[ArchLinux]random MAC-address for new wireless connections

2 minute read

I used to travel more over the past year. Goal was different places: England, Belgian. This means I also have to use untrusted wireless connection.

This leaves a good trace wherever you go. Simply by the fact that the MAC-Address being used every time you do a connection to any wlan. This is often stored, but How long? There are good example where this information is begin havest for money.

Beside, You never know who else listen and might want uses this data. To mitigate this problem I do following: I generate a random mac address for each new connection.

As an ArchLinux user I prefer to use the netctl tool. Within each new connection via a profile[1] with the netctl tool, it will by default source this two files:

/etc/netctl/hooks           # General script that will always be executed
/etc/netctl/interfaces      # Interface related scripts that will start when a profile uses this interface.

So I’ll simply call macchanger for the interface that being use.

The script should be place in /etc/netctl/interfaces/ with the name of the interface. Here wlan0 as example

/etc/netctl/interfaces/wlan0

The content of this file:

#!/usr/bin/env sh
/usr/bin/macchanger -r wlan0

Ensure that it can be executed:

chmod o+x /etc/netctl/interfaces/wlan0

Now whenever you start a profile that will use the wlan0 interface, it will be executing the /etc/netctl/interfaces/wlan0 script additional.

See:

ip link show wlan0 |tail -n1|grep -m1 -E  '.([0-9,a-f]{2})'
 link/ether a2:0d:98:2d:ec:b5 brd ff:ff:ff:ff:ff:ff

New connection - In this case a restart:

netctl restart SomeWlan 
ip link show wlan0 |tail -n1|grep -m1 -E  '.([0-9,a-f]{2})'
 link/ether a2:4e:8d:2f:4a:3c brd ff:ff:ff:ff:ff:ff

Another try:

netctl restart SomeWlan 
ip link show wlan0 |tail -n1|grep -m1 -E  '.([0-9,a-f]{2})'
 link/ether 5a:d4:e5:4c:8f:ad brd ff:ff:ff:ff:ff:ff

You can do the same with the any other interface.

so far 4k3nd0

[1]man netctl.profile

New year

1 minute read

Happy new year everyone!

Sorry for posting so few here, I had some things to do. I know: ‘not enough discipline’

Also not enough time. But I hope to do some more work in the next days. NO, Not new years revolution. Just I’ll work fewer hours. So there will be more time for this blog.

so far and good start into the next year.

Akendo

A OpenWrt sysupgrade trap

2 minute read

So yesterday I upgraded my router to the latest version via Sysupgrade. The upgrade went fine without any problem. But when I tried to login to the router something went wrong. The ssh connection was reseted and closed.

Fuck! logout of my router! Does something wrong with dropbear? No no no… ssh is working fine. Ok check the documenation… what my I have change on the system that seems not be normal? Ah! I installed bash!

Looks like when you do a Sysupgrade on OpenWRT that all installed packages will be lost. Duo my use to bash, I did enable bash as default shell for root within /etc/passwd.

That must be the problem! But after the upgrade the router the bash package was gone. To fix this problem I had to start the router in a failsafe mode. The default shell of OpenWrt is ash or sh (A Shell or Almquist shell). After I enable the failsafe mode, I just had to run mount_root. Then I change the entrie within /etc/passwd back to ash. A reboot later my login was working again. Lucky me

But what I do to get my bash? Simple .profile has been made for this. Here the best solution for this:

[ -x /bin/bash ] && exec /bin/bash

So things to be learned: Don’t try to be smart and re-define system-shells within /etc/passwd/. Use your .profile for this.

fpm+reprepro=Awesome

7 minute read

In the last days I had to work on an out-dated version of etherpad. etherpad is a collaborative editing tool that runs with NodeJS. It’s used a lot for planning or maintenances. I was looking for a good way for deploying this onto different nodes. We had a version running with a MySQL database. So I wanted to migrate this as well. But I had some issue getting a etherpad onto my system deployed.

Problem

The installation was a git managed version (1.15) of etherpad. It was a quick and dirty installation. No init or upstart script was in place. The automatization was left out. It was hosted via nginx as reverse proxy to the NodeJS, but started via nohup with a provided script as normal user. Random crashes were normal. Someone had to go onto the server and start the service again.

I did not want to touch the server. One problem when upgrading: I can’t roll back as easy as I wish when something is going wrong. I need to have a own instance of a VM for it. This should be able to run without any interaction of a person, even when it does go wrong. I also want to extend the current version with some more features.

So my task will to:

  • Make this automatically via puppet
  • Install via puppet it to a own VM.
  • Migrate the databases to this VM.
  • Extend the etherpad with some more useful things.

The creation of the VM is easy as cake. But there are not real packages. This is caused by the fact that the offical website of etherpad is pointing to github master brach zip. But couldn’t find any packages by someone.

fpm

I dislike the deployment via git on a node. Here comes the fpm in place. It allows to create a simple package. deb or rpm, everything is possible. I heared about it on the puppetcamp in Berlin. It’s a ruby script that try to be as easy as possible. You can installed it via gem install or with ArchLinux yaourt ruby-fpm or look at the project site.

Note: I do use rvm to maintain my ruby environments

rvm use ruby-2.1.0
gem install fpm
fpm --version
1.1.0

Make sure that you’re using at least version 1.1.0 or higher. I had some issue when I tired to unpack from a zip with an older version. It was version 0.9.8 (When I do remember right). The project is moving quite fast so make sure that it’s up-to-date. Here an example with the unzip folder:

fpm -s dir\
     -t deb\
     -C /tmp \
     -n etherpad\
     -v '1.4.0-1-gc3a6a23'\
     -m 'Akendo <4k3nd0@gmail.com>'\
     --license 'GPLv3'\
     --url 'http://etherpad.org/'\
     --deb-user etherpad \
     --deb-group etherpad \
     --prefix /opt/ \
     --description 'Etherpad is a highly customizable Open Source online editor providing collaborative editing in really real-time' \
     etherpad-lite

This will generate the package etherpad_1.4.0-1-gc3a6a23_amd64.deb I test it on my vagrant environment. I could use there simply dpkg -i etherpad_1.4.0-1-gc3a6a23_amd64.deb on Ubuntu and Debian. This will install the package to the folder /opt/etherpad.

puppet

I had a look into some puppet module for etherpad a while ago. There wasn’t to much promising. I only found two projects on github. This project seems to do the job in a basic way:

velaluqa/puppet-etherpad

But it had some weaknesses. As said before. It uses the git branch to deploy. git is depending on user input. To checkout or update things. But in most case to resolve merge issues. Doing this via puppet may can overwrite changes I later need.

Beside it doesn’t track the dependency of the module. Further problem was that the module had some mistakes within the template of the settings.json.

The other project on github for etherpad But this is even in a more unusable state as the first one.

So lucky me got at least something.

I started to deploy on Ubuntu 12.04, but it was not working. Wrong packages was installed. Some logical mistakes. I forked and fixed them. Also added a list of the dependency to track them via puppet-librarian. This allowed it to run in my vagrant environment. No one responded every since on my merge request, this is bad. Now I did a review and see that the puppet-code there wasn’t the ‘best’.

So I started to do more rework.

I replace the module for node with a native ppa for Ubuntu to have the latest version of node. This allows to remove more puppet related dependency. But it binds the module more to Ubuntu. PPA seems only to work with Ubuntu.

Things will be done more clearly. But how do I get my self build package to the VM?

Reprepro

A colleague of mine, was working on another project showing me this neat software. It allows me to create a simple debian repository with any package I want. On the puppet camp there was this recommendation to host your packages called bintray But I need to be able to place this on a local mirror without Internet connection. reprepro allows me to deploy this everywhere I need to.

In the Debian wiki you can find a simple how-to, to build a simple repository that will be then hosted with Apache. I followed the process as explained on the wiki and found it and made a proof of concept. When I was done I could add this repository to the /etc/apt/sources.list.d/ on my test VM.

The steps for this a quite simple. On a Debian based system do installed it via apt-get install reprepro or in Archlinux via yaourt reprepro.

You then need to have a GPG key that will sign the package. Then you create a folder structurer:

cd wished/place/to/create
mkdir -p ./repos/apt/debian/conf

Then you create a distributions files. This contains configuration for the package of what version of different distributions you’re going to host with this package. For the moment I’ll only support Ubuntu 12.04. Simple for the target system.

Origin: Your project name
Label: Your project name
Codename: <osrelease>
Architectures: i386 amd64
Components: main
Description: Apt repository for project x
SignWith: <key-id>

The SignWith is your keyid

Then you need to create a file for reprepro to get options from. Edit the file ./repos/apt/debian/conf/options with following content:

verbose
basedir /var/www/repos/apt/debian
ask-passphrase

Now you can create the files for the with the debian package:

reprepro includedeb precise etherpad-lite_1.4.0-1-gc3a6a23_amd64.deb

This will create follwing folders:

ls
conf    db  dists  pool

When you did follow the way of the debian wiki the current folder would be hosted via apache webserver. This URL will then add to the /etc/apt/sources.list.d/ like this:

cat /etc/apt/sources.list.d/etherpad-lite.list
# etherpad-lite
deb http://192.168.200.201 precise main

Deploy

Let put this together. I’ll use nginx for my repository.

When you’re using the local reprepro folder you have to deny the access to all other files. Only dists/ and pool/. I create the repository on my local Laptop and then deploy it to a web server.

This is my PoC nginx configuration file:

server {
  listen 192.168.200.201:80;

  access_log /var/log/nginx/packages-access.log;
  error_log /var/log/nginx/packages-error.log;I

  location / {
    root /var/www/reprepro/debian;
    index index.html;
  }
}

What’s left is to do, sync the file from reprepro to my test vm.

rsync -rauvPh dists pool 192.168.56.201:/var/www/reprepro/

I host this package also via apt.akendo.eu/etherpad. I’ll create some more package in the further.

Remarks

The current way this packages are build and maintenance is very simple. I don’t have that much understanding of what fpm is and is not able to do. Debian packages are very powerful and allow to configure main elements. This package is quite simple and only place a folder with correct permission within the system.

There are no dependency marked or anything. This will be more work to do. This works as long you use this package with puppet, but it can not work well without. I have also some thing to do: Remove git folders from the package.

This package can be tested via my vagrant project

Update

I updated my vagrant environment you can test this etherpad via:

git clone git@github.com:Akendo/vagrant-skel.git -b etherpad-lite
cd vagrant-skel/
librarian-puppet install
vagrant up

Have fun.

30C3 Torrents

1 minute read

I was on the 30C3, but this year I wasn’t able to find the torrent in a esay way. So I created a small script in python to download this from the.

You can download the torrent form the here:

I’ll update the script later so you can download it on your own. The webm isn’t completed duo some connection issue or bug in my script.I have to fix this issue.

update: I fix the issue, the torrents are now completed.

KDE4 - Simple KScreensaver using custom background image

1 minute read

"Standart background...ugly"

For the beauty of a system you can placed your current background for your Kscreensaver instead of the default.

KDE is by default not able to changes this for the ‘Simple Lock’, see in this[1] open bug for more Info.

But there is a a small workaround for this[2][3].

Change into the /usr/share/apps/ksmserver/screenlocker/org.kde.passworddialog/contents/ui/ directory and edit the main.qml with your editor of your choice.

Create a backup of this file,

cp main.qml main.qml.baku

then edit on the line 45 and replace:

- source: theme.wallpaperPathForSize(parent.width, parent.height)
+ source: "1920x1080.jpg"

Now you copy your current background image to "1920x1080.jpg".

"Standart Backgroud gone ...yeay!"

Note you have to redo this for each update of the package “kdebase-workspace”.

Links:

[1] https://bugs.kde.org/show_bug.cgi?id=312828

[2] http://lists.opensuse.org/opensuse-kde/2013-02/msg00082.html

[3] http://forum.kde.org/viewtopic.php?f=66&t=110039

[4] https://wiki.archlinux.org/index.php/KDE#Setting_the_screensaver_background_to_the_same_as_the_current_one

My work with Puppet

3 minute read

So I have been busy in the past weeks. I’m currently working a lots with OpenStack and Ceph. This Post is about some issue I found inside the puppet-ceph module, further I forked it and solved it. More here osd::devices allow working on dmcrypt block devices.

Lets get start:

When you want to run Ceph, there different ways to handle this. Inktank provide a tool called ceph-deploy. It’s in python develop software, but this is no option for environment that has to work automatically. We did run into some bugs and in the next moment the disk were messed up.

Beside, how do this work when you want to scale. We’re using puppet fo this. So we’re need some good modules.

Some days ago the puppet-ceph module was finish. So I started to work with this. The basic module were quite fine, but for our Dtagcloud environment we did need some extra.

For this I created, with some help a dmcrypt module.(I’ll release it at some point later)

I did a test with the Vagrant environment. A small trip with vagrant on kvm. Vagrant is great, but in my option the biggest issue is Virtualbox. For a Linux use it’s hard to work with it. KVM is more efficient in sense of Virutalzation. It would accelerate the work quite a lot. But I’m no ruby guy. To get it running it will take some more, I’m looking forward to it!

Back to puppet-ceph

The basic integration works fine. I build up a basic site.pp that include all what I need. I add a second disk and did encrypt it.

Here kick the issue in.

Error: mkfs.xfs -f -d agcount=1 -l size=1024m -n size=64k /dev/mapper/osd-0 returned 1 instead of one of [0] Error: /Stage[main]/Dtagcloud::Osd/Ceph::Osd::Device[/dev/mapper/osd-0]/Exec[mkfs_OSD-0]/returns: change from notrun to 0 failed: mkfs.xfs -f -d agcount=1 -l size=1024m -n size=64k /dev/mapper/OSD-01 returned 1 instead of one of [0]

Wait what happens here? I look into the Code and saw this:

exec { “mktablegpt${devname}”: command => “parted -a optimal –script ${name} mktable gpt”, unless => “parted –script ${name} print|grep -sq ‘Partition Table: gpt’“, require => Package[‘parted’] }

exec { “mkpart_${devname}”: command => “parted -a optimal -s ${name} mkpart ceph 0% 100%”, unless => “parted ${name} print | egrep ‘^ 1.*ceph$‘“, require => [Package[‘parted’], Exec[“mktablegpt${devname}“]] }

exec { “mkfs_${devname}”: command => “mkfs.xfs -f -d agcount=${::processorcount} -l
size=1024m -n size=64k ${name}1”, unless => “xfsadmin -l ${name}1”, require => [Package[‘xfsprogs’], Exec[“mkpart${devname}“]], }

That’s interesting, first of all that there generating this disk and then assum that the first partition is always called DEVICESn. This isn’t working for dmcrypt devices.

Why? Simple: We’re creating a partition layout on top of a encrypted devices. Sure you could handle this way. The better way would be to create the partition before the encryption.

But here a small issue with this: For what? When running with a Ceph OSD, the disk will be all ocopuity. Partition tables are logiscal separtion of disks. There is no need for this here.

When dmcrypt has a partition table with a logical paration on it. The disk will be address as /dev/mapper/OSD-0p1

The Code add a 1 to each disk related command.

device => “${name}1”,

That’s bad. For the moment the solution was to commenced the code and keep going. I’ll building parameter to allow everyone to handle this by them self.

But what’s that? Still not working?

So the nest issue is here:

Puppet does convert names internal. What? Wait don’t we’re in 2013? So lets so more detail about this:

ceph::osd::device { “/dev/mapper/OSD-${id}”: }

My goal was to highlight for Administrator the mounted disk with uppercase. Puppet export this to the facter only lowercase. There is the 1

http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#resource-references

Summery:

Sources: [clug] Accessing partitions on loop devices

Useful find cmd

1 minute read

This command allows me to get the md5sum of all files inside of a folder. I did run it on two system with almost the same content inside some folder.

On Host A: root@A: find . -type f 2>/dev/null -exec md5sum {} \; >listA.

On Host B:

root@B: find .  -type f   2>/dev/null  -exec md5sum {} \; >listB.txt

I get it on my localsystem via scp. Then I run a diff between the both to see where are the differences. the -y makes it look more clear.

diff -y listA.txt listB.txt

so far

4k3nd0

Bash get md5sum of all files in a folder - stackoverflow

[ArchLinux]pacman dead lock

1 minute read

There is since some days a problem with a pacman. I just saw this post on Google+ Maybe this as an addtional link to the ArchLinux froum

For me did a remove of the packages package-query and pacman-color it.

sudo pacman -Rdd package-query
sudo pacman -Rdd pacman-color

Update: An upgrade from yaourt to the latest version seem to fix the problem

so far Akendo

Update of My Blog 3

2 minute read

Status

I updated some days ago my blog. I migrated to Octopress, an awesome tool that allows me to write my Blog inside of markdown. My main problem was that Wordpress had become to fat, at some point I started to drop off everything from the server that I didn’t need. But still Apache went into “out of memory” problems. Connections was failing. Duo an outdated kernel version (which i can’t control) there is no OOM and at some point I wasn’t able to login to the server. The only solution was to reboot.

To prevent problem like this i moved to Nginx, but Wordpress don’t work to well with this. Apache owns a nice module for PHP, what is missing for the Nginx. The solution here is to run with a fastcgi that will hosted on the localhost. Nginx just forwarding the requests to the fastcgi socket.

After this my web service took lesser memory but the fastcgi had now everything in use. I could save some memory (around 100Mb). Beside that Wordpress needs a MySQL Databases. What doesn’t makes me to happy.

Original Django was the Framework of my choice, but duo missing time and skills I wasn’t able to make a blog there.

Installation

For the Server it’s quite simple, I’m using a the normal webserver.

The “client” where I write and generate the actucaly entrys. I followed the documection from octopress for the setup here.

Note: There is a bug inside of Gentoo, what will cause the rbenv to start correctly, this will be fix by running: unset RUBYOPT.

rake generate
/home/akendo/.rbenv/versions/1.9.3-p194/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- auto_gem (LoadError)
from /home/akendo/.rbenv/versions/1.9.3-p194/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'

Migration

For my blog

Work flow

First

Then I write my entry, to check that the md is looking fine I’m checking this on with this online convert

Deploy

Summery

The Webserver now only needs 50 Mb of Memeroy, I don’t have to use PHP or MySQL and I do save 900 Mb of Memory. Awesome! I’m not very use to blogging like this, but it make me happy.

so far 4k3nd0