Geek Projects – Linux, Apache, MySQL, PHP

The GroundWork Monitor is a simple way to deploy Nagios monitoring to networks. It does a great job of monitoring Linux servers, and anything that speaks SNMP.

I recently needed to make some updates to a GroundWork Community Edition VM, and found myself in a situation where the admin user’s dashboard (web browser interface) password had been changed to an unknown value. I was able to SSH into the GroundWork VM though (it’s CentOS Linux based). There’s info floating around the net on how to reset the admin password, but it was written for older versions of GroundWork, so some of the default password, and MySQL schema details have changed.

Here’s what I did to reset the admin user’s password on GroundWork Monitor 6.0 Community Edition:

• SSH into the GroundWork VM. If you haven’t changed the root user’s default password, then it’s going to be “opensource”
• Login to MySQL, and run a query to reset the “admin” user’s password to “admin”. The admin password entered below uses a hash:

/usr/local/groundwork/mysql/bin/mysql -u root monarch
update users set password='21232f297a57a5a743894a0e4a801fc3' where user_name='admin';

I performed BIOS updates on a stack of Soekris net4511s and net4521s today. Here’s a quick-and-dirty howto for anyone who wants to do the same thing from a Linux host running minicom. Note that these instructions should work on any net45xx series Soekris board, including the net4501.

1. Download the BIOS update from Soekris’ Downloads Page. As of the time of this writing, if you’re using anything prior to version 1.20 (my Soekris boards were all running 1.15), you’ll want to start with the update to 1.26a, then consider whether you want to upgrade to the latest BIOS from there. Soekris publishes a changelog of their BIOS updates to their website.
2. Connect your serial port to the Soekris net45xx using a null-modem cable, and use minicom, or your  terminal emulator of choice to establish a connection. Connection settings should be 9600,8,N,1 with hardware and software flow control both turned off.
3. If your Soekris net45xx’s serial console isn’t already configured to work at 9600bps, you can set this by entering Ctrl-P to enter the Monitor, then set the console speed to 9600bps, and reboot:
   > set ConSpeed=9600
> reboot
4. Start up your Soekris box, and enter Ctrl-P when prompted to enter the Monitor. This should bring to you a “>” prompt.
5. Enter the “download” command, and press Enter.
   > download
6. In another terminal, run the following command to initiate an xmodem transfer of the updated Soekris BIOS. Substitute in name of the BIOS file:
   # sx -X b4501x_126a.bin > /dev/ttyS0 < /dev/ttyS0
7. Switch back to your minicom terminal. You should see a “File downloaded succesfully” message. If so, run the following commands to apply the update, and reboot:
   flashupdate
reboot

That’s it! Your Soekris net4501, net4511 or net4521 should now have an updated BIOS.

Here’s how to install and start up an UltraVNC server from within an RDP session. This has been tested with UltraVNC 1.0.8 and a remote desktop session into a Windows XP Professional SP3 installation, but should work in other Windows / UltraVNC combinations as well.

1. RDP into the target system, and install UltraVNC. Be sure to select the checkboxes for registering VNC as a service, and starting up the service at boot time.
2. Set a VNC password for the currently logged in user by starting up the VNC server (Start > All Programs > UltraVNC > UltraVNC Server > Start UltraVNC Service), then entering a password when prompted
3. Open up Regedit (Start > Run > regedit)
4. Copy the HKEY_CURRENT_USER\Software\ORL\WinVNC3\Password entry’s current value
5. Create a new binary value entry located at “HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default\Password”. Paste in the value you copied in the previous step to this new entry’s value
6. Reboot

That’s it! It may be possible to get VNC going without the reboot, but this is the combination that got a working installation going for me.

The centerpiece of my lab is white box ESXi host. It’s been running ESXi 3.5 without issue for about a year now. A lot of my clients also run ESXi, with a few potential 3.5 to 4.0 updates coming down the pipe, so I decided it was time to update the lab to ESXi 4.0. Since I’m using the free version of ESXi in my lab, here’s what I did to perform the upgrade without VirtualCenter:

1. Go to VMware’s ESXi Download Page. You’ll need to log in with your existing account, or create a new one to continue
2. Download and install VMware vSphere Client and Host Update Utility on a Windows based system
3. Save the VMware ESXi 4.0 (upgrade ZIP) file
4. Log into your ESXi host using vSphere Client, and shutdown all VMs, then right click on the host, and select Enter Maintenance Mode
   
5. Start up the VMware vSphere Host Update Utility, and follow the wizard. You’ll be asked to select which host to update, browse to the VMware ESXi 4.0 (upgrade ZIP) file that you downloaded earlier, and confirm that you want to proceed. The ESXi host will reboot during the upgrade process.
6. Once the update is complete, log back into your ESXi host using vSphere Client, then right click on the newly updated ESXi host, and select Exit Maintenance Mode

I migrated my web hosting servers from cPanel to Directadmin earlier this year. The transition was smooth for the most part, but one problem was that users with blank crontabs with cPanel had corrupted crontabs post-migration. They could ssh in, and issue crontab -e, but any attempts to manipulate the crontab via Directadmin’s web interface resulted in the following error:

Error Parsing Cron File

The fix for this problem is to clear out all the lines in /usr/local/directadmin/data/users/username/crontab.conf.

If you attempt to create a new MediaWiki account with its user name set to the same as the email address, you’ll be greeted by a cryptic “You have not specified a valid user name” error message. The reason for this is that MediaWiki forbids the @ sign in user names by default. Fortunately, the fix is easy, but took some Googling to find buried in MediaWiki’s 1.15 Release Notes.

To fix this, open your MediaWiki’s LocalSettings.php file, and add the following lines:

# enable user names with an @ sign
$wgInvalidUsernameCharacters = "";

Note that having an @ sign within a MediaWiki account’s user name can cause issues with InterWiki User Rights, but this shouldn’t be an issue for most MediaWiki installs.

About half of the LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack websites that I develop or sysadmin for use the Joomla CMS. I like Joomla because it has a number of excellent extensions, including Mosets Tree – my favorite web directory software. A problem that I ran into recently while installing their latest 2.1 release was that by default, the root directory’s page is given  a page title of “Directory” with no way to be updated within Joomla. Here’s how I updated the title to something more search engine optimization friendly.

1. Open up the language/en-GB/en-GB.com_mtree.ini file with your favorite text editor.
2. Update the following line with your title of choice:

ROOT=Directory

VMware Server is a handy app to run in places where server virtualization is needed, but you can’t justify the expense or effort required to setup a VMware ESXi or Xen host. One of the reoccurring problems that I run into, even on lightly loaded servers is when trying to log into the VMware Infrastructure Web Access interface, the browser gets stuck at “Loading…”, and never brings up the login form. I’ve observed this on Firefox in Linux, Mac OS X and Windows; as well as within Internet Explorer.

It turns out that the fix for this doesn’t involve the browser at all, but rather a VMware Server settings. Some Googling turned up this thread in VMware Communities, which spells out the following fix:

1. Edit /etc/vmware/webAccess/proxy.properties
2. Change the following line:proxy.noCache = false…to:

   proxy.noCache = true

3. Restart the vmware-mgmt service:
   /etc/init.d/vmware-mgmt restart

That’s it! You may need to refresh your browser one more time after this, but after completing these steps, you should now be prompted to login to VMware Infrastructure Web Access.

The ACM, or the Association of Computing Machinery describes itself as “the world’s largest educational and scientific computing society”. Until recently, I assumed that since I was out of academia, and focused more on things that sysadmins do, like developing, and implementing real-world solutions than the stuff of research papers, the ACM didn’t have much to offer me.

A contributor to this bias was the fact that I joined the ACM a few years ago while I was in college. I was working with a couple professors on a project that involved using Linux virtualization to teach networking concepts. Anyway, the reason I joined the ACM was that I was asked to give a presentation at an academic computing conference. As I recall, the two requirements for being a presenter were having a .edu email address (check), and ACM membership. I quickly signed up, and failed to investigate what benefits ACM membership would bring.

Fast forward to today. I spend a lot of time reading to keep up on current technologies, and while I am able to do most of this online, I still spend a lot of money each year buying books. A significant portion of these are published by O’Reilly, which writes a lot of excellent Linux, Unix, and development books. Cisco Press’ books make up another significant portion of my collection. Most of the networking products that I work with run either Linux or one of the BSDs, but I’m yet to find a publisher that consistently covers such a wide range of networking topics as well as Cisco Press does.

Many of these O’Reilly and Cisco Press books are available online through Safari. I was once a subscriber, and was happy with their service overall, but at $23/month, membership dues added up. This is where ACM membership comes in. For $99/year, they offer a number of benefits, including the one that I was most interested in – access to a large portion (600) of Safari’s collection of books. Restarting my ACM membership seemed like a no-brainer, given that I was about to spend $60 on one of the Cisco Press titles included in the collection.

I just joined, and taking a look at what else the ACM offers members, like what I see:

• Access to 500 of Books24x7′s books. Looking over the list, I can see that this would be especially useful to those who are more involved in the Microsft and/or management side of things than I am. Actually, there are a few Sybex books on that list that look interesting. I’ve been meaning to brush up on my Java and Oracle, and also see a number of books covering those topics. The Linux books on the list include:
  • Ubuntu Linux Bible
  • Professional Linux 10 Programming
  • Setting up LAMP; Getting Linux, Apache, MySQL, and PHP Working Together
  • Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
• All 184 issues of the Linux Journal. If you’re not familiar with this magazine, it’s an excellent resource covering all things Linux.
• Element K courses and simulators. I haven’t used these before, but see a course listed for Cisco’s BCMSN exam, which I’m scheduled to take in a few weeks. I’ll check it out.

I feel like I’ve just scratched the service. Even if I don’t find anything else in the membership benefits worth using, $99/year for access to this collection of information is a bargain for a sysadmin who’s serious about learning.

Just a quick note on the command to use to start up a RHEL / CentOS 5.x install from the serial console. This can come in handy if you’re using a modem and serial port for out of band management, and the need to conduct a remote reinstall arises. These settings start up a console on ttys0 (Serial Port 1) with the standard 9600/8-N-1 settings.

linux console=ttyS0,9600n8