Installing tox on Manjaro i3

Tox is an open source secure alternative to the likes of Skype. To install it, you need to install the core package and one of the available GUIs.  You can compare some of the available clients here but personally I like qtox. The below will pull in the required dependencies.

sudo pacman -Sy qtox

If you want the latest Git version, you can install qtox-git from the AUR.

yaourt -S qtox-git

Make sure you run that as a regular user – not root.  This pulls in the core package from the ABS repository also.

To add a contact, you will need their Tox ID – which looks like this:

56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE51855D34D34D37CB5

If that is a bit too annoying for you, you can use a free ToxDNS provider, such as utox.org. This will give you a “username@utox.org” address to give your people.

Windows 7 QEMU Guest

Check your kernel was compiled with support.

zgrep CONFIG_KVM /proc/config.gz
zgrep VIRTIO /proc/config.gz

Check the kvm and virtio kernel modules are loaded.

lsmod | grep kvm
lsmod | grep virtio

I needed to manually load the virtio module:

sudo modprobe virtio

To automatically load the virtio module at boot:

echo "virtio" >> /etc/modules-load.d/virtio.conf

Reboot and check again:

lsmod | egrep 'virtio|kvm'

Install qemu. I also installed qemu-launcher – a GUI front-end.

sudo pacman -S qemu qemu-launcher

Create a working directory:

mkdir vms
cd vms

Create a virtual hard drive the the Windows installation.

qemu-img create -f qcow2 windows.qcow2 40G

Prepare the installation medium. I inserted a Windows 7 installation DVD and created an ISO locally.

sudo dd if=/dev/sr0 of=en-windows-7-professional-x64-dvd.iso

To launch into the Windows installation:

qemu-system-x86_64 -enable-kvm -m 4096 -cdrom en-windows-7-professional-x64-dvd.iso -boot d windows.qcow2

Once installed you don’t need to attach the ISO:

qemu-system-x86_64 -enable-kvm -m 4096 -boot d windows.qcow2 

Update and upgrade to Windows 10 😉

Resources

https://wiki.archlinux.org/index.php/QEMU

https://www.reddit.com/r/archlinux/comments/1fg3y9/guide_to_running_windows_7_in_qemu/

Spotify on Manjaro i3

Spotify is available from the AUR.

Install

yaourt -S spotify

To play local file you will need to also install ffmpeg.

yaourt -S ffmpeg0.10

Issues

For some (currently) unknown reason, launching Spotify crashes when I login. The only fix I have found so far is to change the scale factor from the default 1 to something else. You can do that by launching it at the command line:

spotify --force-device-scale-factor=2

To make this permanent, edit /usr/share/applications/spotify.desktop.

[Desktop Entry]
Name=Spotify
GenericName=Music Player
Comment=Spotify streaming music client
Icon=spotify-client
Exec=spotify --force-device-scale-factor=2
TryExec=spotify
Terminal=false
Type=Application
Categories=Audio;Music;Player;AudioVideo;
MimeType=x-scheme-handler/spotify;

Resources

https://wiki.archlinux.org/index.php/spotify

Installing Ansible on Ubuntu 14.04 LTS

Take a look at the official installation guide. The simplest way to install Ansible on Ubuntu is add the PPA repository and install via apt-get.

If not already installed, you will need the software-properties-common package.

sudo apt-get install software-properties-common

Then add the repository and install ansible.

sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

Presumably you’ve already got an external server that you want to configure with Ansible. You will need SSH access, and if you’ve not already done so, you’re gonna want to setup key-based authentication. Assuming you’ve done that, you can test things are working with:

su -
mv -v /etc/ansible/hosts{,.original}
echo 134.213.48.162 > /etc/ansible/hosts
exit

I also need to tell ansible to connect as the root user.

sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/all

Enter the following. The three dashes at the top indicate this is a yaml file.

---
ansible_ssh_user: root

You should now be able to test with the following.

ansible -m ping all

You should see output similar to the below if all went well.

andy@bastion:~$ ansible -m ping all
134.213.48.162 | success >> {
"changed": false,
"ping": "pong"
}

X2Go on Ubuntu Server 14.04

In a previous post, I talked about my experience using X2Go with XFCE4 and Lubuntu.

XFCE4 via X2Go

Here is how it was achieved…..

On the Server

Here I’m using Ubuntu 14.04 LTS but you can install X2Go on just about any Linux distro.

Create a User Account

Create a regular user to run the desktop session under.

sudo useradd -m -s /bin/bash andrew
sudo passwd andrew

For your own sanity, I recommend you setup password-less key-based authentication as soon as possible……go, do it now!

Configure SSH

Open the main configuration file for the OpenSSH daemon process.

sudo vim /etc/ssh/sshd_config

Ensure X11 forwarding is enabled.


X11Forwarding yes

Don’t forget to test for configuration errors and restart the SSH service.

sudo sshd -t
sudo service ssh restart

Install Lightweight Desktop Environment

Both Lubuntu and XFCE4 work well, out-the-box with X2go. I installed both side-by-side for testing and both worked well together. You can even pause/suspend your Lubuntu or XFCE4 session and come back to it another time.

For XFCE4

sudo apt-get install xfce4

Note, for some reason you will also need to install the following packages or you will have missing icons.

sudo apt-get install gnome-icon-theme-full tango-icon-theme

For Lubuntu

sudo apt-get install lubuntu-desktop

Along with (a load of) other packages, you will now have XOrg installed. This means, as long as X11 forwarding has been enabled on the client side of the SSH connection, you can now test X11 with a program like firefox if you have it installed already.

Install X2Go Server Software

Install the repository package if it’s not already installed.

sudo apt-get install software-properties-common

Add the X2Go repository and install packages. If using Ubuntu 10.04 or 12.04, install python-software-properties instead of the software-properties-common package.

sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

For information about other distributions, see the X2Go server installation page.

DE Bindings

If you installed Lubuntu, you may want to install the following package for Desktop Environment bindings. I don’t believe there is currently a desktop bindings package for XFCE4.

sudo apt-get install x2golxdebindings

This is probably a good place to reboot if like me you’ve installed a lot of new packages.

On the Client

Again, you can install the client on just about anything – including Windows! Here I am using Manjaro i3 Community Linux.

sudo pacman -S x2goclient

X2Go also has some other clients that look useful – like a Python one for example.

SSH Client Configuration

Make sure you have at least ForwardX11 yes in /etc/ssh/ssh_config or ~/.ssh/config.


Host *
  ForwardX11 yes
  ForwardX11Trusted yes

Test X11 Forwarding

You can test that X11 is being forwarded correctly by using SSH to log onto the remove server, from your local Linux desktop, and and issue the following.

andrew@loader:~$ firefox &
[1] 2257

You might also want to setup password-less SSH key-based authentication if you’ve not done so already.

Create Sessions

For Lubuntu, select Custom Desktop and enter the below for the command.

lxsession -e LXDE -s Lubuntu

For XFCE4, you can just select XFCE.

Lubuntu XFCE4

I’m using the i3wm – I found the best result in appearance using the Use whole display option under the Input/Output tab, and then select the display (monitor) you want to use.

i3wm compatible

Resources

https://wiki.archlinux.org/index.php/X2Go
https://www.howtoforge.com/tutorial/x2go-server-ubuntu-14-04/
http://wiki.x2go.org/doku.php/doc:installation:x2goserver
https://bugs.launchpad.net/ubuntu/+source/lubuntu-default-settings/+bug/1241958
http://ubuntuforums.org/showthread.php?t=2228137

Minimal Desktop Environment over SSH

So I wanted to install a Java desktop application and have it publicly available on a server somewhere. Using a light weight desktop environment on one of my cloud servers made sense – provided that is, I could find something reasonably secure.

I came across X2Go and decided to give it a try on one of my Rackspace cloud servers. I used a 2 GB General Purpose v1 server and was surprised at how low the resource usage was – and consequentially how quick and responsive it all felt.

X2Go is a remote desktop tool that uses the NX technology protocol and operates entirely over a secure SSH connection. Using SSH keys makes the process of logging in pretty painless too!

I’m using Ubuntu 14.04 LTS for the OS, on the server and Manjaro i3 community edition on my local desktop, as the client. On the server I tried both XFCE4 and Lubuntu as the Desktop Environments.

Lubuntu via X2Go

Personally I think I prefer XFCE4 as it was slightly easier to install and lightning quick to use. When I used Lubuntu, the start menu could take a while (like a minute!) to load. Once it had loaded though, it too was lightning quick. And to be fair to Lubuntu, I didn’t really look into it much further.

XFCE4 using X2Go

As a note to my future self, here’s what you need to do.

OSMC PPTP Client Configuration

My parents are retired and have a house in France where they live for about three months of the year. Like most people in the UK, they watch a lot of TV and are big users of the BBC iPlayer. This is a problem when they’re in France as the BBC uses GeoLocation authentication. Simply put, this means they block all connections coming from a non-UK IP address.

One solution to this problem is to route there internet traffic through a Virtual Private Network (VPN). You could host your own VPN, or you could simply subscribe to one of many VPN providers out there. Here I am trying iPortal.

iPortal VPN Connection Details

iPortal supports two protocols for tunnelling – PPTP and L2TP. Unfortunately this means that they do not support OpenVPN.

Here you will need to get your VPN connection details to hand. iPortal only requires a username and password. Other providers may also require you to provide a domain.

Username Password
me@andrewpike.co.uk kw3VX5uigjgf

Here I will be following this as a guide and configuring the client to use PPTP. I am using a Raspberry Pi with the OSMC as the OS.

Install and Configure PPTP Client

First we will need to install the pptp-linux package.

sudo apt-get update
sudo apt-get install pptp-linux

The PPTP configuration file is /etc/ppp/options.pptp. Use a text editor (nano) to edit the file if necessary.

nano /etc/ppp/options.pptp

…and add the following lines if not already present.

lock
noauth
nobsdcomp
nodeflate

You can use egrep to check, as I do below.

egrep "lock|noauth|nobsdcomp|nodeflate" /etc/ppp/options.pptp
lock
noauth
nobsdcomp
nodeflate

You now need to add your username, password and domain (if your providers gave you one) to the chap-secrets file, located in /etc/ppp/. Some provides also require you to specify a domain here – but not iPortal.

sudo nano /etc/ppp/chap-secrets

The format for entering these details are as shown below.

<DOMAIN>\\<USERNAME> PPTP <PASSWORD> *

My configuration file simply has the following entry. If you’re using iPortal, your username is normally your email address.


me@andrewpike.co.uk PPTP kw3VX5uigjgf *

Now create a file in /etc/ppp/peers. The name is not important.

sudo nano /etc/ppp/peers/iPortal

Now enter your connection details again like so. You may need to find out the host server name (connect2iportal.co.uk) from your provider. Name, is your your username. Remember to prepend the domain (\\somedomain.com) if required.

pty "pptp connect2iportal.co.uk --nolaunchpppd"
name me@andrewpike.co.uk
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam iPortal

The ipparam is the name of your VPN connection. This should be the same name of the file you recreated earlier in /etc/ppp/peers. Some providers may require “require-mppe” in place of “require-mppe-128“.

Test Connection

To test, use the pon command followed by the name of your VPN connection. The other information is useful for debugging connection issues.

sudo pon iPortal debug dump logfd 2 nodetach

A successful connection should look something like:

osmc@osmc:~$ sudo pon iPortal debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
dump            # (from command line)
noauth          # (from /etc/ppp/options.pptp)
refuse-pap              # (from /etc/ppp/options.pptp)
refuse-chap             # (from /etc/ppp/options.pptp)
refuse-mschap           # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name cypike@btconnect.com               # (from /etc/ppp/peers/iPortal)
remotename PPTP         # (from /etc/ppp/peers/iPortal)
                # (from /etc/ppp/options.pptp)
pty pptp connect2iportal.co.uk --nolaunchpppd           # (from /etc/ppp/peers/iPortal)
crtscts         # (from /etc/ppp/options)
                # (from /etc/ppp/options)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
hide-password           # (from /etc/ppp/options)
ipparam iPortal         # (from /etc/ppp/peers/iPortal)
nobsdcomp               # (from /etc/ppp/options.pptp)
nodeflate               # (from /etc/ppp/options.pptp)
require-mppe-128                # (from /etc/ppp/peers/iPortal)
noipx           # (from /etc/ppp/options)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0xfc34bc4b]
rcvd [CHAP Challenge id=0x0 <8adc771b8bafde36f1ef9dd9bc3253c1>, name = "SERVER5955"]
added response cache entry 0
sent [CHAP Response id=0x0 <aa362ea5ed92909ba0a813f6ba6b358f0000000000000000b0c4dc10e810cc54a48717df07a15846da629c63d8b9ce3d00>, name = "me@andrewpike.co.uk"]
rcvd [LCP EchoRep id=0x0 magic=0x72c91c98]
rcvd [CHAP Success id=0x0 "S=B4453B93CA28DC23F07704FE63A06DB0AE569B1E"]
response found in cache (entry 0)
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 10.0.102.1>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 10.0.102.5>]
sent [IPCP ConfReq id=0x3 <addr 10.0.102.5>]
rcvd [IPCP ConfAck id=0x3 <addr 10.0.102.5>]
rcvd [IPCP ConfReq id=0x7 <addr 10.0.102.1>]
sent [IPCP ConfAck id=0x7 <addr 10.0.102.1>]
local  IP address 10.0.102.5
remote IP address 10.0.102.1
Script /etc/ppp/ip-up started (pid 653)
Script /etc/ppp/ip-up finished (pid 653), status = 0x0

To stop it, use Ctrl + C or the below command from anther terminal.

sudo poff iPortal

Route Traffic Through VPN

Once you have successfully connected to your VPN provider, you now need to route your traffic through it. Before doing that, you might want to make a note of your public IP address first. You can do this from the command line with the curl command. This should return the IP address of your ISP.

osmc@osmc:~$ curl -4 icanhazip.com
86.151.208.153

Now reconnect to your VPN with the following command.

sudo pon iPortal

Wait a few seconds and then route your traffic through the VPN.

sudo route add default dev ppp0

Now check your public IP address again. If all when well – it should now be the IP address of your VPN provider!

osmc@osmc:~$ curl -4 icanhazip.com
72.98.247.13

Your VPN is now working!

Automation

Now we have to automate the process. I created two scripts with 755 permissions

osmc@osmc:/myscripts$ ls -l
total 8
-rwxrwxr-x 1 osmc osmc 134 Aug 12 21:01 iPortal_connect.sh
-rwxrwxr-x 1 osmc osmc 114 Aug 12 21:01 iPortal_disconnect.sh

The iPortal_connect.sh file looks like the following.

#!/bin/bash

sudo pon iPortal
sleep 10
sudo route add default dev ppp0
echo "VPN Connected: $(curl --silent -4 http://icanhazip.com)"

And the iPortal_disconnect.sh looks like.

#!/bin/bash

sudo poff iPortal
sleep 2
IP="$(curl --silent -4 http://icanhazip.com)"
echo "VPN Disconnected: $IP"

Here’s the output from executing these scripts.

osmc@osmc:/myscripts$ ./iPortal_connect.sh
VPN Connected: 72.98.247.13
osmc@osmc:/myscripts$ ./iPortal_disconnect.sh
VPN Disconnected: 86.151.208.153

Launch Scripts from within OSMC

The guide I’m following uses the Advanced Launcher plugin for OSMC. Sadly it was at this point that I realised that Advanced Launcher seems to have died a horrible death and is not available any more! I will need to do a bit more research on this one it looks like – I don’t think my folks will be SSH’ing into the Pi to execute a script each time they want to watch the news lol!!!

Related Documents

http://www.iportal.me/

iPortal VPN Review

http://forum.osmc.tv/showthread.php?tid=1754

https://wiki.archlinux.org/index.php/PPTP_VPN_client_setup_with_pptpclient

https://github.com/Angelscry/plugin.program.advanced.launcher

Dependency cycle detected

Occassionally when using Arch Linux, you may come across a warning: dependency cycle detected message when trying to update your system using pacman.

[andy@home-pc ~]$ sudo pacman -Syu
[sudo] password for andy: 
:: Synchronising package databases...
 core                                                                                                 121.5 KiB   513K/s 00:00 [############################################################################] 100%
 extra                                                                                               1751.1 KiB   995K/s 00:02 [############################################################################] 100%
 community                                                                                              2.7 MiB  1378K/s 00:02 [############################################################################] 100%
 multilib                                                                                             126.2 KiB  2.46M/s 00:00 [############################################################################] 100%
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
warning: dependency cycle detected:
warning: nvidia-utils will be installed before its nvidia-libgl dependency

Packages (82) bind-tools-9.10.2.P3-1  binutils-2.25.1-1  colord-1.2.11-1  dbus-1.8.20-1  device-mapper-2.02.125-1  dhcpcd-6.9.1-1  exiv2-0.25-1  ffmpeg-1:2.7.2-2  gcc-5.2.0-1  gcc-libs-5.2.0-1
              gdk-pixbuf2-2.31.5-1  git-2.5.0-1  gnutls-3.4.3-1  gtk-update-icon-cache-3.16.6-1  gtk3-3.16.6-1  harfbuzz-1.0.1-1  harfbuzz-icu-1.0.1-1  hicolor-icon-theme-0.15-1  i3-wm-4.10.3-1
              kdebase-runtime-15.04.3-4  kdeclarative-5.12.0-2  kfilemetadata-5.9.2-2  kinfocenter-5.3.2-2  kio-extras-5.3.2-2  lib32-acl-2.2.52-2  lib32-curl-7.43.0-1  lib32-gcc-libs-5.2.0-1
              lib32-gdk-pixbuf2-2.31.5-1  lib32-gnutls-3.4.3-1  lib32-libdbus-1.8.20-1  lib32-libldap-2.4.41-1  lib32-libtiff-4.0.4-1  lib32-mesa-10.6.3-1  lib32-nvidia-libgl-352.30-1
              lib32-nvidia-utils-352.30-1  lib32-systemd-224-1  libcups-2.0.4-1  libdatrie-0.2.9-1  libdbus-1.8.20-1  libepoxy-1.3.1-1  libinput-0.21.0-1  libpgm-5.2.122-2  libsecret-0.18.3-1
              libsodium-1.0.3-1  libsoxr-0.1.1-3  libsystemd-224-1  libteam-1.17-1  libthai-0.1.22-1  libtool-2.4.6-3  libunistring-0.9.6-1  libx264-2:148.20150725-1  linux-4.1.4-1
              linux-firmware-20150722.e10097a-1  llvm-libs-3.6.2-2  lvm2-2.02.125-1  man-pages-4.01-1  mercurial-3.5-1  mesa-10.6.3-1  mpfr-3.1.3.p4-1  netctl-1.11-1  npm-2.13.2-1  nvidia-352.30-2
              nvidia-libgl-352.30-1  nvidia-utils-352.30-1  openssh-6.9p1-2  os-prober-1.66-1  pacman-4.2.1-2  pacman-mirrorlist-20150731-1  perl-http-message-6.10-1  perl-net-ssleay-1.70-1  perl-uri-1.69-1
              perl-yaml-tiny-1.69-1  qt4-4.8.7-2  s-nail-14.8.4-1  speech-dispatcher-0.8.3-5  sqlite-3.8.11.1-1  strigi-0.7.8-7  sudo-1.8.14.p3-2  systemd-224-1  systemd-sysvcompat-224-1  talloc-2.1.3-1
              zeromq-4.1.2-3

Total Download Size:    274.19 MiB
Total Installed Size:  1033.57 MiB
Net Upgrade Size:        21.87 MiB

:: Proceed with installation? [Y/n] n

Here we simply need to update the nvidia-libgl package……

[andy@home-pc ~]$ sudo pacman -S nvidia-libgl
resolving dependencies...
looking for conflicting packages...

Packages (1) nvidia-libgl-352.30-1

Total Download Size:   0.00 MiB
Total Installed Size:  0.03 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] Y
:: Retrieving packages ...
 nvidia-libgl-352.30-1-x86_64                                                                        1388.0   B  0.00B/s 00:00 [############################################################################] 100%
(1/1) checking keys in keyring                                                                                                 [############################################################################] 100%
(1/1) checking package integrity                                                                                               [############################################################################] 100%
(1/1) loading package files                                                                                                    [############################################################################] 100%
(1/1) checking for file conflicts                                                                                              [############################################################################] 100%
(1/1) checking available disk space                                                                                            [############################################################################] 100%
(1/1) upgrading nvidia-libgl                                                                                                   [############################################################################] 100%
[andy@home-pc ~]$ sudo pacman -Syu
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (81) bind-tools-9.10.2.P3-1  binutils-2.25.1-1  colord-1.2.11-1  dbus-1.8.20-1  device-mapper-2.02.125-1  dhcpcd-6.9.1-1  exiv2-0.25-1  ffmpeg-1:2.7.2-2  gcc-5.2.0-1  gcc-libs-5.2.0-1
              gdk-pixbuf2-2.31.5-1  git-2.5.0-1  gnutls-3.4.3-1  gtk-update-icon-cache-3.16.6-1  gtk3-3.16.6-1  harfbuzz-1.0.1-1  harfbuzz-icu-1.0.1-1  hicolor-icon-theme-0.15-1  i3-wm-4.10.3-1
              kdebase-runtime-15.04.3-4  kdeclarative-5.12.0-2  kfilemetadata-5.9.2-2  kinfocenter-5.3.2-2  kio-extras-5.3.2-2  lib32-acl-2.2.52-2  lib32-curl-7.43.0-1  lib32-gcc-libs-5.2.0-1
              lib32-gdk-pixbuf2-2.31.5-1  lib32-gnutls-3.4.3-1  lib32-libdbus-1.8.20-1  lib32-libldap-2.4.41-1  lib32-libtiff-4.0.4-1  lib32-mesa-10.6.3-1  lib32-nvidia-libgl-352.30-1
              lib32-nvidia-utils-352.30-1  lib32-systemd-224-1  libcups-2.0.4-1  libdatrie-0.2.9-1  libdbus-1.8.20-1  libepoxy-1.3.1-1  libinput-0.21.0-1  libpgm-5.2.122-2  libsecret-0.18.3-1
              libsodium-1.0.3-1  libsoxr-0.1.1-3  libsystemd-224-1  libteam-1.17-1  libthai-0.1.22-1  libtool-2.4.6-3  libunistring-0.9.6-1  libx264-2:148.20150725-1  linux-4.1.4-1
              linux-firmware-20150722.e10097a-1  llvm-libs-3.6.2-2  lvm2-2.02.125-1  man-pages-4.01-1  mercurial-3.5-1  mesa-10.6.3-1  mpfr-3.1.3.p4-1  netctl-1.11-1  npm-2.13.2-1  nvidia-352.30-2
              nvidia-utils-352.30-1  openssh-6.9p1-2  os-prober-1.66-1  pacman-4.2.1-2  pacman-mirrorlist-20150731-1  perl-http-message-6.10-1  perl-net-ssleay-1.70-1  perl-uri-1.69-1  perl-yaml-tiny-1.69-1
              qt4-4.8.7-2  s-nail-14.8.4-1  speech-dispatcher-0.8.3-5  sqlite-3.8.11.1-1  strigi-0.7.8-7  sudo-1.8.14.p3-2  systemd-224-1  systemd-sysvcompat-224-1  talloc-2.1.3-1  zeromq-4.1.2-3

Total Download Size:    274.19 MiB
Total Installed Size:  1033.54 MiB
Net Upgrade Size:        21.87 MiB

:: Proceed with installation? [Y/n] Y

…and then proceed with the system update as normal.

Multipule Web Nodes using GlusterFS with CentOS 6.6

Check to see if there are any trusted storage pools already configured.

# gluster peer status
Number of Peers: 0

Check you can establish communication from web01 to web02.

[root@glusterfs-web01 ~]# gluster peer probe web02.dummydomains.org.uk
peer probe: failed: Probe returned with unknown errno 107

This will fail if the peer isn’t listen or if the firewall is blocking communication on the following ports:

111 tcp
24007 tcp 
24008 tcp
24009 tcp

Here I am using Rackspace cloud networks to create a virtual private network of 192.168.10.0/24 and attach it to each of the web nodes. To ensure I connect using the private IP when I try to connect to web02.dummydomains.org.uk from web01.dummydomains.org.uk, I need to edit my hosts configuration file. This will take precedence over DNS, which would return my public IP address.

My hosts file on web01 now looks like this:


127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
2a00:1a48:7808:101:be76:4eff:fe08:9cec glusterfs-web01
162.13.183.215 glusterfs-web01
10.181.138.233 glusterfs-web01
192.168.10.1 glusterfs-web01
192.168.10.2 glusterfs-web02 web02.dummydomains.org.uk web02

While on web02, it looks like this:


127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
2a00:1a48:7808:101:be76:4eff:fe09:1b3b glusterfs-web02
10.181.140.163 glusterfs-web02
162.13.184.243 glusterfs-web02
192.168.10.2 glusterfs-web02
192.168.10.1 glusterfs-web01 web01.dummydomains.org.uk web01

Check you can use the hostname to connect to the correct (private) IP address. You can use ping for that.

[root@glusterfs-web01 ~]# ping -c2 web02 
PING glusterfs-web02 (192.168.10.2) 56(84) bytes of data.
64 bytes from glusterfs-web02 (192.168.10.2): icmp_seq=1 ttl=64 time=0.894 ms
64 bytes from glusterfs-web02 (192.168.10.2): icmp_seq=2 ttl=64 time=0.393 ms

--- glusterfs-web02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.393/0.643/0.894/0.251 ms

You need to check this on both (or all) web nodes.

[root@glusterfs-web02 ~]# ping -c2 web01
PING glusterfs-web01 (192.168.10.1) 56(84) bytes of data.
64 bytes from glusterfs-web01 (192.168.10.1): icmp_seq=1 ttl=64 time=0.933 ms
64 bytes from glusterfs-web01 (192.168.10.1): icmp_seq=2 ttl=64 time=0.383 ms

--- glusterfs-web01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.383/0.658/0.933/0.275 ms

Here we have to allow incoming connections by altering the iptables configuration on all web nodes. My network setup on web02 is shown below. The private network is on the eth2 interface.

[root@glusterfs-web02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:09:1b:3b brd ff:ff:ff:ff:ff:ff
    inet 162.13.184.243/24 brd 162.13.184.255 scope global eth0
    inet6 2a00:1a48:7808:101:be76:4eff:fe09:1b3b/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::be76:4eff:fe09:1b3b/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:09:1b:3c brd ff:ff:ff:ff:ff:ff
    inet 10.181.140.163/19 brd 10.181.159.255 scope global eth1
    inet6 fe80::be76:4eff:fe09:1b3c/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:08:ea:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth2
    inet6 fe80::be76:4eff:fe08:ea0a/64 scope link 
       valid_lft forever preferred_lft forever

And web02‘s iptables configuration currently looks like the below.

[root@glusterfs-web02 ~]# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       12   824 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate NEW tcp dpt:22 
5        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 7 packets, 788 bytes)
num   pkts bytes target     prot opt in     out     source               destination

On web02 I insert an ACCEPT rule at line 4, before the REJECT rule. This rule allows all incomming connections on the eth2 interface.

# iptables -I INPUT 4 -i eth2 -p all -j ACCEPT

Now on web01, probing web02 returns a better result.

[root@glusterfs-web01 ~]# gluster peer probe web02.dummydomains.org.uk
peer probe: success.

Back on web02, make sure you save the firewal configuration.

# service iptables save
# service iptables reload

Now make the same changes on web01, so that web02 returns the same result.

[root@glusterfs-web02 ~]# gluster peer probe web01.dummydomains.org.uk
peer probe: success.

You might also want to use the peer status to check what things look like.

[root@glusterfs-web01 ~]# gluster peer status
Number of Peers: 1

Hostname: web02.dummydomains.org.uk
Uuid: 29ca7ff7-f19b-4844-89de-6356ca4b51ff
State: Peer in Cluster (Connected)

Don’t forget that gluster is also a shell – demonstrated from web02 below.

[root@glusterfs-web02 ~]# gluster
gluster> peer status
Number of Peers: 1

Hostname: 192.168.10.1
Uuid: 38fb3a93-133f-4588-95a0-5ec8cd5265e3
State: Peer in Cluster (Connected)
Other names:
web01.dummydomains.org.uk
gluster> exit

….or, better yet!

[root@glusterfs-web01 ~]# gluster pool list
UUID					Hostname                 	State
29ca7ff7-f19b-4844-89de-6356ca4b51ff	web02.dummydomains.org.uk	Connected 
38fb3a93-133f-4588-95a0-5ec8cd5265e3	localhost                	Connected

And again from web02.

[root@glusterfs-web02 ~]# gluster pool list
UUID					Hostname    	State
38fb3a93-133f-4588-95a0-5ec8cd5265e3	192.168.10.1	Connected 
29ca7ff7-f19b-4844-89de-6356ca4b51ff	localhost   	Connected

Create the Gluster volume with the following command. I had to use the force option or it complained about creating volumes on the root partition.

[root@glusterfs-web01 ~]# gluster volume create dummydomainsVol replica 2 transport tcp web01.dummydomains.org.uk:/data web02.dummydomains.org.uk:/data force
volume create: dummydomainsVol: success: please start the volume to access data

Then start the volume with.

[root@glusterfs-web01 ~]# gluster volume start dummydomainsVol
volume start: dummydomainsVol: success

Check the status from any node and you should see something similar to the below.

[root@glusterfs-web02 ~]# gluster volume info
 
Volume Name: dummydomainsVol
Type: Replicate
Volume ID: 4694564e-134d-4f85-9716-568a0a6f4156
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: web01.dummydomains.org.uk:/data
Brick2: web02.dummydomains.org.uk:/data
Options Reconfigured:
performance.readdir-ahead: on

Here we mount the gluster volume (on any node) to the /var/www/vhosts directory.

[root@glusterfs-web01 ~]# mount.glusterfs web02.dummydomains.org.uk:/dummydomainsVol /var/www/vhosts

Check the mount output.

[root@glusterfs-web01 ~]# mount | grep web02
web02.dummydomains.org.uk:/dummydomainsVol on /var/www/vhosts type fuse.glusterfs (rw,default_permissions,allow_other,max_read=131072)

Hopefully that worked. You now want to un-mount the volume and mount it using fstabs so it’s persistent across a reboot.

# umount -v /var/www/vhosts
# vi /etc/fstab
# mount -a
# mount | grep web02       
web02.dummydomains.org.uk:/dummydomainsVol on /var/www/vhosts type fuse.glusterfs (rw,default_permissions,allow_other,max_read=131072)

The contents of my fstab looks like the below.


[root@glusterfs-web01 ~]# cat /etc/fstab
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/xvda1 / ext3 defaults,noatime,barrier=0 1 1
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
#/dev/xvdc1 none swap sw 0 0
web02.dummydomains.org.uk:/dummydomainsVol /var/www/vhosts glusterfs defaults,_netdev 0 0

Once you’ve also mounted the volume from web02 – you’re good to test it!

I ran the below command on web01….

mkdir -v /var/www/vhosts/dummydomains.org.uk; for i in $(seq 1 20); do touch /var/www/vhosts/dummydomains.org.uk/web-file-$i.txt; done

…and then listed the following directory on web02.

[root@glusterfs-web02 ~]# ls -l /var/www/vhosts/dummydomains.org.uk/
total 0
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-10.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-11.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-12.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-13.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-14.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-15.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-16.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-17.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-18.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-19.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-1.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-20.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-2.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-3.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-4.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-5.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-6.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-7.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-8.txt
-rw-r--r-- 1 root root 0 Jul 17 01:03 web-file-9.txt

Nice!

Installing GlusterFS on CentOS 6.6

You will need to download the following repository file to the /etc/yum.repos.d/ directory before trying to install the glusterfs-server package.

wget -P /etc/yum.repos.d http://download.gluster.org/pub/gluster/glusterfs/LATEST/RHEL/glusterfs-epel.repo
yum install glusterfs-server

It will pull-in a load of dependencies…

===========================================================================================================================================
 Package                                      Arch                  Version                            Repository                     Size
===========================================================================================================================================
Installing:
 glusterfs-server                             x86_64                3.7.2-3.el6                        glusterfs-epel                1.2 M
Installing for dependencies:
 device-mapper-event                          x86_64                1.02.90-2.el6_6.3                  updates                       122 k
 device-mapper-event-libs                     x86_64                1.02.90-2.el6_6.3                  updates                       116 k
 device-mapper-persistent-data                x86_64                0.3.2-1.el6                        base                          2.5 M
 glusterfs-cli                                x86_64                3.7.2-3.el6                        glusterfs-epel                155 k
 glusterfs-client-xlators                     x86_64                3.7.2-3.el6                        glusterfs-epel                919 k
 glusterfs-fuse                               x86_64                3.7.2-3.el6                        glusterfs-epel                119 k
 keyutils                                     x86_64                1.4-5.el6                          base                           39 k
 libevent                                     x86_64                1.4.13-4.el6                       base                           66 k
 libgssglue                                   x86_64                0.1-11.el6                         base                           23 k
 libtirpc                                     x86_64                0.2.1-10.el6                       base                           79 k
 lvm2                                         x86_64                2.02.111-2.el6_6.3                 updates                       817 k
 lvm2-libs                                    x86_64                2.02.111-2.el6_6.3                 updates                       901 k
 nfs-utils                                    x86_64                1:1.2.3-54.el6                     base                          326 k
 nfs-utils-lib                                x86_64                1.1.5-9.el6_6                      updates                        68 k
 pyxattr                                      x86_64                0.5.0-1.el6                        epel                           24 k
 rpcbind                                      x86_64                0.2.0-11.el6                       base                           51 k
 userspace-rcu                                x86_64                0.7.7-1.el6                        epel                           60 k
Updating for dependencies:
 glusterfs                                    x86_64                3.7.2-3.el6                        glusterfs-epel                416 k
 glusterfs-api                                x86_64                3.7.2-3.el6                        glusterfs-epel                 72 k
 glusterfs-libs                               x86_64                3.7.2-3.el6                        glusterfs-epel                318 k

Transaction Summary
===========================================================================================================================================
Install      18 Package(s)
Upgrade       3 Package(s)

Total download size: 8.3 M
Is this ok [y/N]: y

…Accept the GPG key imports you are alerted to and proceed with the installation.

warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID 4ab22bb3: NOKEY
Retrieving key from http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/pub.key
Importing GPG key 0x4AB22BB3:
 Userid: "Gluster Packager <glusterpackager@download.gluster.org>"
 From  : http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/pub.key
Is this ok [y/N]: y
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Importing GPG key 0x0608B895:
 Userid : EPEL (6) <epel@fedoraproject.org>
 Package: epel-release-6-8.noarch (@epel/6.6)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Is this ok [y/N]: y

Ensure the glusterfs daemon is set to start on boot and start the service.

chkconfig --levels 235 glusterd on
service glusterd start

You can check the status with….

[root@glusterfs-web01 ~]# /etc/init.d/glusterfsd status
glusterfsd is stopped
[root@glusterfs-web01 ~]# /etc/init.d/glusterd status  
glusterd (pid 6148) is running...

You can check the version with the following.

[root@glusterfs-web01 ~]# glusterfsd --version
glusterfs 3.7.2 built on Jun 23 2015 12:13:11
Repository revision: git://git.gluster.com/glusterfs.git
Copyright (c) 2006-2013 Red Hat, Inc.
GlusterFS comes with ABSOLUTELY NO WARRANTY.
It is licensed to you under your choice of the GNU Lesser
General Public License, version 3 or any later version (LGPLv3
or later), or the GNU General Public License, version 2 (GPLv2),
in all cases as published by the Free Software Foundation.