Bind 9.10 with GeoIP on Ubuntu 17.04 (Zesty Zapus)

If you want to try the GeoIP with Bind 9.10 article from ISC Ubuntu 17.04 (Zesty Zapus) might be the right Linux distribution for you. It ships with Bind 9.10 including GeoIP support. You just need to apt-get install bind9 and add your configuration. Bonus: you do not need to set the geoip-directory directive, it’s already setup correct. Continue reading “Bind 9.10 with GeoIP on Ubuntu 17.04 (Zesty Zapus)”

Xen 4.6 on Debian Stretch

I wanted to update to a newer Xen-Version, so I decided to upgrade the Debian host system to Stretch (current testing). It contains Xen 4.6 and a newer kernel. First you need to update your /etc/apt/sources.list. Enter this (or choose your local mirror):
deb http://ftp.debian.org/debian/dists/stretch/ stretch main
Perform the upgrade
apt-get update && apt-get upgrade
Check that all packages are updated correct and there are no (non-broken) packages left for update.
Check that you’ve the new Xen hypervisor installed:
apt-get install xen-hypervisor-4.6-amd64 xen-utils-4.6
Check that you get a new 4.x kernel, search for linux-image and install a 4.x one (4.6.0 in my case):
apt-get install linux-image-4.6.0-1-amd64
Make sure the kernel is properly installed, reboot into the new kernel.

Problems?
I had one problem with this. The console did not work:
xl console hostname
xenconsole: Could not open tty `/dev/pts/1': No such file or directory

xenconsole: Could not read tty from store: No such file or directory

Check if the stated device is present:
root@hostname ~ # ls -ld /dev/pts/
5 ptmx

No, it’s not.
Call /usr/lib/xen-4.6/bin/xenconsoled
Now it’s fixed:
root@hostname ~ # ls -ld /dev/pts/*
crw--w---- 1 root tty 136, 0 Jul 19 14:59 /dev1/pts/0
crw--w---- 1 root tty 136, 1 Jul 19 14:59 /dev/pts/1
...

Another day, another systemd problem

Another system upgrade gives me another systemd related problem. I ran apt-get upgrade and got this:

Message from syslogd@euserv at Jun 1 13:03:34 ...
kernel:[8369383.731017] systemd[1]: segfault at 810 ip 000055c743d66456 sp 00007fff5404fa60 error 6 in systemd[55c743cfa000+122000]
Failed to execute operation: Die Verbindung wurde vom Kommunikationspartner zurückgesetzt
Entpacken von udev (215-17+deb8u4) über (215-17+deb8u3) ...
Failed to execute operation: Activation of org.freedesktop.systemd1 timed out
Failed to execute operation: Activation of org.freedesktop.systemd1 timed out
Failed to execute operation: Activation of org.freedesktop.systemd1 timed out
Failed to execute operation: Die Wartezeit für die Verbindung ist abgelaufen
Failed to execute operation: Activation of org.freedesktop.systemd1 timed out

So, first thing is to retry the upgrade. Continue reading “Another day, another systemd problem”

Wired Xen error

I was trying to migrate a VM from an older version of Xen to Xen 4.6. The console did not work after boot, it showed the login prompt, but it was not possible to type. I saw these error messages:

[ 24.684852] genirq: Flags mismatch irq 8. 00000000 (hvc_console) vs. 00000000 (rtc0)
[ 24.684860] hvc_open: request_irq failed with rc -16.

In hvc console not working on 4.4.0 guest I found the workaround to set 2 vpus for the VM. This worked.

Why systemd is not my friend

For a longer period of time I’m using OpenVZ for container virtualization and Xen for (para)virtualization. I wanted to try something new with KVM. I choosed Proxmox 4, which offers KVM and lxc as container solution. After playing around with KVM, I decided to migrate a live container from OpenVZ to Proxmox yesterday. The container has been migrated from one OpenVZ instance to another before and I upgraded from Debian Wheezy to Jessie. That means the container runs systemd before migrating from OpenVZ to Proxmox 4 / lxc. I needed to add three network interfaces to the container to add three IPv4 and three IPv6 adresses for the three services that run on this host. Later the container network died and the problems started. Continue reading “Why systemd is not my friend”

Bootstrap and HTML5 game engines

I found some new stuff that is usefull for Bootstrap and Jekyll:

Text adventures and HTML5 browser games:

Debugging a Nagios Plugin

Recently I needed to change the Nagios plugin that monitors my DNSSEC signed domains. The old plugin sends queries to PowerDNS that it will no longer reply to. I don’t want to patch the plugin, because there are some replacements that I can use: nagval and CHECK_ZONE_RRSIG_EXPIRATION.

The first plugin install worked without problems, but the CHECK_ZONE_RRSIG_EXPIRATION plugin did not work. I just got a Nagios critical without reason. Executing the plugin from the command line worked. Then I needed to learn how to debug Nagios.

First check the debug settings in /etc/nagios3/nagios.cfg and make sure that the debug level is high enough:

debug_file=/var/log/nagios3/nagios.debug
debug_level=24

I forced the next plugin run and found this error message in the debug file:

[1435325317.107438] [016.1] [pid=7464] HOST: zone.example.com, SERVICE: DNSRRSIG, CHECK TYPE: Active, OPTIONS: 1, SCHEDULED: Yes, RESCHEDULE: Yes, EXITED OK: No, RETURN CODE: 3, OUTPUT: **ePN failed to compile /usr/local/bin/check_zone_rrsig_expiration: "Variable "$data" will not stay shared at (eval 12) line 149," at /usr/lib/nagios3/p1.pl line 161.\n

First I did not understand why this error message occured. Then I learned about the embedded Perl interpreter in Nagios. The plugin does not work when run with the embedded Perl interpreter. As a solution, you can disable the embedded Perl interpreter for this plugin by adding a single line at the start of the plugin after the shebang:

#!/usr/bin/perl
# nagios: -epn

Setup your own VPN server

After migrating a VM to OpenVZ I noticed that the VPN server inside of the container no longer worked. I was not able to setup OpenVZ correct to get the VPN working again. So I used a Xen based VM with Ubuntu 12.04 LTS to setup the VPN again. I found a nice tutorial for that: IPSEC/L2TP VPN on Ubuntu 12.04 with OpenSwan, xl2tpd and ppp. The site has also tutorials for Raspberry Pi with Arch Linux ARM, CentOS 7, CentOS 6, Ubuntu 14.04 LTS and other (older) Ubuntu versions.

End-of-the-year review

I had many private and business topics in 2014, but there have been just a few posts in my blog. I worked a lot with OpenVZ virtualization and I’m using it now beside Xen for some virtual machines. I like OpenVZ so far and I’m looking forward to the merge of OpenVZ and Parallels Cloud Server into a single common open source code base.

For the migration of Xen DomUs I needed to move some LVM-Volumes. I learned how to use Bootstrap to create some websites. I learned about using Jekyll for static website generation. I had a look at the Ghost blogging software, but I did not use it for production purpose.

I had no problems with DNSSEC this year. My bind and PowerDNS setups worked all fine. The automated key rollovers with OpenDNSSEC worked too, even with registrar domain update.

Last but not least something that kept me busy in my job: the new gTLDs. I’m looking forward to see what will happen in 2015, e.g. how many domains will be renewed after the first year.

Move LVM logical volume to other server

When using LVM, there will be sooner or later the time when you want to move an existing LVM volume to another server. I used this twice:

dd if=/dev/volumegroupname/logicalvolume bs=4096 | pv | gzip | \
ssh root@example.com 'gzip -d | dd of=/dev/volumegroupname/logicalvolume' bs=4096

Source: Serverfault: Moving a Logical Volume directly from one server to another over the network?

Please check that the required packages are installed, for Debian use this line:

apt-get install coreutils gzip openssh-client pv

For creating a logical volume you can reffer the LVM HOWTO for this or a nice German LVM reference.