Posts

Showing posts from March, 2017

Fix postgres upgrade error when upgrade Gitlab-CE from 8.x to 9.0

Image
Right after Gitlab 9.0 was released, I upgraded our gitlab 8.x server and got stucked at PostGres upgrade with the following error: ... Creating temporary data directory:Error creating new directory: /var/opt/gitlab/postgresql/data.9.6.1 ... I'd tried many things including changing the folder ownership and using a different tmp folder for postgres upgrade but it's still the same. Luckily, by searching through the Gitlab community edition issues site, I found out someone had a similar problem. I tried what they suggested and it worked. Here are the steps I had done to fix the upgrade: 1. Change the gitlab-psql users shell to /bin/bash (as root): chsh -s /bin/bash gitlab-psql 2. Run dpkg-reconfigure dash and select  NO will link /bin/sh to /bin/bash 3. Run the Gitlab upgrade again and everything was fine: gitlab-ctl upgrade Reference:   https://gitlab.com/gitlab-org/gitlab-ce/issues/29907

WPA2 Enterprise with FreeRADIUS and AD integration on Ubuntu16.04

Image
So you don't want to use the RADIUS feature of your MS Windows server, do you? Here you go, FreeRADIUS , an open-sourced project that will please you. Assuming: 172.100.99.100: FreeRADIUS IP address mydomain.com : domain name mydc.mydomain.com : domain controller MYNTDOMAIN : nt domain name 1. Install samba, winbind, krb5-user: sudo apt install samba winbind  krb5-user 2. Config samba by editing: a. /etc/samba/smb.conf: ... [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of    workgroup = MYNTDOMAIN # need to add these     security = ads     password server = mydc.mydomain.com     realm = MYDOMAIN.COM     winbind use default domain = true ... b. /etc/krb5.conf: [libdefaults]         default_realm = MYDOMAIN.COM ... [realms]         MYDOMAIN.COM = {                 kdc = mydc.mydomain.com                 admin_server = mydc.mydomain.com                 default_d

Fix freeradius-config installation error on Ubuntu 16.04 and FreeRadius3.0.X

Image
This morning, I just tried to install FreeRadius 3.0.X on my Ubuntu 16.04 server. And it said that I have to install freeradius-config in order to finish the installation. But, I got these error messages: ... dpkg: error processing archive /var/cache/apt/archives/freeradius-config_3.0.12-ppa1~xenial_amd64.deb (--unpack):  trying to overwrite '/etc/freeradius/hints', which is also in package freeradius 3.0.12-ppa1~xenial Errors were encountered while processing:  /var/cache/apt/archives/freeradius-config_3.0.12-ppa1~xenial_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) ... So what I did to fix that is to run the following command to force orverwrite the freeradius-config page: sudo dpkg -i --force-overwrite /var/cache/apt/archives/freeradius-config_3.0.12-ppa1~xenial_amd64.deb Then the rest was fine.

Shakespeare in love with Vyatta

Image
This is a memo of my presentation last Saturday at the University of Information Technology about Vyatta. I'm just trying show how easy it is to get started with Vyatta and what job I'm doing right now. Everything is around these commands: show config set delete commit save It was fun. References: https://github.com/vyos https://wiki.vyos.net/wiki/User_Guide#Firewall http://networktutorials101.blogspot.com/2015/05/configure-vyosvyatta-firewall.html https://github.com/bertvv/cheat-sheets/blob/master/src/VyOS.md

Search in all text files in Linux

Just use this command line: grep - rnw '/path/to/somewhere/' - e "pattern"

Getting started with VyOS firewall

This is a super simple command lines to get started with VyOS firewall. In this example, we will create a firewall rule that block every packet coming out of interface eth0 except the client with IP address 172.20.1.11: 1. Create the firewall rule set by name set firewall name Genius default-action drop set firewall name Genius rule 1 action accept set firewall name Genius rule 1 source address 172.20.1.11 commit 2. Apply the rule set to an interface: set interfaces ethernet eth0 firewall out name genius commit save Reference:  https://wiki.vyos.net/wiki/User_Guide#Firewall

Run php7-fpm app with gitlab-ce's bundled nginx

If you install gitlab-ce in your Ubuntu 16.04 with the default configuration, your server will be set up to use the embedded version of nginx. If that's the case and you want to user nginx for other applications (e.g. php7-fpm) on the same server you can do either following ways: 1. Reconfigure gitlab to use external nginx (non-bundled): check here . 2. Add a new server block for the new application to the gitlab's bundled nginx I chose (2) to run my php web app. Here are the steps: 1. Create a server block configuration in gitlab's nginx directory: /var/opt/gitlab/nginx/conf/myapp.conf server {     listen 80;     root /var/www/myapp;     index index.php index.html index.htm;     server_name myapp.com;     error_log    /var/log/nginx/myapp_err.log;     location / {         try_files $uri $uri/ =404;     }     location ~ \.php$ {         fastcgi_split_path_info ^(.+\.php)(/.+)$;         fastcgi_pass unix:/run/php/php7.0-fpm.sock;         fastcgi_

Nginx access denied error

After setting up a new web root directory for my php app, all I see was: Access denied I removed this line in my server block and everything works: fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; Because I set cgi.fix_pathinfo to 0 in /etc/php/7.0/fpm/php.ini so it conflicts with the above setting.

Install Xibo 1.7.9 in Ubuntu 16.04 with PHP7.0

Installing Xibo (1.7.9) is pretty simple if it's not going with PHP 7.0 because PHP7.0 completely gets rid of mysql_* functions. But for some reasons you have no choice and gotta use PHP 7. In my situation, It's a Ubuntu 16.04 server and PHP 7.015. So what you can do is to compile the mysql_* module yourself. 1. Clone the pecl module to extension directory of php cd /etc/php/7.0/mods-available git clone https://github.com/php/pecl-database-mysql mysql --recursive 2. Compile the source cd /etc/php/7.0/mods-available/mysql phpize ./configure make make install Note: to have phpize, you may need php7.0-dev installed. 3. Symlink the module into php extension directory ln -s /usr/lib/php/20151012/mysql.so /etc/php/7.0/mods-available/mysql.so 4. Modify php.ini to enable mysql extension nano /etc/php/7.0/fpm/php.ini ... extension=/etc/php/7.0/mods-available/mysql.so ... 5. Restart php sudo systemctl restart php7.0-fpm The rest is quite

URL Redirection in Varnish 4

In varnish 4, you can do 30x redirects using Synthetic responses . For example: sub vcl_recv {     if (req.http.host == "my.old.com") {             return (synth(301, "http://another.url.1"));     }     if (req.http.host == "my.old2.com") {             return (synth(302, "http://another.url.2"));     } } sub vcl_synth {     if (resp.status == 301 || resp.status == 302) {         set resp.http.location = resp.reason;         set resp.reason = "Moved";         return (deliver);     } }

Error with percona repo when running apt-get update

I ran apt-get update on a Ubuntu 12.04 server and this error came up: Err http://repo.percona.com precise Release Then I went into the Percona documentation and figure out how to fix it. It's to update the Percona's signing key: sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8507EFA5 Then everything works fine again.

Get user details by email address in Redmine

In Redmine, you can use the REST API to get user details by her email address as following: GET http://your-redmine-url/users.json?name=myuser@email.com Note: you have to use an account that has administrative privileges to access that information. The results will look like this: {"users":[{"id":336,"last_login_on":"2017-03-03T03:53:35Z","login":"myuser","mail":"myuser@email.com","lastname":"Super","firstname":"Genius","created_on":"2016-06-27T00:32:00Z"}],"offset":0,"limit":25,"total_count":1}