Yet Another Linux Blog

Suppose you have a brand new machine with a nice SCSI U320 controller and a nice tape library with some LTO-3 drives. That’s quite a lot of expensive hardware; now let’s put it to good use with just Free Software!

The official Bacula manual is quite good, but it is very verbose and the organization is not straightforward, so it is advisable to read the whole thing and figure out which steps apply to your setup. Hopefully, this guide serves as a bit of a shortcut.

I assume a minimal Centos5 install. I do the minimal install by unchecking every single component in the CentOS5 installer, even “Base”. This gets me down to a lean ~147 packages. After the install, do a ‘yum -y upgrade’ and a ‘yum install vim-enhanced yum-updatesd yum-protectbase which ntp net-snmp krb5-workstation logwatch sysstat rsync man logrotate mlocate smartmontools strace rcs gnupg crontabs eject wget”. Then install the epel-release RPM with ‘rpm -Uvh epel-release‘.

Now you have access to bacula packages. Do a ‘yum install bacula-storage-mysql bacula-director-mysql bacula-console bacula-client’ That will also pull in mysql-server. Do a ‘cp /usr/share/doc/mysql-server-5.0.22/my-large.cnf /etc/my.cnf’ and then uncomment the skip-networking directive there for some added security. Next, we
mysqladmin -u root password 'something'
mysqladmin -u root -p -h FQDN password 'something'
mysqladmin -u root -p create bacula
mysql -u root -p
grant all on bacula.* to bacula@localhost identified by 'baculapassword';
mysqladmin -u root -p reload
/usr/libexec/bacula/make_mysql_tables -u root -p


Now the MySQL portion is set up. I’ve also made sure my autochanger works from Linux with commands like ‘mt -f /dev/nst0′ and ‘tapeinfo -f /dev/sg1′ and ‘mtx -f /dev/sg3 status’. Then we want to run btest, but first we must write a bacula-sd.conf.

Since my autochanger is almost exactly like the one in the supplied /etc/bacula/bacula-sd.conf, I basically just uncomment the Autochanger directive and the two Device drives and I’m good to go. I also had to specify the full path to mtx-changer: /usr/libexec/bacula/mtx-changer

Then work with the btape program to get your autochanger working correctly with the ‘test’ and ‘auto’ commands in btape.

Although those topics tend to be bland, I found some awesome blogs:

• The Typo Eradication Advancement League
• Apostrophe Abuse
• That’s Punny! (not quite in the same category)

This regex gets some useful information out of the HAProxy logs, ultimately for feeding to Cacti.

The log entry:
Apr 3 13:19:47 localhost.localdomain haproxy13.14.3[19065]: 67.185.245.13:4571 [03/Apr/2008:13:19:47.358] front squidfarm/squid1 0/0/0/1/+1 200 +480 - - —- 254/254/206/91 0/0 “GET /static/img/handmiddle.gif HTTP/1.1″

The regex (python):
exp2 = ".* ((?:[0-9]+\\.)+[0-9]+):.*front ([a-zA-Z0-9]+)” \
“/([0-9a-zA-Z]+) ([0-9]+)/([0-9]+)/([0-9+])/([0-9]+)/\\+([0-9]+) ” \
“([0-9]+) .*(?:GET|POST) (/)(?: HTTP|([a-zA-Z]+]) HTTP|([a-zA-Z]+)” \
“\\.([a-zA-Z]+) HTTP|([a-zA-Z]+) (?:/.*\\.([a-zA-Z]+) HTTP|.* HTTP))”


The result:
('67.185.245.13', 'squidfarm', 'squid1', '0', '0', '0', '1', '1', '200', '/', None, None, None, 'static', 'gif')
This basically breaks out each piece of data from the log. Sorry about the lame HTML formatting.

I was brought an HP Pavilion zd7000 laptop this afternoon which had a weird screen problem; the display was wrapped around, and kind of washed out. This suggested either a driver problem (this is a Windows machine) or a graphics adapter problem, or a cabling issue. First, I ruled out a software issue; rebooting showed the same display problem during the boot screen or in the BIOS (F10 for BIOS, F12 for PXE boot). I suppose it could be a cable issue but when I did a Google search, it brought up a number of useful websites where the owners of zd7000-series complain of similar problems.

• Similar problem with the zd8000
• Detailed instructions on who to call and what to say about your zd7000 problem
• Class Action lawsuit main page
• Some guy’s blog that documents the problem
• Forum thread dedicated to the problem
• zd7000 user’s forum (not specific to this problem)

I have a standard DSL connection from Verizon, with their Westell DSL modem (with integrated switch and WiFi AP). I have a Linksys WRT54GL a couple of rooms away, and it is configured to bridge to the Westell. This is the same as just running a cable all the way across my apartment. This way I can plug things into my non-wireless devices into my WRT.

I installed OpenWRT and read the docs for a couple of hours, but in the end, I only had to change two files in /etc/config:


root@OpenWrt:~# cat /etc/config/wireless
config wifi-device wl0
option type broadcom
option channel 1
# disable radio to prevent an open ap after reflashing:
option disabled 0

config wifi-iface
option device wl0
option network lan
option mode sta
#option wds "00:18:3a:33:d8:a4"
option ssid 246_3F
option hidden 0
option encryption wep
option key 344838554d

That’s my SSID and WEP key in that config. Note that mode must be “sta”. Google “wifi-iface option mode” for more info.


root@OpenWrt:~# cat /etc/config/network
#### VLAN configuration
config switch eth0
option vlan0 "0 1 2 3 5*"
option vlan1 "4 5"

#### WAN configuration
config interface wan
option ifname "eth0.1"
option proto dhcp


I think I only had to change a couple of lines in this file, in the LAN section.

This configuration has been working for me for the last ~7months.

Courtesy of Bruce Schneier’s Crypto-Gram, I got a link to the SANS top 20 vulnerabilities of 2007. Here’s some simple and practical tips for securing Thunderbird 2.x:

View - Message body as - Select “Plain text”
View - Unselect “Display attachments inline”
Tools - Options - Advanced - Config editor … - javascript.allow.mailnews - Set to “False”
Tools - Options - Advanced - Config editor … - javascript.enabled - Set to “False”
Tools - Options - Advanced - Config editor … - javascript.options.strict - Set to “True”
Tools - Options - Privacy - E-mail scams - Select “Tell me if the message I’m reading is a suspected email scam”
Tools - Options - Privacy - Anti-Virus - Select “Allow anti-virus clients to quarantine individual messages”

“Tools - Options” is for Windows; on my Ubuntu machine it is “Edit - Preferences”.

Dell only provides a Windows executable for upgrading the BIOS. Luckily, they also provide a utility to generate a boot image under Linux from the EXE. Here’s the link: HOWTO. Here’s Dell’s utility.

One instruction on that page didn’t work, on EL5 the paths in grub.conf do not need the /boot prefix. Also, my BIOS image had more than 8 characters, so the memdisk crapped out at dumped me at the A:> prompt where I did ‘dir’ and ‘DMS~1.exe’ or something like that.

I wanted to add these two nice PDFs about Xen:

Simple intro to Xen on EL5

Full documentation for Xen on EL5

You can learn almost everything you would possibly want to know about SANs (and NAS) if you read the following two resources:

1. IBM Redbook: Introduction to Storage Area Networks (free read)
2. Using SANs and NAS by W. Curtis Preston (~$30 at the bookstore or $x at Safari)

You too can be a SAN admin!

I installed it on my Sempron machine; I used the x86_64 version. The LiveCD worked without problems, the installation was uneventful. After rebooting into the install, I tried my usual tests of using Youtube (or Pandora), playing a DVD and playing an MP3.

Going to the Youtube site in Firefox gave me an info bar at the top of the screen about missing plug-ins. It gave me the option of installing Adobe’s Flash or GNU SWF player. I chose the former, expecting it to crap out because of the arch difference, but the dialog downloaded the 32-bit compatibility libs and flashplugin-nonfree and after a Firefox restart youtube videos worked just fine! I watched the latest Flyers highlights and cheered on our man Briere! Score one for Ubuntu!

Then I put in a DVD. Totem asked me to install some additional codecs, so I did, but then it gave me an error “unable to read stream”. I surfed over to the help pages and installed libdvdcss2 (and w32codecs while I’m at it) from Medibuntu. This step is still non-trivial for a regular person, I think, although they merely have to copy a few commands from the instructions: https://help.ubuntu.com/community/Medibuntu

Then I put the DVD in again. Totem asked me to install some additional codecs again, so I complied. Then the DVD played. Awesome. Full-screening worked, and there is no longer the stuttering of the previous releases. Also, the video works with the “desktop effects” that are turned on by default, which didn’t work in Feisty (at least on my hardware). Things are coming along.

The RestrictedFormats page suggests also installing w64codecs on x86_64, so I did. Then I surfed over to somafm.com to try an mp3 stream. Rhythmbox opened and played. Excellent!