Moving to #Freebsd ?

I am thinking of moving my main server to FreeBSD. My main goal is to learn the OS. I have gotten so use to Debian and It seems like it is no longer a challenge to me. At least I think with #FreeBSD, I do not have to worry so much with upgrading. Right now, since I track Debian Unstable, I have to constantly update when I am in there. Also I also have to update the kernel. All of this I know are avoidable. I could just go with Debian stable and I could just choose to use the distro kernel and not have to worry with compiling the kernel.

Anyway, I think this would be a huge undertaking. I probably would have to plan this in stages. For one, how do I migrate without significant downtime???

 

Freeswitch init via SystemD on Debian Unstable

I ran into an issue when I upgraded my Debian unstable box to systemd. I have FreeSWITCH on this box and the systemd initiation is not working.


Dec 14 18:05:44 mail systemd[1]: freeswitch.service: Start operation timed out. Terminating.
Dec 14 18:05:48 mail systemd[1]: Failed to start freeswitch.
Dec 14 18:05:48 mail systemd[1]: freeswitch.service: Unit entered failed state.
Dec 14 18:05:48 mail systemd[1]: freeswitch.service: Failed with result 'timeout'.
Dec 14 18:05:48 mail systemd[1]: freeswitch.service: Service hold-off time over, scheduling restart.
Dec 14 18:05:48 mail systemd[1]: Stopped freeswitch.
Dec 14 18:05:48 mail systemd[1]: Starting freeswitch...
Dec 14 18:05:50 mail systemd[1]: freeswitch.service: PID file /run/freeswitch/freeswitch.pid not readable (yet?) after start: No such file or directory

After much research and trial and error, I finally found the solution. I had to change the PIDFile statement of the freeswitch.service file.


[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target

[Service]
; service
Type=forking
;PIDFile=/run/freeswitch/freeswitch.pid
PIDFile=/usr/local/freeswitch/run/freeswitch.pid
;PermissionsStartOnly=true
Environment="DAEMON_OPTS=-nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait $DAEMON_OPTS

;ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait -nonat -rp
TimeoutSec=45s
Restart=on-failure
; exec
WorkingDirectory=/usr/local/freeswitch
;User=freeswitch
User=root
Group=daemon
;Group=freeswitch
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
;LimitSTACK=240
LimitRTPRIO=infinity
LimitRTTIME=7000000
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPolicy=rr
CPUSchedulingPriority=89
UMask=0007

[Install]
WantedBy=multi-user.target

Systemd in Debian

I notice that my raid array is not starting up properly after I boot a new kernel, 4.3. I figured out that I could manually assemble the array with the command below. However, I want to automate the process.

mdadm --assemble --verbose /dev/md127 /dev/sdb1 /dev/sdc1

The solution is making the necessary changes in mdadm.conf file so that the system can see the array following a reboot. Here is my mdadm.conf file.


#mdadm.conf
#
# Please refer to mdadm.conf(5) for information about this file.
#

# by default, scan all partitions (/proc/partitions) for MD superblocks.
# alternatively, specify devices to scan, using wildcards if desired.
#DEVICE partitions
DEVICE /dev/sd[bcdjkl]1

# auto-create devices with Debian standard permissions
CREATE owner=root group=disk mode=0660 auto=yes

# automatically tag new arrays as belonging to the local system
HOMEHOST

# instruct the monitoring daemon where to send mail alerts
MAILADDR root

# definitions of existing MD arrays
ARRAY /dev/md127 metadata=0.90 UUID=a42d6399:f6d2b49c:924717a0:72ea5865 devices=/dev/sdb1,/dev/sdc1

# This file was auto-generated on Mon, 16 Jul 2012 06:37:54 -0400
# by mkconf 3.1.4-1+8efb9d1+squeeze1

Getting “push email” without an Exchange server

For some people, getting their email pushed to their mobile is important. Although the emails from my home email server is not really as important as my work emails, it still is a good learning experience and its fun. 😀

First, one must already have a working email server. I  am not going to discuss that here. My personal setup is a Debian unstable box with Postfix and Dovecot. I set up my imap server with Maildir and virtual users.

Next, if you use a Debian based distro, do not use “d-push” ,the Debian packaged version of Z-Push, because it is old and I ran into a lot of problems getting it to work. Just download the upstream version and you should be fine.

Unpack the downloaded file and follow the “INSTALL” file instructions.

There are 2 config.php file that we have to edit. The main one on the root of the install, we need to add the “BACKEND_PROVIDER”. Since I am using imap, I added “BackendIMAP”.

Screen Shot 2015-03-07 at 11.32.10 AM

 

 

 

The second config.php file is under the backend/imap folder.  I change the port because I am using SSL. The options part I had to do a lot of trial and error, and some research.(5)

Screen Shot 2015-03-07 at 11.30.00 AM

 

 

 

Save both of this files and reload your Apache.  Before setting up your device try to login through the browser. One should get something similar to this screenshot. If not, you need to do more troubleshooting.

Screen Shot 2015-03-07 at 11.59.07 AM

 

 

 

 

References

  1. http://php.net/manual/en/function.imap-open.php
  2. http://z-push.org/
  3. http://z-push.sourceforge.net/phpbb/viewtopic.php?f=2&t=2408&p=8788&hilit=dovecot#p8788
  4. http://doc.zarafa.com/7.0/Administrator_Manual/en-US/html/_zpush.html
  5. https://nickebo.net/setting-up-push-mail-with-dovecot/

Freeswitch and NAT audio issues

I am running Freeswitch from git and lately I notice that it’s not working properly. Something changed that I could not put my finger on it.

So this is my setup:

  • Freeswitch from git – I almost always update this when I can. I don’t remember when but I one of the update I did broke the thing
  • Dingaling/GoogleVoice – I don’t know if this is FS or a google voice problem. Maybe google made some changes and screwed up freeswitch
  • Debian Sid – updated all the time
  • PFsense – latest and greatest router .I am doing NAT through this box. I might have made some changes that might have affected my FS . Need to investigate this.

What I have done so far:

  • I had set stun on jingle_profile and I still hear no audio , DTMF works however
  • Setting stun off disables DTMF and still no audio
  • Turned off Call Screening/Presentation
  • I am reverting to version 1.2.stable today. Before I was tracking Master.

Reverting to stable worked!

Heimdal-Kerberos,OpenLDAP and Debian

I am trying to set up Openldap and Kerberos on my server for several days now. Openldap is somewhat working since I am able to login via normal clients, however I am stuck with Heimdal.

Actually at first I went with the MIT version of Kerberos but after I read somewhere that it wasn’t a good idea I went with Heimdal instead. This is where trouble started. It seems like when I installed Heimdal ,It did not completely removed MIT . So I was left with a mess. It keeps on giving me an error that  that the kdc could not be reach but I checked the firewall,nat seems to be working, netstat shows the server ports open also. It must be the dns. Restart dhcp server and client,no go. Searching web then I found out that I set the host name default in my kernel,is this it? Right now it’s set to my domain name. I am now updating my kernel to check this hypotheses.

 

Followup:

I finally was able to recompile the kernel and It seems like the default hostname was a red herring. So I kept digging and I found out that Kerberos is really very sensitive to bad DNS configuration. I read somewhere that I need to set up split-DNS in order for it to work. So off I go to the PFsense documentation. And after I set it up! Bingo!

troubleshooting kevin

I upgraded Kevin ,our 2 year old Dell Desktop. We usually don’t use the debian system installed in there so I haven’t really upgraded it for a while now. So now I did an apt-get upgrade and just my luck that it crashes after logging in.

So I was trying to troubleshoot all the errors on the. .xsession logs but it turns out I was just wasting my time. What I did to fix it is just mv the .config and everything worked. I have a brand new spanking Gnome Unity desktop.

Update: 3-20-12
I just fixed my Dual head setup today. Compiz is still not running though. What I did is put “Virtual” setting on the screen section of my xorg.conf and restarted gdm.

I then tried grandr to rearrange the displays. Bingo!

Making a Blackberry out of my Nokia N95

I finally found a working solution to the problem of getting all my email accounts in one single place and also getting it “pushed” to my cellphone. I will give you all the steps but YMMV. Basically,what we need is to setup a mail server.

  1. I have a yahoo ,a gmail and my ISP email(comcast). I have to somehow fetch all the mail from these services to my server. Yahoo however sucks coz you have to pay to get access to your email via the POP protocol so what I did is just forward all my mails to my other accounts ,I chose gmail. Fetching Gmail and Comcast using fetchmail is pretty straightforward , so I’ll leave that to another post.
  2. Install a mail server. I already have MTA ,which is Postfix which I already got working for local delivery so All I need left is a POP/IMAP server. For these,I tried Cyrus,courier and Dovecot,stay away from Cyrus ,SASL is a PITA to setup..I am using Dovecot,much much simpler to setup and well documented configs.
  3. Make sure if you have a firewall that you open up the right ports for imap,imaps,pop,smtp .Also don’t forget the server itself coz sometimes there are firewalls installed like fail2ban and moblock.
  4. I use Imap on my N95 coz it’s much simpler to manage and you also get the “push email” functionality like that of the Blackberry. Just go to messaging and enter your server details . And one very important thing I noticed, Most of the time when accessing your mail It would like it gets stuck in “Updating Mailbox ” but actually it is synchronizing the folders . So have “PATIENCE”. If it really takes a while try to trim down the folders that one is subscribing to and try again.

Here are my configs.

My dovecot.conf:

protocols = imap imaps managesieve
disable_plaintext_auth = yes
shutdown_clients = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl = yes
ssl_cert_file = /etc/ssl/ca/certs/dovecot.pem
ssl_key_file = /etc/ssl/ca/private/dovecot.pem
mail_location = maildir:~/Maildir
namespace private {
separator = .
prefix = INBOX.
inbox = yes
}
mail_privileged_group = mail
protocol imap {
mail_executable = /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap
imap_idle_notify_interval = 120
imap_client_workarounds = delay-newmail netscape-eoh outlook-idle
}
protocol managesieve {
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = root@localhost
mail_plugins = sieve
global_script_path = /home/vmail/globalsieverc
}
auth default {
mechanisms = plain login
passdb pam {
args = blocking=yes
}
userdb passwd {
args = blocking=yes
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
sieve=~/.dovecot.sieve
}

My postfix main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/ssl/ca/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/ca/private/postfix.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_loglevel = 1
myhostname = devsphoto.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname , localhost, localhost.localdomain
relayhost = [smtp.comcast.net]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
home_mailbox = Maildir/
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
transport_maps = hash:/etc/postfix/transport
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
local_recipient_maps =
smtpd_tls_auth_only = no
receive_override_options = no_address_mappings
content_filter = smtp-amavis:[127.0.0.1]:10024

Diagnosing a Linux problem

debian
debian

I was trying to backup my debian server using this s3fs script but apparently I forgot that the script needs fuse in the kernel. Since I just upgraded my kernel to 2.6.30 ,I mistakenly compiled Fuse in the kernel ,It needs to be compiled as a module.

So this provides an excuse to upgrade my kernel again,ok done it . Installing but what is this !!

grub-probe: cannot find a device for /

shucks! Grub has a bug or LVM ..anyway I found a temporary solution in the internet..
LVM2+Grub-pc

To top all of this, debian’s kernel-package has a missing or malfunctioning initramfs hook script which leaves my new kernel without an initrd! Thanks to a backup kernel ,I was able to boot and copy the example initramfs script in /usr/share/kernel-package/examples/ .

Wheeew! that tooked a lot of time to diagnose. . I wonder if stable has this kind of problems .