The Linux VM (referred to from here out as Ka) is going to be running my fully configured postfix server (acting as a relay for other machines on my lan), my wiki, my email (I use mutt) and the config files that go along with it, my IRC client and my IM client. This is where I want to keep my always on services. My Windows VM is named Peeves. It’ll be managing my online address book and my FTP server, not much else.

• You may be wondering why my Samba server is running on the physical machine and not this one. It comes down to this; if I store all my media on the VM it becomes much harder to move it to a new machine and get it running if something ugly happens to the physical server. So, if something goes awry, I’ll be without my media for a while but I won’t be without mail and communications.

I performed the same installation/configuration I covered on the physical host with some changes when it came to installing my packages.

apt-get install ssh vim build-essential linux-headers-2.6-686 bzip2 p7zip-full less lsof lshw psmisc w3m lynx nload telnet host dnsutils ftp lftp vnstat file screen irssi unrar cksfv rsync smbfs samba postfix wakeonlan apache2 php5 libapache2-mod-php5 rcs libcgi-session-perl libdigest-sha1-perl libarchive-tar-perl libsasl2-modules mailx mutt procmail fetchmail urlview abook libgpgme11-dev libgpgme11 automake libgnutls-dev libgnutls13 autoconf libncurses5 libncurses5-dev gettext cogito liblzo1 liblzo-dev libcurl3-openssl-dev

• Some of the applications (samba and postfix for example) will require that you provide some setup information. You’ll want to configure them for yourself.
• If you don’t know what these packages are, you can do an apt-cache show <package> on Debian or Ubuntu.
• It’s not obvious why I need all of these packages, many of them are required by Twiki and other applications I plan on compiling/running.

I also installed VMWare tools, I want the host to be able to start and stop the VMs in an orderly fashion and the tools allow that.

Now that everything is installed, I download and install Twiki (this will be the subject of another post). I use it for everything I need to document. That includes records of upgrades/changes to the house, complete and incomplete projects, info on TV shows we watch, side work I’ve done, fishing stuff (knots, laws, etc), gardening tips and schedules, and just about everything else I ever write down. Now that I have a wiki, I can’t imagine NOT having one… End rant on wiki, moving on.

Next I download and compile centerim. They have a list of dependencies and fixes for gotchas on the site. It was simple to do. It was between this and Pidgin, when it comes to console IM, I just prefer the look and feel of centerim.

Now I take a few minutes to configure Samba, I’m only sharing home directories. This makes it easy for me to save attachments from my email and have them quickly available to GUI desktops and Windows machines.

The next step was to configure postfix. I’ll be honest. I’m NOT a pro at ALL. I’ve been able to get postfix to act as a relay server for my LAN (and only my LAN) and to use SSL to authenticate with my ISP’s SMTP server for mail relay. I hand outgoing mail off to my ISP’s server to help prevent mail from me being marked as spam by pretty much every mail server in the world. It works and now that I have it that way, I’m just not touching it. I have a book on postfix that I hope to read (eventually). Maybe I’ll be a little more confident following the read and I can elaborate on this.

With that complete, I move on to building the Windows VM and shutting down my older hardware. This is the best part. I’ve shut down the two machines in the basement (albus & voldemort) and moved cerberus (formerly nix) to the dungeon. I can now keep darktower in standby as it’s no longer acting as a server and all of my documents and pictures live on the Samba server. Come the end of this month I’m going to (attempt to) use the Gparted Live CD to re-partition darktower and install Gutsy Gibbon, converting the machine to a dual boot.

My next step is to develop a backup routine and some scripts to automate it. I’ll be keeping my data on a remote Debian machine that I manage and I’ll be using SSH to transfer my data to it.

During the installation of Debian, you’re asked several questions, for the most part you need to answer them for yourself. The important question, the one that gets you a basic install, is package selection. By default the installer wants to include “Desktop Environment” and “Standard System”, I chose to omit both. This leaves you with just enough to get the machine running (which IMO is a very good thing).

After the installer does all it needs to do, it’ll reboot the machine and leave you at the login prompt. If you’ve never sat in front of a GUI-less machine, then you’re in for a treat. Unplug your mouse, chuck it in the bin and get used to virtual terminals, screen sessions and tired fingers

First things first, I need to get this machine going and I don’t have enough software to do all I need. I log in as root and make a few changes.

Remove the Debian CDROM as a source from /etc/apt/sources.list and Add contrib and non-free to the same file; it should look like:


deb http://ftp.us.debian.org/debian/ etch main contrib non-free
deb-src http://ftp.us.debian.org/debian/ etch main contrib non-free
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free

Then update the Apt cache (apt-get update) and install my applications…

apt-get install ssh vim build-essential linux-headers-2.6-686 bzip2 p7zip-full less lsof lshw psmisc w3m lynx nload telnet host dnsutils ntp ftp lftp vnstat file screen unrar cksfv rsync hellanzb samba smbfs wakeonlan postfix mailx

• Some of the applications (samba and postfix for example) will require that you provide some setup information. You’ll want to configure them for yourself.
• I actually installed hellanzb from Debian testing as it’s a more current version of the app.
• If you don’t know what these packages are, you can do an apt-cache show <package name> on Debian or Ubuntu.

This machine is not only going to host some virtual machines, but it’s going to act as a samba server, a shell server and the machine I use for various Usenet tasks and some other goodies. Given that, and the fact that I like to know what’s going on, I’ll be keeping an eye on my bandwidth usage. To do that, I’ll be using vnstat. Since it’s installed already, I need to create a database for my Ethernet adapter.

vnstat -u -i eth0


After that and some time, I can issue the vnstat [-<flag>] command to get some really handy network traffic statistics.

Because there are so many ways to configure a shell server and a samba server, I’m not going to get into the editing of the conf files. Basically, authentication with the shell server will be done via public/private keys only and I’ll be running it on an alternate port. Samba will be configured as a stand alone server and I will be required to enter a valid user/pass to view the shares.

Once all of those applications are installed and configured, one needs only to download the latest version of VMware Server and install that. I responded with all of the default answers while installing VMWare and was up and running in almost no time.

After a few other tweaks, preventing users from entering /root and other user’s homes, adjusting umask for my account and installing ClamAV from the Debian Volatile repos (to scan samba shares), I’m up and running.

There you have it, the quick setup for the physical server that’s taking over @ the flat. Next I’ll start working up the VMs.

These first 2 guys are the older noisy machines that I need to replace. They have loud fans and louder hard disks. I don’t notice the noise so much since I moved them to the basement, but I *know* they’re down there making noise…

Voldemort:

A Pentium III (Coppermine) 1GHz running on a SuperMicro P3TSSA motherboard. This baby is maxed out with 512MB PC133 SDRAM. This was a great machine 7+ years ago. I had a lot of fun on it. I built it to learn/play with Windows 2000, it had a whopping 256MB of RAM back then and was moderate to high tech when I built it. This isn’t the original mobo, it had an Intel branded board that went kaput some time after I installed XP on it. I’ve loved this machine for MANY years and while it won’t be running 24/7 anymore, it’ll still be there for me to play with. It’s currently running Debian 4.0 and hasn’t had a real role other than for testing for a while. Most recently, it’s been host to a VM or two that I’ve been playing with.

Albus:

A Pentium III (Coppermine) 1GHz running on a Dell GX150 motherboard. This one is maxed with 512 MB as well and used to be my work desktop many years ago. We were able to pick up our machines before they were refreshed for a modest price so I opted to. I don’t have any really fond memories with this machine. It’s always been on and I’ve never once had a problem with it. Not a bad little box. Currently it’s running Debian 4.0 (upgraded from Debian 3.1) and its primary role is a backup server (I’m using an offsite backup server after this whole project is complete) and shell server. it’s the single door into my home network.

This next machine is the physical box replacing both Albus and Voldemort.

Nix/Cerberus:

Credit: Cerberus was given his name by none other than Sarah Conti. Rock on with your mythology Miss Conti!

A Pentium 4, 3.00GHz (Hyperthreading) running on an Intel D945GTP motherboard. It’s currently rocking 2GB of DDR2/667MHz memory. This is a great machine for running a standard desktop. I built it in March 2006 to be my Ubuntu desktop, and I’ve never had a problem with it. Currently it’s name is Nix but will soon become Cerberus. It will be running Debian 4.0, VMware server and will be providing shell access (replacing albus) and will act as a Samba server for my music and whatever else I need to share.

…and without further delay, the virtual machines!

Ka:

Ka is a Debian 4.0 Virtual Machine. His role is to be an always on machine for my wiki, email, IRC & IM clients. He’s already alive and well and I’ve moved those services over to him. For the moment he’s hosted on Voldemort and will be moved to Cerberus once he lives.

Peeves:

Peeves is Windows Server 2003 Enterprise. Yep, I need to be able to virtualize Windows because I have a few apps that I need/want to have on at all times. This includes my FTP server, Handy Address Book server and WhereIsIt which is a cataloging program that just rocks. I decided to go with Windows 2k3 because I had a license for it and didn’t have one for another copy of XP. It’s currently being hosted by Darktower (you’ll meet him below)

Finally, the desktop machine/VM to get me through this whole mess.

Nix2/Darktower:

Nix2 is just an Ubuntu VM so that I can continue to use my Linux apps while converting Nix to Cerberus. Nix2 will be hosted on Darktower. This is a physical machine similar in make-up to Nix (only diff is that it’s a full ATX board, not a Micro and it’s in a taller case). Darktower runs XP at the moment but will eventually be a dual boot with Ubuntu and XP or Vista. I plan on keeping all data off of this machine, it will be nothing but a client as all of my data will be accessible via the servers. It’s final name will remain Darktower. Once I’ve got my data off of Nix2 and onto the new Darktower, Nix2 will get the boot and all will be good in the world.

So to summarize, both Albus and Voldemort die (seems fitting), Cerberus, Ka and Peeves rule the roost and Darktower just hangs out getting poked and prodded when needed. Since I won’t need it to be on at all times anymore (for IRC and what not) it’ll be spending the majority of it’s time in sleep mode.It’ll be nice to eliminate the 2 older machines and keep a third sleeping most of the time. That will leave only 2 always on machines in the house, that’s Cerberus and HTPC (which is a Windows machine running some home theater software).

Once complete, I’ll not only have infrastructure that’s really easy to backup/re-create but I’ll have stopped wasting so much energy.

Next, I’ll start going over what’s involved in setting up the VMs, things from Debian installation options to installed applications.

Here’s the thing. I have a bcm4306 (rev 03) wireless card in this lappy, I have NEVER been able to maintain a wireless connection to my AP for long periods of time using the bcm43xx kernel driver and firmware (either found or extracted by myself). I’ve always had good luck with ndiswrapper and this card, and that’s just how I’ve gotten things going. Until now.

I wanted to leave my Feisty install as slick as possible which means leaving the NetworkManager (NM) integration as is. I figured I would just install ndiswrapper, get my card recognized and then let NM take over. I was just going to stick with ndiswrapper as it had never kicked me before. Well, ndiswrapper decided to kick me. grrr. I found that I only connected to my AP about half of the time and had weak, weak, weak signal when using ndiswrapper. I knew everything was working properly because when I booted to Edgy, things worked as expected.

I tried bringing the interface up and down, changing driver versions, using modprobe to remove/add the ndiswrapper module, all to no avail. I eventually said, ok.. Let’s try something else. I did a little googling and found that others were singing the praises of NM and the kernel driver. I just wanted it to work, so I reversed everything I did to get ndiswrapper working and installed bcm43xx-fwcutter. During the install I was asked if I wanted to download the firmware for the card (I forget how it was worded), I said yes. Less for me to do, and who knows.. Maybe they (the bcm43xx-fwcutter ppl I presume) know better than I about what firmware versions work “best”.

Initially I was unable to associate with my AP (modprobing, wishing, hoping… nothing worked) so I restarted the machine (the tried and true not-fix for everything) and found myself being prompted for my AP’s password (actually it was the password for my Gnome Keyring which feeds NM the pass for my AP). Lordy, lordy!! If I wasn’t connected right up to my AP with proper signal strength, I’ll eat this lappy!

Right now, I’m LOVING Feisty Fawn. She is one helluva sexy young deer who is doing wonders with this notebook.

Firstly, as looks go, Feisty isn’t that different from Edgy. Similar bootsplash and Gnome theme. I’ve been a fan of the bootsplash since I first saw it on Edgy, the text is a little thicker now and has a more pronounced light outline. It looks a little softer too, I’m liking it. I have no real opinion on the Human theme, I never use it long enough to notice when it changes. It’s not that I don’t like it, I just like blues better,

I found that both the Universe and Multiverse repos are enabled by default. They should be, since (IMO) you need them to really get the full range of applications and use of your machine. Still, there are some things worth having that aren’t available in the standard repos and you need to go a little further. I found out about Medibuntu whilst doing a little research and added it. You can find out how on this page https://help.ubuntu.com/community/Medibuntu. This allowed me to install the w32codecs and a few other non-free/proprietary apps/whatevers.

I checked out the new Restricted Drivers Manager. It was exactly what I expected, useless for me! I don’t have any hardware in this machine that would require any restricted drivers. Hopefully I’ll finally get the Nvidia card I’ve been talking myself into and out of for months and I’ll be able to test the utility out on my desktop.

I was able to test the new Codec manager. This is a gem! It really simplifies getting mp3 and other proprietary codecs on your machine. All you have to do is try to play a file (mp3 for instance). It will just prompt you download/install the codec and you’ll be ready to roll. NICE.

One of the nicer, user friendly features is hidden, I don’t know what the logic behind this is, but I have to assume there is some. If you want to check out the gnome-control-center (without typing that whenever you want to use it), you’ll have to use the menu editor (System > Preferences > Main Menu) and enable it. You’ll find it under the Preferences heading, just check the box next to Control Center. The control center isn’t new, but it certainly looks a lot nicer than the version that shipped with Edgy. Just another enhancement.

If you’ve ever used session management in Gnome, check out the updated session manager. You should be pleased. Nuff said.

I can’t say much about the desktop effects on this machine, I’ve always had problems with Compiz and Beryl on it. It just has older hardware and compositing desktop window managers just don’t run well. I look forward to playing with it on my desktop machine later.

All in all, the beta release is working VERY well on my lappy. I’m monitoring a few things for problems and will address them in another post later on this week. I’ve posted “too soon” in the past and I want to be sure things are working properly for me before I say they are.

I’ve done research on and off over the last few months and I kept coming back to the Cowon product line. Since that’s where I’ve been leaning, I decided to go with my gut and pull the trigger. I just ordered myself the 2GB iAUDIO G3. It’s not the newest player on the market, and not the fanciest, here’s why it’s best for me.

1. It cares not which OS I’m using (Linux, MAC, Windows.. pfft it’s too cool to care). It mounts as a USB Mass Storage device and I can add or remove files and folders as I see fit.
2. Insane battery life. It uses a single AA battery and boasts up to 50 hours of playback. How can you beat that? Even if it falls 10 hours short, it’s terrific! I like that it uses plain old fashioned batteries as well. Things that re-charge tend to have a short life when I own them *shrugs*.
3. It plays (almost) everything; OGG, MP3, WMA, ASF, & WAV. I doesn’t play FLAC. meh, I’ll cope with that. I have 3 albums in FLAC and I can just transcode them into OGG if I want to take them with me. Never mind that those files are just a little too large and IMO, don’t belong on a 2GB player.

Those are my main reasons. There are a lot of other features that I’ll probably never use, voice recording being a prime example. That said, they’re available and just increase the cool factor

I can’t wait to replace my ancient Sony MP3 Discman. Yes. That’s what I’ve been using. I’m burning through at least 2 AA batteries a week (10 to 15 hours of listening) and at least one CD. I’m just so lame, not only is this going to reduce the time it takes to prepare for my commute, it’s going to cut down on a fair amount of waste. I should have picked this up ages ago.

There are plenty of reviews for this device out there on the web, so I don’t think I need to put up another. If it turns out to be a lousy investment, I’ll be sure to complain about it here. If you hear nothing more, then assume that I’m happily listening to (in no particular order and in OGG where available) The Linux Action Show, JaK Attack, Linux Reality, The LottaLinuxLinks Podcast, Security Now, TWiT, The LIP, Going Linux and the Linux Link Tech Show. Kinda makes you wonder how much driving I have to do in a week huh?

The notebook itself seems thrashed, holding the power button down will flash the power LED, then it just blinks out (kinda sad). Obviously I’m not getting at the data on the disk if I have to use this machine. I yank the disk, toss it into another lappy (same model) and insert a Knoppix 3.9 boot CD. To my chagrin, the poor little disk is hurting too. I got a horrid click/crunch noise during POST and the system couldn’t find the disk. Dismayed, I pulled the drive, tapped it ever so slightly and tried again. No joy. OK, I have another idea, I grab a ziplock bag (thanks to the ladies in AP, they ALWAYS have “stuff” around, I always find the strangest things in their area), pop the drive into it and stick the whole thing into the freezer for an hour and a half (passing the time by drinking coffee and hoping this works).

Now that it’s frozen, I take the disk, slide it back into the lappy and start it up. No hard disk noises at all, it’s just not spinning up. Well, we’re getting to the point where I won’t have the tools to save the data. So, I says to myself, “screw it” and whacked the disk off of the top of my desk a couple of times and try again. JOY! The drive spins up!

Note to self: violence is better than cold…

I boot from the CD into the Knoppix KDE desktop, mount /dev/hda2 (which is where XP lives on this machine) and use scp to transfer the contents of her “My Documents” folder to my Fedora machine here at work. The command looked like scp -r /mnt/hda2/Documents\ and\ Settings/[username]/My\ Documents/ xxx.xxx.xxx.xxx: (I removed her username and my IP from the example).

Dell will be in to replace the ever so toasted motherboard (and anything else that’s been trashed) and I can hand it all back to her with her data in place.

Just another illustration of the power of Linux, there was no way I could have added this drive to a desktop machine here at work without buying a laptop drive conversion kit. Knoppix was the PERFECT solution.

Now, ubuntu is only accessible from the LAN, so to make my life a little easier, I want to allow password-less logins, this is how it’s done.

This builds off of DD-WRT: SSH Remote Management with Public Key Authentication and DD-WRT: Samba Startup Script / Reconfigure Dropbear SSHd. Just to keep things fresh, the router only allows logins via public-key authentication, the machine ubuntu hosts the script that the router launches at startup on a Samba share (smb://ubuntu/ddwrt). The local path to that share on ubuntu is ~/ddwrt. The router will map that share to /tmp/smbshare during startup and will execute the dd-wrt-startup.sh script located there.

Configure public-key authenication on the Linux machine:

Since I used this machine to create a keypair earlier, I’m just going to recycle. Up until now, I’ve only configured this machine to make connections to other hosts using public-key authentication. Now I need to accept public-key auth connections from other hosts.

To do this, I need to create an authorized_keys file in ~/.ssh/. The command below will write my ~/.ssh/id_rsa.pub file to the bottom of a pre-existing authorized_keys file or create a new one if it doesn’t exist. This file allows me to authenticate with my private key on the computer ubuntu.

cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

Copy private key to router and convert it:

Next, I need to get my private key someplace accessible to the router, I’m just copying it to the Samba share that auto-mounts when the router starts up.

cp -v ~/.ssh/id_rsa ~/ddwrt/

Now, I remove the password from the copy of the private key, this is mandatory. DD-WRT’s Dropbear client has its own format for private keys and cannot convert encrypted (password protected) OpenSSH keys. Not to mention that I actually WANT password-less logins . Just follow the prompts provided after executing the next command.

ssh-keygen -p -f ~/ddwrt/id_rsa

Note: This key will NEVER leave my personal network so I’m not worried about it getting into the hands of anyone I don’t trust.

Next I SSH into the router.

ssh root@192.168.1.1 -i ~/.ssh/id_rsa

Using dropbearkonvert I convert the OpenSSH key to a Dropbear key.

dropbearkonvert openssh dropbear /tmp/smbshare/id_rsa /tmp/smbshare/id_dropbear

Install private key to home dir at router startup:

The last step is to have the key installed to the /tmp/root/.ssh/ directory on the router whenever the router starts up. I could opt to leave the key on the Samba mount, but I decided to put it on the router because I actually have more than one machine I want to get to. If for some reason the machine running the Samba server is off-line, I wouldn’t have access to the private key.

To automagically install the key, I need to add the lines below to the router’s startup script, this can be done from the router, vi /tmp/smbshare/dd-wrt-startup.sh or from my desktop using my editor of choice nano ~/ddwrt/dd-wrt-startup.sh.

## install dropbear private key for passwordless login to other machines
cp /tmp/smbshare/id_dropbear /tmp/root/.ssh/
chmod 600 /tmp/root/.ssh/id_dropbear

You can reboot the router to test the script or you can manually enter cp /tmp/smbshare/id_dropbear /tmp/root/.ssh/ on the router and test it by entering ssh [username]@[hostname] -i ~/.ssh/id_dropbear. This should bring up a prompt similar to the one below:

Host ‘ubuntu’ is not in the trusted hosts file.
(fingerprint md5 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx)
Do you want to continue connecting? (y/n)

Answering “y” will add the host to ~/.ssh/known_hosts and I won’t be prompted about it again until I reboot the router. If I want to permanently add all of my machines to known_hosts, I can connect to each one of them and answer “y” at the Do you want to continue connecting? Prompt. After all of my hosts are known, I copy the file from the router to my Samba share (cp ~/.ssh/known_hosts /tmp/smbshare). Lastly, I go back to my startup script and add the line below.

cp /tmp/smbshare/known_hosts /tmp/root/.ssh/

that’s all folks, the router will install the files I need whenever it reboots and I have access to all of my machines through ONE tightly locked door.

If you’re suffering from this garbage at startup:

ata1: port is slow to respond, please be patient
ata1: port failed to respond (30 secs)
ata1: SRST failed (status 0xFF)
ata1: SRST failed (err_mask=0x100)
ata1: softreset failed, retrying in 5 secs

Then all you need to do is perform a standard update (su -c 'yum update') and restart the machine. The 2.6.19-1.2895.fc6 kernel will fix it.

Now that the issue is resolved, Fedora doesn’t feel broken to me anymore. JOY!

The script I’m creating is only useful if you have your router configured for remote SSH management (see DD-WRT: SSH Remote Management with Public Key Authentication for my how-to). The configuration process applies to setting up any startup script on a Samba share.

The script I want to execute on startup is going to change the configuration of the Dropbear SSHd. By default, when you connect to the router via SSH, you’re presented with a pre-login prompt advertising the firmware’s version. I prefer not sharing that info with anyone (not in such a blatant fashion at any rate), so I need to kill off the dropbear process and restart it without the banner flag. You might be wondering why I don’t just edit dropbear’s config file on the router… The simple answer is that there isn’t one.

I’m going to be using a Samba share I’ve created just for DD-WRT on the machine named ubuntu (also my desktop). The local path is ~/ddwrt and the network path is smb://ubuntu/ddwrt

Create the script:

Create a script on your Samba share named dd-wrt-startup.sh. One way to create the file is to enter the commands below in a terminal.

cd ~/ddwrt
touch dd-wrt-startup.sh

Open ~/ddwrt/dd-wrt-startup.sh with your editor of choice and add the text below (each command should be on its own line):

#!/bin/sh
## kill/restart dropbear; remove pre-logon message
killall dropbear
dropbear -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22 -s

Be sure that when you specify the port (-p 22), you use the same port that you have configured in the DD-WRT control panel.

The difference between the command to launch dropbear that I wrote, and the command the router defaults to, is that I’ve removed the banner file flag (-b [path to loginprompt]). If you want to see what the exact command line is on your router before you make the change, SSH in and enter a ps, someplace in the process list you’ll see the dropbear command line.

Configure Samba FS Automount:

Before going on, be sure that the Samba server has a static IP or (better yet) a static DHCP address. If you don’t use static DHCP, you may want to use the machine’s IP address instead of its name when configuring the share below. Check out the DD-WRT DNSMasq wiki page for more info.

Log into the DD-WRT Control Panel, Click Administration then select the Management tab. Scroll down to the Samba FS Automount section and configure as follows:

• SMB Filesystem: Enable
• Share: //ubuntu/ddwrt
• User Name: [valid smb user]
• Password: [smb user's password]
• Startscript: dd-wrt-startup.sh

Now all you need to do is click Save Settings and Reboot Router. The next time you SSH in, you’ll notice that no information about the router is given until you’ve provided your credentials and successfully authenticated. You will also notice that entering the mount command will show you that your Samba share is mounted to /tmp/smbshare.