Category Archive for ‘Linux’ at elwoodicious

Archive for the 'Linux' Category

Linux is ready for the desktop or ZaReason is mother-in-law approved.

Published by james on April 28, 2008 in Linux. 6 Comments

I’m sort of tired of the question whether or not Linux is ready for the desktop or if it is grandma suitable. Maybe it is because Management and I have been using it with no exceptions for the last 4 years that I am a bit touchy on the subject but the question is silly and the often the responses more so. Think of it, would you ask if OSX is ready for the home user? Is Microsoft ready for the enterprise? No, you likely wouldn’t unless you are being snarky.

Case and point. My mother-in-law wanted a laptop for her birthday. She is running Windows XP on an aging HP desktop and wanted an OS that is secure and easy to use as well as a laptop that is well made and affordable. My recommendation? Go with ZaReason (she got a LightLapSR and now, after playing with it, Management wants one for herself).

Yes, I know I keep beating the drum for this builder but they build a great machine and have an excellent support team but more importantly, their machines “just work” and with all the peripherals she has collected over the years. From printers, scanners, to cameras, and iPods she is not left out in the dark with any of those devices. She was able to flip open the laptop, register herself as a user, sign onto her network, and check her mail in less time than it takes to make a cup of tea.

My mother-in-law is not a technocrat. It has taken her years to get comfortable with her XP machine but only comfortable in the sense that she has a passing familiarity with the way things are done on it. A couple of minutes after getting set up she found Mahjongg and was busy collecting tiles. She is much like 90% of the users out there. They want to surf the Internet, check their email, watch movies, manage photos and music, and maybe play a couple of hands of solitaire. Linux can do all of that and more.

Bottom line, Linux is ready for the desktop and ZaReason is mother-in-law approved.

Recovering Encrypted MySQL Backups from S3

Published by james on November 1, 2007 in Linux and Programming. 0 Comments

So like I promised here’s the script I banged together to allow easy recovery of your MySQL backup sets on S3. At the moment, it only does the current day so if it is just after midnight, well, you won’t see any backups! I plan on updateing it to allow the user to choose today or yesterday and then build the list from that selection.

#/bin/bash
# This script will list the most recent backups based on a number prompted by the user
# decrypt and expand them into a temp directory.
# set date variables

cd /opt/s3sync

DAYNOW=$(date +%j)
TIMENOW=$(date +%H%M)
# set the environment
export AWS_ACCESS_KEY_ID=XXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXX
export SSL_CERT_DIR=/opt/s3sync/certs

echo -e "How many backups would you like to list? \c"
read count
echo
# Get the list of backups on the server using s3cmd
dbsets=$(ruby s3cmd.rb list YOURDB_db_backups:$DAYNOW | tail -n $count)
ARRAY=($dbsets)
# get number of elements in the array
ELEMENTS=${#ARRAY[@]}

# echo each element in array
# for loop
for (( i=0;i<$ELEMENTS;i++)); do
echo $i - ${ARRAY[${i}]:4}
done

# Prompt user for which backup they want to recover
echo
echo -e "Which backup set would you like to recover? \c"
read numbackup
backup=${ARRAY[$numbackup]:4}
tarset=${backup:0:31}
sqlset=${tarset:0:19}

echo "I am fetching your backup $backup now..."

ruby s3cmd.rb get YOURDB_db_backups/$DAYNOW:$backup /mnt/tmp/recovery/$backup

echo
echo "I'm going to decrypt your backup..."

cd /mnt/tmp/recovery

gpg -d $tarset > $sqlset

echo
echo "Cleaning up after myself..."
rm *.gz*
echo
echo "Your backup can be found here /mnt/tmp/recovery/$sqlset"

Next up is a script that easily allows you to chuck files or directories up onto S3 from your EC2 instance or from your local machine.

EC2, S3, Encrypted MySQL Backups, and You!

Published by james on October 30, 2007 in Linux and Programming. 0 Comments

With great trepidation I write this as my last attempt earlier in the day saw the utter meltdown of this blog…

The topic of what we are doing to secure user data is one that comes up often and it is completely understandable, so this past week I’ve decided to add an extra layer of security into our database backups by encrypting them. It is a fairly simple process that while still being a work in progress works pretty well.

To get things started I generated a key-pair both on the server and imported my personal key so that I can encrypt the backups so I can open them either on the server or on my laptop. Further down the road I’ll be collecting the keys of the development team and importing them so that they can decrypt locally as well.

Now, I’m a bit wet behind the ears when it comes to shell scripting and while I already had a backup script written I wasn’t really happy with how it performed. I’ve made some tweaks to this one that allowed me to drop the nightly “Create Bucket” procedure as well as gathered the backups into a more logical folder/sub-folder layout.

Here’s the backup script…

#! /bin/bash

# Hourly cron job to upload to current bucket
# This is built off what we are currently running

# set date variables
DAYNOW=$(date +%j)
TIMENOW=$(date +%H%M)
# set the environment
export AWS_ACCESS_KEY_ID=XXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXX
export SSL_CERT_DIR=/opt/s3sync/certs

# dump database
mysqldump YOURDB > /mnt/tmp/backup/YOURDB-$DAYNOW-$TIMENOW.sql

# tar SQL dump
cd /mnt/tmp/backup

tar -chf - YOURDB-$DAYNOW-$TIMENOW.sql | gzip - | \
gpg -r [remote-key-holder] -r [local-key-holder] –encrypt \
> YOURDB-$DAYNOW-$TIMENOW.sql.tar.gz.gpg

rm /mnt/tmp/backup/*.sql

# copy tar to S3
cd /opt/s3sync
ruby s3sync.rb -vr –ssl /mnt/tmp/backup/ YOURDB_db_backups:$DAYNOW

#clean up
rm /mnt/tmp/backup/*.gz*

And the fetch script which will download the backup, decrypt it, and untar it. Now, this script I am working on listing the last X number of backups as determined by the user, dumping them into an array, and then prompting the user to choose which one they want. At the moment, the user need to know the number day of the year and the military time sans colon of the backup. But for the moment running the script is as simple as ./get_db_backup.sh 301 1530.

#! /bin/bash

# set the environment
export AWS_ACCESS_KEY_ID=XXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXX
export SSL_CERT_DIR=/opt/s3sync/certs

echo “Fetching your backup now…”

ruby s3cmd.rb get YOURDB_db_backups/$1:YOURDB-$1-$2.sql.tar.gz.gpg \
/mnt/tmp/recovery/YOURDB-$1-$2.sql.tar.gz.gpg

echo “I’m going to decrypt your backup but will need a passcode…”

gpg -d /mnt/tmp/recovery/YOURDB-$1-$2.sql.tar.gz.gpg \
> /mnt/tmp/recovery/YOURDB-$1-$2.sql.tar.gz

echo “Extracting your backup into /mnt/tmp/recovery…”

cd /mnt/tmp/recovery
tar -xf YOURDB-$1-$2.sql.tar.gz

echo “Cleaning up after myself…”
rm *.tar.gz*

echo “Your file is here: /mnt/tmp/recovery/YOURDB-$1-$2.sql”

Lastly, the “Delete Bucket” script which now thankfully works as advertised.

#! /bin/bash

# Daily cron job to delete old bucket
# set the environment
export AWS_ACCESS_KEY_ID=XXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXX
export SSL_CERT_DIR=/opt/s3sync/certs

DAYTHEN=$(date +%j –date=’2 days ago’)
cd /opt/s3sync
ruby s3cmd.rb -v deleteall YOURDB_db_backups:$DAYTHEN

Since all this is a work in progress I’d love to hear how other people are leveraging S3 for their database backups and if there is an easier way to accomplish what I’m attempting.

EC2, MySQL Cluster, and You!

Published by james on August 17, 2007 in Linux. 4 Comments

The past week I’ve been pounding my head bloody going round and round with setting up a MySQL Cluster in EC2. First trying it with Ubuntu, then Fedora 6, and then finally I learned to trust the fine folks at Canonical and believe in that their distro was tight and damn is it ever tight. The beauty of using Ubuntu is that everything you need is installed by default and there is no mucking trying to get the right packages, dependencies, or source. Yes, this is probably not the optimal way of going about this but I need a workable solution and fast and while there are a whole pile of rpms ready to roll the nightmare of getting simple things like perl dependencies satisfied in Fedora were enough to send me screaming out of the cloud.

Anyways, I have a wicked basic cluster running using the following process:

On the Management Node I’m using this config.ini which is sort of cribbed together (/var/lib/mysql-cluster/config.ini)

# Options affecting ndbd processes on all data nodes:
[NDBD DEFAULT]
NoOfReplicas=2    # Number of replicas
DataMemory=256M    # How much memory to allocate for data storage
IndexMemory=256M   # How much memory to allocate for index storage
                  # For DataMemory and IndexMemory, we have used the
                  # default values. Since the "world" database takes up
                  # only about 500KB, this should be more than enough for
                  # this example Cluster setup.

# TCP/IP options:
[TCP DEFAULT]
portnumber=2202   # This the default; however, you can use any
                  # port that is free for all the hosts in cluster
                  # Note: It is recommended beginning with MySQL 5.0 that
                  # you do not specify the portnumber at all and simply allow
                  # the default value to be used instead

# Management process options:
[NDB_MGMD]
hostname=mgmn           # Hostname or IP address of MGM node
datadir=/var/lib/mysql-cluster  # Directory for MGM node log files

# Options for data node "A":
[NDBD]
                                # (one [NDBD] section per data node)
hostname=ndbda           # Hostname or IP address
datadir=/mnt/mysql/data   # Directory for this data node's data files

# Options for data node "B":
[NDBD]
hostname=ndbdb           # Hostname or IP address
datadir=/mnt/mysql/data   # Directory for this data node's data files

# SQL node options:
[MYSQLD]
hostname=sqln           # Hostname or IP address
                                # (additional mysqld connections can be
                                # specified for this node for various
                                # purposes such as running ndb_restore)

Now, in the end I moved this into /mnt (cp -ar /var/lib/mysql-cluster) so that I didn’t have the threat of running out of disk space on the primary partition.

On the SQL Node in mysql.cnf (/etc/mysql/my.cnf) I have nothing more than this:

# Options for mysqld process:
[MYSQLD]
ndbcluster                      # run NDB storage engine
ndb-connectstring=mgmn  # location of management server
log=/var/lib/mysql/mysql.log

I am experimenting with adding settings back in but I’m not too sure if they belong in the config.ini on the management node or in here. My gut tell me management node. Anyhow, with this I copied the contents of /var/lib/mysql into /mnt (cp -ar again) and renamed the old directory and created a symbolic link pointing to the new location. Kludgey, yes, but I am still learning my way around MySQL and its various settings. Likely, I will figure which config file gets the data directory settings and I’ll make the appropriate changes. And yes, you read that right I do have logging turned on because I am the kind of guy who needs to know.

On the Data Node in my.cnf (/etc/mysql/my.cnf) this plain vanilla setup:

# Options for ndbd process:
[MYSQL_CLUSTER]
ndb-connectstring=mgmn  # location of management server

Now to tie all this boxes together I ended up using a host file, recommended by Paul Moen and my boss and with an endorsement like that I just had to run with it! On all of the nodes in /etc/hosts I dropped the internal IP addresses of each box in the cloud (nslookup domU-12-34-56-78-9A-B1.z-2.compute-1.internal):

# Mysql Cluster data node
10.1.2.3	ndbda
10.4.5.6	ndbdb
# Mysql Cluster mgm node
10.7.8.9	mgmn
# MySQL Cluster sql node
10.10.11.12	sqln

Starting everything up begins with the management cluster:

ndb_mgmd -f /mnt/mysql-cluster/config.ini

Then the data nodes:

ndbd --initial

Note, you only need to do the inital part if it is the first time the node is coming up if you are restarting a cluster you can skip it.

Lastly, the SQL node:

/etc/init.d/mysql start

On the management node you can issue a SHOW to figure out if your bacon is frying:

root@mgmn:~# ndb_mgm -e show
Connected to Management Server at: localhost:1186
Cluster Configuration
---------------------
[ndbd(NDB)]     2 node(s)
id=2    @10.1.2.3  (Version: 5.0.38, Nodegroup: 0, Master)
id=3    @10.4.5.6  (Version: 5.0.38, Nodegroup: 0)

[ndb_mgmd(MGM)] 1 node(s)
id=1    @10.7.8.9  (Version: 5.0.38)

[mysqld(API)]   1 node(s)
id=4    @10.10.11.12  (Version: 5.0.38)

Now, what about backups? Well, I am in the process of experimenting with issuing ndb_mgm -e “START BACKUP” on the cluster manager and that will dump a backup to each of the data nodes. Ideally, I would like to issue periodic backups to each individual node in a staggered fashion and have those gziped and sent up to S3. What I need to figure out is if I can issue a backup command for individual nodes like START BACKUP Node_2 or something there abouts. If that is the case I could then grow the data nodes out to the maximum four and take snapshots every 15 minutes which could give us decent coverage if our whole section of the cloud decided to pop.

If you have any questions, criticisms, or gripes feel free to slap me with them as I feel like I am still missing a huge chunk of the picture with all of this.

Bluetooth, Headsets, Ubuntu, and You!

Published by james on August 13, 2007 in Linux. 2 Comments

Tired of having my co-workers laughing at me for not having skype set up (yes, I am still trying to figure out the internal mic) I decided to look into pairing my Samsung WEP170. The solution is pretty quick and dirty.

You’ll need to install several tools, which you can do without I’m not sure but here’s what I have installed so far to pair both my phone and the headset:

bluez-btsco
bluez-pin
bluez-utils
gnome-bluetooth
kdebluetooth
libbluetooth
libbtcl4
libgnomebt0
nautilus-sendto
qobex

For this exercise, though, we’ll be making use of bluez-btsco, bluez-pin, and kdebluetoothd. So after installing the packages modprobe btsco:

$ sudo modprobe snd-bt-sco

Turn on the headset and grab the MAC address:

$ hcitool scan

Copy it and get set up to enter the devices pin number when pairing:

$ passkey-agent –default /usr/bin/bluez-pin

In another terminal type the following with that MAC address you copied:

$ btsco -v BL:UE:TO:OT:HM:AC

Turn on the headset for pairing, in the case of the Samsung it means holding the power down until the light goes solid. If all goes well the passkey-agent should pop looking for the pin of the headset and once that is entered the device should pair and the little KBluetoothD icon should be in your notification area. To use it with Skype I just needed to configure it to use the headset which showed up as a secondary ALSA device with the prefix of BT.

Now, there are two ways to get your headset connected quickly one is to create a little script that issues the btsco command sans the -v and launch it whenever you turn the headset on or you can use the GUI tool found here but that requires you run it as sudo (or gksudo for pure, unadulterated GUI-ness). Other than that this is pretty easy, quick, and dirty.

Gratefully cribbed from this post and that post on Ubuntu forms as well as the discussion at the tool’s website.

Encryption, USB Drive, Ubuntu, Windows, and You!

Published by james on May 24, 2007 in Linux. 7 Comments

The other day I though I had lost my USB drive, a janky Kingston 1GB stick with no keychain holder that is temporarily replacing my burned out JumpDrive Sport. Deep sets of panic waves overtook me for most of the morning as I wracked my brain and retraced my steps trying to remember where I could have left it or dropped it. The reason that I was panicking was that I carry some quasi-sensitive data on there like the household budget and short stories I’m working on. No bank numbers or SSNs, just stuff that I don’t want people seeing.

Well, I did end up finding the drive wedged in the back seat of Management’s car but I learned an important lesson: if you are going to carry important data with you back it up and encrypt it. I already have the backup part down and have been doing it ever since my first USB drive crapped out on me and I lost piles of data but encryption was something I never got around to until now. The challenge is that I use Ubuntu at home (100% Windows free as of 60 days ago!) and by day I play at being a Windows sysadmin so I need a solution that works cross platform.

My first visit was to the TrueCrypt folks and while they make a fine product that for all intents and purposes worked well on my work box but completely borked the drive for my laptop. So I decided to approach the task from the Linux side looking for native solutions that had counterparts in the Windows world and LUKS plus FreeOTFE did the trick with a minimum of fuss.

On the Ubuntu side:

Grab cryptsetup and cryptmount: sudo apt-get install cryptsetup cryptmount
Wipe the disk or make some partitions: sudo cfdisk /dev/sdb [NOTE: check your drive's actual path with dmesg as you don't want to be wiping something like your primary drive]
Create an encrypted partition: sudo luksformat /dev/sdb [NOTE: pick a passphrase that you can remember because if you forget it kiss your data goodbye]

Now, because I’m plain lazy I rebooted to get the modules running that are related to reading the new encrypted volume but after that when I popped my drive in it asked for my passphrase and then mounted it for me to work on it to my heart’s delight.

On the Windows side:

Plug in the USB drive and go to Computer Management >> Disk Management, find the drive, and remove the assigned drive letter, FreeOTFE will assign a free letter to the drive when it mounts it
Get a copy of FreeOTFE
Unzip it into a directory and start it in Portable Mode
File >> Linux Volume >> Mount partition and enter your passphrase
Enjoy!

Pretty straight forward.

Gratefully cribbed from carthik’s post at Ubuntu Blog and from FreeOTFE’s solid documentation.

Those who can make you believe absurdities can make you commit atrocities. —Voltaire