Wednesday, February 25, 2009

Creating a self-signed SSL certificate for apache

Now that the apache2-ssl-certificate utility has disappeared, it takes a few more steps. This gives you an unencrypted server key (so you don't have to enter a password on restart), make the permissions 400:
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -x509 -key server.key -out server.crt -days 1095

If you did create an encrypted key, you can remove the password with:

openssl rsa -in server.key -out server.key.nopass

Then you want the following in your site config:
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLEngine On

And tell it to listen on the right ports in /etc/apache2/ports.conf:
Listen 80
Listen 443

Recommended packages now installed by default

Having recommended packages installed by default in ubuntu intrepid took me by surprise. This meant when I installed darcs, I also got the full exim4 mta. Worse, when I uninstalled exim4, it didn't stop the server listener, remove the init script, or remove it from the runlevels. Poor effort!

Sunday, February 22, 2009

Set up a darcs repository for write by a group of users

Create a group, add everyone to the group then set permissions and sticky on the group:

sudo find /code -type d -exec chmod 770 {} \;
sudo find /code -type f -exec chmod 660 {} \;
sudo find /code -type d -exec chmod g+s {} \;

Building JEOS Ubuntu machines for libvirt/KVM

The ubuntu server doco has a pretty good howto.

To keep a record of your config and replicate it across multiple VMs you'll want to use a config file. Then use this command:
sudo vmbuilder kvm ubuntu --domain=hostname \
--dest=/path/to/hostname-intrepid-amd64 \
-c thisconfig.cfg
Or if it's a one-off here's a version with most options on the commandline (you'll want to be changing that password soon):
sudo vmbuilder kvm ubuntu --dest=/data/kvm/temp-ubuntu-amd64 --bridge=br0 \
--mem=2048 -suite precise --flavour virtual --arch amd64 -o --libvirt qemu:///system \
--hostname temp-ubuntu-amd64 --part /usr/local/vms/templates/vmbuilder.partition \
--user user --name user --pass password
To edit a virtual machine's attributes you can just edit the xml under /etc/libvirt/ and then restart libvirt but the supported way is better because it tells you about any errors:
$ virsh dumpxml foo > /tmp/foo.xml
(edit /tmp/foo.xml as needed)
$ virsh define /tmp/foo.xml
The networking configuration is hereSomehow I ended up with VMs using the same port numbers for their display, giving this error:
bind() failed
It took me a while to track this down (BTW: virt-manager logs to ~/.virt-manager and the kvm server logs into /var/log/libvirt). Just had to change the port numbers with dump/define above in the machine config and all was well.

To connect to the console, use VNC to localhost, or you can install virt-viewer, which basically does the same:
sudo apt-get install virt-viewer
sudo virt-viewer my_vm_name

Sunday, February 8, 2009

List hardware on a linux box

This is a nice little command to list all the hardware details of your linux box: lshw.