Archive

Linux

I recently downloaded the Fedora 21 XFCE4 Alpha iso and used the LiveUSB Creator to write the iso to a USB disk. When I tried to boot the USB image I hit an error I haven’t seen before:

vesamenu.c32: not a COM32 image

The quick fix is pretty simple, but not at all obvious: just provide the kernel and arguments manually:

vmlinuz0 initrd=initrd0.img root=live:CDLABEL=LIVE rootfstype=vfat ro rd.live.image quiet  rhgb rd.luks=0 rd.md=0 rd.dm=0 nomodeset

Just type the above in in the “boot:” prompt (all on one line) and it should boot the image to a desktop. Not sure why this happens but it is Alpha.

As if I expected anything else from a beta release. At least the uninitiated have been warned!

This is unstable, pre-release software,

You wake up inside an OS installer in Timbuktu, and it’s six months in the future. But, there are bugs. Bugs everywhere. Bugs you must live with. This OS of the future isn’t a stable OS you can rely on. It’s for testing purposes only.

f20 anaconda

Fedora 20, Anaconda

In this post I am going to outline the steps I took to create an SFTP server with OpenSSH. My SFTP server had the following characteristics:

  • Each SFTP user is chroot’ed into their own private directory.
  • Each chroot has 2 levels: a private, read-only directory and the user’s home directory where the user can upload files.
  • Users do not have shell access.
  • Users can authenticate via password or public rsa key.

The resulting structure looks like:

/var/sftp/
    user1/    <- User with public key auth
        .ssh/
            authorized_keys
        upload/
    user2/   <- User with password auth
        upload/

Note: I put all of my SFTP chroots into a single directory, I chose “/var/sftp” but you are free to use something else. Also this post assumes that SELinux is disabled, this was fine for my use case but it is really not ideal. Perhaps in a future post I will add instructions for making this work with SELinux.

Create a Group for SFTP Users

Create a group called “sftpusers”, all SFTP users that will be chrooted will use this group. You are free to choose a name other than sftpusers.

# groupadd sftpusers

Update SSHD Config

Next, make the following changes to /etc/ssh/sshd_config.

Replace the line:

Subsystem sftp /usr/libexec/openssh/sftp-server

With this:

Subsystem sftp internal-sftp
Match Group sftpusers
 ChrootDirectory /var/sftp/%u
 ForceCommand internal-sftp

This configuration will force all users with the sftpusers group to be chrooted /var/sftp/<username>

You will need to reload the sshd configuration for this change to take effect:

# service sshd reload

Create a user

Create the user:

# useradd -M -g sftpusers -d /upload -s /sbin/nologin myuser

Create the user’s writable home directory:

# mkdir -p /var/sftp/myuser/upload

Make them the owner and give them write permissions:

# chown myuser:sftpusers /var/sftp/myuser/upload/
# chmod o+w /var/sftp/myuser/upload/

If you are adding a lot of SFTP accounts, you will probably want to script these steps.

Password Authentication

If you want password authentication for this user, create their password now:

# passwd myuser

Now you can test out the SFTP account, if you want to use public key authentication, continue to the next section:

Public Key Authentication

Create a ssh directory for the user:

# mkdir -p /var/sftp/myuser/.ssh
# chmod 700 /var/sftp/myuser/.ssh

Add the public key to “”/var/sftp/myuser/.ssh/authorized_keys” and set the correct permissions

# chown -R myuser /var/sftp/myuser/.ssh
# chmod 600 /var/sftp/myuser/.ssh/authorized_keys

We will need to update the sshd_config file again so that the daemon looks in the correct location for .ssh keys

In “/etc/ssh/sshd_config” change this line:

#AuthorizedKeysFile .ssh/authorized_keys

To this:

AuthorizedKeysFile /var/sftp/%u/.ssh/authorized_keys

Reload the service again and you should be all set:

# service sshd reload

I found Munin much more useful than Nagios for monitoring a single server. This guide will show you how to set up a single Munin instance that generates pretty graphs with cron and is accessible via Munin’s web interface.

Get Munin’s dependencies

You will need EPEL, a webserver (I’ll use Apache here) and some Munin packages.

EPEL Repo:

Get the latest EPEL repo from here and install. example:

# rpm -i http://mirrors.ptd.net/epel/6/i386/epel-release-6-8.noarch.rpm

Munin Packages:

# yum install munin munin-node httpd

Start Munin Service and Enable on boot

# service munin-node start
# service httpd start
# chkconfig munin-node on
# chkconfig httpd on

Configure Web Interface

Setup a user and password to access the web interface.

# htpasswd /etc/munin/munin-htpasswd <INSERT A USER NAME HERE>

Navigate to web interface: http://<server ip>/munin

If you don’t see the UI below, but instead see a directory listing, give Munin a few minutes to generate data. By default it will generate graphs every 5 minutes. I usually edit /etc/cron.d/munin such that graphs are generated every hour as I use it more for historical purposes and if I need immediate insight I just use htop.

munin-overview

Some example graphs:

munin-graphmunin-graph-cpu

Talks I attended at LinuxCon this year.

Day 1 – Monday, September 16

  • DistCI, Continuos Integration at Scale – Heikki Nousianen, F-Secure
  • LXC, Docker, and the Future of Software Delivery – Jerome Petazzoni, dotCloud
  • A Practical Tutorial to Open Sourcing Proprietary Technology – Guy Martin, Samsung
  • Case Study: Doing a LIve Upgrade on Many Thousands of Servers at Google from an Ancient Redhat Distribution to a Recent Debian-Based One – Marc Merline, Google

 

Day 2 – Tuesday, September 17

  • Running MySQL Clusters in the cloud – Max Mether, MySQL AB
  • The Enlightened Toolkit: Development Tips and Tricks to Get You Going – Mike Blumenkrantz, Samsung
  • Build Your Own PaaS, Just Like Red Hat’s OpenShift – Diane Mueller, Red Hat
  • (Tutorial) High Availability Solutions for MySQL and MariaDB – Max Mether, MySQL AB

 

Day 3 – Wednesday, September 18

  • (Tutorial) Cross-Compiling Linux Kernels on x86_64: A Tutorial on How to Get Started – Shuah Khan, Samsung
  • How Platform-as-a-Service Benefits More than Developers – Gordon Haff, Red Hat
  • (Tutorial) Getting Started With OpenStack – Kenneth Hui, Rackspace