Posts

Showing posts from March, 2017

Fix postgres upgrade error when upgrade Gitlab-CE from 8.x to 9.0

Image
Right after Gitlab 9.0 was released, I upgraded our gitlab 8.x server and got stucked at PostGres upgrade with the following error:

...
Creating temporary data directory:Error creating new directory: /var/opt/gitlab/postgresql/data.9.6.1
...

I'd tried many things including changing the folder ownership and using a different tmp folder for postgres upgrade but it's still the same. Luckily, by searching through the Gitlab community edition issues site, I found out someone had a similar problem. I tried what they suggested and it worked. Here are the steps I had done to fix the upgrade:

1. Change the gitlab-psql users shell to /bin/bash (as root):

chsh -s /bin/bash gitlab-psql

2. Run dpkg-reconfigure dash and select NO will link /bin/sh to /bin/bash

3. Run the Gitlab upgrade again and everything was fine:

gitlab-ctl upgrade


Reference:https://gitlab.com/gitlab-org/gitlab-ce/issues/29907

WPA2 Enterprise with FreeRADIUS and AD integration on Ubuntu16.04

Image
So you don't want to use the RADIUS feature of your MS Windows server, do you? Here you go, FreeRADIUS, an open-sourced project that will please you.






Assuming:
172.100.99.100: FreeRADIUS IP addressmydomain.com: domain namemydc.mydomain.com: domain controllerMYNTDOMAIN: nt domain name
1. Install samba, winbind, krb5-user:

sudo apt install samba winbind krb5-user

2. Config samba by editing:

a. /etc/samba/smb.conf:

...
[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = MYNTDOMAIN

# need to add these
security = ads
password server = mydc.mydomain.com
realm = MYDOMAIN.COM
winbind use default domain = true
...

b. /etc/krb5.conf:

[libdefaults]
        default_realm = MYDOMAIN.COM

...

[realms]
        MYDOMAIN.COM = {
                kdc = mydc.mydomain.com
                admin_server = mydc.mydomain.com
                default_domain = mydomain.com
        }

...
[domain_realm]
        .mydomain.com = MYDOMAIN.COM
        mydomain.com = …

Fix freeradius-config installation error on Ubuntu 16.04 and FreeRadius3.0.X

Image
This morning, I just tried to install FreeRadius 3.0.X on my Ubuntu 16.04 server. And it said that I have to install freeradius-config in order to finish the installation. But, I got these error messages:

...
dpkg: error processing archive /var/cache/apt/archives/freeradius-config_3.0.12-ppa1~xenial_amd64.deb (--unpack):
 trying to overwrite '/etc/freeradius/hints', which is also in package freeradius 3.0.12-ppa1~xenial
Errors were encountered while processing:
 /var/cache/apt/archives/freeradius-config_3.0.12-ppa1~xenial_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
...

So what I did to fix that is to run the following command to force orverwrite the freeradius-config page:

sudo dpkg -i --force-overwrite /var/cache/apt/archives/freeradius-config_3.0.12-ppa1~xenial_amd64.deb

Then the rest was fine.


Shakespeare in love with Vyatta

Image
This is a memo of my presentation last Saturday at the University of Information Technology about Vyatta. I'm just trying show how easy it is to get started with Vyatta and what job I'm doing right now.

Everything is around these commands:

show
config
set
delete
commit
save

It was fun.


References:

https://github.com/vyos
https://wiki.vyos.net/wiki/User_Guide#Firewall
http://networktutorials101.blogspot.com/2015/05/configure-vyosvyatta-firewall.html
https://github.com/bertvv/cheat-sheets/blob/master/src/VyOS.md

Search in all text files in Linux

Just use this command line:

grep -rnw '/path/to/somewhere/'-e "pattern"

Getting started with VyOS firewall

This is a super simple command lines to get started with VyOS firewall. In this example, we will create a firewall rule that block every packet coming out of interface eth0 except the client with IP address 172.20.1.11:

1. Create the firewall rule set by name

set firewall name Genius default-action drop
set firewall name Genius rule 1 action accept
set firewall name Genius rule 1 source address 172.20.1.11
commit

2. Apply the rule set to an interface:

set interfaces ethernet eth0 firewall out name genius
commit
save

Reference: https://wiki.vyos.net/wiki/User_Guide#Firewall

Run php7-fpm app with gitlab-ce's bundled nginx

If you install gitlab-ce in your Ubuntu 16.04 with the default configuration, your server will be set up to use the embedded version of nginx. If that's the case and you want to user nginx for other applications (e.g. php7-fpm) on the same server you can do either following ways:

1. Reconfigure gitlab to use external nginx (non-bundled): check here.

2. Add a new server block for the new application to the gitlab's bundled nginx

I chose (2) to run my php web app. Here are the steps:

1. Create a server block configuration in gitlab's nginx directory:

/var/opt/gitlab/nginx/conf/myapp.conf

server {
    listen 80;
    root /var/www/myapp;
    index index.php index.html index.htm;
    server_name myapp.com;

    error_log    /var/log/nginx/myapp_err.log;


    location / {
        try_files $uri $uri/ =404;
    }


    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;

        fastcgi_param PATH_I…

Nginx access denied error

After setting up a new web root directory for my php app, all I see was:

Access denied

I removed this line in my server block and everything works:

fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; Because I set cgi.fix_pathinfo to 0 in /etc/php/7.0/fpm/php.ini so it conflicts with the above setting.

Install Xibo 1.7.9 in Ubuntu 16.04 with PHP7.0

Installing Xibo (1.7.9) is pretty simple if it's not going with PHP 7.0 because PHP7.0 completely gets rid of mysql_* functions. But for some reasons you have no choice and gotta use PHP 7. In my situation, It's a Ubuntu 16.04 server and PHP 7.015. So what you can do is to compile the mysql_* module yourself.

1. Clone the pecl module to extension directory of php

cd /etc/php/7.0/mods-available
git clone https://github.com/php/pecl-database-mysql mysql --recursive

2. Compile the source

cd /etc/php/7.0/mods-available/mysql
phpize
./configure
make
make install

Note: to have phpize, you may need php7.0-dev installed.
3. Symlink the module into php extension directory
ln -s /usr/lib/php/20151012/mysql.so /etc/php/7.0/mods-available/mysql.so
4. Modify php.ini to enable mysql extension
nano /etc/php/7.0/fpm/php.ini
... extension=/etc/php/7.0/mods-available/mysql.so ...
5. Restart php

sudo systemctl restart php7.0-fpm


The rest is quite simple, just download xibo to your web directory and follow the web …

URL Redirection in Varnish 4

In varnish 4, you can do 30x redirects using Synthetic responses. For example:

sub vcl_recv {

    if (req.http.host == "my.old.com") {
            return (synth(301, "http://another.url.1"));
    }

    if (req.http.host == "my.old2.com") {
            return (synth(302, "http://another.url.2"));
    }
}
sub vcl_synth {
    if (resp.status == 301 || resp.status == 302) {
        set resp.http.location = resp.reason;
        set resp.reason = "Moved";
        return (deliver);
    }
}

Error with percona repo when running apt-get update

I ran apt-get update on a Ubuntu 12.04 server and this error came up:

Err http://repo.percona.com precise Release

Then I went into the Percona documentation and figure out how to fix it. It's to update the Percona's signing key:

sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8507EFA5

Then everything works fine again.

Get user details by email address in Redmine

In Redmine, you can use the REST API to get user details by her email address as following:

GET http://your-redmine-url/users.json?name=myuser@email.com

Note: you have to use an account that has administrative privileges to access that information.

The results will look like this:

{"users":[{"id":336,"last_login_on":"2017-03-03T03:53:35Z","login":"myuser","mail":"myuser@email.com","lastname":"Super","firstname":"Genius","created_on":"2016-06-27T00:32:00Z"}],"offset":0,"limit":25,"total_count":1}