advert

Monday, 20 December 2010

BIND9 error: dumping master file: slave/tmp-XN31Wp2BeK: open: file not found

Problem: BIND9 error: dumping master file: slave/tmp-XN31Wp2BeK: open: file not found


Introduction:
BIND is by far the most widely used DNS software on the Internet. It provides a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.
BIND is available for free download under the terms of the ISC License, a BSD style license.
In FreeBSD, the BIND daemon is called named.

Secondary - slave name Server.
The purpose of a slave name server is to share the load with the master server, or handle the entire load if the master server is down. A slave name server loads its data over the network from another name server, usually the master name server, but it can load from another slave name server too. This process is called a zone transfer.


The purpose of this article is to clarify the problem in a standard installation.
A slave DNS server after setup wasn't able to transfer a zone file while I used working config file from another FreeBSD box.


Prerequisites:
Upgrade of all related packages from fresh ports and installed (reinstalled base) BIND.

Check points:

1 - check master (authoritative) name server
Enable the master for transfer and notify zone for your slave server.
edit master /etc/namedb/named.conf

2 - check the zone information is transferred
Check if the slave name server will have the transferred zone information and will be able to serve it.

dig @ns1.myserver.org thajsk.in.th AXFR
we requesting @master mydomain.name transfer ZONE-FILE
eg.
[root@server]# dig @ns1 thajsk.in.th AXFR

; <<>> DiG 9.6.-ESV-R2 <<>> @ns1 thajsk.in.th AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.
The masters log:
bad zone transfer request: 'thajsk.in.th/IN': non-authoritative zone (NOTAUTH)
mean
A typo mistake, while I asked wrong domain name.
Correction...

[root@server]# dig @ns1 thajsko.in.th AXFR
; <<>> DiG 9.6.-ESV-R2 <<>> @ns1 thajsko.in.th AXFR
; (1 server found)
;; global options: +cmd
thajsko.in.th.          7200    IN      SOA     ns1.thajsko.in.th. postmaster.thajsko.in.th. 2010071701 36000 36000 1209600 36000
thajsko.in.th.          7200    IN      NS      ns1.thajsko.in.th.
thajsko.in.th.          7200    IN      NS      ns2.thajsko.in.th.
--^-snap -^--
-^--snap ^--^
;; Query time: 866 msec
;; SERVER: 69.60.120.12#53(69.60.120.12)
;; WHEN: Fri Dec 17 17:57:09 2010
;; XFR size: 13 records (messages 1, bytes 384)



3 - check slave transfer

Zone was transferred that's OK so far, however slave server still complaining.

general: info: zone thajsko.in.th/IN: Transfer started.
xfer-in: info: transfer of 'thajsko.in.th/IN' from 69.60.120.12#53: connected using 192.168.17.1#13642
general: error: dumping master file: slave/tmp-w04S0tBOCA: open: file not found
xfer-in: error: transfer of 'thajsko.in.th/IN' from 69.60.120.12#53: failed while receiving responses: file not found

Mr google says: the permissions are wrong... NOT
True is that slave zones require a writeable directory for BIND automatically creates and writes to the slave zone file.

[root@server /var]# chown -R bind:wheel named/ -- do not help
and chmod 777 slave/ - NOT recommended

[root@server]# /etc/rc.d/named start
. changed
user expected 0 found 53 modified
dev changed
user expected 0 found 53 modified
etc changed
user expected 0 found 53 modified
etc/namedb changed
user expected 0 found 53 modified
etc/namedb/master changed
user expected 0 found 53 modified
etc/namedb/slave changed
permissions expected 0755 found 0777 modified
var changed
user expected 0 found 53 modified
Starting named.

Surprise is that the BIND doing it's job thoroughly. It starts and do a permissions check (and change).


4 - solve the problem
CORRECT named.conf at the slave server

DO NOT (at present time) believe in the FreeBSD handbook:
http://www.freebsd.org/doc/handbook/network-dns.html

********** named.conf - wrong example ***************
zone "example.org" {
type slave;
file "slave/example.org";
};
********** named.conf - wrong example ***************
Here the zone information is transferred from the master name server for the particular zone, and saved in the file specified


According freebsd-current@freebsd.org mailing list, it's known problem that some entries in the FreeBSD handbook are outdated.


Edit and FOLLOW an example slave zone named.conf for actual version of BIND.

[root@server]# vi /var/named/etc/namedb/named.conf

********** named.conf - working slave zone ***************
zone "thajsko.in.th" {
type slave;
file "/etc/namedb/slave/thajsko.in.th";
masters {
69.60.120.12;
};
};
********** named.conf - working slave zone ***************

5 - last checks
Restart BIND and check logs
/etc/rc.d/named restart

The DNS slave server works now:
-^--snap ^--^
info: zone thajsko.in.th/IN: transferred serial 2010071701
info: transfer of 'thajsko.in.th/IN' from 69.60.120.12#53: Transfer completed: 1 messages, 13 records, 384 bytes, 0.614 secs (625 bytes/sec)
info: zone thajsko.in.th/IN: sending notifies (serial 2010071701)
-^--snap ^--^

External DNScheck may be usefull too.
(sometimes a firewall may block incoming queries)
http://www.checkdns.net/powercheck_desc.aspx


References:

DNS and BIND, Fifth Edition
www.google.co.uk/bsd
www.yahoo.com
Mailing-Lists/FreeBSD
man named - Domain Name System (DNS) server


Comments and corrections of this article are welcome :)

Monday, 13 December 2010

Streaming video over wireless network(s)

I was asked to create a small wireless network for 16 clients/students (guess NIC 802.11g) to watching video streams.

With file sharing or web browsing we may wait for file or web page few seconds, however is not fun, when video stream stops often and repeatedly.

The very first question they asked me: How many routers we need?

Well question was simple, but we did talk about video where video presents many chalenges for:

- server file system (SMB for other 60 clients)
- AP congestion
- Wireless interference, speed and distance (video stream may stop)
- latency, packet loss and delays (video stream may stop)

I don't like guess. Whether two or twenty of AP could by enough?
In spite of all I found very nice article which nice explains all of my concerns about reliability WiFI Access Points concentrated nearby.

Network Video Overview
Traditional analog video is sent as a continuous stream of electrical signals over a cable from the source (camera) to the destination such as a video monitor in a command center. Digital technology and IP has changed that. With this new type of video, a digital camera translates the viewed image into digital signals which it then converts (encodes) into a series of IP packets that can be sent out over an IP-based network as a data stream. The IP network may be a local area network, a company wide area network, or even the public internet. At the destination, the receiver re-assembles these packets back into the original video stream. The reconstructed video can then be viewed, stored, searched, replayed, or retransmitted to virtually any location anywhere in the world.

This sounds simple, but IP video is a totally new area with significant technological and integration challenges. Unlike other types of data, video requires large amounts of bandwidth, as well as highly reliable, predictable delivery mechanisms. Unfortunately, IP was not designed to provide this guaranteed quality of service (QoS) to the different types of traffic it carries and frequently one or more packets may be dropped during transmission. For bulk data transmissions such as file transfers, this is effectively managed by re-transmitting the dropped packets and reinserting them into the data; however, for applications such as video, packet re-transmission is a poor option since the missing packets are required to accurately reproduce the video image. Unmanaged, these factors cause latency and jitter, which result in poor quality or even unusable video at the receiving end.

Wireless Network Challenges
While latency and jitter is minimal in a wired network, wireless networks are quite different. Because of the uncertainty in the wireless medium, Wireless LAN (WLAN) networks employ a variety of techniques in attempt to overcome these problems. When a packet is to be transmitted, the sender first listens for any activity on the frequency, and if there is none, waits a random amount of time before transmitting. This methodology is called Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA). If an acknowledgement (ACK) is not received, either due to interference, collision, or other anomaly, the entire process is repeated. This protocol enhances the reliability of the WLAN network, however, this process also adds jitter and latency to the video traffic which can produce poor quality video or total loss of continuity. The WLAN process also includes a request to send/clear to send (RTS/CTS) mechanism which is used to decrease the chance of collision on a system by making sure that end stations in the vicinity of the source and destination hear the RTS and CTS signals before sending actual data packets. While this mechanism increases robustness it also adds to the latency of packets.

Packet Errors, Latency, Delay and Jitter – Why Video and Wireless Don’t Mix
Low, predictable and consistent latency is key for running video applications over networks, regardless of the available bandwidth; large amounts of bandwidth does not guarantee high quality video. While most wired IP networks can support this requirement, wireless networks are extremely susceptible to errors, which ultimately result in packet loss and packet errors. In many wireless networks a 20% to 40% packet loss is not uncommon. While the built-in mechanisms described above can prevent or recover from some amount of packet errors, each retransmission creates up to 4 ms of additional latency and up to 16 retransmissions can be required per packet error. This process results in unacceptable levels of latency, delay and jitter, which is seen as frozen, jerky, or pixilated video on the viewing screen. In extreme cases, video transmission can stop altogether until the video stream is re-synchronized with the receiver. This is clearly unacceptable for commercial video surveillance applications.

Factors Contributing to Packet Errors, Latency, Jitter, and Delay

Interference
Interference is the predominate cause of packet errors and loss in wireless networks. While the automatic packet recovery process used in typical networks may help, this process introduces increased latency, delay, and jitter which can compromise video quality and reliability. Following is a brief summary of the most common causes of problems in wireless networks.

Direct spectrum interference and noise
The most obvious source of interference, this occurs when other wireless elements are set up on the same, or overlapping, frequencies or when other devices create radio frequency waves (RF) that conflict with those of the wireless device. For example, microwave ovens, portable telephones, and bluetooth devices can produce RF waves (noise) that interfere with many wireless communications systems.

Near-angle interference
Near-angle interference is a form of direct spectrum interference that can happen when there are 2 or more point-to-point shots with two centrally located antennas arranged physically close to one another. For example, a campus environment where multiple remote buildings have point-to-point shots back to a central building. The transmitted signals from one antenna supporting a point-to-point link can interfere with it’s adjacent antenna.

Multipath and Reflection
Multipath and reflection are two related types of interference that usually occurs when parts of a transmission beam are refracted from objects (e.g., glass, water, furniture, metallic surfaces) between the sending and receiving radios causing the signals to be received a different times or severely attenuated. The refracted beams are received by the receiving radio at different and the radio gets confused. Multipath interference is likely to occur in large enclosed environments such as warehouses and manufacturing facilities or when used in proximity to large reflective objects such as high-rise buildings.

Other contributing factors
Beyond interference, other factors such as congestion and bandwidth limitations can also cause packet loss and produce unacceptable levels of delay and jitter in wireless video applications.  The delay in the IP network is caused by propagation delay in the transmission lines, buffers in routers, and jitter buffers. Transmission delay is split into two parts: a constant or slowly varying network delay and rapid variations referred to as jitter. Because of the nature of the IP network, the amount of delay is different in each direction.

The jitter present in packet networks complicates the decoding process in the receiver device because the decoder needs to have packets of data readily available at the right time instants. A jitter buffer is normally used to make sure that packets are available when needed, resulting in additional delay that increases with the magnitude of the jitter.  Packet loss occurs either if a packet is lost in the network or if a packet arrives too late to be handled by the decoder. By allowing for a long delay in the jitter buffer, the latter type of packet loss can be almost completely removed, but at the price of increased system delay. For real time video surveillance applications, this solution is unacceptable.

Implications for Wireless LANS
The lossy nature of the 802.11 medium amplifies the effects of these factors. The challenges in deploying Video over WLAN stem mainly from issues related to access point congestion and link quality. This is particularly relevant when multiple video sources are connected to the same access point. The efficiency of the system quickly deteriorates when the number of users increases, resulting in significantly higher delay, network jitter, and packet loss than wired LANs.

As we have seen, high quality full motion video delivery over ordinary wireless links is a complicated problem because of dramatic and frequent changes in the quality of the underlying wireless channel. This is further complicated by latency constraints and typical TCP/IP protocol processing overhead, which often results in poor quality or unusable video. There are some interesting technolgies that are able to overcome much of the packet loss seen in wireless networks to deliver high quality video regardless of network anomalies... 

Source http://uk.yahoo.com/?p=uk


Peter

Monday, 6 September 2010

Significantly slow IPFW + NATD + amd64-bit FreeBSD 9 (CURRENT)

In this part:

Current (testing) 64-bit FreeBSD + IPFW+ NAT decreasing NIC speed.
ADVICE: TRY "PF firewall"

I tried setup NAT with IPFW, compiled new kernel and then I found that there is very slow connection.

amd64-bit + NAT + IPFW copying  very slow

After I disabled NAT and IPFW then speed was increased.

64-bit FreeBSD 9-CURRENT :
With IPFW: 1.2 MB/sec
Without IPFW: 31 MB/sec

Writing to samba server


IPFW+NAT run with i386 (stable version) without speed decreasing.
I like IPFW and DUMMYNET for its relatively easy bandwidth shaping.

For now I'm not alone facing the same issue.

references here

PS: Hackers advices:
- mpd (and PF)
- in-kernel NAT
- See the 'NETWORK ADDRES TRANSLATION' section in the ipfw manual

For now I need a bit more testing machines.

Saturday, 28 August 2010

FreeBSD 9.0-CURRENT and SLOW Samba version 3.0.37

In this part:

- standard SMB instalation
- slow read and write sorted
- example smb.conf




1. Installing samba:

cd /usr/ports/net/samba3; make install clean

- copy and adjust the configuration details:
cp /usr/local/etc/smb.conf.sample /usr/local/etc/smb.conf

check your configuration:
testparm 

In my case samba was very slow with a speed around 1,3 Mbyte/s.
- sftp copy has had speen around 6 Mbyte/s

Old server with 32-bit FreeBSD 6.4 and Samba 2.7 has had speed 22 Mbytes/s with Intel(R) PRO/1000 Network cards.


After some research I found that I need AIO_SUPPORT and slightly adjust my configuration.

2. Improving speed

AIO_SUPPORT:
kldload aio

and add this line to /boot/loader.conf
aio_load="YES"

3. Adding those lines to smb.conf

socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY IPTOS_LOWDELAY
use sendfile=true
aio read size = 16384
aio write size = 16384
aio write behind = true


4. samba configuration file (example smb.conf)

[root@server ~]# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[printers]"
Processing section "[share_1]"
Processing section "[share_2]"

Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
        dos charset = ISO8859-2
        display charset = UTF-8
        workgroup = MORPHEUS
        server string = Home Server %v
        interfaces = 192.168.1.7/24
        bind interfaces only = Yes
        passdb backend = tdbsam
        log file = /var/log/samba/log.%m
        max log size = 5
        socket options = SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY IPTOS_LOWDELAY

        load printers = No
        printcap name = lpstat
        add user script = /usr/sbin/useradd %u
        delete user script = /usr/sbin/userdel %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel %g
        delete user from group script = /usr/sbin/deluser %u %g
        add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
        logon script = logon.bat
        logon path = \\%L\profiles\%u\%m
        domain logons = Yes
        os level = 75
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        hosts allow = 192.168.1., 192.168.2., 127.
        aio read size = 16384
        aio write size = 16384
        aio write behind = true
        use sendfile = Yes
        map archive = No
        store dos attributes = Yes

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /usr/local/samba/lib/netlogon
        guest ok = Yes
        share modes = No

[profiles]
        path = /usr/local/samba/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        read only = No
        guest ok = Yes
        hosts allow = 192.168.0., 192.168.1., 192.168.2., 127
        printable = Yes
        browseable = No

[share_1]
        comment = Mary's and Fred's stuff
        path = /sys
        valid users = mary, fred
        read only = No
        create mask = 0765

[share_2]
        comment = Film's stuff
        path = /mnt/buG4ME76naW
        valid users = mary, fred
        read only = No
        create mask = 0765




Now is Samba File Server quicker - 8,7 Mbytes/s instead of 1,3 Mbyte/s.
There is not set up printing at this example.
Next upgrade will be slow data switch with new Intel(R) PRO/1000 Network card. I am expecting speed is around 22 Mbyte/s or 1GB file/min.





References: 
forums.freebsd.org
http://www.samba.org

PS. I did try change sysctl with recomended values and had bit slower connection.

Thursday, 29 July 2010

FreeBSD - APACHE: Remote DoS bug in mod_cache and mod_dav.

In this part:

- daily maintenance
- upgrade APACHE and related issues
- portmaster + ports upgrade



I'm monitoring web-server with FreeBSD 6.4-STABLE.
Today I found warning in my mailbox thanks to "portaudit":

Affected package: apache-2.2.14_6
Type of problem: apache -- Remote DoS bug in mod_cache and mod_dav.
Reference: http://www.FreeBSD.org/ports/portaudit/28a7310f-9855-11df-8d36-001aa0166822.html


APACHE warnings are important for all administrators.

Portmaster is good as it upgrading all related packages. Sometimes I wish to use portupgrade - as it upgrade only given port.

PORTMASTER upgrade:
root@server:/root/> portmaster apache-2.2.14_6

It asking for some details:

 Firstly it checks for dependencies

....
=== Starting check for build dependencies
=== Gathering dependency list for ...
=== Starting dependency check
=== Dependency check complete for databases/db42
        apache-2.2.14_6 >> devel/apr1 >> databases/db42
....

secondly it creating new binaries
...
c++ -c -I. -I./../dist/.. -D_THREAD_SAFE -O2 -fno-strict-aliasing -pipe ./../dist/../cxx/cxx_db.cpp  -fPIC -DPIC -o .libs/cxx_db.o /bin/sh ./libtool --mode=compile c++ -c -I. -I./../dist/..  -D_THREAD_SAFE -O2 -fno-strict-aliasing -pipe ./../dist/../cxx/cxx_dbc.cpp  c++ -c -I. -I./../dist/.. -D_THREAD_SAFE -O2 -fno-strict-a
...


Perl + Python has been upgraded.
=== Upgrade of perl-5.10.1_1 to perl-5.10.1_2 succeeded
=== Upgrade of python26-2.6.2_3 to python26-2.6.5_1 succeeded

...and, faux-pax:

Stop in /usr/ports/www/apache22.
*** Error code 1
=== Installation of apache-2.2.16 (www/apache22) failed
=== Aborting update

I found that problems are: libtool + apr1
Finaly the APACHE upgrade by successful way:

# cd /usr/local/bin; ll lib*; rm libtool
# cd /var/db/pkg; pkg_delete auto* libtool*
# cd /usr/local/bin; rm -rf auto* libtool*
# cd /usr/ports/devel/libtool22; make install clean
# cd /usr/ports/devel/apr1/
# make deinstall reinstall clean

# cd /usr/ports/www/apache22
# nice -19 make install clean
# /usr/local/etc/rc.d/apache22 graceful

References here
+ here.

Time: 2h

Wednesday, 28 July 2010

64-bit FreeBSD 8.1-RC2 (GENERIC) setup, part 2

In this part I'm going to:

- adding disk encryption with GBDE
- slightly altering kernel
- mount and test encrypted disks

Why encryption?
In real-world an attacker who has physical access to a computer may be able to access your disks and then attach it to another computer. It could be a troubled employee, mama and daddy, spies, CIA, Mafia, Police (identity theft)...
How many of us storing sensitive data (VISA cards, passwords, logins, scanned documents etc...) on unencrypted disks?

I wish to store my sensitive data therefore I decided to test gbde encryption.

64-bit FreeBSD disks encryption with gbde.

1. Add gbde(4) Support to the Kernel Configuration File

[root@server ~]# cd /usr/src/sys/amd64/conf && cp GENERIC MYBSD_BDE
[root@server /usr/src/sys/amd64/conf]# vi MYBSD_BDE
and add the following line to the kernel configuration file:
options GEOM_BDE

1.1 rebuild my Kernel MYBSD_BDE and restart

# cd /usr/src
# make buildkernel KERNCONF=MYBSD_BDE && make installkernel KERNCONF=MYBSD_BDE
# reboot
2. Create a Directory to Hold gbde Lock Files whatever in my case:
[root@server ~]# mkdir /etc/gbde

The gbde lock file contains information that gbde requires to access encrypted partitions. Without access to the lock file, gbde will not be able to decrypt the data contained in the encrypted partition without significant manual intervention which is not supported by the software. Each encrypted partition uses a separate lock file.

3. Initialize the gbde Partition

This initialization needs to be performed only once per device:

# gbde init /dev/ad2s1g -i -L /etc/gbde/ad2s1g.lock
Command opening editor and here are recomended values for UFS1 and UFS2
sector_size = 2048
number_of_keys = 2

BUT it complaints :
"/tmp/temp.WGLhhy415Y: 32 lines, 1136 characters.
gbde: sector_size not a proper number"
It is bit strange for now as one disk refusing any change but another I altered succesfully:

sector_size     =       1024
number_of_keys  =       2

save and we are asked for passphrase:
/tmp/temp.NytzBhD8QJ: 32 lines, 1135 characters.
Enter new passphrase:
Reenter new passphrase:

4. Attach an encrypted device:

[root@server ~]# gbde attach /dev/ad2s1g -l /etc/gbde/ad2s1g.lock
5. Create a File System on the Encrypted Device

# [root@server ~]# newfs -U -O2 /dev/ad2s1g.bde

/dev/ad2s1g.bde: 156203.3MB (319904448 sectors) block size 16384, fragment size 2048
        using 851 cylinder groups of 183.72MB, 11758 blks, 23552 inodes.
        with soft updates
super-block backups (for fsck -b #) at:
 160, 376416, 752672, 1128928, 1505184, 1881440, 2257696, 2633952,....
It starts printing numbers for a while... Its ok

# mount /dev/ad2s1g.bde /sys

6. Verify That the Encrypted File System is Available:

[root@server ~]# df -h
Filesystem         Size    Used   Avail Capacity  Mounted on
/dev/ad2s1a        989M    512M    398M    56%    /
devfs              1.0K    1.0K      0B   100%    /dev
/dev/ad2s1e        989M     18K    910M     0%    /tmp
/dev/ad2s1f         19G    2.4G     15G    14%    /usr
/dev/ad2s1d        4.8G    124M    4.3G     3%    /var
/dev/ad2s1g.bde    148G    4.0K    136G     0%    /sys
Same steps I did with second ATA HDD:
Quick look for HDDs:

[root@server ~]# dmesg -a | egrep "ad[0123]:"
ad2: 190781MB  at ata1-master UDMA100 
ad3: 76318MB  at ata1-slave UDMA100 
Create mountpoint somewhere, key first initialization, attach, format and mount:
commands:

[root@server ~]# mkdir -p /mnt/2uHR696q
[root@server ~]# gbde init /dev/ad3a -i -L /etc/gbde/ad3a.lock
[root@server ~]# gbde attach /dev/ad3a -l /etc/gbde/ad3a.lock   moj N.l.9.6
[root@server ~]# newfs -U -O2 /dev/ad3a.bde
[root@server ~]# mount /dev/ad3a.bde /mnt/2uHR696q/

Verify That the Encrypted File System(s) is (are) available:

[root@server ~]# df -h
Filesystem         Size    Used   Avail Capacity  Mounted on
/dev/ad2s1a        989M    512M    398M    56%    /
devfs              1.0K    1.0K      0B   100%    /dev
/dev/ad2s1e        989M     18K    910M     0%    /tmp
/dev/ad2s1f         19G    2.4G     15G    14%    /usr
/dev/ad2s1d        4.8G    124M    4.3G     3%    /var
/dev/ad2s1g.bde    148G    4.0K    136G     0%    /sys
/dev/ad3a.bde       70G    4.0K     64G     0%    /mnt/2uHR696q
Next steps later,
my server and me going to sleep,
[root@server ~]# umount /sys/ && umount /mnt/2uHR696q/
[root@server ~]# halt -p

Next:
Mounting Existing Encrypted File Systems, check and copy
Tests: power cut, reset, turn of, etc...


              ,        ,
             /(        )`
             \ \___   / |
             /- _  `-/  '
            (/\/ \ \   /\
            / /   | `    \
            O O   ) /    |
            `-^--'`<;     '
           (_.)  _  )   /
            `.___/`    /
              `-----' /
 <----.     __ / __   \
 <----|====O)))==) \) /====
 <----'    `--' `.__,' \
              |        |
               \       /       /\
          ______( (_  / \______/
        ,'  ,-----'   |
        `--{__________)"

References:
man gbde
handbook encripting
handbook disks adding
GBDE - GEOM Based Disk Encryption - BSDCon '03. San Mateo, CA, USA

Monday, 19 July 2010

64-bit FreeBSD 8.1-RC2 (GENERIC) setup, part 1

I decided to upgrade server from 32-bit version FreeBSD 6.4 to 64-bit FreeBSD 8.1

I am expecting more problems with 64-bit O

In this part:
- modify slices
- install Port Collection
- change shell
- install security vulnerabilities check
- install cvsup


The easiest way is always a clean installation. However the installation (standard) failed for first time. I was not successful to remote login. The problem I found was not enough space??? in first slice (/ ) - well probably I've done something nasty

1. BASIC INSTALLATION - modify slices similar way:
Filesystem     Size    Mounted on
/dev/ad2s1a    1.0G    /
/dev/ad2s1b    2.0G    swap
/dev/ad2s1d    5.2G    /var
/dev/ad2s1e    1.0G    /tmp
/dev/ad2s1f     21G    /usr< /dev/ad2s1g    164G    /sys


Now the problem with terminal (ssh) login has vanished.

So next useful steps could by:
2. Install the Ports Collection for first time:

server# portsnap fetch extract

3. Change shell:


I used pkg while I waited for portsnap...
server# pkg_add -r bash

4. I like system utilities, eg.: screen:
(suitable for bad connection + run more terminals in one window)

server# pkg_add -r screen

5. Change shell:

server# chpass -s bash
chpass: user information updated

- time to logout + login back with new shell

server# [Ctrl+D] = logout
$ su -
Password:
[root@server ~]# 

6. Try screen:

[root@server ~]# screen

7. Keep the Ports Collection up to date with CVSUP:

[root@server ~]# cd /usr/ports/net/cvsup-without-gui; make install clean

While waiting for CVSUP we can install

8. A security vulnerabilities check:

[root@server ~]# cd /usr/ports/ports-mgmt/portaudit; make install clean

9. Test cvsup servers which one is the fastest:

[root@server /usr/ports/sysutils/fastest_cvsup]# fastest_cvsup -c all
Speed Daemons:
    - 1st: cvsup3.uk.freebsd.org    23.90 ms
    - 2st: cvsup2.uk.freebsd.org    24.45 ms
    - 3st: cvsup4.uk.freebsd.org    25.82 ms

10. Configure and run CVSUP:

Last two lines altered standard-supfile in order to keep ports and source code up to date

[root@server ~]# vi ports-supfile

# cvsup -g -L 2 ports-supfile
*default host=CHANGE_THIS.FreeBSD.org e.g.: cvsup3.uk.freebsd.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
*default compress
ports-all tag=.
src-all


IMPORTANT tag=RELENG_8_1 
For the reason I left tag=. I upgraded kernel to FreeBSD 9.0-CURRENT


Now update source code and all SW collections

[root@server ~]# cvsup -g -L 2 ports-supfile

Sunday, 18 April 2010

Shared object "libssl.so.5" not found, required by "sendmail"

Introduction
After upgrade OpenSSL to v 1.0.0 on FreeBSD6.4 my Sendmail server was unable to start.

18 April 2010
# root@USA:/root/starts: ./sendmail start
Starting sendmail.
/libexec/ld-elf.so.1: Shared object "libssl.so.5" not found, required by "sendmail"

Prerequisites:

We must upgrade all related packages from fresh ports and recompile Sendmail.

Step 1
Make sure your ports are up to date:
# /usr/local/bin/cvsup -g -L 2 /path-to-your/standard-supfile 
OR 
# portsnap fetch update


Step 2
Recompile Sendmail:
# cd /usr/ports/mail/sendmail/
# make config
# make
# make deinstall reinstall
# cd /usr/src/lib/libsm ; make clean ; make obj ; make depend ; make
# cd /usr/src/lib/libsmutil ; make clean ; make obj ; make depend ; make
# cd /usr/src/usr.sbin/sendmail ; make clean ; make obj ; make depend ; make ; make instal


Step 3
Start Sendmail:

# root@USA:/root/starts: ./sendmail start
Starting sendmail.
WARNING: Xspamassassin: local socket name /var/run/spamass-milter.sock missing


Sendmail is ok.
We may also want to continue with the upgrade...

Step 4
Upgrade spamass-milter in conjunction with all those depending on the SpamAssassin Milter Plugin

# portupgrade -R spamass-milter && sa-update
# /usr/local/bin/sa-compile && /usr/local/bin/sa-update -D && /usr/local/etc/rc.d/sa-spamd reload


Step 5
Test sendmail with a local user account:
echo "test me!" | mail -s"Mail test" root

References:
man portupgrade
man SpamAssassin

http://www.google.co.uk/bsd
http://savannah.nongnu.org/support/?103971
http://unix.derkeiler.com/pdf/Mailing-Lists/FreeBSD/questions/2006-06/msg01514.pdf

Monday, 12 April 2010

DTP Graphics references

Hello visitor! I added a sample from my past DTP and printing services.


Preparing leaflet for printing and communication with external graphic from Radio TWR.

Another sample:



Disco MAXX flyer: an advertising agency is a client of Vienna, Austria.

Another sample: Main business client "Liga proti rakovnine"



Envelope model and prepress content of a series of brochures for Cancer Research SK, the SK's leading cancer charity "LPR"

Another sample: Poster

Daffodil Day is held every year. Nice contract. Many designs and their realization. Offset print CMYK 4 +4 1fold every year 900,000 pcs.

Another sample:

Another foundation ...

Another sample: PODRAVKA Food supplier



Another sample: One from among a variety of leaflets ...


Another sample: Envelopes for the Slovak Gas Industry, the sole supplier of gas to Slovakia.


Another sample: Miss University, tickets, posters and leaflets


Another sample: Screen printing on plastic bags, shirts, etc.

Customers were also other printing companies...

Another sample: This was quick and easy made real billboard of my company Ltd.


The good old times... Today it is outdated.





Spread Firefox Affiliate Button

Thursday, 18 March 2010

Shared object "libncursesw.so.6" not found

Shared object "libncursesw.so.6" not found

Introduction
This article describes how I resolved this issue in my box.

16 Mar. 2010
FreeBSD 6.4-STABLE version after an upgrade just appeared:
/libexec/ld-elf.so.1: Shared object "libncursesw.so.6" not found, required by "mysql"
Google was not helpful. So I am going to describe few steps how to fix that problem.
In nutshell the problem is missing C library when package was used (not ports).

Prerequisites:
We need use of newer version GCC and binutils with FreeBSD Ports Collection.
The base for FreeBSD 6.4 is gcc version 3.4.6
Obtaining information relating to the basic compiler information:
# gcc -v

Step 1
Make sure your ports are up to date:
# /usr/local/bin/cvsup -g -L 2 /path-to-your/standard-supfile OR # portsnap fetch update

Step 2
Installing binutils and GCC45 from ports:
# cd /usr/ports/devel/binutils && make install clean
# cd /usr/ports/lang/gcc45 && make install clean


Step 3
Configuring our Ports Collection for use of newer version GCC
Adjusting make.conf: # vi /etc/make.conf

Add the following lines to the /etc/make.conf file (or modify appropriately):
# 2010-03-15 ********* added P.M. ***************
# Configuring ports for custom version of GCC
.if !empty(.CURDIR:M/usr/ports/*) && exists(/usr/local/bin/gcc45)
# To exclude ports that have problems with custom version of GCC, example the net/openldap* and cyrus-auth ports
.if empty(.CURDIR:M/usr/ports/net/openldap*)&& empty(.CURDIR:M/usr/ports/security/cyrus-sasl2-saslauthd)
CC=gcc45
CXX=g++45
CPP=cpp45
# Custom CFLAGS for the ports tree.
# Compile with specific CPU-type-instruction (AMD Athlon) CFLAGS "SSE3" may increase performance 10%-20%
CFLAGS+=-msse3
.endif
.endif
# 2010-03-15 ********* added P.M. ***************


Step 4
Adjusting libmap.conf # vi /etc/libmap.conf
libgcc_s.so.1 gcc45/libgcc_s.so.1
libgomp.so.1 gcc45/libgomp.so.1
libobjc.so.3 gcc45/libobjc.so.2
libssp.so.0 gcc45/libssp.so.0
libstdc++.so.6 gcc45/libstdc++.so.6


References:
http://www.morpheushosting.sk/content/shared-object-libncurseswso6-not-found
http://www.freebsd.org/doc/en/articles/custom-gcc/article.html
http://gcc.gnu.org/onlinedocs/gcc-3.2/gcc/i386-and-x86-64-Options.html


Spread Firefox Affiliate Button