Update offline CentOS/RHEL server

Sometimes you have a RHEL/CentOS server which is not connected to the Internet. But you should also install security update to prevent local hackers to mess up your system.

I was not able to find some nice description how to do it. Some people are using proxies - but then you still need some connection to the proxy - which can not be the case.

Here is my way how I did it....

Nvidia proprietary drivers and RHEL6

Sometimes you need to run Nvidia proprietary drivers in various linux distributions.
I was able to run it on standard RHEL 6.0 installed as "Desktop" with the following commands:

OpenWrt with Transmission, Samba and vsftpd

My brother asked me to customize firmware in his WiFi router TP-Link TL-WR1043ND. He wants to use if for downloading torrents and sharing them using smb and ftp protocols.

I have good experiences with OpenWrt, which is really good in customization and suits well for this purpose. Nowadays you there are few torrent clients in OpenWrt distribution, but I choose transmission and for ftp daemon vsftpd.

My basic setup of CyanogenMod-6.0 on HTC Desire

Since I bought my HTC Desire I want to put on it CyanogenMod. This ROM is quite popular, but only version 6.0 released last week supports HTC Desire.

I'm going to put there few notes how I did "post installation" changes like removing some programs, ssh key config, OpenVPN setup and few more.

Root HTC Desire under Debian

Two weeks ago I bought HTC Desire cell phone and I decided to get root on it. Rooting guide for this phone was published few days ago, but most of it it "windows only".

Here you can find the way how to get root on the HTC Desire using Debian.

PXE server using Dnsmasq and SystemRescueCD with minimal effort

If you are using DHCP server in your network environment, it's handy to be able to boot from network. It brings you many advantages especially when you are not able to boot operating system from the workstation's disk.

I would like to describe my experience with DHCP server called Dnsmasq. This software can also serve TFTP requests and act as DNS forwarder.

Debian Wi-Fi hotspot using CoovaChilli, FreeRadius, MySQL and daloRADIUS

I decide to create hotspot from my server to allow other connect to Internet for free. I used "Captive portal" solution based on these applications:

• CoovaChilli
• FreeRadius
• MySQL
• daloRADIUS

When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.

So let's see how I did it.

Using Grub2 and LUA installed on USB booting ISO images

I got 16 GB USB flash from my brother, because he can't see me still using my old 64 MB. He decided to buy Imation Nano-Flash-Drive.

Because of many of my friends and colleagues are using Win, I use NTFS on it. Old FAT is not "usable" in these days, because it can't handle bigger files.

From the first time I use USB disks I always want to have bootable disk/flash with live CDs - so here are few notes how to create USB flash drive able to boot stored live CDs:

RAID disk check in Linux

One day I checked dmesg from one of my servers and I saw I/O errors :-(

gate:~ dmesg
...
[ 4220.798665] ide: failed opcode was: unknown                                                    
[ 4220.798665] end_request: I/O error, dev hda, sector 21067462                                   
[ 4222.983683] hda: dma_intr: status=0x51 { DriveReady SeekComplete Error }
[ 4222.983683] hda: dma_intr: error=0x40 { UncorrectableError }, LBAsect=21067572, sector=21067470
...

Lucky for me there are two disks in RAID 1 so my data was not lost. The machine is "just" firewall, so I decided to play little bit with the bad hard disk, because there are no important data on it. Usually if you see errors like I mentioned above you replace disk without any questions, but I would like to "get" some outputs from diagnostic commands. So you can see what you can do in such case.

Perl Oracle client manual installation to home directory in Debian

I need to connect to the Oracle database in my work to get some data from it. I'm not the Oracle expert, but I decided to use DBD::Oracle.

Most of the manuals and how-to pages describe, how to install client libraries to system (usually as root), which was not my case.

I just need one directory with libraries in my $HOME and few scripts to get some data from the database - no system installations.

Here are the steps how to install DBD-Oracle and it's libraries to "one" directory without doing mess in the system:

Disable IPv6 in Debian

I have problem with Java Webstart applications, which are using IPv6 by default. Because I'm not using IPv6 at all I decide to disable this protocol completely.

There are many pages how to disable ipv6 under Debian, but most of them was not working for me.

The most easiest work well:

Modify /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"

Don't forget to run update-grub after change (and reboot).

Then if you run

$ ip a

you should not see any IPv6 addresses...

Debian with GRUB2 and serial connection

Sometimes I'm using the serial connection to my server if anything goes wrong. It's because I don't have a monitor/TV attached to it.

I have little problems to set it up using Debian in GRUB2 after I upgraded to grub-pc

So here is a short way how to do it:

Edit file containing configuration in Debian: /etc/default/grub

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.

GRUB_DEFAULT=0
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,9600n8"

# Uncomment to disable graphical terminal (grub-pc only)
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=9600 --unit=0 --word=8 --parity=no --stop=1"

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

Don't forget to run update-grub after change.

Crypted disks with remote key placed on http server

This page contains few information how to create crypted disk using dm_crypt, lvm, gpg with remote key stored on http server.
The advantage is to have key, used for unlocking crypted disk(s), somewhere on the server instead have it on USB.

* You can easily delete this key if your disks are stolen and nobody can access them any longer...
* If you use USB stick to save key then you need to have it connected to the machine with the cyphered disks every reboot - usually it will be plugged all the time to the server which destroy all security.
* Keys are downloaded automatically every reboot from remote HTTP server (if not your disks will remain locked).

All commands were tested on Debian and should be also applicable on other distributions.

Cobbler and yum in RHEL 4.6

Look at small how-to install cobbler with yum on RHEL 4.6 from scratch.

Install the most RHEL 4.6 or CentOS 4.6 with default partitioning and custom installation (unselect all possible packages during installation procedure). Diable firewall and SELinux.

• Enable DVD repository by changing the line in /etc/yum.repos.d/CentOS-Media.repo

enabled=1

• Install yum

mount /media/cdrom

• Download packages and install them:

mkdir /var/tmp/cobbler-4.6
cd /var/tmp/cobbler-4.6

rpm -i 
./python-elementtree-1.2.6-5.el4.centos.x86_64.rpm \
./python-urlgrabber-2.9.8-2.noarch.rpm ./sqlite-3.3.6-2.x86_64.rpm \
./python-sqlite-1.1.7-1.2.1.x86_64.rpm \
./yum-metadata-parser-1.0-8.el4.centos.x86_64.rpm \
./centos-yumconf-4-4.5.noarch.rpm \
./yum-2.4.3-4.el4.centos.noarch.rpm \
./createrepo-0.4.4-2.noarch.rpm

yum clean all
mkdir /var/tmp/rhel4_repo/
ln -s /media/cdrom/RedHat/RPMS/ /var/tmp/rhel4_repo/RPMS 
createrepo /var/tmp/rhel4_repo/
cat >/etc/yum.repos.d/RHEL-4.6-Media.repo <<+
[rhel4-media]
name=RHEL4 - Media
baseurl=file:///var/tmp/rhel4_repo/
gpgcheck=0
enabled=1
+

createrepo /var/tmp/cobbler-4.6/
cat >>/etc/yum.repos.d/my.repo <<+
[my-repo]
name=My Repository
baseurl=file:///var/tmp/cobbler-4.6/
gpgcheck=0
enabled=1
+

• Install necessary software from DVD

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.orig

yum -y install wget mc
yum -y install httpd tftp-server mod_python python-devel createrepo rsync mkisofs
yum -y install perl-Digest-SHA1 perl-Digest-HMAC perl-Socket6 perl-Time-HiRes sysstat perl-libwww-perl
yum -y install libart_lgpl freetype libpng
yum -y install logrotate perl-DateManip
yum -y install cman
yum -y install dhcp bind
yum -y install memtest86+

yum -y install cobbler
yum -y install munin munin-node php-ldap
chkconfig munin-node on
yum -y install yum-utils
yum -y install syslinux

• Disable firewall (just for sure):

chkconfig --level 2345 iptables off
service iptables stop

• Change line in /etc/cobbler/settings to match the IP of the server:

default_password_crypted: "$1$pH3........0B2HB/"
default_name_servers: [192.168.0.129]
manage_dhcp: 1
manage_dns: 1
manage_forward_zones: [my.domain.cz]
manage_reverse_zones: [192.168.0]
next_server: 192.168.0.129
pxe_just_once: 1
server: 192.168.0.129
register_new_installs: 0
xmlrpc_rw_enable: 1

• Start cobbler and apache daemon:

/etc/init.d/cobblerd start
/etc/init.d/httpd start
chkconfig httpd on

• Change 'disable' to 'no' in /etc/xinetd.d/tftp

disable                 = yes

Cobbler/DHCPd/bind configuration

• Change listening interface for dhcpd in /etc/sysconfig/dhcpd:

DHCPDARGS=eth0;

• Modify file /etc/cobbler/dhcp.template according your needs:

subnet 192.168.0.0 netmask 255.255.255.0 {
     option routers             10.226.23.1;
     option domain-name         "my.domain.cz";
     option domain-name-servers 192.168.0.129;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.0.200 192.168.0.254;
     filename                   "/pxelinux.0";
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
}

• Modify /etc/cobbler/named.template like:

options {
...
#          listen-on port 53 { 127.0.0.1; };
...
#          allow-query     { localhost; };
           forwarders { 10.226.32.44; };
...
};

cobbler sync
service xinetd restart
chkconfig dhcpd on
chkconfig named on

Now you should run

cobbler check

and see something like that:

$ cobbler check
No setup problems found
Manual review and editing of /var/lib/cobbler/settings is recommended to tailor cobbler to your particular configuration.

Cobbler repository+ installation

cobbler import --name=RHEL4.6-x86_64-AS --mirror=/media/cdrom/
cobbler repo add --mirror=/var/tmp/cobbler-4.6/ --name=my-repo
cobbler reposync
cobbler image add --name=Memtest86+-1.26 --file=/tftpboot/memtest86+-1.26 --image-type=direct
cobbler profile copy --name=RHEL4.6-AS-x86_64 --newname=NGP_RHEL4.6-AS-x86_64
cobbler profile copy --name=rescue-RHEL4.6-AS-x86_64 --newname=NGP_rescue-RHEL4.6-AS-x86_64
cobbler profile edit --name=NGP_RHEL4.6-AS-x86_64 --repos="my-repo"
cobbler profile edit --name=NGP_rescue-RHEL4.6-AS-x86_64 --repos="my-repo"
cobbler sync

• Edit /etc/yum.repos.d/RHEL-4.6-Media.repo and change one line like:

baseurl=file:///var/www/cobbler/ks_mirror/RHEL4.6-x86_64-AS/RedHat

• Then run:

yum clean all

PXE configuration

• Make this the first line of /etc/cobbler/pxe/pxedefault.template,pxeprofile.template,pxesystem.template to enable serial connection:

SERIAL 0 115200

Cobbler WebUI

• Set root password for web access:

htdigest /etc/cobbler/users.digest "Cobbler" root

• Change line in /etc/cobbler/modules.conf:

module = authn_configfile

service cobblerd restart
service httpd restart

Cobbler host specification

cobbler system add --comment="c3virt01ce01 machine" --name=c3virt01ce01 --hostname=c3virt01ce01 --netboot-enabled=1 --profile=NGP_RHEL4.6-AS-x86_64 --name-servers=192.168.0.129 --static=0 --kickstart=/var/lib/cobbler/kickstarts/legacy.ks
cobbler system edit --name c3virt01ce01 --interface=eth0 --mac=00:0c:29:68:78:96 --ip=192.168.0.10 --netmask=255.255.255.0  --static=1 --dns-name=c3virt01ce01.my.domain.cz
cobbler system edit --name c3virt01ce01 --interface=eth1 --mac=00:0c:29:68:78:b4 --ip=192.168.1.10 --netmask=255.255.255.0 --static=1
cobbler system edit --name c3virt01ce01 --interface=eth2 --mac=00:0c:29:68:78:aa --ip=192.168.2.10 --netmask=255.255.255.0 --static=1
cobbler system edit --name c3virt01ce01 --interface=eth3 --mac=00:0c:29:68:78:be --static=0

cobbler sync

Hope it will be possible to use PXE boot to install machines.

Trim margins from PDF document

It's happened to me one time, that I want to trim margins from PDF document.

It was a Czech manual for Panasonic G1 camera. You can see huge margins there, because it was officially written for A5 paper and they create manual for A4 paper size.

See the picture:

One page from Czech Panasonic DMC-G1 manual

I used pdfcrop script from Heiko Oberdiek, which can easily trim margins.

pdfcrop.pl --margins 10 panasonic_g1.pdf panasonic_g1-2.pdf

Here is the result:

Trimmed page from Czech Panasonic DMC-G1 manual

I hope this can be useful for somebody who needs this...
KDE pdf viewer Okular, has the function "Trim Margins", which works very well, but you can not save the PDF...