21 May 2018

pfSense 2.4.3_1 upgrade might fail at first attempt

If you have not upgraded your pfSense to the latest version (read release announcement for details on what was fixed: 2.4.3_1 released 14 May 2018), just be aware that there might be a hiccup during the upgrade. The upgrade fails with the interface showing the following:
My pfSense instance gave the above message and also the following in the system log:
May 21 19:20:10     php-fpm     61392     /index.php: Successful login for user 'admin' from: 192.168.34.12
May 21 19:22:33     check_reload_status         Syncing firewall
May 21 19:22:35     pkg-static         pfSense-upgrade upgraded: 0.42 -> 0.45
May 21 19:22:48     check_reload_status         Reloading filter
May 21 19:22:48     check_reload_status         Starting packages
May 21 19:22:49     php-fpm     61392     /rc.start_packages: Restarting/Starting all packages.
 


I opened another tab in the browser and checked the pfSense GUI, and it still showed the old version. As per the release announcement, run the following command to refresh repository configuration:

pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

and attempt an upgrade again. The second attempt has been reported to be successful most of the times. The issue is logged as a bug already.

Note: As always, before upgrade, take a backup of your configuration. Also, in case you are running pfSense in a virtual environment, take a snapshot before upgrade so that you can easily revert in case something happens that cannot be fixed.

19 May 2018

Install Wordpress on Debian "The Debian way"

There are quite a few websites with instructions on how to install the "LEMP" {Linux,(E)Nginx, MariaDB, PHP}. A simple search brings in a few on the first page of results, so I won't list any links here.

Installing nginx, mariadb and php on Linux is quite straight forward and nicely documented in several of those pages. However, they all end with the following to install Wordpress using something like:

$ wget https://wordpress.org/latest.tar.gz


i.e. downloading it directly from wordpress.org. I use Debian on my servers and prefer to install packages using Debian's native package manager, apt. This way, they get all security updates using a single command.

So, I thought why not try to install Wordpress "The Debian way". My attempt to do that showed that it requires apache2 and some other apache2 modules too! This was odd when nginx-full, which provides httpd, was already installed.

user1@debian$ sudo apt install wordpress
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils javascript-common libao-common libao4
  libapache2-mod-php libapache2-mod-php7.0 libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap libflac8 libjs-cropper libjs-prototype libjs-scriptaculous liblua5.2-0 libogg0
  libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php-gd php-getid3 php7.0-gd
  ssl-cert vorbis-tools wordpress-l10n wordpress-theme-twentyseventeen
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom libasound2 libaudio2
  libesd0 | libesd-alsa0 libpulse0 libsndio6.1 php-pear php-league-oauth2-client
  php-league-oauth2-google speex openssl-blacklist php-ssh2
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils javascript-common libao-common libao4
  libapache2-mod-php libapache2-mod-php7.0 libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap libflac8 libjs-cropper libjs-prototype libjs-scriptaculous liblua5.2-0 libogg0
  libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php-gd php-getid3 php7.0-gd
  ssl-cert vorbis-tools wordpress wordpress-l10n wordpress-theme-twentyseventeen
0 upgraded, 32 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.3 MB of archives.
After this operation, 71.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort!


If you look at Wordpress package details (apt show wordpress), it depends on "libapache2-mod-php or libapach2-mod-php5 or php or php5". Also, when installing php, we installed packages specifically php-fpm and php-mysql, it didn't install the packages php or php5. As the dependency list has libapache2-mod-php listed first, it asks for other dependent packages which inturn recommend apache2. To fix this, install package php and then install wordpress, and no apache2 packages will be required.

user1@debian$ sudo apt-get install php wordpress       
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  javascript-common libao-common libao4 libflac8 libjs-cropper libjs-prototype libjs-scriptaculous
  libogg0 libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php-gd php-getid3
  php7.0 php7.0-gd vorbis-tools wordpress-l10n wordpress-theme-twentyseventeen
Suggested packages:
  libasound2 libaudio2 libesd0 | libesd-alsa0 libpulse0 libsndio6.1 php-league-oauth2-client
  php-league-oauth2-google speex php-ssh2
The following NEW packages will be installed:
  javascript-common libao-common libao4 libflac8 libjs-cropper libjs-prototype libjs-scriptaculous
  libogg0 libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php php-gd
  php-getid3 php7.0 php7.0-gd vorbis-tools wordpress wordpress-l10n
  wordpress-theme-twentyseventeen
0 upgraded, 22 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.0 MB of archives.
After this operation, 59.9 MB of additional disk space will be used.
Do you want to continue? [Y/n]


You can continue with the rest of the configuration of Wordpress with help from https://wiki.debian.org/WordPress (configuration steps to be posted). Oh, and don't forget to setup HTTPS using certbot to use the SSL certificates from Let's Encrypt.

* the investigation several searches on the web, but the only place where I got helpful information was the good old lists.debian.org.

Note: all this was on a Debian 8.0/Stretch VM

6 May 2018

XCP-ng Center works!

After the transition to XCP-ng, the free/libre edition, of xenserver, I installed XCP-ng Center, the free version of XenCenter to manage the xenserver. However, it failed to load using either the portable version or the installer version.

It turns out that the VM (on my desktop) that I was using to run XenCenter 7.0 was too old and did not have the required .NET Framework version (installer never indicated that .NET install was missing). That Windows 7 VM was only used when I wanted to manage the xenserver and then just shut down. So it was not even getting any updates since it was installed in 2016.

By chance, I thought of trying on another Windows 7 VM which I use just for browsing and there the installer asked to install .NET Framework 4.0 and 4.5 (installed 4.7.2). After that, XCP-ng Center 7.4 is working as expected with all features enabled.


5 May 2018

Install XCP-ng 7.4.1 without lossing VMs on local disk

Recently, my xenserver (v7.0) dom0 had been experiencing ballooning of the memory used and pFsense, which handles routing, runs in the virutal environment, my local networking stopped and so did access to Internet. I have also been following the XCP-ng project and waiting for their release. The XCP-ng 7.4.0 was the first release (out 31 March 2018) but as being the very first one, I had decided to wait.

With the recent memory issue rearing its head multiple times in the last month, I checked the XCP-ng project for update and was pleasently surprised to see that version 7.4.1 was out. I downloaded the iso and dumped it on a usb stick using:

dd if=XCP-ng_7.4.1.iso of=/dev/sdX bs=8M status=progress oflag=direct

At this stage the installer disk was ready. I wanted to do a clean install, but did not want to loose my VMs which were on a separate SSD in the VM host server. I searched the web and found an article which matched what I wanted. Link: https://support.citrix.com/article/CTX136342

Read warning in  step 3 in the above article. My case was upgrading from 7.0 from pre-6.5 partioning scheme of xenserver. So, in my case it would have destroyed my local storage repository (SR) but the local SR was on a seprate data disk and it was safe. Next important thing to note is to not choose any disk for Virtual Machine storage (step 4). Rest was smooth sailing for the install.

Post-install, I skipped step 9 as my local SR was not on the OS disk. Followed the rest of the steps without any issue except that the xe pbd-plug (step 15) failed:

[root@xen1 ~]# xe pbd-plug uuid=73b3a9f5-998e-bd19-3d0e-b1085cd114fc      
Error code: SR_BACKEND_FAILURE_47
Error parameters: , The SR is not available [opterr=no such volume group: VG_XenStorage-627ed824-d806-7533-aa72-044f31b918a6],


It took some time to search on the web but the problem came out to be something quite simple: step 11 command for xe sr-introduce should have contained the option "type=ext" instead of "type=lvm":

# xe sr-introduce uuid=39baf126-a535-549f-58d6-feeda55f7801 type=ext name-label=”Local storage” content-type=user
I performed the remaining steps to plug the PBD and then used the instructions to restore the metadata. The VMs were there as earlier (check with xe vm-list)

Now the system is running the free version of xenserver, XCP-ng with all features. Next on the list is to get XCP-ng Center working. For now it crashes upon start when run on a Windows 7 machine.

29 April 2018

Mozilla Firefox sends user data

Mozilla  Firefox is one of the top 3 most popular browsers used by users all over the world. Mozilla is among the organizations that have influenced the WWW in the past two decades in the direction of open and accessible web. Their most popular product is the web browser Firefox, the browser which broke the dominance of Internet Explorer about 10 years ago. Firefox's user base might have declined in the last few years with Google Chrome taking the top spot, however, it still is a safe option to browsing the WWW while being of the the fastest and least resource hungry web browsers.

During the recent Facebook and CA revelations of leaking data of users, I went over my own browser settings to verify that the options were set as to keep me safe and let our minimum amount of user data. For those who want to keep their own data safe while browsing using Firefox, the best is to disable data collection done by Firefox by going to Preferences > Privacy & Security > Firefox Data Collection & Use - and uncheck the two options as shown below:


Mozilla should work for the "Opt-in" option to be implemented for data sharing rather that the ubiquitous default of data sharing enabled and users having to "opt-out" to stop the data sharing.

PS: default settings from Firefox 59.0.2 on LMDE 2, with default options similar in Windows and MacOS builds.

24 October 2016

CloudAtCost - performance update

The sage continues regarding CloudAtCost VM. In the earlier post, I detailed the the DNS response sluggishness, VM console performance and dial-up-speed like feeling when downloading updates from a Debian mirror.

Fast forward a few months, and my VM has been unresponsive almost every day with the sole option of rebooting it from the console. I opened a ticket on 12th of Oct and no response whatsoever from them till now!

6 June 2016

Buying a real Japanese knife

Recently, I was looking for a Japanese knife made of VG-10 carbon steel, santoku or gyuto, 7"-9", and preferably damascus steel. I had bought one a few years ago as a present from Paul's Finest website and it was a good purchase. This time I was looking around at different websites and as I'm not a chef, I didn't want to spend too much on a knife.

I found an interesting series of knives labeled Japanese knives. The prices were very attractive along with VG10 steel, multiple layers, and pakkawood handles. However, these knives are not "Made in Japan" by a master knife craftsman. The details indicate that they are made with Japanese top grade steel (imported from Japan)!

So, when choosing to buy a real Japanese knife, it is very important to do your research as a good knife made by a Japanese master craftsman will stay with you for life (provided you sharpen the edge regularly). A good knife is an investment, so budget accordingly. Good places to go and learn about Japanese knife for beginners: Reddit Cooking, Reddit knifes, GlobeandMail article, blade types, about steels, knife sharpening basics.

PS: I'm waiting for the Hattori san's Santoku or Gyuto to become available.