Category Archives: Useful Items That I Forget

svn to git without history

#assumes existence of gituser which has to be added manually.
mkdir /opt/git/newrepo.git
cd /opt/git/newrepo.git
git --bare init
cd /opt/git
chown -R gituser.gituser newrepo.git
cd ~
mkdir svnrepo-export
cd svnrepo-export
svn export <path-to-svn-repo>
git init
git add .
git commit -m "initial commit"
git remote add origin gituser@localhost:/opt/git/newrepo.git
git push origin master
<move old real svn repo out of the way>
git clone gituser@localhost:/opt/git/newrepo.git <directory>

Windows Password Expiration

When writing books I typically find myself needing to use Windows servers in various forms.  However, I don’t need the password to expire.  I always forget how to disable that, erm, feature.  So here it is.  Nothing groundbreaking here, just me writing it down so I can find it later.

For local password expiration:

gpedit.msc

Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy | Maximum Password Age

For domain password expiration:

Group Policy tab is missing in Active Directory Users and Computers (ADUC) so I went about it like this (there’s probably a different way):

Open “Group Policy Management” from the Tools menu in Windows Server 2012.

Click on Default Domain Policy within the domain that you’re working on.  Ignore the warning, if it comes up.  Click on the Settings tab.  Drill down through Policies -> Windows Settings -> Security Settings -> Account Policies/Password Policy.  Right-click Maximum password age.  This will open Group Policy Management Editor.

Within Group Policy Management Editor:  Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy.

Whew.

Possibly run gpupdate /force on clients.

Watch out that this doesn’t apply for domains:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;269236

Windows Activation Problems

I do a fair amount of writing involving Microsoft products.  As such I’m constantly re-installing Windows into virtual machines.  One of the items that catches me off guard is Windows activation with multi-activation keys (MAK) from Technet.  Here’s my friendly reminder on what needs to be done in order to activate when Windows indicates there’s an activation problem:

slmgr.vbs /ipk <WINDOWS KEY HERE>

Windows activation will work after that command completes successfully.

Unable to activate Windows Tailored application error

Attempting to build a simple JavaScript application using Visual Studio 11 on the Windows 8 Developer Preview today and received the fun error “Unable to activate Windows Tailored application”.  I’m running the software using Virtualbox (4.1.8).  Turns out that my screen resolution wasn’t high enough in the virtual machine.  It needs to be at least 1024×768 and I had left it at the Virtualbox default of 800×600.  Changing the screen resolution and then attempting to run the program again succeeded.

When to Retire an Old Bookmark

I have an app that I use to manage my web bookmarks.  The app enables me to categorize bookmarks and use them cross-device, from anywhere (it’s hosted).  I’ve been using the application for several years and each time I click one of the bookmarks, that click gets recorded into a database.  As time goes by, the most popular bookmarks in each category rise to the top as they are used more and more.

However, this means that less popular bookmarks sink to the bottom.  In looking at the 76 bookmarks (only 76, seems like more) that I have in the list (and are active), there are some that I haven’t used in a year and one that I haven’t used in nearly two years.  So the question becomes when should I delete the bookmark or inactivate an unused bookmark?  I’m thinking that bookmark to a weather site that hasn’t been used since July 25, 2009 is a candidate to be inactivated.

For my own reference (filing this under “Useful Items that I Forget”) here’s the query that I ran:

select b.title,from_unixtime(max(p.dateclicked)) from p_bookmarks b, p_clickstats p where p.bmrkid = b.id and b.active = ‘1’ group by b.id order by from_unixtime(max(p.dateclicked)) desc;

Disable Time Sync with Virtualbox

Virtualbox (or its Guest Additions) have this annoying habit of automatically keeping the clock in sync with the host, regardless of the settings that one tries to implement within the guest itself.  For example, in a Windows 7 guest that I’m trying to use for consistent screenshots I need to set the clock to specific dates.  However, as soon as I set it, Virtualbox changes it back.

Here’s how to change it:

vboxmanage setextradata “<vmname>” “VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled” “1”

Useful Fetchmail Stuff

For the longest time (years, greater than 10) I’ve been using fetchmail to retrieve mail from my mail server.  I do so over SSL and use a self-signed certificate for simple cost reasons.  This historically created several errors in the fetchmail output regarding self-signed certificate validation:

fetchmail: Server certificate verification error: self signed certificate

Add to that the normal ‘no mail’ output from fetchmail and a regular cron job to retrieve mail and you had the recipe for constant output from cron while it was retrieving mail.  So, I had been redirecting the output from the cron job along with STDERR to /dev/null for years.  During that time the certificate expired, the hostname changes, and a whole bunch of other changes:

/usr/bin/fetchmail >/dev/null 2>&1

Long story short (ok, too late for that) I finally decided to clean that all up, as part of the migration to cloud-based services.  Here are my notes from said adventure.  Nothing special at all, much of it gleaned from various posts and searches on the internets.

First I made a shiny new self-signed certificate for my new server:

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/my-server-x509-cert.pem -keyout /etc/ssl/private/my-server-key.pem

Yes, I know, I just created a 10-year cert.  I hate 1 year expirations.

Add that cert to /etc/dovecot/dovecot.conf and restart dovecot.

Now get a fingerprint of the cert for fetchmail:

openssl x509 -in my-server.org-x509-cert.pem -noout -md5 -fingerprint

And add said fingerprint to .fetchmailrc, below all the bits about the server and everything but before the next server’s stanza:

sslfingerprint “BB:46:3B:B8:44:DC:82:45:98:2E:D9:94:D5:EE:80:B7”

And finally, the piece do resistance, the new cron job to suppress the “no mail” message.

/usr/bin/fetchmail -s || [ $? -eq 1 ]

 

Pièce de résistancePièce de résistance

Migrating to the Cloud

Steadfast.net, the company from whom I’ve had excellent VPS service for years, recently announced the release of a Cloud Platform.  The Cloud Platform offering from Steadfast supports Debian Linux, just like the VPS that I’ve had, and it appears as though the cloud offering enables a more appropriate allocation of resources.  For example, I need more RAM but less disk but the VPS plan I was on had 60GB disk, of which only about 5GB was used.  All things considered I should be able to save some money by switching to Steadfast’s Cloud Platform.

I decided to migrate and herein are the notes from my migration.  All told it took about 3 to 4 hours over an evening to switch from a Debian 5-based VPS to a Debian 6 VPS running the same services.

Most of these are just rambling notes in case I need to migrate again in the future.

After ssh’ing in, I ran:

apt-get update

and then apt-get -u upgrade

The problem is that the updater wanted to update the kernel image to the same kernel that I was on.  This failed.  So I decided to pin the kernel so that it wouldn’t get updated.

Pin kernel:

echo “<kernel image> hold” | dpkg –set-selections

Now running apt-get -u upgrade just indicates that there are 2 packages that have been kept back.

I needed to install several software packages to provide the same services as before.  This is not a comprehensive list because Debian’s dependency checker is so robust.  These are the packages as I typed them and let the dependency checker do the rest:

less mutt vim postfix postfix-policyd amavisd-new mysql-server php5-mysql php5-gd php5-imap php5 apache2 libapache2-mod-perl2 vsftpd libhtml-mason-perl spamassassin dnsutils postfix-mysql procmail dovecot-imapd ntpdate vim whois libxml-rss-perl libdate-manip-perl monit rsync screen subversion

With those basics out of the way, I enabled the firewall.  As someone who revised and wrote part of a book on Linux Firewalls, I have a custom script for iptables so I ported that to the new server and started it up.

Next, time to install Apache.  Gotta enable SSL:

a2enmod ssl

Copy certificatess from /etc/ssl/certs and keys from /etc/ssl/private on the old server too, and move those to new server.

Stop MySQL on source server and tar it up:

/etc/init.d/mysql stop ; cd /var/lib ; tar -zcvpf sourcemysql.tgz mysql

Stop MySQL on destination:

/etc/init.d/mysql stop ; cd /var/lib

Copy over password for MySQL debian-sys-maint from source, it’s in /etc/mysql/debian.cnf

May need to run mysql_upgrade.  MySQL was crabby with “cannot process because system event table…” something or other.  By the time I found a solution to run mysql_upgrade, MySQL indicated that it had already run it.  Not sure what’s up there but it appears to be working now and I don’t have time (or really care) to investigate further right now.

Edit Apache vhost configs to change IPs to the new server.  Also, don’t forget to symlink from sites-available to sites-enabled!

Needed to add the apache logging line to /etc/apache2/apache2.conf:

LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %T %v” full

Needed to edit /etc/apache2/ports.conf to add NameVirtualHosts for each IP and port, including 443.

Restart Apache.

I had and have relatively low TTLs on many popular A records on the DNS for my primary domains.  Therefore, I switched the A record over once I verified that things were working.

Now that the web server is running, time to work on mail.  I use Postfix+Amavisd-new+Spamassassin+postfix-policyd.

I was unable to get postfix-policyd to start through its init script.  Had to edit its config file /etc/postfix-policyd.conf to change LOG_INFO to LOG_ERR due to a LOG_IFOO error in the logs.  Not sure why, but it still wouldn’t start [[see note about this later]].  Since postfix-policyd wouldn’t start, I commented it out of /etc/postfix/main.cf so that it wouldn’t try to check the policy service for the time being.

mkdir /var/mail/braingia.org and chown it to <user>.mail.  Touch the mailbox in the directory and chmod it 660, owned by <user> and mail group.

Change IP-related settings in /etc/postfix/main.cf and master.cf.  Also, change myhostname (hostname-related variables) in main.cf

Ugh.  Amavis started checking headers must more stringently between versions, so things like the friendly date and from headers being missing were causing messages to be silently discarded.  Changed bad_header to D_PASS instead of D_BOUNCE and got a test message through.

Switched over the MX record around this time.  Now time to get IMAP/SSL working.

Copy dovecot info over.  Had to update dovecot.conf by hand due to larger scale changes in the file between versions.

Move /var/spool/cron/crontabs/<user> as appropriate.  Check the scripts to make sure they run.  Had some perl stuff that needed libraries, as one would expect.

Move stuff from /usr/local/bin/*

Edit crontab  to add ntpdate.

Edit /etc/monit/monitrc as appropriate.

Set timezone:

dpkg-reconfigure tzdata

Rsync’ed home directories and root’s home.

Migrating mailman:

tarred up /var/lib/mailman/data, /var/lib/mailman/lists, /var/lib/mailman/archives.  Made backups as appropriate on the destination.  Edit mm_cfg.py in /etc/mailman (and possibly find one in /var/lib/mailman hierarchy too).  Change and/or add virtualhost related items to change the URLs for the lists.  Ran:

withlist -l -r fix_url trivia

Change to VIM for editing cron, etc:

update-alternatives –config editor

[[Update on policyd]]  For some reason, policyd started working.  I ran the init script and it started.  Weird, but I’ll take it.

Getting nagios to work involved installing nagios-plugins so that remote checks over ssh would work.  Also added accounts as appropriate.

Hope this helps someone, somewhere, someday… or at least helps me.  Now, I do need to get this information extracted in case this server goes down and is the one needing to be migrated!