Testing your internet connection speed from the commandline

 - 

speedometer
Sometimes you may want to check the internet connection of the provider you are connected to. Although there are various versions that are browser related I rather want to have a method like this commandline based.

There is always the method of downloading a large file off the internet to see how fast it performs, but it’s not very convenient. Upon some searching I came across the tool “speedtest-cli” which is able to perform such speedtests directly from the commandline.

Requirements:
Speedtest-cli is a python program and can be installed using pip. If you don’t have pip installed you can install it with the commands below:

Debian/Ubuntu:
apt-get install python-pip

CentOS/RedHat:
yum install python-pip

ArchLinux:
pacman -Sy python-pip

Installing speedtest-cli:
When pip is installed, run the following to install it:
pip install speedtest-cli

The output will be like:
Collecting speedtest-cli
Using cached speedtest_cli-0.3.4-py2.py3-none-any.whl
Installing collected packages: speedtest-cli
Successfully installed speedtest-cli-0.3.4

Using speedtest-cli
Now that it is installed, you can simply start it by running:
speedtest-cli

It will automatically determine the nearest mirror and start the test. Output will be like it is below (IP masked):
[fileserver ~]# speedtest-cli
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Ziggo (1.2.3.4)...
Selecting best server based on latency...
b'Hosted by INTERACTIVE 3D B.V. (Rotterdam) [14.50 km]: 16.043 ms'
Testing download speed........................................
Download: 236.53 Mbit/s
Testing upload speed..................................................
Upload: 27.37 Mbit/s

I have a 300/30Mbit internet connection at home and had some downloads ongoing at that time, so the results are what I’ve expected from it.


Install Observium on ArchLinux

 - 

Hamster-transparentRecently I’ve obtained an old 8-port switch from the office (a WWP LightningEdge 310). That switch has a management port for managing the switch via cli but also is capable of sending SNMP data so we can monitor the status of the switch in tools like Cacti or Observium. I’ve tried Cacti before and although it’s very mature and has a lot of functions it’s also a big puzzle to find out how it works with all of it’s templates and graphs. I’ve also tried Observium and this does the job perfectly. Since the installation of Observium is well documented for RedHat and Debian like systems and I only have ArchLinux based systems I’ve tried installing it on Arch, this post will therefore describe the process of installing and running Observium on a ArchLinux install.

Why Observium?
Observium is able to poll SNMP data like Cacti but it’s much more convenient in what it is able to show and graph. By default Cacti has some basic templates for traffic monitoring but it’s not very thorough. Observium is able to graph all SNMP data that is available for processing and does the work almost completely for you. In my case with the LE-310 switch it is able to show all interface statistics, optic status, system status etcetera as where Cacti was able to only monitor the first.

System requirements:
Observium has pretty high system requirements. Since I’m only monitoring 1 switch in this install I can imagine that the actual requirements would be much lower. My testing case was done on a very old HP machine (s7720.nl) with the following specs:

CPU: AMD X2 3800+ 2GHz dualcore
RAM: 4GB DDR2 800 ECC
LAN: Realtek 8101CP 100Mbit
HDD: 1TB Seagate Constellation 7200RPM

As said, the machine is very old (almost 9 years). As it’s only used for testing purposes I found the machine handling Observium pretty well. The web pages are generated pretty fast with PHP7 and no Opcode caching. The only thing that was notably slower was the generation of the graphs which in this case is the CPU intensive part. It could take up to several seconds to load ~15 – ~20 graphs on a page, still okay for me. Should you want more speed you might want to consider a more modern machine with a newer CPU for processing the graph data.

Installing required software:
Before we can install Observium we need to install some packages that consist of a LAMP stack, some PHP modules and software that is needed so Observium can do it’s work properly. From the commandline/terminal elevate to root and install the required software:

pacman -Sy apache mariadb php php-apache php-mcrypt php-gd php-snmp net-snmp fping rrdtool whois mtr ipmitool graphviz imagemagick python-pip nmap

For the cron scripts to work we need to have pymysql installed as well:
pip3 install pymysql

Then go back to your normal user account and install the php-pear package, I’ve done this like (as root):
su jeffrey
yaourt- Sy php-pear
exit

Configuring the installed software:
By default the Apache and MariaDB services are not started and have to be “enabled” so they start at boot and have to be “started” in order for them to work.

Enable the apache and MariaDB services:
systemctl enable httpd.service
systemctl enable mariadb.service

If you have just installed MariaDB and haven’t set it up before it’s best to do now to finish and secure your installation. To finish the installation run:
mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

This will take a couple of seconds to finish and results in a working MariaDB server setup but with no password for the root account, start MariaDB and set it via:
systemctl start mariadb.service
mysql_secure_installation

The script makes most of the default choices for you, it’s best to keep them as suggested!

We haven’t started Apache yet as we have to change the default config as well and saves us a Apache restart. Open the main configuration file:
vim /etc/httpd/conf/httpd.conf

Locate the following line:
#LoadModule rewrite_module modules/mod_rewrite.so

And replace it with:
LoadModule rewrite_module modules/mod_rewrite.so

Next locate the following line:
LoadModule mpm_event_module modules/mod_mpm_event.so

Replace it with:
#LoadModule mpm_event_module modules/mod_mpm_event.so

And change the line underneath it from:
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

To:
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

In that same LoadModule list add to the end of the list the following line so that PHP scripts work as well:
LoadModule php7_module modules/libphp7.so

Search in the file for Include and insert the following line underneath the last Include:
Include conf/extra/php7_module.conf

Later in the file there is a DocumentRoot section, within the Directory directive, replace everything with:
DirectoryIndex index.php
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted

Change the DocumentRoot and Directory itself as well from:
DocumentRoot "/srv/http"

To:
DocumentRoot "/srv/http/html"

Save the changes and exit the file.

Now we have to change some PHP settings as well, open the following file:
vim /etc/php/php.ini

Search for the following line:
extension_dir = "/usr/lib/php/modules/"

And add the following lines beneath it:
extension=snmp.so
extension=sockets.so
extension=mysqli.so
extension=pdo_mysql.so
extension=gd.so
extension=mcrypt.so

Save the changes and exit the file. Now let’s start Apache as well:
systemctl start httpd.service

Downloading Observium:
By default the docroot of Apache on ArchLinux is in /srv/http/. One thing that you must know is that Observium must run from within the docroot itself and will not run using a alias or subdirectory. This is because it’s programmed to always run from the docroot (and that is bad).

So first we navigate to the docroot directory:
cd /srv/http/

Download the latest Observium archive:
wget http://www.observium.org/observium-community-latest.tar.gz

And unpack it straight into the current docroot directory:
tar --strip-components=1 -vxzf observium-community-latest.tar.gz

Remove the downloaded installation archive:
rm -f observium-community-latest.tar.gz

Configuring Observium:
In order to use Observium we need to create a configfile with the database credentials and set up a database. First we will setup the database, so log in to MySQL as the root user with the password you’ve set earlier:
mysql -u root -p

Create a database, new database user and password:
mysql> CREATE DATABASE observium DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL PRIVILEGES ON observium.* TO 'observium'@'localhost'
-> IDENTIFIED BY '';

Exit MySQL and setup the config file:
cp config.php.default config.php
vim config.php

You have to change the following lines to what you have setup above with the MySQL database setup:
// Database config --- This MUST be configured
$config['db_extension'] = 'mysqli';
$config['db_host'] = 'localhost';
$config['db_user'] = 'USERNAME';
$config['db_pass'] = 'PASSWORD';
$config['db_name'] = 'observium';

You also need to change the Observium root directory from:
#$config['install_dir'] = "/opt/observium";

To:
$config['install_dir'] = "/srv/http";

And save your changes. Now we are going to install the database schema, run the following:
./discovery.php -u

This will import the basic database schema into the Observium database. It may take up to a couple of minutes depending on the speed of the system, mostly disk related. The output is as shown below:
Install initial database schema ... done.
-- Updating database/file schema
252 -> 253 ... (db) done.
253 -> 254 ... (db) done.
254 -> 255 ... (db) done.
255 -> 256 ... (php)
256 -> 257 ... (php)
257 -> 258 ... (php)
258 -> 259 ... (db) done.
259 -> 260 ... (php)
260 -> 261 ... (db) done.
261 -> 262 ... (php)
262 -> 263 ... (db) done.
263 -> 264 ... (db) done.
264 -> 265 ... (db) done.
265 -> 266 ... (db) done.
-- Done.

We also need to create logging and RRD data directories:
mkdir /srv/http/rrd
mkdir /srv/http/logs
chmod 777 /srv/http/{rrd,logs}

The last step is to fix a issue with PEAR. Observium uses PEAR for several additional PHP modules, but looks for the PEAR.php file in it’s own pear directory which isn’t there. If you have the php-pear package installed before from yaourt you can solve this issue by copying the PEAR.php file from the pear directory over to the pear directory from Observium:
cp /usr/share/pear/PEAR.php /srv/http/libs/pear/

If you don’t copy the PEAR.php file you will not be able to add devices to your Observium install!

Creating a new user for Observium:
Before we can log in to the web interface of Observium we need to create a user for this purpose:
cd /srv/http/

Run the following command to create a user called “jeffrey” with a password “password” and admin rights “10”:
./adduser.php jeffrey password 10

Which should result in:
Observium CE 0.16.1.7533
Add User

User jeffrey added successfully.

Logging in to the web interface of Observium:
In your browser you can navigate to the IP-address or hostname, this should result in the login screen of Observium like shown below:
Observium

When logged in you should be able to add hosts and devices. Do note that they cannot be added by IP-address and always have to be entered as hostnames. Should this be an issue you can use the local /etc/hosts file on your Observium machine of fix the hostnames your DHCP server hands out.

Automatic polling for Observium:
It’s possible to poll the data for Obserium automatically. For this we will use the cron mechanism from the system. As root, edit the current cron:
crontab -e

And add the following 3 lines:
33 */6 * * * /srv/http/discovery.php -h all > /dev/null 2>&1
*/5 * * * * /srv/http/discovery.php -h new > /dev/null 2>&1
*/5 * * * * /srv/http/poller-wrapper.py 2 > /dev/null 2>&1

Save the cron and from now on every 5 minutes the new SNMP data will be polled for the devices you have configured!

In Server

Fix ProFTPd [unable to lstat AuthUserFile] error on DirectAdmin

 - 

directadmin
Recently I’ve updated the ProFTPd software on one of the servers at work and ran into the following issue after custombuild finished the update:
SNIP:
Restarting ProFTPd.
Shutting down proftpd: [ OK ]
Starting proftpd: 2016-06-10 10:12:35,133 server.example.net proftpd[3367]: mod_auth_file/1.0: unable to lstat AuthUserFile '/usr/local/directadmin/data/users/morpheus/ftp.passwd': No such file or directory
2016-06-10 10:12:35,134 server.example.net proftpd[3367]: fatal: AuthUserFile: unable to use /usr/local/directadmin/data/users/morpheus/ftp.passwd: No such file or directory on line 4 of '/etc/proftpd.vhosts.conf'
[FAILED]

The issue here is that the ProFTPd server no longer accepts the vhost config file but still parses it (hence the error above). So the real problem is that there is a user “morpheus” on the server (in my case) which has it’s own vhost config in the ProFTPd service but for that user the password file was not present anymore.

Upon looking into the vhost configuration file of ProFTPd learned me that there was indeed a manual created vhost section for the user “morpheus”:

bash-3.00# cat /etc/proftpd.vhosts.conf
[VirtualHost 194.60.207.182]
ServerName "ProFTPd"
ExtendedLog /var/log/proftpd/194.60.207.182.bytes WRITE,READ userlog
AuthUserFile /usr/local/directadmin/data/users/morpheus/ftp.passwd
[/VirtualHost]

This itself isn’t an issue as long as the ftp.passwd file for the user exists. When examining this further I found out that the user “morpheus” didn’t exist on the server anymore! So here it was actually pretty clear why the error showed up as the given ftp.passwd didn’t exist anymore because the user was removed from the system in the past but the vhost config was not properly cleaned.

To solve it in one go we can simply move away the vhost configuration file of ProFTPd to a safe location (as it’s deprecated now anyway):
bash-3.00# mv /etc/proftpd.vhosts.conf /root/

After moving the file out of the way start ProFTPd again and you should see no errors and the service should be reachable again:
bash-3.00# /etc/init.d/proftpd restart
Shutting down proftpd: [FAILED]
Starting proftpd: [ OK ]


Updating the firmware on a Brocade 300 FC switch

 - 

product-300-right-gallery-bannerWith the office cleanup a couple of weeks ago an old Brocade 300 FC-switch (24 port 8Gbit fibrechannel)was found and was taken out of service due to probable hardware issues. Since the unit was already out of warranty no further efforts were made to revive or test the unit. I’ve taken the unit home to use with my 2 FC-cards to see how such a switch works and can be configured.

The first issue I ran into was the firmware. The conclusion at work was that a possible firmware update would be able to solve the issue so I went on a nice journey to find out how to retrieve the firmware and to update the switch (as the unit was never updated). This post will cover the steps and requirements needed to upgrade the firmware on this type of FC-switch. For people interested in the specifications of this switch can have a look at the datasheet here.

Getting firmware updates from Brocade:
This is the hardest part as you may only download firmware updates for Brocade devices if you have a support plan with Brocade. As I personally don’t have a contract with them I’ve found a colleague of mine who normally manages this for the company and downloaded the latest firmware updates for me. If you don’t have a contract with Brocade it’s not possible to download the firmware. You should contact a network or storage engineer in your company or personal area to see if they can help you further. At the time of writing version “7.4.1c” was the latest release with a size of approx ~1.2GB.
Version 8.0.0 and 8.0.1 were available as well, but not recommended by Brocade yet and therefore are not used in this post.

Logging in on the switch:
My unit was already configured so the LAN interface was already set to a fixed IP and had to reset this first. There is a serial console as well and sits next to the LAN interface (the IOIOI port) and with a RJ45 -> DB9 converter you can setup a serial connection with 9600baud 8N1. I had a problem with the serial connection that it would stop working after being idle for a minute and had to reboot the switch in order to revive it. Luckily the engineers never set a password themselves on the switch so when the login prompt arrived I was able to log in using the default password (username is “admin” and the password is “password”:

sw1 login: admin
Password:

-----------------------------------------------------------------
sw1:admin>

I had already updated the password, once logging in with the default password the system will ask you if you want to change this, for security it’s best to do so.

Since I’m logged in I had to change the interface details, this can be done with the following command:

sw1:admin> ipaddrset
Ethernet IP Address [192.168.0.199]:
Ethernet Subnetmask [255.255.255.0]:
Gateway IP Address [192.168.0.1]:
DHCP [Off]:
sw1:admin>

If you want to use DHCP you should set DHCP to On, but it’s best to set a fixed IP here so you always know the IP if you need to log in.

From this point on you don’t need the serial connection and can telnet to the IP address you’ve set above:
telnet 192.168.0.199
Trying 192.168.0.199...
Connected to 192.168.0.199.
Escape character is '^]'.


Fabric OS (sw1)
Fabos Version 6.4.3d

sw1 login:

Retrieving the current firmware version:
You should log in as admin on the console or management interface, with the “firmwareshow” command you can show the current running firmware:
sw1:admin> firmwareshow
Appl Primary/Secondary Versions
------------------------------------------
FOS v6.4.3d
v6.4.3d

As you can see the firmware on my unit is rather old. Using SSH to connect to the management IP was not possible due to weak ciphers and other strange behaviour that started showing up. The unit clearly looked faulty at this point. The unit itself is from 2012 and had it’s last update (according to the eventlog) in 2013 and was the stock firmware the unit shipped with at that point.

Updating the firmware:
The firmware update process is pretty simple but the instructions are not very clear if you are not familiar with it. You can update using a variety of protocols like:
– FTP
– SFTP
– SCP

To download the firmware to the device the “firmwaredownload” function can be used. In this process I will use SCP as this was the most convenient way in my network. To be able to use the SCP method we need to have a server which runs SSH and has a account that has SSH access, the easiest solution is to either use root or a local username (on the server) and extract the firmware software to it’s home directory. So in my case I have a user “jeffrey” on my server with IP 192.168.0.75. I’ve copied the firmware tar.gz file to the homedir of that user and extracted it there. This will result in a “v7.4.1c” directory in the homedir of “jeffrey”.

A note on the firmware archive: There are a lot of files in the archive, this holds the firmware for all supported devices so it’s not only for this switch. You don’t need to know the so-called SWBD number (hardware ID) of the switch. The updater will search in the right SWBD folder automatically and you only need to point the file name location to the directory where the firmware was extracted to.

A note on firmware update versions: You cannot upgrade directly to the latest version if you are running more than 1 release behind. So in my case where I have v6.4.3 I had to update to 7.0.0a -> 7.2.1g -> 7.4.1c instead. Note that you can update in even numbered steps, odd numbered update steps won’t work.See the end of this post for more information. In this case the instructions apply in general for the update process itself but this firmware version only works when running 7.2.x or 7.3.x.

Below are the steps that I took to accomplish this in general and will apply also when the device is running a version behind (with the console output):
sw1:admin> firmwaredownload -s
Server Name or IP Address: 192.168.0.75
User Name: jeffrey
File Name: v7.4.1c
Network Protocol(1-auto-select, 2-FTP, 3-SCP, 4-SFTP) [1]: 3
Verifying if the public key authentication is available.Please wait ...
The public key authentication is not available.
Password:
Do Auto-Commit after Reboot [Y]:
Reboot system after download [N]: Y
Server IP: 192.168.0.75, Protocol IPv4
Checking system settings for firmwaredownload...
WARNING: Fabric Watch is discontinued in FOS 7.4 and will not run after firmware upgrade. To continue with monitoring capability, it is recommended to migrate to MAPS prior to firmware upgrade. Users can convert existing Fabric Watch thresholds into MAPS policies by using "mapsConfig --fwconvert" CLI command and continue monitoring with the same settings. Fabric Watch thresholds cannot be converted to MAPS policies after firmware upgrade. Please refer to MAPS Administrator's Guide for further information.
System settings check passed.


You are running firmwaredownload with auto-reboot and auto-commit enabled. After the firmware is downloaded the system will reboot and commit firmware automatically.


Do you want to continue (Y/N) [Y]:
Firmware is being downloaded to the switch. This step may take up to 30 minutes.
Preparing for firmwaredownload...
Start to install packages...
dir ##################################################
ldconfig ##################################################
glibc ##################################################
glibc-linuxthreads ##################################################
bash ##################################################
readline ##################################################
terminfo ##################################################
termcap ##################################################
vixie-cron ##################################################
fileutils ##################################################
textutils ##################################################
warning: /etc/group created as /etc/group.rpmnew
warning: /etc/passwd created as /etc/passwd.rpmnew
setup ##################################################
warning: /etc/hosts created as /etc/hosts.rpmnew
swbd12-setup ##################################################
which ##################################################
findutils ##################################################
bzip ##################################################
zlib ##################################################
chkconfig ##################################################
sed ##################################################
procps ##################################################
psmisc ##################################################
modutils ##################################################
sin ##################################################
rcinit ##################################################
misc ##################################################
pam ##################################################
util-linux ##################################################
sh-utils ##################################################
popt ##################################################
grep ##################################################
rpm ##################################################
sysvinit ##################################################
man ##################################################
less ##################################################
gzip ##################################################
tar ##################################################
rsync ##################################################
uuid-libs ##################################################
e2fsprogs ##################################################
cpio ##################################################
dev ##################################################
bootenv ##################################################
wdtd ##################################################
fwdl ##################################################
telnet-server ##################################################
kernel ##################################################
kernel-module-usb ##################################################
swbd21-drivers ##################################################
sysklogd ##################################################
syslog-ng ##################################################
getty ##################################################
net-tools ##################################################
uucp ##################################################
portmap ##################################################
inetd ##################################################
iptables ##################################################
tcpd ##################################################
rsh-server ##################################################
rsh ##################################################
openssl-libs ##################################################
openssh ##################################################
warning: /etc/sshd_config saved as /etc/sshd_config.rpmsave
openssh-server ##################################################
rusers-server ##################################################
rdate ##################################################
logrotate ##################################################
ntp ##################################################
pciutils ##################################################
strace ##################################################
sendmail ##################################################
iproute2 ##################################################
libxml2 ##################################################
fss ##################################################
warning: /etc/fabos/rbac/dynamic created as /etc/fabos/rbac/dynamic.rpmnew
fabos-setup ##################################################
fabos-drivers ##################################################
fabos-libs ##################################################
fabos-diag ##################################################
fabos ##################################################
fabos-daemons ##################################################
fabos-zoning ##################################################
sqlite ##################################################
dhcpcd ##################################################
dhclient ##################################################
fabos-vf ##################################################
fabos-hmon ##################################################
fabos-wwnhs ##################################################
fabos-man ##################################################
fabos-swbd71 ##################################################
apache ##################################################
fastcgi ##################################################
fabos-webtools ##################################################
fabos-webtoolsez ##################################################
tz ##################################################
mtracer-tool ##################################################
sysstat ##################################################
prom-440epx ##################################################
Please avoid powering off the system during prom update.
ipv6 ##################################################
awk ##################################################
ipsec ##################################################
hss-diag ##################################################
Removing unneeded files, please wait ...
Finished removing unneeded files.


INFO: Ciphersuite change on switch
HTTPS ciphers will be modified to be compatible with new firmware version
creating the old storage file
All packages have been downloaded successfully.
Firmware has been downloaded to the secondary partition of the switch.


Broadcast message from root (pts/0) Mon May 23 15:49:45 2016...


The system is going down for reboot NOW !!
Connection closed by foreign host.

After the reboot the switch should be running the newly updated firmware. The reboot procedure varies in each version. I’ve set it to auto commit and reboot as this is a testing unit for me and don’t mind that it just reboots when done. In a production environment you might want to keep this feature disabled (which it is by default!). The download process took a couple of minutes (the management port is 10/100Mbit) and the update process around 15 minutes. Although I just waited for some time you may want to run “firmwaredownloadstatus” which can show the current firmware download eventlog and the current action it’s performing.

An example of the “firmwaredownloadstatus” output can be found below:
sw1:admin> firmwaredownloadstatus
[1]: Mon May 23 15:10:37 2016
Firmware is being downloaded to the switch. This step may take up to 30 minutes.


[2]: Mon May 23 15:15:23 2016
Firmware has been downloaded to the secondary partition of the switch.


[3]: Mon May 23 15:17:04 2016
The firmware commit operation has started. This may take up to 10 minutes.


[4]: Mon May 23 15:20:04 2016
The commit operation has completed successfully.


[5]: Mon May 23 15:20:04 2016
Firmwaredownload command has completed successfully. Use firmwareshow to verify the firmware versions.

Note on availability: During the download and update process the switch will remain available for traffic. During the reboot this is (yes really) interrupted. After the switch is back online the traffic is resumed.

Updating issues:
If you run a firmware older than 7.2.x you cannot directly upgrade to the current 7.4.1 release. If you try to upgrade it will error with:
sw1:admin> firmwaredownload
Server Name or IP Address:
fwdl (pid=3898): signal=2
sw1:admin> firmwaredownload
Server Name or IP Address: 192.168.0.75
User Name: jeffrey
File Name: v7.4.1c/
Network Protocol(1-auto-select, 2-FTP, 3-SCP, 4-SFTP) [1]: 3
Password:
Server IP: 192.168.0.75, Protocol IPv4
Checking system settings for firmwaredownload...


The following item(s) need to be addressed before downloading the specified firmware:
Cannot upgrade directly to 7.4. Please upgrade to 7.2 first and then upgrade to 7.4.


Firmwaredownload failed.
sw1:admin>

If this occurs you should download the 7.2 firmware update and apply it first and then try updating to 7.4 again. Do note that you cannot update major versions if you are running more than 2 firmware versions behind. So in order to update to 7.4 you either need to run 7.2 or 7.3 on your unit.

So in my case I had to update to 7.0.0a, 7.2.1g and to v7.4.1c. For reference you will find the whole console output below:

Updating from v6.4.3d to v7.4.1c:
Updating from v6.4.3d to v7.0.0a:
sw1:admin> firmwaredownload
Server Name or IP Address: 192.168.0.75
User Name: jeffrey
File Name: v7.0.0a
Network Protocol(1-auto-select, 2-FTP, 3-SCP, 4-SFTP) [1]: 3
Password:
Server IP: 192.168.0.75, Protocol IPv4
Checking system settings for firmwaredownload...
System settings check passed.


You can run firmwaredownloadstatus to get the status
of this command.


This command will cause a warm/non-disruptive boot but will
require that existing telnet, secure telnet or SSH sessions
be restarted.


Do you want to continue (Y/N) [Y]:
Firmware is being downloaded to the switch. This step may take up to 30 minutes.
Preparing for firmwaredownload...
Start to install packages...
dir ##################################################
ldconfig ##################################################
glibc ##################################################
glibc-linuxthreads ##################################################
bash ##################################################
readline ##################################################
terminfo ##################################################
termcap ##################################################
vixie-cron ##################################################
fileutils ##################################################
textutils ##################################################
setup ##################################################
swbd12-setup ##################################################
which ##################################################
findutils ##################################################
bzip ##################################################
zlib ##################################################
chkconfig ##################################################
sed ##################################################
procps ##################################################
psmisc ##################################################
modutils ##################################################
sin ##################################################
rcinit ##################################################
misc ##################################################
pam ##################################################
util-linux ##################################################
sh-utils ##################################################
popt ##################################################
grep ##################################################
rpm ##################################################
sysvinit ##################################################
man ##################################################
less ##################################################
gzip ##################################################
tar ##################################################
rsync ##################################################
uuid-libs ##################################################
e2fsprogs ##################################################
cpio ##################################################
dev ##################################################
bootenv ##################################################
wdtd ##################################################
fwdl ##################################################
telnet-server ##################################################
kernel ##################################################
kernel-module-usb ##################################################
swbd21-drivers ##################################################
sysklogd ##################################################
getty ##################################################
net-tools ##################################################
uucp ##################################################
portmap ##################################################
inetd ##################################################
iptables ##################################################
tcpd ##################################################
rsh-server ##################################################
rsh ##################################################
openssl-libs ##################################################
openssh ##################################################
openssh-server ##################################################
rusers-server ##################################################
rdate ##################################################
logrotate ##################################################
ntp ##################################################
pciutils ##################################################
strace ##################################################
sendmail ##################################################
iproute2 ##################################################
libxml2 ##################################################
fss ##################################################
fabos-setup ##################################################
fabos-drivers ##################################################
fabos-libs ##################################################
nonet-lib ##################################################
fabos-diag ##################################################
fabos ##################################################
fabos-daemons ##################################################
fabos-zoning ##################################################
sqlite ##################################################
dhcpcd ##################################################
fabos-vf ##################################################
fabos-hmon ##################################################
fabos-wwnhs ##################################################
fabos-man ##################################################
fabos-swbd71 ##################################################
apache ##################################################
fastcgi ##################################################
fabos-webtools ##################################################
fabos-webtoolsez ##################################################
tz ##################################################
mtracer-tool ##################################################
sysstat ##################################################
prom-440epx ##################################################
Please avoid powering off the system during prom update.
ipv6 ##################################################
awk ##################################################
ipsec ##################################################
hss-diag ##################################################
Removing unneeded files, please wait ...
Finished removing unneeded files.


All packages have been downloaded successfully.
Firmware has been downloaded to the secondary partition of the switch.
HA Rebooting ...
Connection closed by foreign host.

Check to see if the update went okay:
[jeffrey@e7440 ~]$ telnet 192.168.0.199
Trying 192.168.0.199...
Connected to 192.168.0.199.
Escape character is '^]'.


Fabric OS (sw1)
Fabos Version 7.0.0a

Updating from v7.0.0.a to 7.2.1g:
sw1:admin> firmwaredownload -s
Server Name or IP Address: 192.168.0.75
User Name: jeffrey
File Name: v7.2.1g
Network Protocol(1-auto-select, 2-FTP, 3-SCP, 4-SFTP) [1]: 3
Verifying if the public key authentication is available.Please wait ...
The public key authentication is not available.
Password:
Do Auto-Commit after Reboot [Y]:
Reboot system after download [N]:
Server IP: 192.168.0.75, Protocol IPv4
Checking system settings for firmwaredownload...


This action will set default QoS port configuration from AE to OFF because Adaptive Networking License is not installed on the switch.


System settings check passed.


You are running firmwaredownload with auto-reboot disabled. After firmware is downloaded, please reboot the system to activate the new firmware.


Do you want to continue (Y/N) [Y]:
Firmware is being downloaded to the switch. This step may take up to 30 minutes.
Preparing for firmwaredownload...
Removing nonet-lib
Removing hss-diag
Start to install packages...
dir ##################################################
ldconfig ##################################################
glibc ##################################################
glibc-linuxthreads ##################################################
bash ##################################################
readline ##################################################
terminfo ##################################################
termcap ##################################################
vixie-cron ##################################################
fileutils ##################################################
textutils ##################################################
setup ##################################################
swbd12-setup ##################################################
which ##################################################
findutils ##################################################
bzip ##################################################
zlib ##################################################
chkconfig ##################################################
sed ##################################################
procps ##################################################
psmisc ##################################################
modutils ##################################################
sin ##################################################
rcinit ##################################################
misc ##################################################
pam ##################################################
util-linux ##################################################
sh-utils ##################################################
popt ##################################################
grep ##################################################
rpm ##################################################
sysvinit ##################################################
man ##################################################
less ##################################################
gzip ##################################################
tar ##################################################
rsync ##################################################
uuid-libs ##################################################
e2fsprogs ##################################################
cpio ##################################################
dev ##################################################
bootenv ##################################################
wdtd ##################################################
fwdl ##################################################
telnet-server ##################################################
kernel ##################################################
kernel-module-usb ##################################################
swbd21-drivers ##################################################
sysklogd ##################################################
getty ##################################################
net-tools ##################################################
uucp ##################################################
portmap ##################################################
inetd ##################################################
iptables ##################################################
tcpd ##################################################
rsh-server ##################################################
rsh ##################################################
openssl-libs ##################################################
openssh ##################################################
openssh-server ##################################################
rusers-server ##################################################
rdate ##################################################
logrotate ##################################################
ntp ##################################################
pciutils ##################################################
strace ##################################################
sendmail ##################################################
iproute2 ##################################################
libxml2 ##################################################
fss ##################################################
warning: /etc/fabos/rbac/dynamic created as /etc/fabos/rbac/dynamic.rpmnew
fabos-setup ##################################################
fabos-drivers ##################################################
fabos-libs ##################################################
fabos-diag ##################################################
fabos ##################################################
fabos-daemons ##################################################
fabos-zoning ##################################################
sqlite ##################################################
dhcpcd ##################################################
dhclient ##################################################
fabos-vf ##################################################
fabos-hmon ##################################################
fabos-wwnhs ##################################################
fabos-man ##################################################
fabos-swbd71 ##################################################
apache ##################################################
fastcgi ##################################################
fabos-webtools ##################################################
fabos-webtoolsez ##################################################
tz ##################################################
mtracer-tool ##################################################
sysstat ##################################################
prom-440epx ##################################################
Please avoid powering off the system during prom update.
ipv6 ##################################################
awk ##################################################
ipsec ##################################################
Removing unneeded files, please wait ...
Finished removing unneeded files.


All packages have been downloaded successfully.
Firmware has been downloaded to the secondary partition of the switch.

Issue a “firmwarecommit” to apply the update. The switch will reboot for this. After the reboot check if the update went okay:
[jeffrey@e7440 ~]$ telnet 192.168.0.199
Trying 192.168.0.199...
Connected to 192.168.0.199.
Escape character is '^]'.


Fabric OS (sw1)
Fabos Version 7.2.1g

And the last step, from v7.2.1g to v7.4.1c:
sw1:admin> firmwaredownload -s
Server Name or IP Address: 192.168.0.75
User Name: jeffrey
File Name: v7.4.1c
Network Protocol(1-auto-select, 2-FTP, 3-SCP, 4-SFTP) [1]: 3
Verifying if the public key authentication is available.Please wait ...
The public key authentication is not available.
Password:
Do Auto-Commit after Reboot [Y]:
Reboot system after download [N]: Y
Server IP: 192.168.0.75, Protocol IPv4
Checking system settings for firmwaredownload...
WARNING: Fabric Watch is discontinued in FOS 7.4 and will not run after firmware upgrade. To continue with monitoring capability, it is recommended to migrate to MAPS prior to firmware upgrade. Users can convert existing Fabric Watch thresholds into MAPS policies by using "mapsConfig --fwconvert" CLI command and continue monitoring with the same settings. Fabric Watch thresholds cannot be converted to MAPS policies after firmware upgrade. Please refer to MAPS Administrator's Guide for further information.
System settings check passed.


You are running firmwaredownload with auto-reboot and auto-commit enabled. After the firmware is downloaded the system will reboot and commit firmware automatically.


Do you want to continue (Y/N) [Y]:
Firmware is being downloaded to the switch. This step may take up to 30 minutes.
Preparing for firmwaredownload...
Start to install packages...
dir ##################################################
ldconfig ##################################################
glibc ##################################################
glibc-linuxthreads ##################################################
bash ##################################################
readline ##################################################
terminfo ##################################################
termcap ##################################################
vixie-cron ##################################################
fileutils ##################################################
textutils ##################################################
warning: /etc/group created as /etc/group.rpmnew
warning: /etc/passwd created as /etc/passwd.rpmnew
setup ##################################################
warning: /etc/hosts created as /etc/hosts.rpmnew
swbd12-setup ##################################################
which ##################################################
findutils ##################################################
bzip ##################################################
zlib ##################################################
chkconfig ##################################################
sed ##################################################
procps ##################################################
psmisc ##################################################
modutils ##################################################
sin ##################################################
rcinit ##################################################
misc ##################################################
pam ##################################################
util-linux ##################################################
sh-utils ##################################################
popt ##################################################
grep ##################################################
rpm ##################################################
sysvinit ##################################################
man ##################################################
less ##################################################
gzip ##################################################
tar ##################################################
rsync ##################################################
uuid-libs ##################################################
e2fsprogs ##################################################
cpio ##################################################
dev ##################################################
bootenv ##################################################
wdtd ##################################################
fwdl ##################################################
telnet-server ##################################################
kernel ##################################################
kernel-module-usb ##################################################
swbd21-drivers ##################################################
sysklogd ##################################################
syslog-ng ##################################################
getty ##################################################
net-tools ##################################################
uucp ##################################################
portmap ##################################################
inetd ##################################################
iptables ##################################################
tcpd ##################################################
rsh-server ##################################################
rsh ##################################################
openssl-libs ##################################################
openssh ##################################################
warning: /etc/sshd_config saved as /etc/sshd_config.rpmsave
openssh-server ##################################################
rusers-server ##################################################
rdate ##################################################
logrotate ##################################################
ntp ##################################################
pciutils ##################################################
strace ##################################################
sendmail ##################################################
iproute2 ##################################################
libxml2 ##################################################
fss ##################################################
warning: /etc/fabos/rbac/dynamic created as /etc/fabos/rbac/dynamic.rpmnew
fabos-setup ##################################################
fabos-drivers ##################################################
fabos-libs ##################################################
fabos-diag ##################################################
fabos ##################################################
fabos-daemons ##################################################
fabos-zoning ##################################################
sqlite ##################################################
dhcpcd ##################################################
dhclient ##################################################
fabos-vf ##################################################
fabos-hmon ##################################################
fabos-wwnhs ##################################################
fabos-man ##################################################
fabos-swbd71 ##################################################
apache ##################################################
fastcgi ##################################################
fabos-webtools ##################################################
fabos-webtoolsez ##################################################
tz ##################################################
mtracer-tool ##################################################
sysstat ##################################################
prom-440epx ##################################################
Please avoid powering off the system during prom update.
ipv6 ##################################################
awk ##################################################
ipsec ##################################################
hss-diag ##################################################
Removing unneeded files, please wait ...
Finished removing unneeded files.


INFO: Ciphersuite change on switch
HTTPS ciphers will be modified to be compatible with new firmware version
creating the old storage file
All packages have been downloaded successfully.
Firmware has been downloaded to the secondary partition of the switch.


Broadcast message from root (pts/0) Mon May 23 15:49:45 2016...


The system is going down for reboot NOW !!
Connection closed by foreign host.

After a couple of minutes, log back in to see if the update went okay:
[jeffrey@e7440 ~]$ telnet 192.168.0.199
Trying 192.168.0.199...
Connected to 192.168.0.199.
Escape character is '^]'.


Fabric OS (sw1)
Fabos Version 7.4.1c


Fix the PHP Fatal: [ionCube Loader] issue on DirectAdmin

 - 

directadmin
When updating / recompiling PHP with Custombuild on a DirectAdmin server I sometimes see that Apache seems to start, but immediately crashes due to errors regarding ionCube. You don’t see the error when restarting Apache for exaple, but checking the logs or listing the installed PHP modules results in the following error:

[root@server]# php -m
PHP Fatal error: [ionCube Loader] The Loader must appear as the first entry in the php.ini file in Unknown on line 0

I mostly see this behaviour on servers running CentOS and the first thing that I did was locating all php.ini files and remove all ioncube references from these configs. Unfortunately that didn’t work out and the error persists. Upon some internet searching I found out that the issue is caused by the internal “php.ini” that DirectAdmin itself uses. That file is called “directadmin.ini” and is located in:
/usr/local/lib/php.conf.d/10-directadmin.ini

I’ve removed the ioncube loader reference from the config and Apache could start and continue to work again.

This is a rather small post compared to the ones I normally publish, since this is a easy fix I wanted it to keep it as simple as possible hoping it will help others.


Updating IPMI firmware on a SuperMicro server

 - 

Super_Micro_Computer_Logo.svgLast week we moved to a new office building and a old SuperMicro server popped up. In particular a SuperMicro X8DTL-IF in a 936A-R1200B chassis. It’s a rather old server now, but since I want to use this machine for SAN-like testing and purposes it comes in handy for me! In the past this machine was used as a big storage box containing backupdata and never received system maintance like BIOS updates for example. So upon examining the unit I found out that it was running the stock firmwares that were present at the time of delivery so the IPMI firmware running is version 02.02 whereas the current version is 03.13. In this post I will explain how to update the IPMI firmware on this mainboard using the webinterface.

Management interface:
The machine has a management network interface which works by using IPMI. The management interface can be reached via the webbrowser if you browse to it’s assigned IP-address. Even when the machine itself is powered off (but connected to mains) the management interface is accessible and allows you to perform several maintance related tasks like remote power management, KVM and console redirection. If you access it via the browser a login screen like below appears:
Screenshot_20160606_113508
The default username is ADMIN and the password is ADMIN.

Checking the IPMI firmware version:
Once logged in to the interface go to System -> System Information and the following information should be displayed (version numbers may vary):
Screenshot_20160606_114158

Getting the IPMI firmware update:
I cannot give downloads for this as this is updated regularly and may vary per board used. Please navigate to the SuperMicro website and browse to the board that you use. On the specitications page go to “IPMI Firmware” link. You should end up with a .ZIP file containing a .bin file. Extract that to a convenient place.

Updating the IPMI firmware:
The update process is pretty straight-forward. In the web interface go to Maintenance -> Firmware update. On the page that shows up you will need to enable update mode by clicking the Enter Update Mode and confirm that you want to do so on the popup that shows up.
A file selector button appears, point to the .bin file that is in the downloaded .ZIP file and select the Upload file button. Once the file is uploaded a confirmation screen appears which shows the current running version and the newly installing version:
Screenshot_20160606_120648
If you want your current settings to be preserved, leave the checkbox ticked. Not ticking the box will reset all settings to factory defaults.

Click on the Start Upgrade button to start the upgrade, the progress will be showed after clicking the button:
Screenshot_20160606_121217

When the update is finished the management interface will reboot and you will return back to the login screen.

Checking the new installed firmware:
Log back in to the web interface to check if the firmware was installed successfully, go to System -> System Information to check the new version. In this case the upgrade has succeeded:
Screenshot_20160606_121646


Install Composer on Ubuntu 14.04

 - 

logo-composer-transparentI run a newsgroup indexer privately which has switched to Composer for managing PHP dependencies. As Composer is not in the default Ubuntu 14.04 repositories I had to install it manually. This is a really simple process, but since I had to search a while for this I wanted to spend a small post about it. You will need root (or an account that can sudo) in order to install Composer.

Instaling the requirements:
For Composer to work, some dependencies need to be installed if they are not installed already:
apt-get update
apt-get install php5-cli git curl

Install Composer:
Now we need to download and put the Composer binary into place. Here we will install it directly to /usr/local/bin/:
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

Testing Composer:
Now that Composer is installed, run the program to see if it outputs it’s help file:
composer
Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted
______
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
Composer version 1.1.2 2016-05-31 19:48:11

Usage:
command [options] [arguments]

Options:
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
--profile Display timing and memory usage information
--no-plugins Whether to disable plugins.
-d, --working-dir=WORKING-DIR If specified, use the given directory as working directory.
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:
about Short information about Composer
archive Create an archive of this composer package
browse Opens the package's repository URL or homepage in your browser.
clear-cache Clears composer's internal package cache.
clearcache Clears composer's internal package cache.
config Set config options
create-project Create new project from a package into given directory.
depends Shows which packages cause the given package to be installed
diagnose Diagnoses the system to identify common errors.
dump-autoload Dumps the autoloader
dumpautoload Dumps the autoloader
exec Execute a vendored binary/script
global Allows running commands in the global composer dir ($COMPOSER_HOME).
help Displays help for a command
home Opens the package's repository URL or homepage in your browser.
info Show information about packages
init Creates a basic composer.json file in current directory.
install Installs the project dependencies from the composer.lock file if present, or falls back on the composer.json.
licenses Show information about licenses of dependencies
list Lists commands
outdated Shows a list of installed packages that have updates available, including their latest version.
prohibits Shows which packages prevent the given package from being installed
remove Removes a package from the require or require-dev
require Adds required packages to your composer.json and installs them
run-script Run the scripts defined in composer.json.
search Search for packages
self-update Updates composer.phar to the latest version.
selfupdate Updates composer.phar to the latest version.
show Show information about packages
status Show a list of locally modified packages
suggests Show package suggestions
update Updates your dependencies to the latest version according to composer.json, and updates the composer.lock file.
validate Validates a composer.json and composer.lock
why Shows which packages cause the given package to be installed
why-not Shows which packages prevent the given package from being installed

That’s it!

In Server

Upgrading MySQL from the commandline on a cPanel server

 - 

cpanel_logo
Recently I had to upgrade MySQL on a cPanel server. Although this can be easily done from within WHM itself I wanted to perform this from the commandline as that is more my way of working. The documentation on upgrading MySQL from the commandline on a cPanel server is not easily found, that’s why I want to share these instructions here.

Important notice:
Be aware that after upgrading MySQL you need to recompile PHP as well if you want the MySQL extension to work with the upgraded MySQL version. The recompile of PHP can be done using the EasyApache option from within WHM or /scripts/easyapache.

Changing the cPanel configuration file:
In order to upgrade MySQL we need to alter the cPanel configuration file. Log in via SSH as the root user and open the following configuration file:
vim /var/cpanel/cpanel.config

Search for the line starting with:
mysql-version=

In my case the server was running MySQL 5.5, so the line looked like this:
mysql-version=5.5

I want to upgrade to MySQL 5.6, so change the line to (for this example):
mysql-version=5.6

Save the changes.

Upgrading MySQL:
Since the configuration is changed, we need to make sure cPanel sees the change and downloads the correct RPM’s for MySQL and install it. Run the following command (the output of the command is underneath it):
/scripts/check_cpanel_rpms
[2016-06-01 10:26:01 +0200]
[2016-06-01 10:26:01 +0200] Problems were detected with cPanel-provided files which are RPM controlled.
[2016-06-01 10:26:01 +0200] If you did not make these changes intentionally, you can correct them by running:
[2016-06-01 10:26:01 +0200]
[2016-06-01 10:26:01 +0200] > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
[2016-06-01 10:26:01 +0200] The following RPMs are missing from your system:
[2016-06-01 10:26:01 +0200] MySQL56-client-5.6.30-1.cp1156
[2016-06-01 10:26:01 +0200] MySQL56-devel-5.6.30-1.cp1156
[2016-06-01 10:26:01 +0200] MySQL56-server-5.6.30-1.cp1156
[2016-06-01 10:26:01 +0200] MySQL56-shared-5.6.30-1.cp1156
[2016-06-01 10:26:01 +0200] MySQL56-test-5.6.30-1.cp1156
[2016-06-01 10:26:03 +0200]
[2016-06-01 10:26:03 +0200] The following RPMs are unneeded on your system and should be uninstalled:
[2016-06-01 10:26:03 +0200] MySQL55-client-5.5.49-1.cp1156
[2016-06-01 10:26:03 +0200] MySQL55-devel-5.5.49-1.cp1156
[2016-06-01 10:26:03 +0200] MySQL55-server-5.5.49-1.cp1156
[2016-06-01 10:26:03 +0200] MySQL55-shared-5.5.49-1.cp1156
[2016-06-01 10:26:03 +0200] MySQL55-test-5.5.49-1.cp1156
Do you want to repair these RPMs?(y/n):

It’s wise to check the versions above before performing the upgrade, make sure that the new version matches the one you set and that the old version is the version you are currently running. If everything is correct we can start the upgrade by saying yes here and the upgrade will start:

y
[2016-06-01 10:51:49 +0200] Removing 0 broken rpms:
[2016-06-01 10:51:49 +0200] rpm: no packages given for erase
[2016-06-01 10:51:50 +0200] Downloading http://httpupdate.cpanel.net/RPM/11.56/centos/6/x86_64/rpm.sha512
[2016-06-01 10:51:50 +0200] Successfully verified signature for cpanel (key types: release).
[2016-06-01 10:51:50 +0200] Downloading http://httpupdate.cpanel.net/RPM/11.56/centos/6/x86_64/MySQL56-shared-5.6.30-1.cp1156.x86_64.rpm
[2016-06-01 10:51:50 +0200] Downloading http://httpupdate.cpanel.net/RPM/11.56/centos/6/x86_64/MySQL56-server-5.6.30-1.cp1156.x86_64.rpm
[2016-06-01 10:51:51 +0200] Downloading http://httpupdate.cpanel.net/RPM/11.56/centos/6/x86_64/MySQL56-client-5.6.30-1.cp1156.x86_64.rpm
[2016-06-01 10:51:51 +0200] Downloading http://httpupdate.cpanel.net/RPM/11.56/centos/6/x86_64/MySQL56-devel-5.6.30-1.cp1156.x86_64.rpm
[2016-06-01 10:51:51 +0200] Downloading http://httpupdate.cpanel.net/RPM/11.56/centos/6/x86_64/MySQL56-test-5.6.30-1.cp1156.x86_64.rpm
[2016-06-01 10:51:52 +0200] Disabling service monitoring.
[2016-06-01 10:51:57 +0200] Hooks system enabled.
[2016-06-01 10:51:57 +0200] Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed
[2016-06-01 10:51:57 +0200] All required 'pre' hooks have been run
[2016-06-01 10:51:58 +0200] Uninstalling unneeded rpms: MySQL55-server MySQL55-devel MySQL55-test MySQL55-shared MySQL55-client
[2016-06-01 10:52:22 +0200] Installing new rpms: MySQL56-client-5.6.30-1.cp1156.x86_64.rpm MySQL56-devel-5.6.30-1.cp1156.x86_64.rpm MySQL56-server-5.6.30-1.cp1156.x86_64.rpm MySQL56-shared-5.6.30-1.cp1156.x86_64.rpm MySQL56-test-5.6.30-1.cp1156.x86_64.rpm
[2016-06-01 10:52:22 +0200] Preparing packages for installation...
[2016-06-01 10:52:23 +0200] MySQL56-client-5.6.30-1.cp1156
[2016-06-01 10:52:23 +0200] MySQL56-test-5.6.30-1.cp1156
[2016-06-01 10:52:30 +0200] MySQL56-devel-5.6.30-1.cp1156
[2016-06-01 10:52:30 +0200] Giving mysqld 5 seconds to exit nicely
[2016-06-01 10:52:36 +0200] MySQL56-server-5.6.30-1.cp1156
[2016-06-01 10:52:57 +0200] Waiting for “mysql” to start ……waiting for “mysql” to initialize ………finished.
[2016-06-01 10:52:57 +0200]
[2016-06-01 10:52:57 +0200] Startup Log
[2016-06-01 10:52:57 +0200] Starting MySQL..... SUCCESS!
[2016-06-01 10:52:57 +0200]
[2016-06-01 10:52:57 +0200] Log Messages
[2016-06-01 10:52:57 +0200] 2016-06-01 10:52:56 30359 [Note] /usr/sbin/mysqld: ready for connections.
[2016-06-01 10:52:57 +0200]
[2016-06-01 10:52:57 +0200] mysql started successfully.
[2016-06-01 10:55:44 +0200] Looking for 'mysql' as: /usr/bin/mysql
[2016-06-01 10:55:44 +0200] Looking for 'mysqlcheck' as: /usr/bin/mysqlcheck
[2016-06-01 10:55:44 +0200] Running 'mysqlcheck with default connection arguments
[2016-06-01 10:55:44 +0200] Running 'mysqlcheck with default connection arguments
[2016-06-01 10:55:44 +0200] mysql.columns_priv OK
[2016-06-01 10:55:44 +0200] mysql.db OK
[2016-06-01 10:55:44 +0200] mysql.event OK
[2016-06-01 10:55:44 +0200] mysql.func OK
[2016-06-01 10:55:44 +0200] mysql.general_log OK
[2016-06-01 10:55:44 +0200] mysql.help_category OK
[2016-06-01 10:55:44 +0200] mysql.help_keyword OK
[2016-06-01 10:55:44 +0200] mysql.help_relation OK
[2016-06-01 10:55:44 +0200] mysql.help_topic OK
[2016-06-01 10:55:44 +0200] mysql.host OK
[2016-06-01 10:55:44 +0200] mysql.ndb_binlog_index OK
[2016-06-01 10:55:44 +0200] mysql.plugin OK
[2016-06-01 10:55:44 +0200] mysql.proc OK
[2016-06-01 10:55:44 +0200] mysql.procs_priv OK
[2016-06-01 10:55:44 +0200] mysql.proxies_priv OK
[2016-06-01 10:55:44 +0200] mysql.servers OK
[2016-06-01 10:55:44 +0200] mysql.slow_log OK
[2016-06-01 10:55:44 +0200] mysql.tables_priv OK
[2016-06-01 10:55:44 +0200] mysql.time_zone OK
[2016-06-01 10:55:44 +0200] mysql.time_zone_leap_second OK
[2016-06-01 10:55:44 +0200] mysql.time_zone_name OK
[2016-06-01 10:55:44 +0200] mysql.time_zone_transition OK
[2016-06-01 10:55:44 +0200] mysql.time_zone_transition_type OK
[2016-06-01 10:55:44 +0200] mysql.user OK
[2016-06-01 10:55:44 +0200] Running 'mysql_fix_privilege_tables'...
[2016-06-01 10:55:44 +0200] Running 'mysqlcheck with default connection arguments
[2016-06-01 10:55:44 +0200] Running 'mysqlcheck with default connection arguments
SNIP:long output of MySQL repair:SNIP
[2016-06-01 10:55:44 +0200] OK
[2016-06-01 10:55:46 +0200] The 'mysql' service passed the check.
[2016-06-01 10:55:46 +0200] The 'mysql' service passed the check.
[2016-06-01 10:55:52 +0200] Starting MySQL SUCCESS!
[2016-06-01 10:55:52 +0200] Checking MySQL server status after update
[2016-06-01 10:55:52 +0200] The 'mysql' service passed the check.
[2016-06-01 10:55:52 +0200] SUCCESS! MySQL running (30359)
[2016-06-01 10:55:52 +0200] MySQL56-shared-5.6.30-1.cp1156
[2016-06-01 10:55:52 +0200] Hooks system enabled.
[2016-06-01 10:55:52 +0200] Checking for and running RPM::Versions 'post' hooks for any RPMs about to be installed
[2016-06-01 10:55:52 +0200] All required 'post' hooks have been run
[2016-06-01 10:55:52 +0200] Restoring service monitoring.

After this you will be left at the commandline again, let’s check if the server is running the new MySQL version:
mysql --version
mysql Ver 14.14 Distrib 5.6.30, for Linux (x86_64) using EditLine wrapper

That’s it!

As said at the beginning of this post, don’t forget to run EasyApache if you want PHP to work with the upgraded version of MySQL!

In cPanel

How to restore the Windows MBR

 - 

Partition-Magic-iconI recently made some changes to my gaming desktop at home which has a 256GB SSD for Windows and a 2-port RAID card with 2 x 2TB disks in RAID0 setup. The RAID setup also holds a small partition for a Linux install and therefore GRUB was installed to the SSD (as this is my primary boot device). As I am phasing out the RAID setup I soon came to the (hard) conclusion that Windows would no longer boot as soon as the RAID card is no longer present in the system. The effect is quite logical as /boot/grub/ resides on the partition containing the Linux install and this is no longer available, so GRUB cannot load it’s core files anymore resulting in a GRUB rescue prompt.

This small post will cover how to restore the MBR (Master Boot Record) from within Windows itself. So in order to complete this process I’ve put the RAID card back into the system so GRUB works for now and was able to boot back into Windows (10 in my case).

Restore the MBR from within Windows 10:
When in Windows, open an elevated commandprompt. You can do this by pressing the Windows-key or clicking on the startmenu icon and type “cmd”. Right-click on the commandprompt icon and let it run as Administrator.

Windows has a tool called “bootsect.exe” which is able to restore the MBR on your disk so it’s bootable again. In my case I want my system drive to have it’s MBR restored, so that’s the C: drive:

bootsect.exe /nt60 c: /mbr

A small explanation on the options we supply:

/nt60: this defines the boot installation method. NT60 is used for Windows Vista and above (so including 7, 8, 8.1 and 10) and defines the BOOTMGR method used in these newer versions. There is a option /nt52 which are all Windows versions before Windows Vista (so XP, 2003, 2000 etc) and this defines the older NTLDR method used in these versions.
c: this is the drive letter used. It’s also possible to replace the driveletter for the word “SYS” and Windows will automatically use the system drive.
/mbr: this defines the boot method that is going to be installed to disk, for MBR this is the best option :).

More information about the parameters that you can pass can be found on this Technet article from Microsoft.

If you enter the command you will see some output regarding the partition that is being changed and whether is wat successful or not. In my case it gave an error because the drive being updated is also the system drive and therefore cannot unmount it. It states that the update may have gone wrong but in my case worked as expected. Upon removing the RAID card again and booting from the SSD resulted in a booting Windows 10!

This is a very small and simple post but I had a hard time finding the right information as most methods are based on live CD’s or Windows recovery media and posts found often refer to the older NTLDR method. As they are suitable as well, you will need to have this ready in order to use it. Since I was still able to boot into Windows using a workaround I was able to solve it on the running Windows system itself which is better. Should you not be able to boot into Windows anymore then the live CD’s are the best way to fix your MBR.


Install OPNSense on the Monowall Appliance box

 - 

alixRecently I got my hands on a Monowall Appliance box that’s basically a PC Engines ALIX2 series board with the matching PC Engines case. In my case specifically is a “alix2d13“. This is a small board featuring 3 network ports with a AMD Geode CPU which makes a perfect small home router device. This post will explain how to install OPNSense (a fork of pfSense) on the device. We’ll use OPNSense as it has a way better and much more clear interface (based on Bootstrap) which makes managing the appliance so much easier and more intuitive with almost the same extensive options that pfSense offers.

Specifications:
The specifications for the device are as follows:
CPU: AMD Geode LX800 running at 500MHz (32-bit)
RAM: 256MB DDR
LAN: 3x VIA VT6105M 10/100 RJ-45
USB: 2x USB2 connectors
HDD: Internal CF-card slot
Other: Has serial port for management and installation. Has a free internal USB, I2C, COM and LPC header on-board. Also has a mini-PCI connector for Wi-Fi cards.

A picture of the PCB can be found here.

Prerequisites:
For this post to complete you’ll need some tools and cables, like:
– A compactflash card and capable reader. For the OPNSense image we are using a 4GB CF card is a minimum requirement.
– The OPNsense image. You can download the correct image from this location and will need the nano-i386 version (this is a pre-installed image).
– 2 network cables. One for the LAN and one for the WAN-part.

Connect a network cable to the middle network port as this is the WAN-port to a switch/modem that is able to deliver internet to the device (for updates etc). Connect the 2nd cable to the left port (as seen from the device facing forwards) and connect it to a normal switch or regular PC for managing the Webgui.

Optional:
– A DB-9 serial cable. For communicating with the OPNSense installation a serial cable is needed (not perse). Anything from DB-9 to whatever serial device you have may work. I assume a DB-9 to DB-9 cable will work if you have a PC with a DB-9 connector

Writing the image to the CF-card:
After you’ve downloaded the nano-i386 image we need to extract it, in my case this was:
bzip2 -d OPNsense-16.1-OpenSSL-nano-i386.img.bz2

Now connect your CF-card to your cardreader and look up the device name. On my reader it was the next disk in line: /dev/sdb
We have to write the image using the commandline to the CF-card:
dd if=OPNsense-16.1-OpenSSL-nano-i386.img of=/dev/sdb bs=1M
This may take several minutes to complete and nearly took 10 minutes on my old CF-card. After it’s done writing the image, eject it.

Place the CF-card in your appliance:
Now you have to open up the appliance to install the newly created CF-card. Remove the 2 screws on both sides and lift up the cover. Now remove the 4 screws of the PCB in every corner and lift the mainboard facing the front side up. Remove any installed CF-card and insert the new one. Place the PCB back in it’s casing and place back the screws in the corners. You may also put back the cover and screw the housing screws back again.

Optional: Connect the serial cable:
You may want to connect a serial cable to the appliance in order to see the boot process and be able to log in using the local console. A note on the baud settings for the device is:

BIOS mode: 38400 8N1
Bootloader mode: 9600 8N1
OPNSense/OS mode: 115200 8N1

My best experience was using minicom (freely available) and defaulting the serial settings to 115200 8N1. After that you can change the serial port setup to 9600 8N1 for just that session. If you’ve set this up power up the appliance and some junk (because of a different baudrate of the bios) and soon a bootloader menu will appear with 2 options. Both are OPNSense but I noticed that the default “1” won’t boot on my box and had to choose “2” and press enter. Some junk will appear again. After about 30 seconds exit minicom (Control + A -> Q) and reopen minicom again and press enter. A spinning cursor should appear stating that the device is now actually booting!

The console for booting will look something like below (like was on my box):
data=0x787de8+0x190b08 syms=[0x4+0xfbcc0+0x4+0x19395f]
Booting...
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2015 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.2-RELEASE-p11 #0 82ad3de(stable/16.1): Thu Jan 28 12:52:30 CET 2016
root@sensey32:/usr/obj/usr/src/sys/SMP i386
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: Geode(TM) Integrated Processor by AMD PCS (498.06-MHz 586-class CPU)
Origin="AuthenticAMD" Id=0x5a2 Family=0x5 Model=0xa Stepping=2
Features=0x88a93d
AMD Features=0xc0400000
real memory = 268435456 (256 MB)
avail memory = 226594816 (216 MB)
pnpbios: Bad PnP BIOS data checksum
random device not loaded; using insecure entropy
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc080aaa0, 0) error 1
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc080a940, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc080a9f0, 0) error 1
netmap: loaded module
random: initialized
kbd0 at kbdmux0
module_register_init: MOD_LOAD (vesa, 0xc11d4a10, 0) error 19
K6-family MTRR support enabled (2 registers)
ACPI BIOS Error (bug): A valid RSDP was not found (20150515/tbxfroot-258)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: on motherboard
padlock0: No ACE support.
pcib0 pcibus 0 on motherboard
pci0: on pcib0
pci0: at device 1.2 (no driver attached)
vr0: port 0x1000-0x10ff mem 0xe0000000-0xe00000ff irq 10 at device 9.0 on pci0
vr0: Quirks: 0x2
vr0: Revision: 0x96
miibus0: on vr0
ukphy0: PHY 1 on miibus0
ukphy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
vr0: Ethernet address: 00:0d:b9:1d:36:c4
vr1: port 0x1400-0x14ff mem 0xe0040000-0xe00400ff irq 11 at device 10.0 on pci0
vr1: Quirks: 0x2
vr1: Revision: 0x96
miibus1: on vr1
ukphy1: PHY 1 on miibus1
ukphy1: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
vr1: Ethernet address: 00:0d:b9:1d:36:c5
vr2: port 0x1800-0x18ff mem 0xe0080000-0xe00800ff irq 15 at device 11.0 on pci0
vr2: Quirks: 0x2
vr2: Revision: 0x96
miibus2: on vr2
ukphy2: PHY 1 on miibus2
ukphy2: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
vr2: Ethernet address: 00:0d:b9:1d:36:c6
isab0: port 0x6000-0x6007,0x6100-0x61ff,0x6200-0x623f,0x9d00-0x9d7f,0x9c00-0x9c3f at device 15.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 15.2 on pci0
ata0: at channel 0 on atapci0
ata1: at channel 1 on atapci0
ohci0: mem 0xefffe000-0xefffefff irq 12 at device 15.4 on pci0
usbus0 on ohci0
ehci0: mem 0xefffd000-0xefffdfff irq 12 at device 15.5 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
cpu0 on motherboard
pmtimer0 on isa0
orm0: at iomem 0xe0000-0xea7ff pnpid ORM0000 on isa0
atrtc0: at port 0x70 irq 8 on isa0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: at port 0x40 on isa0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
ppc0: parallel port not found.
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 480Mbps High Speed USB v2.0
ugen0.1: at usbus0
uhub0: on usbus0
ugen1.1: at usbus1
uhub1: on usbus1
ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: ATA-5 device
ada0: Serial Number 7DF70706170700203379
ada0: 100.000MB/s transfers (UDMA5, PIO 512bytes)
ada0: 3811MB (7806960 512 byte sectors: 16H 63S/T 7745C)
ada0: Previously was known as ad0
GEOM_PART: integrity check failed (ada0, MBR)
GEOM_PART: integrity check failed (diskid/DISK-7DF70706170700203379, MBR)
random: unblocking device.
Timecounter "TSC" frequency 498061374 Hz quality 800
Root mount waiting for: usbus1 usbus0
uhub0: 4 ports with 4 removable, self powered
Root mount waiting for: usbus1
uhub1: 4 ports with 4 removable, self powered
Trying to mount root from ufs:/dev/ufs/OPNsense0 [rw,async,noatime]...
WARNING: /tmp/nanobsd.94731 was not properly dismounted
Mounting filesystems...
tunefs: soft updates remains unchanged as enabled
GEOM_PART: integrity check failed (diskid/DISK-7DF70706170700203379, MBR)
tunefs: file system reloaded
camcontrol: subcommand "identify" requires a valid device identifier
WARNING: /tmp/nanobsd.94731 was not properly dismounted
ldconfig: Cannot mmap "/var/run/ld-elf.so.hints": Invalid argument
Updating motd:.
Configuring crash dump device: /dev/null
Setting up memory disks...done.
..ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/ipsec /usr/local/lib/libnet11
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
done.
Starting configd.
Launching the init system... done.
Initializing................... done.
Starting device manager (devd)...done.
Loading configuration...done.
Setting up extended sysctls...done.
Setting timezone...done.
Configuring loopback interface...done.
Starting syslog...done.
Starting Secure Shell Services...done.
Setting up polling defaults...done.
Setting up interfaces microcode...done.
Configuring loopback interface...done.
Creating wireless clone interfaces...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring WAN interface...done.
Configuring LAN interface...done.
Syncing OpenVPN settings...done.
Configuring firewall.....done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting DNS forwarder...done.
Starting NTP time client...done.
Starting DHCP service...done.
Starting DHCPv6 service...done.
Configuring firewall.....done.
Generating RRD graphs...done.
Starting syslog...done.
Starting CRON... done.


*** Welcome to OPNsense 16.1 (i386/OpenSSL) on OPNsense ***


WAN (vr1) -> v4/DHCP4: 10.90.90.140/24
LAN (vr0) -> v4: 192.168.1.1/24


FreeBSD/i386 (OPNsense.localdomain) (ttyu0)


login:

You may login with username “root” and password “opnsense”. If you succeed a menu will be showed:

FreeBSD 10.2-RELEASE-p11 (SMP) #0 82ad3de(stable/16.1): Thu Jan 28 12:52:30 CET 2016

Welcome to FreeBSD!


Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums: https://forums.FreeBSD.org/


Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.


Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout: man hier


Edit /etc/motd to change this login announcement.


0) Logout 7) Ping host
1) Assign Interfaces 8) Shell
2) Set interface(s) IP address 9) pfTop
3) Reset the root password 10) Filter Logs
4) Reset to factory defaults 11) Restart web interface
5) Halt system 12) Upgrade from console
6) Reboot system 13) Restore a configuration


Enter an option:

It’s best to change the root password first by selecting option 8 and issue “passwd”. Enter the new password twice and press Control + D to exit to the menu.

Now we want to update the software to make sure the firewall is up-to-date choose option 12:

Enter an option: 12

This will automatically fetch all available updates, apply them,
and reboot if necessary. Proceed with this action? [y/N]: y


Updating OPNsense repository catalogue...
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
Fetching packagesite.txz: 100% 69 KiB 70.7kB/s 00:01
Processing entries: 100%
OPNsense repository update completed. 233 packages processed.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):


Installed packages to be UPGRADED:
pkg: 1.6.2 -> 1.6.4_2


The process will require 15 KiB more space.
2 MiB to be downloaded.
Fetching pkg-1.6.4_2.txz: 100% 2 MiB 2.5MB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.6.2 to 1.6.4_2...
[1/1] Extracting pkg-1.6.4_2: 100%
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (91 candidates): 100%
Processing candidates (91 candidates): 100%
The following 67 package(s) will be affected (of 0 checked):

A long list of updates will be applied and may take up to 2 hours to complete (on my box). The device will reboot once the update has finished as there is a kernel update applied as well. After that reboot the firewall is up-to-date and the console is not needed anymore.

Updates may also be applied using the web interface and are not bound to the console!

Connecting to the Webgui:
If you’ve connected a network cable to the left port and into a regular PC you should have gotten a DHCP address from the OPNSense box and should be able to browse to “https://192.168.1.1”. The credentials by default are “root” for the username and “opnsense” for the password. The GUI is based on bootstrap and is very responsive and intuitive to use. Screenshots can be found here.

You’ll start the setup wizard if you log in for the first time, it’s best to walk through the steps so you can choose a password, hostname etcetera, this part is done in 2 minutes at most.

Updating using the WebGUI:
If you log in you’ll be left at the Dashboard which gives a small overview on the network status and from there you can check for updates as well. If updates are found you’ll see it there and may click on the link that will appear to update. Mostly it’s first “pkg” whereafter you need to check for updates again as there will be a longer list available. Apply the updates using the “Apply updates” button. You may check the live status for the upgrade in your browser but you may not close the tab or go to a different part of the interface as the update will halt!

Now that updating is finished the appliance is up-to-date and may be used to set up the firewall further.


There are a lot of possibilities with this image as it comes with built-in VPN server support etcetera. One of the nice features is that it can use the cryptoengine that is present in the Geode LX processors. If you login on the Web GUI you may go to “General” -> “Settings” to select the cryptoengine in the dropdown menu for this Geode CPU. The only cipher it accelerates is AES-128CBC and offers a true RNG device for hardware number generating. The cryptoengine can then be used for the OpenVPN server setup if you let it communicate using the AES-128CBC cipher and will decrease the load on the CPU significantly.