Ubuntu-server insight - custom configurations

This is first in the series of posts I'll be doing in next couple of weeks regarding Ubuntu server. With these posts I would like to show you little and, maybe, unknown details which could make your life easier as an Ubuntu system administrator or, if you aren't Ubuntu system administrator, jealous. These posts aren't for new users which don't know how to start with Ubuntu, but for experienced system administrators of other Linux distributions or UNIX operating systems. New users should checkout great server guide - https://help.ubuntu.com/8.04/serverguide/C/index.html.

Most of these posts, if not all, can be applied to Debian and other Debian based distributions, but it's primary target is Ubuntu server platform. So, let's start with a first one.

After installation of services, some customization of configuration is almost always needed. While directly editing /etc/apache2/apache2.conf does work and brings needed results, it can also create problems during update/upgrade of the apache2 package. This is because sometimes default configuration is changed between versions and you end up with diff between new default config and customized config. That's why we have famous '.d' directories:

/etc# find . -name conf.d
./php5/conf.d
./php5/apache2/conf.d
./initramfs-tools/conf.d
./mysql/conf.d
./apache2/conf.d
./fonts/conf.d
...

In our example, putting custom configuration into the /etc/apache2/conf.d directory results in painless upgrade and fully operational apache after upgrade. Apache2 is also special because of /etc/apache2/sites-enabled|available and /etc/apache2/mods-enabled|available. These directories enable us to create custom web pages in /etc/apache2/sites-available and list all available modules in /etc/apache2/mods-available directory. With a2ensite and a2dissite commands one can easily enable or disable website in Apache2. With a2enmod and a2dismod enable or disable apache modules.

All custom configuration done in conf.d directory overrides settings in the default configuration. Unfortunately, some services can't be handled like this. One very common example is CUPS. This is because CUPS has a web interface which can change configuration and that web interface isn't aware of multiple configuration files. In these case, we are on our own :/.

conf.d directories can contain some default configuration, too. Best example is amavisd-new, which has all of its configuration in /etc/amavis/conf.d. In those cases create a new file and put your configuration in it. In case of amavisd-new, make sure that custom configuration is loaded as a last configuration file. So, if last default configuration file is 50-user, create custom file named 60-my_custom_configuration.

If you follow this rules for configuration, your upgrades from one Ubuntu version to other, with all services up and running after upgrade, will be easy and without any questions.

A serious bug

Note to all system administrators. There is one serious bug that leads to data loss, file corruption and your boss yelling at you. It's name is MacOSX and in it's latest version it just corrupts files on servers. It is confirmed that combination of MacOSX and, platform's flagship product, Adobe Photoshop causes file corruption on any kind of servers; Windows, MacOS, Linux... Be ware, there might be other combinations, too.

http://www.adobeforums.com/webx/.59b56503?14
http://www.macfixit.com/article.php?story=20080602114743963

So, just so you know if someone starts reporting problems... Lesson learned; do backups.

What do you have open?

A bit different approach to popular 'What do you have open?':

• RedHat Cluster Suite
• Mysql master-master replication
• Postfix
• Dovecot
• Apache
• VIP
• memcached
• drbd8

Of course, all for free and all on Ubuntu 8.04 LTS, server edition.

First Fosscamp-UDS post

Waitress: What would you like for a desert?
Howard: Ice cream.
Nick: Nothing, thanks.
Ante: Ice cream, too.
Nicolas: Pancakes, please.
Adam: A beer. Črne pivo.

Ubuntu 8.04 and DELL PowerEdge 1650

Do not just upgrade to Hardy! A bug in PowerEdge's firmware could bite you.

Before you upgrade your Ubuntu 6.06 to 8.04, take a moment or two and check all devices firmware on your PowerEdge. If yours Perc (PowerEdge Adaptec based RAID controller) 3/Di didn't get firmware update for couple of years, go to the Dell support page and download update. Unfortunatly, you'll need Windows machine with a diskette unit and two diskettes. Update of PERC firmware is needed for getting anything out of your new Ubuntu 8.04. This is also true for all other distributions with newer kernels.

More details:

http://bugzilla.kernel.org/show_bug.cgi?id=9133

Upgrading to 8.04

In last 3-4 days I've upgraded 10 servers (i386 and amd64) and couple of desktops from 6.06 and/or 7.10 to 8.04, something that makes system administrators sweat :). These were upgrades of not so important machines, but whole procedure was a test case for upgrades of important machines.

I taught there'll be plenty to write about, but all upgrades went without big or even medium sized problems. Biggest problem was waiting for all packages to configure :) For desktop upgrades, I've used 'update-manager -d', and for server upgrades all upgrading was done by do-release-upgrade program (from update-manager-core package). So, what could you expect during upgrade?

If you had NFS exports configured as:

/path 192.168.0.*(ro)

after upgrade, your clients won't be able to connect. I'm still not sure if that was correct way of specifying allowed clients, but it worked in 6.06. FWIW, now this works:

/path 192.168.0.0/255.255.255.0(ro)

That's it. That's the only thing that I had to fix after upgrades. Services upgraded on machines include: dovecot, postfix, nfs-kernel-server, samba, netatalk, chillispot, dhcp3-server, apache, squid, mdadm, hylafax, freeradius, rp-pppoe, fetchmail, sshd, no-ip, vsftpd, cupsd, openvpn, pptpd, mysql-server, ntop, ntpd...

Most of the custom scripts and oracle database 9.2 worked without any intervention. Very few scripts and configuration required adjustments.

If you have custom compiled applications (including PHP or Apache modules), don't forget to compile them again.

Before this week comes to an end, I'm planing to do a test upgrade of servers running redhat-cluster-suite (right, on Ubuntu!) and couple of mysql replications.

One can't say more than 'Great job everybody! Ubuntu server upgrade is easier than an upgrade of a Nokia mobile phone software :)'

[bez naslova]

I tako je zavrsilo europsko rukometno prvenstvo. S njegovim zavrsetkom pocele su neke neshvatljive price...

Ponedjeljak ujutro, sjedim u kaficu i slusam dvojicu za susjednim stolom kako komentiraju europsko prvenstvo u rukometu. Dva 'lika', svaki sa cigaretom, u 9h u kaficu. Ocito je da nisu nikakve relevantne figure u gospodarstvu, a ni u sportu. A s obzirom da su u kaficu u radno vrijeme, ili su nezaposleni, ili su dangubici ili vode firmu (ne bih se dao kladiti) koja ce upravo propasti.

Njih dva su se slozili kako je Igor Vori, proglasen najboljim igracem prvenstva na svojoj poziciji, u biti, najgori igrac. Takodjer su se slozili kako je Lino katastrofalan trener i da bi ga trebalo smijeniti. I kako su ih nasi igraci razocarali jer nisu prvi u Europi. Zamislite, samo su drugi.

Bacim oko na Index.hr, a kad tamo samo nastavak ovog razmisljanja. U biti, upitno je je li index.hr (i slicni portali/dnevnici) nastavak ili uzrok ovom nacinu razmisljanja. Oni su se takodjer nasli prozvanima ukazivati na, maltene, neuspjeh reprezentacije i katastrofalno vodjenje od strane izbornika. Molio bih odmah da se oni koji ne poznaju pojam 'selektivno novinarstvo' suzdrze od komentiranja.

Meni, kao bivsem sportasu, uvredljivo je bilo slusati ovu dvojicu ili citati clanke na index.hr-u. Zalosno je sto se danas svatko osjeca prozvanim nesto reci o nekoj temi, iako o njoj ne znaju apsolutno nista. Pa ti nasi decki, skupa s izbornikom, dali su sve od sebe, izgorili su. Dosli su na to prvenstvo izranjavani, a vratili se s njega svi pretuceni. Drugi su u Europi, sto prakticki znaci i drugi u svijetu. Drugi!

S tim istim izbornikom osvojili su i svjetsko i olimpijsko zlato. *Konstanta* su i cijelo vrijeme su u svjetskom vrhu. Nitko tako rukometom nije dominirao kao sto Hrvatska dominira zadnjih 4-5 godina.

S obzirom da ne poznajem rukomet tako dobro (iako sam ga igrao neko vrijeme, a nekoliko clanova moje obitelji se aktivno bavi njime i pratim utakmice), necu ulaziti u to je li nasa reprezentacija dobro ili lose postavila obranu/napad. Cinjenica je da, sto god su napravili, ostvarili su fantastican rezultat. Rezultat kakav nitko od gore spomenutog dvojca i web portala, nije ostvario.

Isto tako necu ulaziti u to je li Lino genijalac ili budala, jer ga ne poznajem i ne znam kako radi. Sve sto znam jest da covjek iza sebe ostavlja rezultate.

U sportu postoji nesto sto se ne moze napisati na papir, nesto sto se ne moze takticki dogovoriti, nesto sto igracima moze usaditi samo trener. Pogledaju li se svi znacajniji nacionalni (ali i osobni) rezultati hrvatskih sportasa, moze se uociti jedan znacajan detalj, upravo onaj koji samo taj trener moze dodati - ljubav prema svojoj zemlji. Svi, od Blazevica i Kostelica do Vlasica i Cervara, svi su imali tu crtu. Dovoljno je samo pogledati igre nasih reprezentativaca u klubovima i u reprezentaciji. Kada volis svoju zemlju i kada igras za nju, ne postoje fizicke granice i sve si spreman podnjeti.

Naravno, nekad das 150%, ali naletis na nekog boljeg. Tako su nasi rukometasi naletili na Hvidta i Dance. Svaka cast Dancima, zasluzeno su pobijedili, ali kako su nasi decki ginuli na tereneu, zeleci dokazati da su bolji, za to nema rijeci. A zasluge za takav stav prema igri ima samo jedan covjek - Lino Cervar.