SSH login access and togheter with the chroot jail environment to protect your server from being attempted to be hacked (rooted / exploited) through some (0day) zero-day kernel 1337 vulnerability.

1. Setup Chrooted file system and do the bind mount in /etc/fstab
 

# chown root:root /mnt/data/share
# chmod 755 /mnt/data/share
# mkdir -p /sftp/home
# mount -o bind /mnt/data/share /sftp/home

Next add to /etc/fstab (e.g. vim /etc/fstab) and add following line:
 

/mnt/data/share /sftp/home  none   bind   0   0


To mount it next:
 

# mount -a


/mnt/data/share is a mounted HDD in my case but could be any external attached storage

 

2. Create User and sftpgroup group and add your new SFTP Jailed user accounts to it

To achieve SFTP only CHROOT Jail environment you need some UNIX accounts new group created such as sftpgroup and use it to assign proper ownership / permissions to newly added SFTP restricted accounts.
 

# groupadd sftpgroup


Once the group exists, next step is to create the desired username / usernames with useradd command and assign it to sftpgroup:

 

# adduser sftp-account1 -s /sbin/nologin -d /sftp/home
# passwd sftp-account1

 

usermod -G sftpgroup sftp-account1


Above both commands could be also done in one line with adduser

 

# adduser sftp-account1 -g sftpgroup -s /sbin/nologin -d /sftp/home

Note the /sbin/nologin which is set to prevent SSH logins but still allow access via sftp / scp data transfer clients Once the user exists it is a good idea to prepare the jailed environment under a separate directory under root File system system lets say in /sftp/home/

3. Set proper permissions to User chrooted /home folder

# mkdir -p /sftp/home
# mkdir /sftp/home/sftp-account1
# chown root:root /sftp/
# chown sftp-account1:sftpgroup /sftp/home/sftp-account1

For each new created uesr (in this case sftp-account1) make sure the permissions are properly set to make the files readable only by the respective user.

# chmod 700 -R /sftp/home/sftp-account1

For every next created user don't forget to do the same 3. Modify SSHD configuration file to add Chroot match rules Edit /etc/ssh/sshd_config file and to the end of it add below configuration:

# vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp     
Match Group sftpgroup   
ChrootDirectory /sftp/home   
ForceCommand internal-sftp   
X11Forwarding no   
AllowTcpForwarding no


Restart sshd to make the new settings take effect, to make sure you don't ed up with no access (if it is a remote server) run the sshd daemon on a secondary port like so:
 

# /usr/sbin/sshd -p 2208 &

Then restart sshd – if it is old Linux with Init V support

# /etc/init.d/sshd restart

– For systemd Linux systems

# systemctl restart sshd


4. Verify Username (sftp-account1) could login only via SFTP and his environment is chrooted

 

ssh sftp-account1@pc-freak.net

This service allows sftp connections only.
Connection to 83.228.93.76 closed.

 

sftp sftp-account1@pc-freak.net Connected to 83.228.93.76. sftp>


5. Closure

The quick summary of What we have achieved with below is:

restrict Linux users from having no /bin/shell access but still have Secure FTP copy in few steps to summarize them

a. create new user and group for SFTP chrooted restricted access only
b. set proper permissions to make folder accessible only by user itself
c. added necessery sshd config and restarted sshd to make it working d. tested configuration

This short guide was based on documentation on Arch Linux's wiki SFTP chroot you can check it here.

More helpful Articles

The post Create SFTP CHROOT Jail User for data transfer to better Linux shared web hosting server security appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Automatic network restart and reboot Linux server script if ping timeout to gateway is not responding as a way to reduce connectivity downtimes

$
0
0

automatic-server-network-restart-and-reboot-script-if-connection-to-server-gateway-inavailable-tux-penguing-ascii-art-bin-bash

Inability of server to come back online server automaticallyafter electricity / network outage

These days my home server  is experiencing a lot of issues due to Electricity Power Outages, a construction dig operations to fix / change waterpipe tubes near my home are in action and perhaps the power cables got ruptered by the digger machine.
The effect of all this was that my server networking accessability was affected and as I didn't have network I couldn't access it remotely anymore at a certain point the electricity was restored (and the UPS charge could keep the server up), however the server accessibility did not due restore until I asked a relative to restart it or under a more complicated cases where Tech aquanted guy has to help – Alexander (Alex) a close friend from school years check his old site here – alex.pc-freak.net helps a lot.to restart the machine physically either run a quick restoration commands on root TTY terminal or generally do check whether default router is reachable.

This kind of Pc-Freak.net downtime issues over the last month become too frequent (the machine was down about 5 times for 2 to 5 hours and this was too much (and weirdly enough it was not accessible from the internet even after electricity network was restored and the only solution to that was a physical server restart (from the Power Button).

To decrease the number of cases in which known relatives or friends has to  physically go to the server and restart it, each time after network or electricity outage I wrote a small script to check accessibility towards Default defined Network Gateway for my server with few ICMP packages sent with good old PING command
and trigger a network restart and system reboot
(in case if the network restart does fail) in a row.

1. Create reboot-if-nwork-is-downsh script under /usr/sbin or other dir

Here is the script itself:

 

#!/bin/sh
# Script checks with ping 5 ICMP pings 10 times to DEF GW and if so
# triggers networking restart /etc/inid.d/networking restart
# Then does another 5 x 10 PINGS and if ping command returns errors,
# Reboots machine
# This script is useful if you run home router with Linux and you have
# electricity outages and machine doesn't go up if not rebooted in that case
GATEWAY_HOST='192.168.0.1';
for i in $(seq 1 10); do
    ping -c 5 $GATEWAY_HOST
done

 

if [ $? -eq 0 ]; then
           echo "$(date "+%Y-%m-%d %H:%M:%S") Ping to $GATEWAY_HOST OK" >> /var/log/reboot.log
    else
    /etc/init.d/networking restart
    for i in $(seq 1 10); do ping -c 5 $GATEWAY_HOST; done
    if [ $? -eq 0 ]; then
        /sbin/reboot
    fi
        echo "$(date "+%Y-%m-%d %H:%M:%S") Ping to $GATEWAY_HOST FAILED !!! REBOOTING." >> /var/log/reboot.log
fi

You can download a copy of reboot-if-nwork-is-down.sh script here.

As you see in script successful runs  as well as its failures are logged on server in /var/log/reboot.log with respective timestamp.

2. Create a cron job to run reboot-if-nwork-is-down.sh every 15 minutes or so 

 

I've set the script to re-run in a scheduled (root user) cron job every 15 minutes with following  job:

To add the script to the existing cron rules without rewriting my old cron jobs and without tempering to use cronta -u root -e (e.g. do the cron job add in a non-interactive mode with a single bash script one liner had to run following command:

 

{ crontab -l; echo "*/15 * * * * /usr/sbin/reboot-if-nwork-is-down.sh 2>&1 >/dev/null; } | crontab –


I know restarting a server to restore accessibility is a stupid practice but for home-use or small client servers with unguaranteed networks with a cheap Uninterruptable Power Supply (UPS) devices it is useful.

Summary

Time will show how efficient such a  "self-healing script practice is.
Even though I'm pretty sure that even in a Corporate businesses and large Public / Private Hybrid Clouds where access to remote mounted NFS / XFS / ZFS filesystems are failing a modifications of the script could save you a lot of nerves and troubles and unhappy customers / managers screaming at you on the phone 🙂


I'll be interested to hear from others who have a better  ideas to restore ( resurrect ) access to inessible Linux server after an outage.?
 

More helpful Articles

The post Automatic network restart and reboot Linux server script if ping timeout to gateway is not responding as a way to reduce connectivity downtimes appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

How to disown a process once it is running on Linux – old but useful trick

$
0
0

how-to-disown-a-shell-running-process-on-linux-trick

There is one very old but  gold useful UNIX / Linux trick, I remembered which will be interesting to share it's called  it is called disowning.


Lets say you run execution of a job an rsync job or a simple copy job of a very large file, but in the middle of the copy you remembered you need to do something else and thus want to switch back to shell (without opening a new ssh if on remote server) or a new console if on a local machine.
Then how can you background the copy process and move the process to the rest of long running process system list e.g. "disown" it from yourself so the process continues its job in the background just like of the rest of the backgrounded running processes on the system.

Here is the basic syntax of the disown command:
 

help disown
disown: disown [-h] [-ar] [jobspec …]
    By default, removes each JOBSPEC argument from the table of active jobs.
    If the -h option is given, the job is not removed from the table, but is
    marked so that SIGHUP is not sent to the job if the shell receives a
    SIGHUP.  The -a option, when JOBSPEC is not supplied, means to remove all
    jobs from the job table; the -r option means to remove only running jobs.

 

Here is a live example of what I meant by above lines and actual situation where disown comes super useful.

The 'disown' command/builtin (this is in bash), which will disassociate the process from the shell and not send the HUP signal to the process on exit.

root@linux:~# cp -rpf SomeReallyLargeFile1 SomeReallylargeFile2

[1]+  Stopped                 cp -i -r SomeReallyLargeFile SomeReallylargeFile2
root@linux:~#  bg %1
[1]+ cp -i -r SomeReallyLargeFile SomeReallylargeFile2 &
root@linux:~#  jobs
[1]+  Running                 cp -i -r testLargeFile largeFile2 &
root@linux:~# disown -h %1
root@linux:~# ps -ef |grep largeFile2
root      5790  5577  1 10:04 pts/3    00:00:00 cp -i -rpf SomeReallyLargeFile SomeReallylargeFile2
root      5824  5577  0 10:05 pts/3    00:00:00 grep largeFile2
root@linux:~#


Of course you can always use something like GNU screen (VT100/ ANSI Terminal screen manager) or tmux (terminal multiplexer) to detach the process but you will have to have run the screen  / tmux session in advance which you might haven't  yet as well as it is  required one of the 2 to be present on a servers and on many servers in complex client environments this might be missing and hard to install (such as server is behind a firewall DMZ-ed (Demilitirezed Zoned) network and no way to install extra packages), the disown command makes sense.

Another useful old tip, that new Linux users might not konw is the nohup command (which runs a command immune to hangups with output to a non-tty), nohup's main use is if you want to run process in background with (ampersand) from bash / zsh / tcsh etc. and keep the backgrounded process running even once you've exited the active shell, to do so run the proc background as follows:
 

$ nohup command-to-exec &

 

Hope this helps someone, Enjoy!

 

More helpful Articles

The post How to disown a process once it is running on Linux – old but useful trick appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Export / Import PuTTY Tunnels SSH Sessions from one to another Windows machine howto

$
0
0

Putty-copy-ssh-tunnels-howto-from-one-to-another-windows-machine-3

As I've started on job position – Linux Architect in last November 2018 in Itelligence AG as a contractor (External Service) – a great German company who hires the best IT specialists out there and offers a flexible time schedules for emploees doing various very cool IT advanced operations and Strategic advancement of SAP's Cloud used Technology and Services improvements for SAP SE – SAP S4HANA and HEC (HANA Enterprise Cloud) and been given for work hardware a shiny Lenovo Thinkpad 500 Laptop with Windows 10 OS (SAP pre-installed), I needed to make some SSH Tunnels to machines to (Hop Station / Jump hosts) for that purpose, after some experimenting with MobaXterm Free (Personal Edition 11.0) and the presumable limitations of tunnels of the free client as well as my laziness to add the multiple ssh tunnels to different ssh / rdp / vnc etc. servers, finally I decided to just copy all the tunnels from a colleague who runs Putty and again use the good old Putty – old school Winblows SSH Terminal Client but just for creating the SSH tunnels and for rest use MobaXterm, just like in old times while still employe in Hewlett Packard. For that reason to copy the Tunnels from my dear German Colleague Henry Beck (A good herated collegue who works in field of Storage dealing with NetApps / filer Clusters QNap etc.).

Till that moment I had no idea how copying a saved SSH Tunnels definition is possible, I did a quick research just to find out this is done not with Putty Interface itself but, insetead through dumping Windows Putty Stored Registry records into a File, then transfer to the PC where Tunnels needs to be imported and then again (either double click the registry file) to load it, into registry or use Windows registry editor command line interface reg, here is how:
 

1. Export

 

Run cmd.exe (note below command) 

requires elevated Run as Administrator prompt:

Only sessions:

regedit /e "%USERPROFILE%\Desktop\putty-sessions.reg" HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions

All settings:

regedit /e "%USERPROFILE%\Desktop\putty.reg" HKEY_CURRENT_USER\Software\SimonTatham

Powershell:

If you have powershell installed on machine, to dump

Only sessions:


 

reg export HKCU\Software\SimonTatham\PuTTY\Sessions ([Environment]::GetFolderPath("Desktop") + "\putty-sessions.reg")

All settings:

reg export HKCU\Software\SimonTatham ([Environment]::GetFolderPath("Desktop") + "\putty.reg")


2. Import

Double-click on the 

*.reg

 file and accept the import.

 

Alternative ways:

 

cmd.exe

require elevated command prompt:

regedit /i putty-sessions.reg regedit /i putty.reg

PowerShell:

reg import putty-sessions.reg reg import putty.reg



Below are some things to consider:

Note !do not replace 

SimonTatham

 with your username.

 

Note !: It will create a 

reg

 file on the Desktop of the current user (for a different location modify path)

 

Note !: It will not export your related (old system stored) SSH keys.

What to expect next?

Putty-Tunnels-SSH-Sessions-screenshot-Windows

The result is in Putty you will have the Tunnel sessions loadable when you launch (Portable or installed) Putty version.
Press Load button over the required saved Tunnels list and there you go under

 

Connection SSH -> Tunnels 

 

you will see all the copied tunnels.

Enjoy!

More helpful Articles

The post Export / Import PuTTY Tunnels SSH Sessions from one to another Windows machine howto appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Check the count and monitor of established / time_wait TCP, UDP connections on Linux and Windows with netstat command

$
0
0

netstat-windows-linux-commands-to-better-understand-your-server-type-of-networrk-tcp-udp-connections

For me as a GNU / Linux sysadmin it is intuitive to check on a server the number of established connections / connections in time_wait state and so on .

I will not explain why this is necessery as every system administrator out there who had a performance or network issues due to server / applications connection overload or have been a target of Denial of Service (DoS)
or Distributed Denial of Service attacks (DDoS)  
is well aware that a number of connections in different states such as SYN_ACK /  TIME_WAIT or ESTABLISHED state could be very nasty thing and could cause a productive application or Infrastructure service to be downed for some time causing from thousands of Euros to even millions to some bussinesses as well as some amount of data loss …

To prevent this therefore sysadmins should always take a look periodically on the Connection states on the adminned server (and in this number I say not only sys admins but DevOps guys who are deploying micro-services for a customer in the Cloud – yes I believe Richard Stallman is right here they're clouding your minds :).

Even though cloud services could provide a very high amount of Hardware (CPU / Memory / Storage) resources, often for custom applications migrating the application in the Cloud does not solve it's design faults or even problems on a purely classical system administration level.

 

1. Get a statistic for FIN_WAIT1, FOREIGN, SYNC_RECV, LAST_ACK, TIME_WAIT, LISTEN and ESTABLISHED  Connections on GNU / Linux

 

On GNU / Linux and other Linux like UNIXes the way to do it is to grep out the TCP / UDP connection type you need via netstat a very useful cmd in that case is:

 

root@pcfreak:~# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
      1 established)
      1 FIN_WAIT1
      1 Foreign
      1 SYN_RECV
      3 LAST_ACK
      4 FIN_WAIT2
      8 TIME_WAIT
     45 LISTEN
    147 ESTABLISHED

 

2. Netstat 1 liner to Get only established and time_wait connections state 

 

Other ways to check only TCP ESTABLISHED connections on Linux I use frequently are:

 

root@pcfreak:~# netstat -etna|grep -i establi|wc -l
145

 

netstat-connection-types-statistics-linux-established-time-wait-check-count

Or to get whole list of connections including the ones who are about to be esatablished in FIN_WAIT2, TIME_WAIT, SYN_RECV state:

 

root@pcfreak:~# netstat -tupen |wc -l
164

 

3. Other Linux useful one liner commands to track your connection types
 

netstat -n -p | grep SYN_REC | sort -u

List out the all IP addresses involved instead of just count.

netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'

 

List all the unique IP addresses of the node that are sending SYN_REC connection status.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

 

Use netstat command to calculate and count the number of connections each IP address makes to the server.

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

 

List count of number of connections the IPs are connected to the server using TCP or UDP protocol.

netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

 

Check on ESTABLISHED connections instead of all connections, and displays the connections count for each IP.

 

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

 

Show and list IP address and its connection count that connect to port 80 on the server. Port 80 is used mainly by HTTP web page request.

Examples are taken from this nice blog post

 

4. Check the count of esatblished connections on M$ Windows

 

As I'm forced to optimize a couple of Microsoft Windows DNS servers which are really slow to resolve the
The logical question for me was how the Established and TIME_WAIT state connections then could be checked on Windows OS, after a quick investigation online I've come up with this:

 

C:\Users\admin> netstat -nao | find /i "estab" /c
78

 

netstat-check-number-of-established-ports-connections-windows
 

 

C:\Users\admin> netsatt -nao | find /i "time_wait" /c
333

 

 

If you're used to Linux watch command, then to do same on Windows OS (e.g. check the output of netstat) command every second
and print output use:

 

netstat –an 1 | find “3334”

 

Below commands will show stats for services listening on TCP port 3334

To find out which process on system sends packets to remote destination:

 

netstat –ano 1 | find “Dest_IP_Addr”

 

The -o parameter outputs the process ID (PID) responsible for the connection.
then if you need further you can find the respective process name with tasklist< cmd.
Another handy Windows netstat option is -b which will show EXE file running as long as
the related used DLL Libraries which use TCP / UDP .

Other useful netsatat Win example is to grep for a port and show all established connections for it with:

 

netstat –an 1 | find “8080” | find “ESTABLISHED”

 

5. Closure


Hopefully this article will give you some idea on what is eating your bandwidth connections or overloading your GNU / Linux – Windows systems. And will point you to the next in line logical thing to do optimization / tuning
settings to be made on your system for example if Linux with sysctl – see my previous relater article here

I'll be intested to hear from sysadm colleagoes for other useful ways to track connections perhaps with something like ss tool (a utility to investigate sockets).
Also any optimization hints that would cause servers less downtime and improve network / performance thouroughput is mostly welcome.

 

More helpful Articles

The post Check the count and monitor of established / time_wait TCP, UDP connections on Linux and Windows with netstat command appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Squid Proxy log timestamp human readable / Convert and beautify Proxy unixtime logs in human-readable form howto

$
0
0

ccze-squid-access-log-colorized-with-log-analizer-linux-tool

If you have installed Squid Cache Proxy recently and you need to watch who is accessing the proxy and what Internet (website is viewed) under /var/log/squid/access.log /var/log/store.log /var/log/access.log etc., you will be unpleasently surprised the log's records are logged in a weird human unreadable format called UTC as Squid Proxy server does not store the date / year / hour time information in a human readable format.

Squid uses the format:
<UNIX timestamp>.<Centiseconds> and you have to be a robot of a kind or a math genious to read it 🙂

To display Squid Proxy log in a human readable, luckily you can use below one-liner  regular expression.
 

cat access.log | perl -p -e 's/^([0-9]*)/”[“.localtime($1).”]"/e'


If you have to review squid logs multiple times and on a regular basis you can either set some kind of cmd alias in $HOME/.bashrc such as:

alias readproxylog='cat access.log | perl -p -e 's/^([0-9]*)/”[“.localtime($1).”]"/e'

Or for those who prefer beauty install and use a log beatifier / colorizer such as ccze
 

root@pcfreak:/home/hipo# apt-cache show ccze|grep -i desc -A 3
Description-en: robust, modular log coloriser
 CCZE is a robust and modular log coloriser, with plugins for apm,
 exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd,
 vsftpd, xferlog and more.

Description-md5: 55cd93dbcf614712a4d89cb3489414f6
Homepage: https://github.com/madhouse/ccze
Tag: devel::prettyprint, implemented-in::c, interface::commandline,
 role::program, scope::utility, use::checking, use::filtering,

root@pcfreak:/home/hipo# apt-get install –yes ccze

 

tail -f /var/log/squid/access.loc | ccze -CA


ccze is really nice to view /var/log/syslog errors and make your daily sysadmin life a bit more colorful

 

tail -f -n 200 /var/log/messages | ccze


tail-ccze-syslog-screenshot viewing in Colors your Linux logs

For a frequent tail + ccze usage with ccze you can add to ~/.bashrc following shell small function
 

tailc () { tail $@ | ccze -A }


Below is a list of supported syntax highlighting colorizer:

$ ccze -l
Available plugins:

Name      | Type    | Description
————————————————————
apm       | Partial | Coloriser for APM sub-logs.
distcc    | Full    | Coloriser for distcc(1) logs.
dpkg      | Full    | Coloriser for dpkg logs.
exim      | Full    | Coloriser for exim logs.
fetchmail | Partial | Coloriser for fetchmail(1) sub-logs.
ftpstats  | Full    | Coloriser for ftpstats (pure-ftpd) logs.
httpd     | Full    | Coloriser for generic HTTPD access and error logs.
icecast   | Full    | Coloriser for Icecast(8) logs.
oops      | Full    | Coloriser for oops proxy logs.
php       | Full    | Coloriser for PHP logs.
postfix   | Partial | Coloriser for postfix(1) sub-logs.
procmail  | Full    | Coloriser for procmail(1) logs.
proftpd   | Full    | Coloriser for proftpd access and auth logs.
squid     | Full    | Coloriser for squid access, store and cache logs.
sulog     | Full    | Coloriser for su(1) logs.
super     | Full    | Coloriser for super(1) logs.
syslog    | Full    | Generic syslog(8) log coloriser.
ulogd     | Partial | Coloriser for ulogd sub-logs.
vsftpd    | Full    | Coloriser for vsftpd(8) logs.
xferlog   | Full    | Generic xferlog coloriser.

At many cases for sysadmins like me that prefer clarity over obscurity, even a better solution is to just change in /etc/squid/squid.conf
the logging to turn it in human-readable form
, to do so add to config somewhere:

 

Logformat squid %tl.%03tu %6tr %>a %Ss/%03Hs %


You will get log output in format like:

 

18/Feb/2019:18:38:47 +0200.538 4787 y.y.y.y TCP_MISS/200 41841 GET http://google.com/ – DIRECT/x.x.x.x text/html


SQUID's format recognized parameters in above example are as follows:

 

%    a literal % character
>a    Client source IP address
>A    Client FQDN
>p    Client source port
la    Local IP address (http_port)
lp    Local port number (http_port)
sn    Unique sequence number per log line entry
ts    Seconds since epoch
tu    subsecond time (milliseconds)
tl    Local time. Optional strftime format argument
default %d/%b/%Y:%H:%M:%S %z
tg    GMT time. Optional strftime format argument
default %d/%b/%Y:%H:%M:%S %z
tr    Response time (milliseconds)
dt    Total time spent making DNS lookups (milliseconds)

 

More helpful Articles

The post Squid Proxy log timestamp human readable / Convert and beautify Proxy unixtime logs in human-readable form howto appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.


Fix staled NFS on server with dmesg error log nfs: server nfs-server not responding, still trying

$
0
0

NFS_Filesystem-fix-staled-NFS-System-dmesg-error-nfs-server-not-responding-still-trying

On a server today I've found to have found a number of NFS mounts mounted through /etc/fstab file definitions that were hanging;
 

nfs-server:~# df -hT


 command kept hanging as well as any attempt to access the mounted NFS directory was not possible.
The server with the hanged Network File System is running SLES (SuSE Enterprise Linux 12 SP3) a short investigation in the kernel logs (dmesg) as well as /var/log/messages reveales following errors:

 

nfs-server:~# dmesg
[3117414.856995] nfs: server nfs-server OK
[3117595.104058] nfs: server nfs-server not responding, still trying
[3117625.032864] nfs: server nfs-server OK
[3117805.280036] nfs: server nfs-server not responding, still trying
[3117835.209110] nfs: server nfs-server OK
[3118015.456045] nfs: server nfs-server not responding, still trying
[3118045.384930] nfs: server nfs-server OK
[3118225.568029] nfs: server nfs-server not responding, still trying
[3118255.560536] nfs: server nfs-server OK
[3118435.808035] nfs: server nfs-server not responding, still trying
[3118465.736463] nfs: server nfs-server OK
[3118645.984057] nfs: server nfs-server not responding, still trying
[3118675.912595] nfs: server nfs-server OK
[3118886.098614] nfs: server nfs-server OK
[3119066.336035] nfs: server nfs-server not responding, still trying
[3119096.274493] nfs: server nfs-server OK
[3119276.512033] nfs: server nfs-server not responding, still trying
[3119306.440455] nfs: server nfs-server OK
[3119486.688029] nfs: server nfs-server not responding, still trying
[3119516.616622] nfs: server nfs-server OK
[3119696.864032] nfs: server nfs-server not responding, still trying
[3119726.792650] nfs: server nfs-server OK
[3119907.040037] nfs: server nfs-server not responding, still trying
[3119936.968691] nfs: server nfs-server OK
[3120117.216053] nfs: server nfs-server not responding, still trying
[3120147.144476] nfs: server nfs-server OK
[3120328.352037] nfs: server nfs-server not responding, still trying
[3120567.496808] nfs: server nfs-server OK
[3121370.592040] nfs: server nfs-server not responding, still trying
[3121400.520779] nfs: server nfs-server OK
[3121400.520866] nfs: server nfs-server OK


It took me a short while to investigate and check the NetApp remote NFS storage filesystem and investigate the Virtual Machine that is running on top of OpenXen Hypervisor system.
The NFS storage permissions of the exported file permissions were checked and they were in a good shape, also a reexport of the NFS mount share was re-exported and on the Linux
mount host the following commands ran to remount the hanged Filesystems:

 

nfs-server:~# umount -f /mnt/nfs_share
nfs-server:~# umount -l /mnt/nfs_share
nfs-server:~# umount -lf /mnt/nfs_share1
nfs-server:~# umount -lf /mnt/nfs_share2
nfs-server:~# mount -t nfs -o remount /mnt/nfs_share


that fixed one of the hanged mount, but as I didn't wanted to manually remount each of the NFS FS-es, I've remounted them all with:

nfs-server:~# mount -a -t nfs


This solved it but, the fix seemed unpermanent as in a time while the issue started reoccuring and I've spend some time
in further investigation on the weird NFS hanging problem has led me to the following blog post where the same problem was described and it was pointed the root cause of it lays
in parameter for MTU which seems to be quite high MTU 9000 and this over the years has prooven to cause problems with NFS especially due to network router (switches) configurations
which seem to have a filters for MTU and are passing only packets with low MTU levels and using rsize / wzise custom mount NFS values in /etc/fstab could lead to this strange NFS hangs.

Below is a list of Maximum Transmission  Unit (MTU) for Media Transport excerpt taken from wikipedia as of time of writting this article.

http://pc-freak.net/images/Maximum-Transmission-Unit-for-Media-Transport-diagram-3.png

In my further research on the issue I've come across this very interesting article which explains a lot on "Large Internet" and Internet Performance

I've used tracepath command which is doing basicly the same as traceroute but could be run without root user and discovers hops (network routers) and shows MTU between path -> destionation.

Below is a sample example

nfs-server:~# tracepath bergon.net
 1?: [LOCALHOST]                      pmtu 1500
 1:  192.168.6.1                                           0.909ms
 1:  192.168.6.1                                           0.966ms
 2:  192.168.222.1                                         0.859ms
 3:  6.192.104.109.bergon.net                              1.138ms reached
     Resume: pmtu 1500 hops 3 back 3

 

Optiomal pmtu for this connection is to be 1500 .traceroute in some cases might return hops with 'no reply' if there is a router UDP  packet filtering implemented on it.

The high MTU value for the Storage network connection interface on eth1 was evident with a simple:

 

 nfs-server:~# /sbin/ifconfig |grep -i eth -A 2
eth0      Link encap:Ethernet  HWaddr 00:16:3E:5C:65:74
          inet addr:100.127.108.56  Bcast:100.127.109.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 00:16:3E:5C:65:76
          inet addr:100.96.80.94  Bcast:100.96.83.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1


The fix was as simple to lower MTU value for eth1 Ethernet interface to 1500 which is the value which most network routers are configured too.

To apply the new MTU to the eth1 interface without restarting the SuSE SLES networking , I first used ifconfig one time with:

 

 nfs-server:~# /sbin/ifconfig eth1 mtu 1500
 nfs-server:~# ip addr show
 …


To make the setting permanent on next  SuSE boot:

I had to set the MTU=1500 value in

 

nfs-server:~#/etc/sysconfig/network/ifcfg-eth1
nfs-server:~#  ip address show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 8c:89:a5:f2:e8:d8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
       valid_lft forever preferred_lft forever

 


Then to remount the NFS mounted hanged filesystems once again ran:
 

nfs-server:~# mount -a -t nfs


Many network routers keeps the MTU to low as 1500 also because a higher values causes IP packet fragmentation when using NFS over UDP where IP packet fragmentation and packet
reassembly requires significant amount of CPU at both ends of the network connection.
Packet fragmentation also exposes network traffic to greater unreliability, since a complete RPC request must be retransmitted if a UDP packet fragment is dropped for any reason.
Any increase of RPC retransmissions, along with the possibility of increased timeouts, are the single worst impediment to performance for NFS over UDP.
This and many more is very well explained in Optimizing NFS Performance page (which is a must reading) for any sys admin that plans to use NFS frequently.

Even though lowering MTU (Maximum Transmission Union) value does solved my problem at some cases especially in a modern local LANs with Jumbo Frames, allowing and increasing the MTU to 9000 bytes
might be a good idea as this will increase the amount of packet size.and will raise network performance, however as always on distant networks with many router hops keeping MTU value as low as 1492 / 5000 is always a good idea.

 

More helpful Articles

The post Fix staled NFS on server with dmesg error log nfs: server nfs-server not responding, still trying appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Restrict user to Run one remote Server command only via SSH authorized key passwordless authentication on Linux / UNIX / BSD

$
0
0

ssh-run-restricted-terminal-without-password-on-remote-linux-server-howto

A scenario where you might need to execute remote commands as a user remote located Linux / BSD UNIX server is a common task for system admins nowadays.
Passwordless OpenSSH user server login to be able to run backup / log rotation scipts or a data anlysis is handy when used together with some tiny rsync / scp data copy scripts as a way to synchronize SMTP data between Mail servers / abstract databases (such as Redis) or PostgreSQL etc.

The overall picture is like this, we have 2 servers Unix / BSD / Linux OS Server 1 and Server 2 and both has up and running recent version of OpenSSH service.
Server 1 has to login without password to Server 2 and be able to run only a specific lets say privileged command for the sake of security only this restricted command should be runnable.

Allowing a server (LDAP or Local User account) to authorize without password to a remote server (and being able to execute) multiple set of commands poses a security risk, thus it is a good idea to Restict OpenSSH connection to remote server to be able to run only one single command.

This is luckily possible by by default in any modern OpenSSH (which allows authenticated remote users to be limited to rights for running just single sys admin scripts or a just a set of defined scripts only to remote system, this has been a very good alternative to using a complicated sudo /etc/sudoers rules files which anyways could almost always be compromised relatively easy.

Here is the task lets say a username 'sync' has to be able to run commands on your Linux server Server 1 (with a hostname – remote-server.com)  to execute a remote  script mysqlbackupper.sh that does a daily Linux MySQL backup via a predefined cronjob  scheduled task that is triggered daily.

 

1.  DSA or RSA SSH encryption pros and cons which one to choose?


Note this few interesting tihngs on which one to choose:

  • DSA (Digital Signature Algorithm) is faster to generate keys where in terms of encryption RSA is faster than
    DSA
  • RSA is faster than DSA in verifying digital signature
  • DSA is faster than 
     RSA generating digital signature
  • In Data Decryption DSA is faster than RSA

Due to fact encryption is faster in RSA and decryption faster in DSA, if performance on client side is targetted a better one to use will be RSA but if it is targetted to offload remote sshd server (lets say it is old hardware or busy machine where you don't want to put extra load on it then DSA is better choice. id_rsa and id_rsa.pub (public and private keys) are used to encrypt and decrypt the ssh (tunnel) session between the client and the server so most people would be curious which one is more secure RSA or DSA encryption.
Though there are some claims that in terms of security they're more or less the same RSA is generally preferred, because encryption can be up to 4096 bits, where DSA has to be exactly 1024 bits (in the opinion of ssh-keygen). 2048 bits is ssh-keygen's default length for RSA keys, and I don't see any particular reason to use shorter ones. (The minimum possible is 768 bits; whether that's "acceptable" is situational and not recommended).
 

2. Generating the SSH restricted PRIV and .PUB user key pair


The authorized_key added key string value is to be  generated earlier by ssh-keygen command with which we generate a key pair files:

 id_dsa and id_dsa.pub 

or

id_rsa id_rsa.pub

What kind of files will be generated depends on the type of encryption strength choosen be it DSA or RSA etc. the full list of available ones you can read manual (man ssh-keygen) 

 

$ ssh Remote-Server-1 -v

 

$ cd /home/postgresqlback

$ ssh-keygen -t dsa


or

$ ssh-keygen -t rsa

Provide a filename and passphrase, the output files will be id_dsa / id_dsa.or id_rsa / id_rsa.pub pub key-pair and stored in ~/.ssh of username with which the command was run.

3. Set up /home/username/authorized_keys on Server 2
 

$ ssh Remote-server2 -v


Next you will have to create the authorized_keys file on the remote server wherehy you will be accessing without password and copy the content of id_rsa.pub / id_dsa.pub key  to /home/username/authorized_keys (in that case it will be /home/postgresqlback/.ssh/authorized_keys) the postgresqlback was previously created with adduser on Server 2
$ chmod 600 /home/postgreback/authorized_keys

There is no special need to do anything too much special to make the SSH command restriction functionality available but just, the right record in /homeusername/.ssh/authorized_keys or if supposed to be run as root user in /home/postgreback/.ssh/authorized_keys on the server where you want to place the restriction following about a file syntax like OPTIONS-1 KEY_TYPE / OPTIONS-2 KEY_TYPE / OPTIONS-3 KEY_TYPE.

 

To authenticate with a key from a remote PC using the sshd service on Server 1  you need to have copied the key to /home/user/.ssh/authorized_keys (with a favourite text editor lets say vim from Server 1 to Server 2 so the file should contains the ssh public keys and users (list) allowed to passwordless login to server.

authorized_keys's data ordering (as mentioned above) is in form:

OPTIONS-1 KEY_TYPE PUBLIC_KEY_STRING COMMENT-1


OPTIONS-2 KEY_TYPE PUBLIC_KEY_STRING COMMENT-2

OPTIONS-3 KEY_TYPE PUBLIC_KEY_STRING COMMENT-3

 

authorized_keys_file_content

I've placed this example for more clarity the 4 fields of a public key string are marked with 1,2,3,4.

More insight on authorized_keys is on ssh.com authorized_keys documentation


Here is a real time example of a postgresqlbackup.sh that is being executed on a login with the user postgresqlback from Linux Server 1 to Linux Server 2:

 

command="/usr/sbin/postgresqlbackup.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding KEY_TYPE KEY COMMENT

 


A shell script command to run on remote server where you want to run it and limit its execution only (below is taken from /home/postgresqlback/.ssh/authorized_keys:
 

$ tail -n 1 /home/postgresqlback/.ssh/authorized_keys

 

command="/usr/sbin/postgresqlbackup.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgresqlback@remote-host-name-which-accesses-without-pass


As you see there is the OPTIONS given to OPTIONS-1 command argument
 

no-port-forwarding,no-x11-forwarding,no-agent-forwarding


the reason for them is as we want to restrict port forwarding and agent-forwarding (No X will be used at all) and we don't want to have SSH local / remote or Dynamic SSH tunneling enabled because of obvious (improve) security reasons.

In case if no interactive terminal will be used by the script as is the case it is also a good idea to put the no-pty next to the OPTIONS string.
 

no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty


Finally the restricted ssh command to run might look something like:
 

command="/usr/sbin/postgresqlbackup.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgreback@remote-host-name-which-accesses-without-pass


If you wonder  ssh-dss is not ssh-dsa, its actually a naming convention as the Digital Signature Algorithm (DSA) is published in the Digital Signature Standard (DSS) by the NIST in FIPS 186.

 

3. Testing restricted SSH command user run set-up
 

From Server-1 (after lets say logging in via ssh to it) issue:

$ ssh -i FILENAME_with_private_auth_key username@Linux-Server2 -v

Here note that the FILENAME_with_private_auth_key (is your earlier generated id_rsa / id_dsa) as
this file will let anyone who have it at hands able to login to Linux-Server2 without any password
authentication prompt you have to make sure this file permissions are good restricted readable only
for its user owner or if run with root by root (chmod 600) might a be very good idea here.

For further executing the script via a simple user ssh to Linux-Server2 you might want to use in your trigger script or cronjob (situated on Linux Serve 1) also the -q (ssh quiet output) cmd argument:
 

ssh -q -i FILENAME_with_private_auth_key username@Linux-Server2

 

4. Configuring authorized_keys restricted given command to read / expect (fixed) arguments


Providing $SHELL command passed arguments to the script (on remote Server 2) is possible from Server 1 via given variable like $SHELLARG1,SHELLARG2,SHELLARG3 OPTIONs given below is example authorized_key file record
 

command="/usr/sbin/postgresqlbackup.sh $SHELLARG1 $SHELLARG2 SHELLARG3",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgresqlback@remote-host-name-which-accesses-without-pass

 


This will make the remote script understand SHELL variables might contain anything which the remote script postgresqlbackup.sh (on Server 2) will accept as pipeline input from Server 1.
Be aware that passing string arguments with has spaces or special characters inside might be problematic so always try to use a straightforward SHELL variables such as PATH, TEMP, PWD etc.

 

 

5. Configuring authorized_keys command user to use dynamicly procuded (arbitrary) arguments


If not only predefined strings should be accepted as arguments but any arbitrary argument should be allowed to  be passed to the command there is a special variable
understood by sshd daemon 

 

$SSH_ORIGINAL_COMMAND


The $SSH_ORIGINAL_COMMAND variable used in authorized_keys is a very interesting one and it really puzzled me the first time I've seen it in a Bash Shell script as I couldn't fully grasp the meaning but it turned out to be very simple as it can be used inside /usr/sbin/postgresqlbackup.sh to return any number of passed arguments lets say backup locations directories ( /usr/local /var/log /usr/bin /bin …) to the and that would be red and processed by the script

 

command="/usr/sbin/postgresqlbackup.sh $SSH_ORIGINAL_COMMAND",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3….o9M9qz4xqGCqGXoJw= postgreback@remote-host-name-which-accesses-without-pass


The later use of it is from Server 1 you just pass the desired arguments

 

$ ssh foo@bar arg1 arg2 arg3 arg4 arg5

 


The most basic /usr/bin/run-script.sh wrapper to place on Linux 2 would be something like:

 

#!/usr/bin/env bash

case "$SSH_ORIGINAL_COMMAND" in
  /var/lib/authorized-scripts/*)
    $SSH_ORIGINAL_COMMAND
    ;;
  *)
    exit 1
    ;;
esac


But this example is SECURITY UNSAFE as someone might decide to run something like:

ssh -l user your-server /var/lib/authorized-scripts/../../../bin/rm -rf /

 

!!! AGAIN BE CAUTIOUS AND BE WARNED  that without a properly  crafted script anyminor error in it might be fatal, for example if the script is running with superuser credentials (root) on remote machine, some local user or a malicious attacker that gets access to the server might decide to run something likea bove's rm -rf /* might destroy your server  !!!

Instead  for a  /usr/sbin/run-script.sh  you might Contain something like:


#!/bin/sh

set — $SSH_ORIGINAL_COMMAND
case "$1" in
  /var/lib/authorized-scripts/*)
    ;;
  *)
    exit 1
esac

command="${1#/var/lib/authorized-scripts/}"
shift
case "$command" in
  */*)
    # Simplest is to reject anything with a slash…
    exit 1
  .*)
    # …and anything starting with dot.
    # If you need to whitelist subdirectories of /var/lib/authorized-scripts
    # then you need much more sophisticated pathname parsing and care.
    exit 1
  *)
    ;;
esac

exec "/var/lib/authorized-scripts/$command" "$@"

As you can read above script (wrapper) example allows multiple restricted scripts to be run and would prevent you adding multiple command lines to authorized_keys and I've given this as example taken from StackExchange (Security if only allowing a few vetted commands).

Hope this is useful to some sys admin out there, if you find some other intereteresting use of the command ssh authorized_keys functionality or a script that tightents its use please share.

More helpful Articles

The post Restrict user to Run one remote Server command only via SSH authorized key passwordless authentication on Linux / UNIX / BSD appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

How to start / Stop and Analyze system services and improve Linux system boot time performance

$
0
0

systemd-components-systemd-utilities-targets-cores-libraries
This post is going to be a very short one and to walk through shortly to System V basic start / stop remove service old way and the new ways introduced over the last 10 years or so with the introduction of systemd on mass base across Linux distributions.
Finally I'll give you few hints on how to check (analyze) the boot time performance on a modern GNU / Linux system that is using systemd enabled services.
 

1. System V and the old days few classic used ways to stop / start / restart services (runlevels and common wrapper scripts)

 

The old fashioned days when Linux was using SystemV / e.g. no SystemD used way was to just go through all the running services with following the run script logic inside the runlevel the system was booting, e.g. to check runlevel and then potimize each and every run script via the respective location of the bash service init scripts:

 

root@noah:/home/hipo# /sbin/runlevel 
N 5

 

Or on some RPM based distros like Fedora / RHEL / SUSE Enterprise Linux to use chkconfig command, e.g. list services:

~]# chkconfig –list

etworkManager  0:off   1:off   2:on    3:on    4:on    5:on    6:off
abrtd           0:off   1:off   2:off   3:on    4:off   5:on    6:off
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
anamon          0:off   1:off   2:off   3:off   4:off   5:off   6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
avahi-daemon    0:off   1:off   2:off   3:on    4:on    5:on    6:off

And to start stop the service into (default runlevel) or respective runlevel:

 

~]#  chkconfig httpd on

~]# chkconfig –list httpd
httpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

 

 

~]# chkconfig service_name on –level runlevels

 


Debian / Ubuntu and other .deb based distributions with System V (which executes scripts without single order but one by one) are not having natively chkconfig but instead are famous for update-rc.d init script wrapper, here is few basic use  of it:

update-rc.d <service> defaults
update-rc.d <service> start 20 3 4 5
update-rc.d -f <service>  remove

Here defaults means default set boot runtime for system and numbers are just whether service is started or stopped for respective runlevels. To check what is your default one simply run /sbin/runlevel

Other useful tool to stop / start services and analyze what service is running and which not in real time (but without modifying boot time set for a service) – more universal nowadays is to use the service command.

root@noah:/home/hipo# service –status-all
 [ + ]  acpid
 [ – ]  alsa-utils
 [ – ]  anacron
 [ + ]  apache-htcacheclean
 [ – ]  apache2
 [ + ]  atd
 [ + ]  aumix

root@noah:/home/hipo# service cron restart/usr/sbin/service command is just a simple wrapper bash shell script that takes care about start / stop etc. operations of scripts found under /etc/init.d

For those who don't want to tamper with too much typing and manual configuration there is an all distribution system V compatible ncurses interface text itnerface sysv-rc-conf which could make your life easier on configuring services on non-systemd (old) Linux-es.

To install on Debian distros:

debian:~# apt-get install sysv-rc-conf

debian:~# sysv-rc-conf


SysV RC Conf desktop on GNU Linux using sysv-rc-conf systemV and systemd
 

2. SystemD basic use Start / stop check service and a little bit of information
for the novice

As most Linux kernel based distributions except some like Slackware and few others see the full list of Linux distributions without systemd (and aha yes slackw. users loves rc.local so much – we all do 🙂  migrated and are nowadays using actively SystemD, to start / stop analyze running system runnig services / processes

systemctl – Control the systemd system and service manager

To check whether a service is enabled

systemctl is-active application.service

To check whether a unit is in a failed state

systemctl is-failed application.service

To get a status of running application via systemctl messaging

# systemctl status sshd
● ssh.service – OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2019-07-06 20:01:02 EEST; 2h 3min ago Main PID: 1335 (sshd) Tasks: 1 (limit: 4915) CGroup: /system.slice/ssh.service └─1335 /usr/sbin/sshd -D юли 06 20:01:00 noah systemd[1]: Starting OpenBSD Secure Shell server… юли 06 20:01:02 noah sshd[1335]: Server listening on 0.0.0.0 port 22. юли 06 20:01:02 noah sshd[1335]: Server listening on :: port 22. юли 06 20:01:02 noah systemd[1]: Started OpenBSD Secure Shell server.

To enable / disable application with systemctl systemctl enable application.service

systemctl disable application.service

To stop / start given application systemcl stop sshd

systemctl stop tor

To reload running application

systemctl reload sshd

Some applications does not have the right functionality in systemd script to reload configuration without fully restarting the app if this is the case use systemctl reload-or-restart application.service

systemctl list-unit-files

Then to view the content of a single service unit file:

:~# systemctl cat apache2.service
# /lib/systemd/system/apache2.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
Environment=APACHE_STARTED_BY_SYSTEMD=true
ExecStart=/usr/sbin/apachectl start
ExecStop=/usr/sbin/apachectl stop
ExecReload=/usr/sbin/apachectl graceful
PrivateTmp=true
Restart=on-abort

[Install]
WantedBy=multi-user.target


converting-traditional-init-scripts-to-systemd-graphical-diagram

systemd's advancement over normal SystemV services it is able to track and show dependencies
of a single run service for proper operation on other services

:~# systemctl list-dependencies sshd.service

 


● ├─system.slice
● └─sysinit.target
●   ├─dev-hugepages.mount
●   ├─dev-mqueue.mount
●   ├─keyboard-setup.service
●   ├─kmod-static-nodes.service
●   ├─proc-sys-fs-binfmt_misc.automount
●   ├─sys-fs-fuse-connections.mount
●   ├─sys-kernel-config.mount
●   ├─sys-kernel-debug.mount
●   ├─systemd-ask-password-console.path
●   ├─systemd-binfmt.service
….

.

 

You can also mask / unmask service e.g. make it temporary unavailable via systemd with

sudo systemctl mask nginx.service

it will then appear as masked if you do list-unit-files

If you want to change something on a systemd unit file this is done with

systemctl edit –full nginx.service

In case if some modificatgion was done to systemd service files e.g. lets say to
/etc/systemd/system/apache2.service or even you've made a Linux system Upgrade recently
that added extra systemd service config files it will be necessery to reload all files
present in /etc/systemd/system/* with:

systemctl daemon-reload


Systemd has a target states which are pretty similar to the runlevel concept (e.g. runlevel 5 means graphical etc.), for example to check the default target for a system:

One very helpful feature is to restart systemd but it seems this is not well documented as of now and though this might work after some system package upgrade roll-outs it is always better to reboot the system, but you can give it a try if restart can't be done due to application criticallity.

To restart systemd and its spawned subprocesses do:
 

systemctl daemon-reexec

 

root@noah:/home/hipo# systemctl get-default
graphical.target


 to check all targets possible targets

root@noah:/home/hipo# systemctl list-unit-files –type=target
UNIT FILE                 STATE   
basic.target              static  
bluetooth.target          static  
busnames.target           static  
cryptsetup-pre.target     static  
cryptsetup.target         static  
ctrl-alt-del.target       disabled
default.target            static  
emergency.target          static  
exit.target               disabled
final.target              static  
getty.target              static  
graphical.target          static  

you can put the system in Single user mode if you like without running the good old well known command:

/sbin/init 1 

command with

systemctl rescue

You can even shutdown / poweroff / reboot system via systemctl (though I never did that and I don't recommend) 🙂
To do so use:

systemctl halt
systemctl poweroff
systemctl reboot


For the lazy ones that don't want to type all the time like crazy to configure and manage simple systemctl set services take a look at chkservice – an ncurses text based menu systemctl management interface

As chkservice is relatively new it is still not present in stable Stretch Debian repositories but it is in current testing Debian unstable Buster / Sid – Testing / Unstable distribution and has installable package for Ubuntu / Arch Linux and Fedora

chkservice-Linux-systemctl-ncurses-text-menu-service-management-interface-start-chkservice
Picture Source Tecmint.com

chkservice linux help screen


3. Analyzing and fix performance boot slowness issues due to a service taking long to boot


The first very useful thing is to know how long exactly all daemons / services got booted
on your GNU / Linux OS.

linux-server:~# systemd-analyze 
Startup finished in 4.135s (kernel) + 3min 47.863s (userspace) = 3min 51.998s

As you can see it reports both the kernel boot time and userspace (surrounding services
that had to boot for the system to be considered fully booted).


Once you have the system properly booted you have a console or / ssh access

root@pcfreak:/home/hipo# systemd-analyze blame
    2min 14.172s tor@default.service
    1min 40.455s docker.service
     1min 3.649s fail2ban.service
         58.806s nmbd.service
         53.992s rc-local.service
         51.458s systemd-tmpfiles-setup.service
         50.495s mariadb.service
         46.348s snort.service
         34.910s ModemManager.service
         33.748s squid.service
         32.226s ejabberd.service
         28.207s certbot.service
         28.104s networking.service
         23.639s munin-node.service
         20.917s smbd.service
         20.261s tinyproxy.service
         19.981s accounts-daemon.service
         18.501s loadcpufreq.service
         16.756s stunnel4.service
         15.575s oidentd.service
         15.376s dev-sda1.device
         15.368s courier-authdaemon.service
         15.301s sysstat.service
         15.154s gpm.service
         13.276s systemd-logind.service
         13.251s rsyslog.service
         13.240s lpd.service
         13.237s pppd-dns.service
         12.904s NetworkManager-wait-online.service
         12.540s lm-sensors.service
         12.525s watchdog.service
         12.515s inetd.service


As you can see you get a list of services time took to boot in secs and you can
further debug each of it to find out why it boots so slow (netwok / DNS / configuration isssue whatever).

On a servers it is useful to look up for some processes slowing it down like gdm.service etc.

 

Close up words rant on SystemD vs SysemV

init-and-systemd-comparison-commands-linux-booting-1

A lot could be ranted on what is better systemd or systemV. I personally hated systemd since day since I saw it being introduced first in Fedora / CentOS linuxes and a bit later in my beloved desktop used Debian Linux.
I still remember the bugs and headaches with systemd's intruduction as it is with all new the early adoption of technology makes a lot of pain in the ass.
Eventually systemd has become a standard and with my employment as a contractor through Itelligence GmBH for SAP AG I now am forced to work with systemd daily on SLES 12 based Linuces and I was forced to get used to it. 
But still there is my personal preference to SystemV even though the critics of slow boot etc.but for managing a multitude of Linux preinstalled servers like Virtual Machines and trying to standardize a Data Center with Tens of Thousands of Linuxes running on different Hypervisors VMWare / OpenXen + physical hosts etc. systemd brings a bit of more standardization that makes it a winner.

More helpful Articles

The post How to start / Stop and Analyze system services and improve Linux system boot time performance appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Getting Console and Graphical hardware system information on Linux with cpuinfo, neofetch, CPU-X (CPU-Z Unix alternative), I-nex and inxi

$
0
0

getting-console-information-and-graphical-hardware-system-information-Linux-cpuinfo-neofetch-cpu-x-i-nex-1

Earlier I've wrote extensive article on how to get hardware information on Linux using tools such as dmidecode, hardinfo, lshw, hwinfo, x86info and biosdecode but there are few other hardware reporting tools for Linux worthy to mention that has been there for historical reasons such as cpuinfo as we as some new shiny ones such as neofetch (a terminal / console hardware report tool as well the CPU-X and I-Nex  which is Linux equivalent to the all known almost standard for Windows hardware detection CPU-Z worthy to say few words about.
 

1. cpuinfo

 

Perhaps the most basic tool to give you a brief information about your Processor type (model) number of Cores and Logical Processors is cpuinfo

I remember cpuinfo has been there since the very beginning on almost all Linux distributions's repository, nowadays its popularity of the days when the kings on the Linux OS server scenes were Slackware, Caldera OpenLinux and Redhat 6.0 Linux and Debian 3.0  declined but still for scripting purposes it is handy small proggie.

To install and run it in Debian  / Ubuntu / Mint Linux etc.:

 

aptitude install -y cpuinfo

/usr/bin/cpu-info

 

Linux-get-processor-system-info-in-console-cpu-info

 

2. neofetch

 

The next one worthy to install and check is neofetch (a cross-platform and easy-to-use system information
 command line script that collects your Linux system information and display it on the terminal next to an image, it could be your distributions logo or any ascii art of your choice.)

The cool thing about neofetch is besides being able to identify the System server / desktop hardware parameters, it gives some basic info about number of packages installed on the system, memory free and in use, used kernel and exact type of System (be it Dell PowerEdge Model XX, IBM eSeries Model / HP Proliant Model etc.

neofetch-OS-hardware-information-Linux-ascii-system-info-desktop-notebook

neofetch info generated on my home used Lenovo Thikpad T420

neofetch-OS-hardware-information-Linux-ascii-system-info-pcfreak-home-server
neofetch info from pc-freak.net running current machine

neofetch even supports Mac OS X and Windows OS ! 🙂

To install neofetch on Mac OS X:
 

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"


or via Mac ported packages using brew

brew install neofetch


neofetch-screenshot-from-Mac-OS-X

neofetch is even installable on Windows OS that has the scoop command line installer tool installer manager with below PowerShell code in cmd.exe (Command line):

powershell Set-ExecutionPolicy RemoteSigned -scope CurrentUser
iex (new-object net.webclient).downloadstring('https://get.scoop.sh')
scoop install git
scoop install neofetch

neofetch-microsoft-windows-hardware-command-line-report-tool-screenshot


By the way Scoop was quite a finding for me and it is pretty handy to install plenty of useful command line Linux / UNIX tools, such as curl, wget, git etc. in the same easy straight forward way as a standard yum or apt-get on Windows (without explicitly installing things as GnuWin and CygWin).
 

3. CPU-X graphical user interface hardware report Linux GUI alternative to Windows CPU-Z


The packages for CPU-X are a bit outdated and even though there are rpm packages for Fedora, OpenSuSE and .deb package for Debian for Debian, Ubuntu and ArchLinux (pacman), there is no up to date version for Debian 10 and the package builds distributed for different Linux distros are a bit outdated.

Thus to install CPU-X on any Linux distribution it is perhaps best to use the portable version (static binary) of CPU-X.
It is currently available on https://github.com/X0rg/CPU-X/releases

To install latest portable version of CPU-X

wget https://github.com/X0rg/CPU-X/releases/download/v3.2.4/CPU-X_v3.2.4_portable.tar.gz

mkdir CPU-X
cd CPU-X

tar -zxvvf CPU-X_v3.2.4_portable.tar.gz
-rwxr-xr-x yohan/users 4563032 2019-01-13 22:15 CPU-X_v3.2.4_portable.bsd64
-rwxr-xr-x yohan/users 5484968 2019-01-13 22:15 CPU-X_v3.2.4_portable.linux64

 

cp -rpf CPU-X_v3.2.4_portable.linux64 /usr/local/bin/
ln -sf /usr/local/bin/CPU-X_v3.2.4_portable.linux64 /usr/local/bin/cpu-x


Next run as superuser (root)
 

hipo@jeremiah:~$ su -c 'cpu-x'

 

As seen from below screenshots cpu-x reports a lot of concrete specific hardware data on:

  • Processor
  • Motherboard
  • Memory
  • System
  • Graphic card
  • Performance

cpu-x-cpu-cpu-z-alternative-linux-screenshot-CPU-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-caches-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-Motherboard-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-memory-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-system-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-graphics-info

CPU-X can be installed also on FreeBSD very easily by just installing from BSD port tree sysutils/cpu-x/
It is also said to work on other *BSDs, NetBSD, OpenBSD Unixes but I guess this will require a manual compilation based on FreeBSD's port Makefile.

4. I-Nex another GUI alternative to CPU-Z for UNIX / Linux

I-Nex is even more useful for general hardware reporting as it reports many hardware specifications not reported by CPU-X such as Battery type and Model Name  (if the hardware report is on a laptop), info on USB devices slots or plugged USB devices brand and specifications, the available Network devices on the system (MAC Addresses) of each of it, Installed and used drivers on Hard Disk (ATA / SATA / SCSI / SSD), HW Sector size, Logical Block size, HDD Sectors count and other specific Hard Drive data as well as information on available Audio (Sound Blaster) devices (HDA-Intel), used Codecs, loaded kernel ALSA driver, Video card used and most importantly indicators on Processor reported CPU (temperature).

 

To install I-nex

Go to https://launchpad.net/i-nex or any of the mirror links where it resides and install the respective package, in my case, I was doing the installation on Debian Linux, so fetched current latest amd64 package which as of moment of writting this article is i-nex_7.6.0-0-bzr977-20161012-ubuntu16.10.1_amd64.deb , next installed it with dpkg
 

dpkg -i i-nex_7.6.0-0-bzr977-20161012-ubuntu16.10.1_amd64.deb

 

As the package was depending on some other .deb packages, which failed to install to install the missing ones I had to further run
 

apt –fix-broken install

i-nex-cpu-info-linux-hardware-info-program

 

hre

I-Nex thermal indicators about CPU temperature on a Linux Desktop notebook

i-nex-gpu-info-linux-hardware-info-program

i-nex-mobo-info-linux-hardware-info-program

i-nex-audio-info-linux-hardware-info-program

i-nex-drivers-info-linux-hardware-info-program

i-nex-system-info-linux-hardware-info-program

i-nex-battery-info-linux-hardware-info-program

 

There are other Hardware identification report tools such as CUDA-Z that are useful to check if you have Nvidia Video Card hardware Installed on the PC to check the status of CUDA enabled GPUs, useful if working with nVidia Geforce, Quadro, Tesla cards and ION chipsets.

If you use it however be aware that CUDA-Z is not compatible with 3rd-party linux drivers for NVidia so make sure you have the current official Nvidia version.

 

5. Inxi full featured system information script

 

Inxi is a 10000 lines mega bash script that fetches hardware details from multiple different sources in /proc /sys and from commands on the system, and generates a beautiful looking console report that non technical users can read easily.

inxi-10-k-mega-bash-shell-script-reporting-on-installed-system-computer-hardware

 

inxi -Fx

 

 

inxi-report-on-installed-hardware-on-my-lenovo-thinkpad-home-laptop

Each of the pointed above tools has different method of collection of Hardware information from various resources e.g. – kernel loaded modules, dmesg, files like /proc/meminfo /proc/version /proc/scsi/scsi /proc/partitions.
Hence some of the tools are likely to report more info than otheres, so in case if some information you need regarding the system plugged in hardware is missing you can perhaps obtain it from another program. Most Linux distribution desktop provided GNOME package are including Hardinfo gui tool, but in many cases above mentioned tools are likely to add even more on info on what is inside your PC Box.
If you're aware of others tools that are useful not mentioned here please share it.

More helpful Articles

The post Getting Console and Graphical hardware system information on Linux with cpuinfo, neofetch, CPU-X (CPU-Z Unix alternative), I-nex and inxi appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

A day in a Nun Skete saint Ambrose of Optina in Rusakovo village near Zhyrovichi monastery – Biggest monastery in Belarus

$
0
0

What is a Scete?

The skete (Scetis) as a form of cohabitant has been among the 4 types of early Christian hobatiation along with eremitic (hermet life), lavritic from laura (Greek: Λαύρα; Cyrillic: Ла́вра) is a type of consisting of a cluster of cells or caves for hermits, with a church and sometimes a refectory at the center. and coenobitic (another monastic tradition based on community life).

Origins of scete communities

A skete (from Coptic ϣⲓ(ϩ)ⲏⲧ via Greek σκήτη) is a monastic community in Eastern Christianity that allows relative isolation for monks, but also allows for communal services and the safety of shared resources and protection.

Skete communities usually consist of a number of small cells or caves that act as the living quarters with a centralized church or chapel. These communities are thought of as a bridge between strict eremitic lifestyle and communal lifestyles since it was a blend of the two. These communities were a direct response to the ascetic lifestyle that early Christians aspired to live. Skete communities were often a bridge to a stricter form of hermitage or to prepare for a martyrdom in times of persecutions.
 

Hitchiking to Zhyrovichi and Rosakovo Scetes


As I've been with my wife for a 2 weeks trip to her home country Belarus, staying in Krasnoselsk a small 7000 inhabitants town, near the bigger Valkovoysk, one of the local Church serving friends of mine Evgeni offered that we go for a pilgrimage to Zhyrovichi monastery. We took the road as a hitchhikers and on our way to Zhirovichy after changing 4 cars to reach a gas station nearby Slonim, the idea come that instead of directly going to Jirovichi to go instead and visit a Nun skete at village of Rosakovo consting of 9 nuns just about 5-6 km distance from Zhirovichy.
To reach there we were taken as hitchikers by a kind guy riding on a classical world famous Belarusian track MAZ (Minskiy Avtomobilnij Zavod literaly translated as Minsk Automobile Factory). This trip was my first trip on a MAZ truck quite an exciting adventure to be honest, as so far I never had the chance to ride on an old Soviet style truck 🙂

We reached in Rusokovo about 16:30 just to be amazed of the beauty of the beautiful Russian style Eastern Orthodox skete Church.

Saint-Ambrose-of-Optina-Church-Skete-of-Rosakovo
The skete of Rusakovo started its existence just 14 years ago in 2005 with the blessing of Zhirovychi monastery abbot archibishop Guriy (Gurij) – archibishop Novogrudskij and Lidskijy.

archibishop-Guriy-Apalyko-Novogrudskij-and-Slonimski

Archibishop Guriy Apalyko Novogrudskij and Slonimski
(Архиепископ Гурий Новогрудский и Слонимский (Апалько)

Skete started to build in the dying village of Rusakovo left with just few inhabitants very near some of the post-communist abandoned buildings of a Kolhoz (collective ownership) so popular in the times of communism across USSR and its satellites, which stemmed from the Jewish Kibbutz used by Jews before the official establishment and official recognition of Israel.

The idea of the Skete is to create a more ascetic place, where the many volunteer ladies who often are helping in the works of the Zhyrovichi Men (Monks) monastery and desired to become a novice nuns and nuns to be able to live and pray incessantly in their own sisterhood.

Rusakovo-skete-schyth-near-Zhyrovichi-monastery-Belarus

The village of Rusakovo is situated just about 6 km from the Village of Zhyrovichi and Zhyrovici monaster which is at the moment the biggest monastery in Belarus by number of monks (currently the monastery consists of about 34 monks and few novices).
Local people of Zhirovichy and the region say because of Zhirovichy's monastery and the appearance of the Holy Theotokos Virgin Mary the Mother of God, Zhirovichy and all its regions are under her spiritual protection.
This believes by locals could be feeled for sure in the Skete of Rusakovo as my Soul their felt like being in heaven in an inexplainable peace and joy.

Skete-Rusakovo-village-Belarus

The unusual bus stop of Rusakovo village Grodnenskaja Oblast, (common for villages in Belarus)

The existence of such a Skete exactly in Rusakovo village was also not a coincidence as in the past this village was famous for having a people with a very strong faith in God as well as the village was famous for many of its inhabitants serving in the Church altar as "panamari" / hipodeacons many of whom are being buried in the small graveyard near the end of the village.

saint_Ambrosius-of-Optina-desert-colored-picture

Elder Saint Ambrose of Optina Desert

 

Short History on how Rusakovo Scete was build

As a first living breath to Rusokovo Skete St. Ambrious of Optina Desert (a Russian saint from the, several nuns were transferred from the Slonim Holy Annunciation Monastery, here they settled in an old decrepit wooden house. There were cracks in the floor, the water froze, slept on folding beds, there was no money and bread, and the only income the nuns had was their own grown potatoes, tomatoes, cucumbers, pepper, cabbage, garlic, onion etc. …

 

The nuns started building the Skete's Church on top of old abandoned village home, sitting on elevated place.

During the Church construction works the nuns learned a lot of subtleties and wisdom of builder mastery. A lot of people relatives and close friends to the nuns and the few novices nuns joined and helped with the construction of the Church and the monastic cells building. A good hearted benefitors were found that has sacrificied in the name of Christ and donated the Church Bells, gave money and materials for the creation of Church Domes and one good hearted man even made a donation of the whole iconostasis Church wall !

View to Rusakovo Skete Main Church

Skete-Rusakovo-village-Belarus

The multiplication of Breads – Icon painted with the Blessing of Saint Elder Ambrose of Optina Desert
 

Rusakovo-saint-Ambrose-skete-Church

The Church built in honour of saint Ambrose of Optina looks very beautiful as a temple of the true God should look like, the coupols are gold-plated as it is in many Russian Church, the reason for that is to accent that the Holy Spirit of Almighty God is descending over this domes to the the Church alter.

Inside the Church the atmosphere could be best described with the words warm and welcoming, entering the Church building, feels like really entering home. On the Church entrance, we had the blessing to meet the serving priest which as of time of writting this article is father Georgij, inside the Church we found one of the nuns mother Tatiana which had the obedience to sell Church candles and the monastery produced herbal medicines.

The magnificence of the outlook of the Church is hard to be described in words.

Rusakovo-dveri-view

View to Church Alter Doors (Dveri) a symbol reference to the Heavens Gates -ХВ stands for Христос Воскресе / Christ is Risen

saint-Ambrose-of-Optina-icon-with-embedded-holy-reclics-Rusakovo-Zhyrovichi-skete-belarus

Saint Ambrose of Optina icon with embedded holy relics Rusakovo Zhyrovichi skete Belarus notice on the back the bricks – this is a Russian Petch (Петчь) / Petchka. This was how Russians heated their homes and cooked for centuries, in the Church "The Petch" is used to heat the Church in the Cold Belarusian Winters.

Zhyrovichi-Rusakovo-skit-saint-Ambrose-Optina-view-to-alter-dveri

Saint Nicolas icon and the usual feast Church icon which of this day was for the Beheading of Saint John The Baptist

Evgeni-in-Rusokovo-garden

Skete-Rusakovo-village-Belarus

Heaven like Church Garden near the Rosakovo village Belarus

Skete-Rusakovo-village Belarus

A Big bad guardian dog nearby the Church

Nuns and voluntery workers work hard in the skete a lot as just like in the ancient monasteries the skete nourishes itself mainly on their own production and the small financial help that comes from Zhirovichy Monastery when current official person in charge (a kind of Abbess) – Nun Mother Maria requests it in cases of unexpected events which can't be covered by the incomes of the monastery.

elder-nun-Maria-Rusakovo-skete-Belarus

Elder sister (nun) abbess Maria Rusakovo Scete (skit) Belarus

Talking about incomes its main income is mainly from creation and selling of mixtures of Monastery prepared ointments of Healing Herbs, Olive Oil and other Oils.

Herbal natural medicines preparation is perhaps the main unique product for ordinary layman the monastery offers.
Here sister nun Anatolia who graduated bio-faculty higher education in her worldly life, compiles herbs, makes ointments, infusions and oils. This includes herbal health recovery cream (ointment) that is anti-inflammatory, analgesic, antiviral ointment, ointment for diseases of the veins, joint, skin diseases, anti-alcohol and anti-toxic infusions. The list is so large that you can’t name everything, I recommend you go alone and choose whatever you need …

The monastic farm is large, besides the many season grown vegetables and fruits and the hothouses which are used to raise vegetables in harsh Belarusian winters, they have about 100+ hens used to produce eggs and even among the hens could be seen an ancient breed of hensthe Russian Pavlovian hens, which was almost destroyed in Soviet times.

breed-of-rare-hens-The-Russian-Pavlovian-hens-animal

Ancient Russian Pavlovian Hen rarely to be seen in Russia and Belarus nowadays

Miraculously few of the Pavlovian hens survived. These chickens are different in that their eggs and meat have less cholesterol (but as the Sketes rule prohibits nuns and visitors to eat meet this chickens are only used as a source of eggs.

View-of-Rusakovo-flower-beauties
Another common source for feeding the Scetes are Mushrooms collection from the near Woods in which there is a strong tradition here in Belarus as mostly all people in villages and towns are riding and collecting eatable mushrooms together with healing herbs which are collected by the novice nuns, sketes voluntary workers and sometimes with a blessing by the nuns. Cats and dogs are walking all around the yards and the long village one straight street  (which nowadays is consisting of a line of village old beautiful colored and well maintained wooden houses, most of which gradually become uninhabitant already due to most of Rusakovo's population was consisting of old people who passed away and their younger offspring choose to live already in big cities as Minks, Homel, Mogilov, Grodno, Vitebsk etc.).

To prevent this beautiful abondoned houses in Rusakovo from gradual ruin due to being uninhabitant, mother Maria along with the rest of Nuns decided to gradually buy some of the houses, some of which were turned as normal living places where visitors are usually being accomodated in Summer, the Belarusian Church is also organizing there a Summer School camps and those bught and restavrated houses are used as accmodation for the teenagers.


Once we arrived the Skete, we worshipped the holy relics in the Church and we want around the yard of the monastery where we met once again father Georgij with whom we had a few minutes talk after which he offered us to stay for the Night Vigil Liturgy that was organized in the monastery in honor of the feast of Saint Alexander Nevski (a great warrior saint that is highly venerated in Russia and all across the Orthodox countries that were part of the USSR), in honour of saint Alexander Nevski is named the Second Biggest Cathedral in the Balkans and Eastern Europe in city of Sofia Bulgaria. I do venerate saint Alexander Nevski thus it was a great joy for me the opportunity to stay for that Liturgy and respectively sleep in the skete.
After we were invited to stay by fr. Georgij with the blessing of matushka nun Maria whose blessing he requested by calling her over the mobile, we were brought for a Dinner in the scetes dining room, the dinner was humble but very delicious, where mother Tatiana (the nun) that was assigned to bring us to the dining room has prayed and blessed the food with a holy water. The dinner consisted of some boiled potatoes, tomatoes, bread, cucumbers and a sweet kind of jar cakes but perhaps due to the fact it was made with a lot of love it was more delicious by the worldly food we consume daily.

After the dinner novice monk Alexander brought us to the pilgrimage house and accomodated us. I have to say this man was very kind and a good hearted man. Even seeing each other for a first time the interaction with him was so opened and easy that it felt like we knew each other all our lives.

Midnight Liturgy started in 11:30 and continued until almost 02:00 a.m.. and after the Night Liturgy we went home and slept just to wake up in the morning in 09:00 full of joy and energy (perhaps due to the prayers of the nuns, the vigil itself the clean air and most importantly because of abundant God's grace that was filling up this blessed place).


Rusakovo-one-eyed-dog

Upper picture you see one of the friendly dogs (though it apeared different on the picture) that was following us all the time in the monastery, the mind association I got this dog follows us very much resembling our Guardian Angel who is always following us and helping us in our daily deeds, the very same Holy Angel we Orthodox Christians believe to receive during baptism.

It is common here that a car flies past and an animal is thrown out of it. Just recently the next in line unwanted animal that was left in Rusakovo is  one-eyed dog. In the same way, the Marquise cat a victim of car hit was saved from sure death thanks to the nuns, who brought the animal for medication in near place animal hospitals. Marquese now have the chance to live a normal life after intensive care from the good hearted nuns.

To survive the harsh winter in Belarus the Skete inhabitants are preparing conservated jars with whatever vegetables and fruits have been locally grown during the summer as it is being done almost all across Russia, Belarus and mostly all Eastern Orthodox countries (Bulgaria, Serbia, Moldavia, Romania) etc.
The skete's private houses bought has currently a capacity to accomodate about at least 50 – 80 people, sometimes for a great Orthodox feasts as many as 27 individuals came and was accomodated in the Skete.

The usual day of the Rusakovo Scete is seen on the Door of the pilgrim accomodation room and is relatively easy perhaps because the goal of the Skete after all is to leave its visitors more time for thinking over their life and God's providence and to pray

Schedule-of-a-standard-day-in-Rusakovo-skit-skete-Belarus-1

The daily Schedule of the Scete looks like so (transslated from Above text which is in Russian):

07:00 – Wake up
07:45 – 09:00 – Night Vigil with 12 Psalms
09:00 – 09:30 – Breakfast
09:30 – 14:00 – obediences (work on things ordered)
14:00 – 14:30 – Monastic Lunch
14:45 – 17:00 – obediences
18:00 – Monastic Dinner
18:30 – 20:00 – Compline (Malko Povecherie) End of the day prayers
20:00 – 23:00 – Free Time
23:00 – Sleep hour

On Big Sunday – The day of resurrection which is the biggest feast commemorating the glorious events of Christ's Resurrection from the grave and victory over death the schedule is even lighter

08:30 – Canonical Hours
09:00 – Holy Liturgy
17:30 – Lunch
18:00 – Horologion
– 
Greek: ὠρολόγιον (Chasoslov / Часослов in church slavonic )

Alexander-novice-monk sent from Zhyrovichi monastery

Novice Monk and monastic worker Alexander sent from Zhyrovichi monastery together with brother Evgeny (a graduated Theologician who graduated Jirovichi Minsk spiritual academy 5 years course)

The pilgimage house was a standard but well and cozy old Belarusian wooden house with all the comforts you might dream for, e.g. – a bed, a blanket and even an old stove, that is used in times of cold in Winter, late autumn and cold spring times.

pilgrim-accomodation-room-Rusakovo-skete

pilgrim-accomodation-room-Rusakovo-improvised-home-iconostatis

The prayer corner situated East as it is in every Orthodox Chapel

pilgrim-accomodation-room-Rusakovo-skete-bed

One of the room beds note the Upper right corner situated Icon this is a traditional place where Belarusians who are generally very pious people place their icons

To obtain a drinkable water each of the pilgrimage accomodation houses has its own well. As Belarus is a country rich in Lakes 11 000+ lakes it is a country generally rich in water. And most people in villages are digging about 50 to 90 meters to have their own well – a free of charge source of water.

 


Graveyard at the end of Rusakovo village (that has buried many of old village inhabitants and a lot of good christians.
One thing I've noticed in Belarus is many of the Graveyards places in this country are placed on the highest heighted place (hillock) in the region, perhaps they do this because they expect the dead to be nearer to heaven to which each of the resurrected bodies should be taken on the Resurrection day as we believe in Christian faith.

Rusakovo-skete-pilgrims-prepared-houses

View of Rusakovos nature and a pilgrim accomodation house

Rusakovo-on-eof-the-beautiful-village-houses

This is how the pilgrimage accomodation houses of Rusakovo Scete looks like

Skete-Rusakovo-village-Belarus

Few of the nuns of St. Ambrose of Optina Skete

Rusakovo Skete has a vkontakte group where you can contact them and if you like you can ask for a blessing to stay a couple of days if you're ready to work for free like 4-5 hours a day and feel the atmosphere of this blessed place.

On the next day after we woke up, we were brought by the novice monk Alexander again to the dinner room and they gave us a delicious fasting breakfast in 11:00. After that we thanked them and hitchiked to see another smaller skete in Sceniavichi the next village inhabitated with only 3 nuns vowed themselves to follow a harsh ascetism.

kit-sceniavichi-Belarus

Bus stop of Sceniavichi Skete village Belarus

Finding the Skete took us about 10-15 minutes walk from the bus stop, we had to walk like 3 minutes in direction of entering the village and then turn right and walk for some time until we reached the big fance as in below pic.

fence-Scenavichi-skit

Skete Sceniavichi fence wall

House-Church-scenavichi-skit

The house type of Church of Sceniavichi skete
skit-sceniavichi-Belarus

Church bells

Inside-Scenavichi-Church-1

Inside the Sceniavichi Skete Church view to Iconostasis

All-Belarusian-Saints-Icon

Icon of All New Confessors of Eastern Orthodox Faith of Belarus

House-belonging-to-the-skete

Skete of Sceniavichi monk cell house

We were received in the Scete by a sister nun Olga a kind young nun which showed us the Church and offered us a coffe with some traditional belarusian fried dought (called draniki). Nun Olga happened to be a zograph (icon painter). The lady was mostly kind to us and even give us a gift of a small Calendar with the famous Prayer of Saint Ambrose of Optina and the last Elders of Optina below is the prayer itself:
 

The Prayer of the Last Elders of Optina

O Lord, grant that I may meet all that this coming day brings to me with spiritual tranquility. Grant that I may fully surrender myself to Thy holy Will.

At every hour of this day, direct and support me in all things. Whatsoever news may reach me in the course of the day, teach me to accept it with a calm soul and the firm conviction that all is subject to Thy holy Will.

Direct my thoughts and feelings in all my words and actions. In all unexpected occurrences, do not let me forget that all is sent down from Thee.

Grant that I may deal straightforwardly and wisely with every member of my family, neither embarrassing nor saddening anyone.

O Lord, grant me the strength to endure the fatigue of the coming day and all the events that take place during it. Direct my will and teach me to pray, to believe, to hope, to be patient, to forgive, and to love. Amen.

sister Olga was so kind to show us her icon painting atelier and after further talk with her we found out some interesting details, like the fact the 3 sisters living in Sceniavichi scete has given vows to not eat any meat or any animal products while they're in the scete and since 1.5 years we found this ascetic nuns were fed only with vegetable food.

Joyfully we had from their to Zhyrovichi monastery farm where monastery property consists of cows, sheep, pigs, caprines, goats, horses, ducks, turkeys, hens which is about 2 kilometers away from Zhyrovichi.
The farm is functioning based on the monastic system of blessings over each of the workers just like any monastery functions based on obediences and I have to say it works pretty well. The horses in the farm are breeded as an attraction for the groups of young pupils that ride to visit the monastery regularly for a Summer Orthodox Christian Schol Camps.

Below are some pictures taken from the monastic collective farm – there is no question this is definitely interesting for youngsters nowdays most of whom have raised in the cities and never had a chance to ride on a horse or see most of the animals that each of our grandma and grandpa had in their own village house in the short past.

farm-of-Zhirovichy-monastery

A near view to monastic farm Zhyrovichi Dormition of Virgin Mary Monastery

a-herd-of-animals-near-Zhirovichy-farm

Cows pasture near farm

kolhoz-collective-farm-Zhyrovichi-monastery

kolhoz-collective-farm-Zhyrovichi-monastery

Moooooo !

pigs-mother-with-little-pigs-farm-Zhirovichy

Mamma pig with the piggies 🙂

Bale piles used for food and floor cover in the animal cells

kolhoz-collective-farm-Zhyrovichi-monastery

Belarusian Seeding Machine Traktor in the farm

Zhyrovichi-farm-turkeys
 

The post A day in a Nun Skete saint Ambrose of Optina in Rusakovo village near Zhyrovichi monastery – Biggest monastery in Belarus appeared first on ☩ Walking in Light with Christ - Faith, Computing, Diary.

Viewing all 106 articles
Browse latest View live