linux

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

GitLab: Web-based Git repository manager

Install
http://www.panticz.de/install-gitlab

# restart gitlab
gitlab-ctl restart

# git home directory
/var/opt/gitlab

Reset admin password
gitlab-rails console production
u = User.where(id: 1).first
u.password = 'secret'
u.password_confirmation = 'secret'
u.save!

backup
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/raketasks/backup_restore.md
# full backup
gitlab-rake gitlab:backup:create

# backup without reposiories
sudo gitlab-rake gitlab:backup:create SKIP=repositories

# backup target

XEN: Create Debian Jessie DomU VM

wget https://raw.githubusercontent.com/panticz/xen/master/domains/debian.jessie.sh -O - | bash -

#!/bin/bash

# configure domU
DOMAIN_NAME=jessie
DOMAIN_MAC=00:10:01:aa:bb:cc
DOMAIN_RAM=2Gb
DOMAIN_HDD=8Gb
 
# create domU on LVM (for image file use --dir=/root)
xen-create-image \
 --hostname=${DOMAIN_NAME} \
 --dist=jessie \
 --lvm=vg0 \
 --size=${DOMAIN_HDD} \
 --fs=ext4 \
 --role=udev \
 --memory=${DOMAIN_RAM} \
 --swap=${DOMAIN_RAM} \
 --dhcp \
 --mac=${DOMAIN_MAC} \
 --genpass=0 \
 --password=t00r \
 --vcpus $(cat /proc/cpuinfo | grep processor | wc -l) \
 --pygrub
 
# --apt_proxy=http://apt-cacher:3142/
 
# rename vm config
mv /etc/xen/${DOMAIN_NAME}.cfg /etc/xen/${DOMAIN_NAME}
 
# OPTIONAL: add to autostart
ln -s /etc/xen/${DOMAIN_NAME} /etc/xen/auto
 
# start domU
xm create -c ${DOMAIN_NAME}

# login
user: root
password: t00r

# disable pc speaker
echo 'blacklist snd-pcsp' >> /etc/modprobe.d/blacklist.conf

# fix FQDN
echo "$(ifconfig eth0| grep "inet addr" | cut -d ":" -f2 | cut -d" " -f1)     $(hostname).$(cat /etc/resolv.conf | grep domain | cut -d" " -f2) $(hostname)" >> /etc/hosts
 
# OPTIONAL: enable APT auto update
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/enable_auto_update.sh -O - | bash -

LXC: create Debian Jessie container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=jessie
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s -- -f

Allow root SSH login with password
CONTAINER=jessie
sudo lxc-attach -n ${CONTAINER} -- sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sudo lxc-attach -n ${CONTAINER} -- service ssh restart

Fix DNS
echo nameserver 8.8.8.8 | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

Default login credentials
user: root
pass: root

FixMe
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1346734

Failed to open /dev/autofs: No such file or directory
Failed to initialize automounter: No such file or directory
[FAILED] Failed to set up automount Arbitrary Executable File Formats File System Automount Point.
See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Kernel Socket.
See 'systemctl status systemd-udevd-kernel.socket' for details.
Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Control Socket.
See 'systemctl status systemd-udevd-control.socket' for details.

Bugs
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020
https://wiki.debian.org/LXC#Incompatibility_with_systemd

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

# test
http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

Debian Jessie

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=jessie
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

Ubuntu: Ericsson H5321gw / F5521gw mini PCI-e WWAN / UMTS card

Ericsson H5321gw (Thinkpad T530)
# lsusb | grep Ericsson
Bus 003 Device 004: ID 0bdb:1926 Ericsson Business Mobile Networks BV

# fix kernel driver
echo "/etc/modprobe.d/avoid-mbib.conf" > options cdc_ncm prefer_mbim=N

cat < /etc/udev/rules.d/99-mbm.rules
ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926",
ENV{ID_USB_INTERFACE_NUM}=="09", ENV{MBM_CAPABILITY}="gps_nmea"
ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926",
ENV{ID_USB_INTERFACE_NUM}=="03", ENV{MBM_CAPABILITY}="gps_ctrl"
EOF

# force USB modem to only connect via EDGE and not 3G?

LXC Containers

# centos
sudo lxc-create -t centos -n centos -- --release 7

# nested container / docker support
echo "lxc.aa_profile = unconfined" >> /var/lib/lxc/centos/config
echo "lxc.cgroup.devices.allow = a\n" >> /var/lib/lxc/centos/config

# fixme (on first run)
+ preseed
Configuring console-setup

echo "console-setup/layoutcode string UTF-8" | debconf-set-selections

Create a restricted user for SSH tunneling

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/create_ssh_tunnel_user.sh -O - | bash -

#!/bin/bash

# create new restricted user
useradd tunnel --gid nogroup --create-home --skel /dev/null --shell /bin/rbash

# set random encrypted password to enable login
echo "tunnel:$(openssl rand -base64 32)" | chpasswd

# create authorized_keys
mkdir /home/tunnel/.ssh
chmod 700 /home/tunnel/.ssh
touch /home/tunnel/.ssh/authorized_keys
chmod 600 /home/tunnel/.ssh/authorized_keys

# remove path to programs
echo 'PATH=' > /home/tunnel/.profile
chmod 400 /home/tunnel/.profile

# restrict permissions
chmod 500 /home/tunnel
chown tunnel:nogroup /home/tunnel -R

Add your public key(s)
cat /tmp/authorized_keys > /home/tunnel/.ssh/authorized_keys
sed -i 's|ssh-rsa|command="/bin/false",no-pty,no-X11-forwarding ssh-rsa|g' /home/tunnel/.ssh/authorized_keys

# parameter
command="/bin/false",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:80"
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding

Links
http://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html

Update LXC container templates filesystem

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/scripts/lxc-update-templates.sh -O - | bash -

#!/bin/bash

# ensure that this script is run as root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# set language to english
LANG=en_US.UTF-8

# update APT rootfs (Debian and Ubuntu)
for DIST in $(find /var/cache/lxc/*/* -maxdepth 0 -type d); do
  echo "Updating ${DIST} ..."
  chroot "${DIST}" apt-get update -qq
  chroot "${DIST}" apt-get dist-upgrade -qq -y
  chroot "${DIST}" apt-get autoremove -qq -y
  chroot "${DIST}" apt-get clean
done

# fix dns
echo "nameserver 8.8.8.8" > /var/cache/lxc/debian/rootfs-wheezy-amd64/etc/resolv.conf

Cronjob
echo "0 13 * * * root /usr/bin/wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/scripts/lxc-update-templates.sh -O - | bash -" > /etc/cron.d/lxc_update_template
service cron restart

# fix squeeze repository
sed -i 's|cdn.debian.net|ftp.debian.org|g' /var/cache/lxc/debian/rootfs-squeeze-amd64/etc/apt/sources.list

Install Google Music Manager

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.google-musicmanager.sh -O - | bash -

#!/bin/bash

# get URL
if [ "$(uname -m)" == "x86_64" ]; then
  # 64 bit
  URL=https://dl.google.com/linux/direct/google-musicmanager-beta_current_amd64.deb
else
  # 32 bit
  URL=https://dl.google.com/linux/direct/google-musicmanager-beta_current_i386.deb
fi

# download
wget ${URL} -P /tmp

# install
sudo dpkg -i /tmp/google-musicmanager-beta_current_*.deb

$ cat /etc/apt/sources.list.d/google-musicmanager.list
deb http://dl.google.com/linux/musicmanager/deb/ stable main

Links
https://play.google.com/music/listen?u=0#/manager

memcached

# install
apt-get install -y memcached
sed -i 's|-l 127.0.0.1|-l 172.29.13.117|g' /etc/memcached.conf
service memcached restart

# flush cache
telnet mc.example.com 11211
stats
flush_all
quit

# memcached reserved memory
stats
...
STAT limit_maxbytes 314572800

Syndicate content