Fixing a kernel that wont boot in Debian on OVH

During an upgrade my kernel got corrupted and the server went down. Thankfully OVH offers a Netboot and Network mode. I used the network option and chose one of the available kernels, which dropped me in one of my own installation and executed the following:

To reinstall the current linux kernel:

List available kernels

apt-cache search linux-image

Reinstall the kernel:

apt-get install --reintall linux-image-3.16.0-4-amd64

Update grub configuration:

update-grub

And hard reboot server


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Install nodejs on Debian

curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
sudo apt-get install -y nodejs

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Install composer on Debian

Run:

sudo apt-get install curl php5-cli
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

Test it:

$composer -V
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Composer version 1.3.0 2016-12-24 00:47:03

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Upgrade php version on Debian

sudo LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php
apt-get update


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Installing Davical on Debian server

apt-get install libpq-dev postgresql php5 php5-pgsql php5-imap php5-curl php5-cgi libyaml-perl libdbi-perl davical
emacs /etc/postgresql/9.4/main/pg_hba.conf

Add at the very top of the file:

local   davical    davical_app   trust
local   davical    davical_app   trust

Reload postgresql:

/etc/init.d/postgresql restart

Now:

cd /usr/share/davical/dba
su postgres -c /usr/share/davical/dba/create-database.sh

It gives message:

Supported locales updated.
Updated view: dav_principal.sql applied.
CalDAV functions updated.
RRULE functions updated.
Database permissions updated.
NOTE
====
*  The password for the 'admin' user has been set to 'something'
Thanks for trying DAViCal!  Check in /usr/share/doc/davical/examples/ for
some configuration examples.  For help, visit #davical on irc.oftc.net.

Create virtual server and edit the config:

emacs /etc/apache2/sites-available/davical.joel.co.in.conf
Davical wiki recommends the following:

<VirtualHost x.y.z.a>
	DocumentRoot /usr/share/davical/htdocs
	DirectoryIndex index.php index.html
	ServerName davical.yoursite.com
	ServerAlias calendar.yoursite.com
	Alias /images/ /usr/share/davical/htdocs/images/
	ErrorLog /var/log/virtualmin/davical.yoursite.com_error_log
	CustomLog /var/log/virtualmin/davical.yoursite.com_access_log combined
	<Directory /usr/share/davical/htdocs/>
		  AllowOverride None
		  Order allow,deny
		  Allow from all
	</Directory>
	AcceptPathInfo On
</VirtualHost>

But only the following worked:

<VirtualHost *:80>
ServerName davical.yoursite.com
ServerAlias calendar.yoursite.com
DocumentRoot /usr/share/davical/htdocs
DirectoryIndex index.php index.html
Alias /images/ /usr/share/davical/htdocs/images/
ErrorLog /var/log/virtualmin/davical.yoursite.com_error_log
CustomLog /var/log/virtualmin/davical.yoursite.com_access_log combined
<Directory /usr/share/davical/htdocs/>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    AddHandler fcgid-script .php
    AddHandler fcgid-script .php5
    FCGIWrapper /home/joel/domains/davical.yoursite.com/fcgi-bin/php5.fcgi .php
    FCGIWrapper /home/joel/domains/davical.yoursite.com/fcgi-bin/php5.fcgi .php5
</Directory>
AcceptPathInfo On
</VirtualHost>

Now reload apache and the webpage.
Configure the file adding the following:

$c->admin_email = [email protected]';
    $c->system_name = "DAViCal CalDAV Server";
      $c->enable_row_linking = true;
        $c->default_locale = 'en_US.UTF-8';

  $c->pg_connect[] = 'dbname=davical port=5432 user=davical_app';

Now reload the page and it should show login screen. Use the password that was earlier generated.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Install laravel on Debian

First install composer (Tested upto 5.1):

curl -sS https://getcomposer.org/installer | php

Or without curl:

php -r "readfile('https://getcomposer.org/installer');" | php

Now install Laravel’s dependencies:

sudo apt-get update
apt-get install libapache2-mod-php5 php5-gd 

Install Laravel itself:

composer global require "laravel/installer=~1.1"

Now create an application using laravel:

$ laravel new project
Crafting application...
> php -r "copy('.env.example', '.env');"
> php artisan clear-compiled
> php artisan optimize
Generating optimized class loader
> php artisan key:generate
Application key [---] set successfully.
Application ready! Build something amazing.

Here are a couple of links to get started on Laravel:
Laracasts


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Install ownloud on a Debian box running apache server and an i-mscp panel

Add a DNS entry for cloud.xyz.com in your DNS manager. I will choose Cloudflare.
Then, login to the i-mscp panel, create a domain alias, say cloud.xyz.com

Install owncloud:

echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/Debian_8.0/ /' >> /etc/apt/sources.list.d/owncloud.list
wget http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_8.0/Release.key
apt-key add - < Release.key
apt-get update
apt-get install owncloud

It will get installed to /var/www/ownlcoud
We will have to move the files to the directory of the new domain alias:

cd /var/www/
cp -a owncloud/* virtual/xyz.com/cloud/htdocs/
cp -a owncloud/.* virtual/xyz.com/cloud/htdocs/
rm -rf owncloud

Set permissions (Check the username for your directory virtual/xyz.com/cloud/htdocs first):

chown -R vu2004.vu2004 virtual/xyz.com/cloud/htdocs/*

Install owncloud by visiting http://cloud.xyz.com, and creating a new admin user and password.
Now that owncloud is confirmed to work, we will add SSL support.
In i-mscp, enable SSL support by visiting Admin settings.
Now, use the “Add/Edit SSL Certificate” to generate a new SSL certificate.

Enable Cloudflare for the domain.
Now you will be able to login to https://cloud.xyz.com


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to setup Calibre Library web server on your Debian VPS

Calibre is a popular Ebook library software to backup,restore, and organize digital prints of books (popularly called e-books). It works with many devices including Amazon Kindle, Kindle for PC software, Nook etc. A lesser known software is Calibre server which allows you to share non copyright-protected content over the internet.

The following instructions summarize how to setup Calibre library server on your Debian or Ubuntu VPS:

Login as webserver user via ssh.

Enter the following commands:

sudo -v wget -nv -O- https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py | sudo python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()"
sudo apt-get update
sudo apt-get install xvfb imagemagick
mkdir ~/calibre-library
mkdir ~/calibre-library/toadd
nohup calibre-server --with-library ~/calibre-library 

Now, you will be able to access your Library at http://yourip:8080

If you need to change the default port, run this:

calibre-server --with-library ~/calibre-library --port 8180

Adding books to the library:

Copy/Upload your files to ~/calibre-library/toadd and then run:

xvfb-run calibredb add ~/calibre-library/toadd/* --library-path ~/calibre-library

Of course you can create aliases/scripts for any of these commands to automate.

References:

  1. DigitalOcean

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Configure ipv6 for Debian

I’m trying to setup ipv6 for a debian node with openvz kernel. First step is setting up the host node to use ipv6. The next step is to create ipv6-only containers. For my experiment, I chose Dacentec dedicated server. Dacentec is a great provider with a lot of choices in the budget dedicated server segment.

A /48 ipv6 block is an optional free addon for the server.
After opening a support ticket, I received the following details:

Network 2607:5400:048d:0000::/48
Gateway 2607:5400:048d:0000::1/48

ssh into the server and check the interfaces file:

cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth2
iface eth2 inet static
        address 148.126.187.10
        netmask 255.255.255.248
        network 148.126.187.8
        broadcast 148.126.187.15
        gateway 148.126.187.9
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 199.255.156.3
        dns-search droidzone.in
        up ip addr add 148.126.187.14 dev eth2
        up ip addr add 148.126.187.12 dev eth2
        up ip addr add 148.126.187.13 dev eth2

Here, 148.126.187.10 is the primary address of the host node. 148.126.187.12, 148.126.187.13 and 148.126.187.14 are additional IPv4s that I purchased to set up containers. Anyway this is not relevant, as we’re currently attempting to create ipv6-only containers.

Dacentec provided me the following /48 ipv6 block:

Network 2107:5200:058d:0000::/48
Gateway 2107:5200:058d:0000::1/48

I then modified my file:

emacs /etc/network/interfaces

and added the following:

iface eth2 inet6 static
	address 2107:5200:058d:0000::2
	netmask 64
	  up ip -6 route add default via 2107:5200:058d:0000::1 dev eth2
	  down ip -6 route del default via 2107:5200:058d:0000::1 dev eth2	

The final file looks like this:

auto lo
iface lo inet loopback
allow-hotplug eth2
iface eth2 inet static
        address 148.126.187.10
        netmask 255.255.255.248
        network 148.126.187.8
        broadcast 148.126.187.15
        gateway 148.126.187.9
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 199.255.156.3
        dns-search droidzone.in
        up ip addr add 148.126.187.14 dev eth2
        up ip addr add 148.126.187.12 dev eth2
        up ip addr add 148.126.187.13 dev eth2
iface eth2 inet6 static
	address 2107:5200:058d:0000::2
	netmask 64
	  up ip -6 route add default via 2107:5200:058d:0000::1 dev eth2
	  down ip -6 route del default via 2107:5200:058d:0000::1 dev eth2

Now do the following:

ipdown eth2 && ifup eth2

If you do just a ipdown eth2, you’ll find that your ssh shell exists, and you’ll no longer be able to connect to it. Only a restart will solve it, unless you have a KVM or IPMI to bring back the interface online.

Next up:
Creating ipv6-only containers

Creating ipv6-only containers
With the above configuration, I then added the ip address pool from 2107:5200:058d:0000::4 to 2107:5200:058d:0000::10, to the OpenVZ web panel. Alternately, you can use Promox or the command line vzctl tool.

Then I created a vps, assigning the ip: 2107:5200:058d:0000::4.
I entered the container from the node with:

vzctl enter 2

Edited resolv.conf to have the following:

nameserver 2001:4860:4860::8888

I found that I could not ping ipv4 addresses any more, but could ping ipv6 with ease:

# ping6 ipv6.google.com
PING ipv6.google.com(yv-in-x71.1e100.net) 56 data bytes
64 bytes from yv-in-x71.1e100.net: icmp_seq=1 ttl=54 time=9.77 ms
64 bytes from yv-in-x71.1e100.net: icmp_seq=2 ttl=54 time=9.74 ms
64 bytes from yv-in-x71.1e100.net: icmp_seq=3 ttl=54 time=9.74 ms

To add ipv6 addresses to containers,
Edit /etc/sysctl.conf so that it contains:

net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1

The final file contains:

net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Activate the new configuration with:

sysctl -p

Now you can assign ipv6 to containers with:

vzctl set <VEID> --ipadd 2107:xxx:xxx::xxx --save

You can enter the vm with

vzctl enter <VEID>

Now, add an ipv6 dns to resolv.conf:

vi /etc/resolv.conf
nameserver 2001:4860:4860::8888

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Setting up OpenVZ and the OpenVZ Web panel on Debian

First, you’d need to install Debian on your server. For DelimiterVPS, go to https://clients.delimitervps.com/clientarea.php, and login to your account.
Choose the Reinstall server option.
Under ‘Installation Profile’, choose ‘Debian Wheezy’.
Choose a good enough root password. From personal experience, I’d avoid special characters in my root password. I had setup a very complex password once, and found that it was not accepted by the ssh login shell. It’s likely that WHMCS does not escape special characters very well.
Choose ‘Provision Server (Warning)’.

At this point, go back to the email you received from DelimiterVPS, and read the part about KVM/ILO Configuration. You can login to ILO and watch the installation progress. Once installation is done, Proxmox is supposed to be up and running at https://yourip::8006. However we need a couple of steps and a reboot before we can use it.

Run the following:

cat << EOF > /etc/apt/sources.list.d/openvz-rhel6.list
deb http://download.openvz.org/debian wheezy main
EOF
wget http://ftp.openvz.org/debian/archive.key
apt-key add archive.key
apt-get update

Install OpenVZ kernel:

apt-get install linux-image-openvz-amd64

First, you have to remove the default Linux kernel, and set the OpenVZ kernel to start at boot.
Run the following from the shell:

apt-get remove linux-image-amd64 linux-image-3.2.0-4-amd64 linux-base
update-grub

You’ll notice that openvz based kernels have now been added to grub (the bootloader).

Enable IP forwarding and other rules are setup:
Edit the file /etc/sysctl.conf, and uncomment/add (Remove the # at the beginning) the following lines:

# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

run the following:

sysctl -p
apt-get install vzctl vzquota ploop vzstats

Now, restart the server.

reboot

Run the following:

wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh

After some time the installation may stop with the following message:
Fatal error: Panel requires Ruby 1.8 (Ruby 1.9 is not supported).

Run:

update-alternatives --config ruby
# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status
------------------------------------------------------------
* 0            /usr/bin/ruby1.9.1   51        auto mode
  1            /usr/bin/ruby1.8     50        manual mode
  2            /usr/bin/ruby1.9.1   51        manual mode

Press enter to keep the current choice[*], or type selection number: 1

Now rerun the installation:

wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh

At the end, you will get the message:

Panel should be available at:
http://x.droidzone.in:3000
Default credentials: admin/admin

Now login, and change the default password.

You can now install OpenVZ templates(Physical servers>Localhost>OS Templates>Install new OS Template).
Assign ips to the pool (Ip Addresses>Create new IP pool). Add the IPs assigned to you. You may need to buy more from your provider.

To create a VPS:
Localhost>Virtual servers list>Create virtual server

Creating a custom template.
Provision a VPS using a default template.
Login to the VPS, setup everything including resolvconf, tzdata, locales, dialog, .bashrc etc.

vzctl stop 1
vzctl set 1 --ipdel all --save
cd /var/lib/vz/private/1
tar --numeric-owner -czf /var/lib/vz/template/cache/debian-7.0-x86_64-minimal-custom.tar.gz .

Change default port and enable SSL on Openvz web panel:
Change the following in /etc/owp.conf:

# web server port
PORT=3000

to

PORT=2096

and

# SSL support, on - enable, off - disable
SSL=off

to

SSL=on

Restart the service. Now it is accessible at https://yourdomain.com:2096

I chose 2096 because it is one of the ports that Cloudflare supports and thus you get a free SSL support with Cloudflare.

Create a symlink to /vz because most of the vz tools expects the OpenVZ folders to reside there. This step is not necessary, but can eliminate further problems when other vz related components are installed.

ln -s /var/lib/vz /vz

You also probably need to change:

#NEIGHBOUR_DEVS="detect"

to

NEIGHBOUR_DEVS="all"

at /etc/vz/vz.conf

and do a

service vz restart

For Reference, my network config on node is as below:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 157.266.186.60
        netmask 255.255.255.192
        network 157.266.186.0
        broadcast 157.266.186.63
        gateway 157.266.186.62
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8
        dns-search droidzone.in

And my two addon ips are:

157.266.187.162/32
157.266.187.163/32

Obviously the ips have been scrambled.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.