Installing VBox with extpack on ubuntu server 11.10

This article is about Virtual Box installation and virtual machine / virtual operation system installation WITHOUT a Graphical User Interface (GUI). I'm using an IBM Blade hardware for this Installation sample. Some information for this hardware is shown in pictures below:

The IBM Blade Chassis Hardware Topology Inventory details

The IBM Blade Server that located in the IBM Blade Chassis

I want to describe hardware details and base operating system before virtual system because, this may affect virtual parts. Actually this risc is really very low for VirtualBox versus OpenVZ. Because there are criterias of hardware compatibility for other virtualization products. I'm going to use a Ubuntu Server 11.10 for base operation system so this OS is used by most of the people. Also I'm going to select a 64 bit operation system to able to use 64 bit virtual systems.

Mount iso image, and check KVM and media tray and power on as show in following movie.

The Youtube Link : http://www.youtube.com/watch?v=LbyBYN_YiyM

Ubuntu 11.10 Server AMD 64 bit OS installation steps are shown in following pictures: (These pictures show the steps that are almost all in default. You may want to jump if you wish.)

VirtualBox Installation;

1-) Add one of the following lines according to your Ubuntu server to your /etc/apt/sources.list

deb http://download.virtualbox.org/virtualbox/debian oneiric contrib
deb http://download.virtualbox.org/virtualbox/debian natty contrib
deb http://download.virtualbox.org/virtualbox/debian maverick contrib non-free
deb http://download.virtualbox.org/virtualbox/debian lucid contrib non-free
deb http://download.virtualbox.org/virtualbox/debian karmic contrib non-free
deb http://download.virtualbox.org/virtualbox/debian hardy contrib non-free
deb http://download.virtualbox.org/virtualbox/debian squeeze contrib non-free
deb http://download.virtualbox.org/virtualbox/debian lenny contrib non-free

Actually I need adding only the first line for my OS because, my ubuntu distribution is Oneiric. But your distribution may have a different version, so I write other distributions.

2-) Downloading the Oracle public key for apt-secure and registering:

support@tester:~$ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc

support@tester:~$ sudo apt-key add oracle_vbox.asc

or

support@tester:~$ wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

3-) Installing virtualbox-4.1:

support@tester:~$ sudo apt-get update
support@tester:~$ sudo apt-get install virtualbox-4.1

4-) Downloading extension pack:

support@tester:~$ wget http://download.virtualbox.org/virtualbox/4.1.8/Oracle_VM_VirtualBox_Extension_Pack-4.1.8-75467.vbox-extpack

5-) Installing the extension pack for Oracle VirtualBox. If we don't install extension pack, we won't be able to use remote display features. So our system hasn't got GUI yet, we can not start to install virtual system without extension pack. To install extension pack,

support@tester:~$ VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.1.8-75467.vbox-extpack

You can find all of the official instructions and installation packages in https://www.virtualbox.org/wiki/Downloads .

You can watch these instructions on following movie:

The Youtube Link; http://www.youtube.com/watch?v=HmN0xhB1znU

You can visit http://stdioe.blogspot.com/2012/01/creating-virtual-machine-with.html to read "Creating virtual machines using VBoxManage command" article. It is the next step of this article.

making a ThinClient OS with pxeboot support

When I needed a thin client for the company which I am working for, I firstly researched some existing products on the market. (wise, chipPc etc.) Actually, there were some good things but I needed a more customizable one. When the subject is about customization, I have got an unique address for solution: that's
linux. I wanted to create a simple, easy to setup and strong solution. I checked following criterias:

1. I had to use a complete distrubution to start to work. Because, all distrubutions are ready for use. I didn't need to handle more to start.
2. I had to create image file/files as OS. It should be open from image / images files every times. Therefore, It can keep ifself as strong.
3. If I could supply the Boot On Lan feature on my pxeboot server, the clients would never get damaged in the future. Because all clients would run on only their RAM device. Altough they had been shutdown un-properly, they could stil read the original image file from the pxeboot server. I only needed keep the image file safe which is located on the pxeboot server.

I researched a few distros and than I selected the SLAX for my project. It's using squash FS (lzm files). It seemed the best choice for my requirements about the image.. SLAX distro is normally used on the usb devices. It's a kind of mobile version of Linux. You can use it in several hardwares.

However; I had to change something on standard SLAX. The history of my project begins.

In order to install Slax, download the USB image from site "http://www.slax.org/get_slax.php". After extracting it, it will generate two different directories: slax and boot. Firstly we need dir2lzm and lzm2dir scripts/commands to extract lzm files and to re-build the lzm file again. These are located in the directory /slax/tools/.

Slax has got a very nice structure. Making manipulations are very easy and controllable. For example, you can create a module file to create some changes from original slax and you can apply this changes by a single copy-paste operation. There is a director, with name modules, exists for this purpose. After starting to make changes in 001-core.lzm file located in base directory, I realized that this was not a good way.

Note: Your linux (also windows OS) has got a variable about default PATH to find predefined commands on your operating system. But your tools directory (located in Slax directory) is not included in the PATH variable. So if you try to execute lzm2dir command in somewhere, you will not be able to execute it. You can execute it with a full path or you can execute it with "./lzm2dir" command when you are located in tools directory or you can add your tools directory it to the PATH. Most useful way is adding the tools directory into the your PATH variable. Suppose that your Slax directory is located in the /home/User. We can get and set the PATH environment variable as shown below:

[user@hostn stdioe]#  /home/User/slax
[user@hostn stdioe]#  /home/User/slax/tools  <- related commands located in here
[user@hostn stdioe]#  echo $PATH   <- to check existing value of your PATH variable
/usr/lib/mpi/gcc/openmpi/bin:/home/User/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/opt/kde3/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin
[user@hostn stdioe]#  PATH=$PATH:/home/User/slax/tools <- to add slax-tools directory to in your PATH variable

Good, We can use that commands from everywhere by now. Let's extract the 001-core.lzm file to do some manipulations.

Note: Actually, that commands are just several simple shell scripts. The real commands are squash FS commands. If squash FS is not installed in your operaing system, you can not use the tools directory scripts. You have to have squashfs installed on your system. The squashfs is a read-only file system with efficient compression property. It's essential and base thing so, almost all distrubutions has got it in their package manager. You can install it using your package manager.

Let's extract the file 001-base.lzm and start to manipulation step; I created a stdioe directory and copied the file 001-core.lzm to the the directory stdioe. I created a directory called core_Dir to extract contents of the lzm to the directory core_Dir.

[user@hostn stdioe]# pwd
/root/stdioe
[user@hostn stdioe]# ls
001-core.lzm
[user@hostn stdioe]# mkdir core_Dir
[user@hostn stdioe]# lzm2dir 001-core.lzm core_Dir/
TIOCGWINZ ioctl failed, defaulting to 80 columns
[===========================================================-] 12069/12069 100%[root@ismldgn stdioe]# 
[user@hostn stdioe]# ls
001-core.lzm  core_Dir
[user@hostn stdioe]# cd core_Dir/
[user@hostn core_Dir]# ls
bin   dev  home  media  opt   root  srv  tmp  var
boot  etc  lib   mnt    proc  sbin  sys  usr
[user@hostn core_Dir]#

core_Dir directory is a container for our thin client OS file structure. First of all, we have to focus on the file /etc/rc.d/rd.M. The file manager starts up the process.

We will create an image file which will then be used by our thinclients. So if we don't solve the problem of hostnames, all our thinclients will have got the exactly same hostnames. The main problem is, all of them connect to the same terminal server. The terminal server can not handle the connections properly. If you look from terminal server side, you can see a lot of clients are connected but all names are the same!

Normally rc.M assigns a hostname from contents of the file /etc/hosts. My offer is, we can create a new and different hostname for each client while booting progress. The mac address information already provides an unique information for this. We can use the mac to assign them different names! We can edit our commands after the line in which it is written "# Initialize the networking hardware.".

ls -aA1b /etc/dhcpc | egrep ".info\$" | while read INFOFILE; do
# the next line won't affect rc.M variables, because it's in >while read< loop
. /etc/dhcpc/$INFOFILE
echo "TPL`/sbin/ifconfig | /bin/grep "HWaddr" | /bin/gawk -F' ' '{print $5}' | gawk -F: '{print $1$2$3$4$5$6}'`."$DOMAIN >/etc/HOSTNAME
sed -i -r "s:127.0.0.1\tslax.*:127.0.0.1\tslax.$DOMAIN slax:" /etc/hosts
break
done

Well. Now, each client has got a different hostname. All hostnames start with a TPL prefix and continue the mac info without ":" and ".$DOMAIN" variable, respectively. If you don't need FQDN name, do not use the ".$DOMAIN" part.

This OS will be used as a thin client os. So the main goal is to "connect to the terminal server". We don't need advance graphical user interface. We need simple a simple solution. I selected fluxbox for this purpose. When the OS starts, the fluxbox should be opened automaticly. For this purpose, we have to add the content shown below with a ".xprofile" name in the "/root" directory. This configuration is to start the fluxbox GUI.

session=/usr/bin/startfluxbox
/usr/bin/setxkbmap tr
#/usr/bin/rdesktop terminalServerAddr -f -r printer:oki="Epson LX-80" -k language

The -k option is for defining the language. Please replace the proper language code for your language. The line marked with a '#' supplies a connection to the terminal server automaticly but I marked it to make it disabled, because user may want to do a different thing. So we have to create a menu file for fluxbox GUI. Let's create a lzm file again from the edited base package and create a new module file for other purposes.

[user@hostn stdioe]# 
[user@hostn stdioe]# 
[user@hostn stdioe]# ls stdioeBase/
bin  boot  dev  etc  home  lib  media  mnt  opt  proc  root  sbin  srv  sys  tmp  unsped  usr  var
[user@hostn stdioe]# dir2lzm stdioeBase/ 001-base-edited.lzm
[=============-                                              ]  2337/10544  22%

Right now, our base lzm file is ready. But normally we have to create a module file for our changes. We don't have to handle the original base file. because when we a new release is published, we will need to handle it again. But if we create a module file, the copy paste operation will probably be enough for this. Also the module mechanism is very useful feature. Let's create a module file for other requirements,

[user@hostn stdioe]# mkdir nameOfModule
[user@hostn stdioe]# mkdir nameOfModule/root
[user@hostn stdioe]# mkdir nameOfModule/sbin
[user@hostn stdioe]# cd nameOfModule/root
[user@hostn stdioe]# mkdir .fluxbox
[user@hostn stdioe]# cd .fluxbox
[user@hostn stdioe]# vim menu

Content of the menu file is shown below:

[begin] ('The Project Name' - MENU)
[encoding] {UTF-8}
[submenu] (Tools)
[exec]  (Command Window) {xterm}
[exec]  (Internet Browser) {kfmclient openProfile webbrowsing}
[exec]  (Text Editor) {kwrite}
[restart]  (KDE GUI) {startkde}
[end]
[submenu] (Remote Desktop : termSrv.dom)
[exec]  (800x600) {termsrvDOMr1}
[exec]  (1024x768) {termsrvDOMr2}
[exec]  (Tam Ekran) {termsrvDOMrf}
[end]
[exec] (Shutdown Computer) {pcShutdown}
[endencoding]
[end]

Of course, some used commands are not default ones. These are user defined. We have to write them and set execution permissions and locate them into a proper directory as value of $PATH variable. That files are listed below.

pcshutdown:

#!/bin/bash
init 0

Note: Our thin client os is already running on the RAM. So we can shutdown up-properly. "init 0" is the most rough way.

termsrvDOMr1:

#!/bin/bash
/usr/bin/rdesktop termsrv.DOM -g 800x600 -k tr -r printer:UGLpoki="Epson LX-80" -d DOMAINNAME -u ""

termsrvDOMr2:

#!/bin/bash
/usr/bin/rdesktop termsrv.DOM -g 1024x768 -k tr -r printer:UGLpoki="Epson LX-80" -d DOMAINNAME -u ""

termsrvDOMrf:

#!/bin/bash
/usr/bin/rdesktop termsrv.DOM -f -k tr -r printer:UGLpoki="Epson LX-80" -d DOMAINNAME -u ""

Finally set to execute permission and copy it to /sbin directory. After all, create lzm file of the module.

[user@hostn stdioe]# chmod +x pcshutdown termsrvDOMr1 termsrvDOMr2 termsrvDOMrf
[user@hostn stdioe]# cp pcshutdown termsrvDOMr1 termsrvDOMr2 termsrvDOMrf nameOfModule/sbin/
[user@hostn stdioe]# dir2lzm nameOfModule nameOfModule.lzm
[===================================================================|] 6/6 100% [user@hostn stdioe]#
[user@hostn stdioe]#  

Right now, if we copy that lzm module file to modules directory, this module will be enabled when booting the OS automaticly. But we still don't create a module for printer driver and configuration. That file content is a little bit long so explaining how to create a printing module is not a good idea in this.. But you can use a usb version of Slax and open it with "Slax Graphics mode" option and install printer driver and configure it then shutdown properly. Then, if you check directory changes, you can find all changes about the printer installations and configurations. The problem is, existing files are not only about the print functionalty. You have to select printer related ones. I can create a download link in this page, but usually it is not a good idea to create a download link about any file. If some body want to download that file, I will send it.

Good. Our thinClient OS is ready. We prepare it from the usb version of Slax. And now, we will prepare a tftp server and http server to get the pxeboot server ready. TFTP server installation and web server intallation are not related to this article, so I don't explain it. But I have to say again, your http server should be a permitted directory and configured as indexing compatible with httpfs property. Because, when the boot process starts, our pxeboot server will send the boot parameters via tftp server and than starts to use the https service for loading big files. Because tftp is a UDP based service and http is a TCP based service. Nobody wants to use UDP based service to load big files. So UDP does not check the data whereas TCP uses a checking mechanism while data is transfering.

The boot directory should be located in the directory "tftproot" and Slax directory should be located in the http publishing root directory. (/var/www/html or /srv/www or something like that).

The last step is to configure the DHCP server for pxe booting. My project environment has got a Microsoft Windows 2003 Server for DHCP server. When you right click to scope option and select the configure option in this DHCP server, you can see a window. This window has got "066 Boot Server host Name" and "067 Boot File Name" options lines. You have to add the ip address of your pxeboot server to "066 Boot Server host Name" option and write "/boot/pxelinux.0" for "067 Boot File Name" option. Right now, if you set "boot on lan" option in a client computer bios, as a client computer starts, it will search a DHCP server, and it will learn pxe boot server address, file name info, the boot parameters from the tftp server and OS files from pxeboot server via httpfs service, respectively.

Content of the file /tftproot/boot/pxelinux.cfg/default is shown below:

PROMPT 0

LABEL linux
MENU LABEL Run linux over PXE
KERNEL /vmlinuz
IPAPPEND 1
APPEND vga=769 initrd=/initrd.gz ramdisk_size=6666 root=/dev/ram0 password=qwe123 rw autoexec=xconf;telinit~4

LABEL memtest86
MENU LABEL Run Memtest utility
KERNEL /mt86p

This project is suitable to be developed more.. I created more than one configuration files. When the boot process starts, it will be able to read mac address and get the configuration as its mac info. So we can make more than one groups. Each single member of the group can read different module files and configurations. For example, you can create two different groups and than you can include some mac addresses of that groups. Every group have got a single configuration file. Therefore, every client will use their own setting. By the way, I think the most powerfull feature of this OS is, It will never crash!. Because it will use the same lzm file for booting process. If you can create a usable OS, you will always be able to use it. Itwill never need "disk defragmentation" or something like this...

For what the hell are we using Unity?

Last week, I upgraded my Ubuntu 11.04 to Ubuntu 11.10. This was a milestone in my Linux life.

In 2005, when I was a PhD student, my primary os was Windows XP. It was failing during the boot process but it was telling me nothing about the problem. I thought it was about one of the drivers but I was not the boss of my own computer. That was the reason to give it up and start with a new OS which gives the reins to me. It was Ubuntu, I don't remember the version but It should be 6 or 6.5.

Ubuntu was nice, easy to learn. As a hobbyist Java developer nothing changed by formatting the machine with ext3 and going on with the Gnome.

By the time, the community introduced more enhanced versions of Ubuntu. In each single revision, we get more happy to live with Ubuntu. The performance was perfect, there were lots of deb packages around and we got the chance of playing new games in our Linux boxes.

You know, Unity is the default GUI since Ubuntu 11.04. First time that I used that system, I tried to uninstall it and get the Gnome as soon as possible. In 11.10, I experienced the same thing and I saw that I can really get rid of it. Of course using XFCE or anything else should be the solution. But my problem is about the developer community.

First, why are you setting the Unity as default GUI system? Did people get bored with the GNOME desktop? Was it buggy? Have you performed a comprehensive survey about this?


Ubuntu with a Gnome Desktop is now a public good, because world is using it. People who wants to give it up can give it up. But I think it is wrong someone to make decisions about people use or not to use a GUI system by default...


Finally, I am finalizing the lifetime of Ubuntu in my boxes. The other distribution, Open Suse, seems to be more stable, say that, I am not afraid of being a dummy with my own computer. 


And, when you press Ctrl + Alt + 1 in your Linux Desktop, as you know, a full screen console will be opened. When you log in, you will see a "Have a lot of fun..." message in Open Suse 11. Yes, thank you. I am having fun right now!

Installing the mrtg and the auto analyzer script

I want to explain the mrtg installation on Debian from scratch. It might be boring for expert users but anyway this article is said to be effective for beginners. Expert users may jump on text.

Download the last version of Debian for from the URL "http://cdimage.debian.org/debian-cd/6.0.2.1/i386/iso-cd/" and "debian-6.0.2.1-i386-netinst.iso" images. This version is the minimum in size. I selected that version, because I want to see/show all required packages and applications. I have Ubuntu 11.04 and VirtualBox 4.0.4 in my computer. I installed that Debian into the virtual host at VirtualBox with the default (only selected ssh server while installation) installation settings.

apt-get install mrtg

Mrtg is a perl script so the Perl interpreter is required. I'm checking the Perl interpreter:



a) I will need a http server to publish web pages that are generated by the Mrtg script.
b) I will need a php interpreter to analyze html outputs of mrtg script.
c) I will need a mysql database to save some options and data about auto alert generating.

I'm installing apache2, php5 and mysql-server5 for All that requirements;

apt-get install apache2 php5 mysql-server

After than installation, you can see used ports on your linux to check the status of Apache and Mysql services like following image:




You can check the Apache & Php status using the code below:

<?php phpinfo(); ?>

If the file name is "test.php" and path of the directory is "/var/www/", the phpinfo() function should send an output on your browser when you enter the http://youraddress/test.php address. The next step is to test the mysql server and to make a connection between php and mysql servers. You can use the following php script:

<?php
$link = mysql_connect("localhost","root","youPasswordOnPicture")
or die("Error: Can not establish connection to MySQL Server");
?>

If the file name is "testMySQL.php" and path of the directory is "/var/www/", you should not to see nothing on your browser when you enter the http://youraddress/testMySQL.php address. Having a message "Error: Can not establish connection to MySQL Server" means the database server connection is unsuccessful.

If have reached this line without any error/problem, we can jump to mrtg part again: The mrtg script queries your active network devices (routers, switches, firewalls etc.) via SNMP protocol. So you have to configure the snmp settings on your active network devices. I will add a basic snmp setup for some mostly used devices.

You can use following command to generate a mrtg configuration file.

cfgmaker CommunityString@deviceA.of.Ip.Address --output deviceA.cfg

This command creates a file with name "deviceA.cfg". We have to edit some lines in this file like following:

# Created by 
# /usr/bin/cfgmaker CmmntyString@172.28.201.10


### Global Config Options

#  for UNIX
WorkDir: /var/www/html/mrtgGraphics/relatedDevice/

#  or for NT
# WorkDir: c:\mrtgdata

### Global Defaults

#  to get bits instead of bytes and graphs growing to the right
Options[_]: growright, bits

EnableIPv6: no
...
...
..

If you use MS Windows Operation System, simply uncomment the line "WorkDir: c:\mrtgdata" and put a '#' char to comment the line "WorkDir: /var/www/html/mrtgGraphics/relatedDevice/". We are capable to define directions of graphics and unit types of data. Possible choices for bit and byte for unit and frowright and growleft for direction. (Bunun frowright olduğuna emin misin? flowright olabilir mi?)

Each single interface is defined in this configuration file like following:

Target[3661-fasteth00-systemsegment]: 2:CmmntyString@172.28.201.10:
SetEnv[3661-fasteth00-systemsegment]: MRTG_INT_IP="172.28.201.10" MRTG_INT_DESCR="FastEthernet0/0"
MaxBytes[3661-fasteth00-systemsegment]: 12500000
Title[3661-fasteth00-systemsegment]: Traffic Analysis for 3661-FastEthernet0/0 SystemSegment
PageTop[3661-fasteth00-systemsegment]: <h1>Traffic Analysis for 3661-FastEthernet0/0 SystemSegment</h1>
           <div id="sysdetails">
                   <table>
                           <tr>
                                   <td>System:</td>
                                   <td>UGC_Topkapi_3661 in </td>
                           </tr>
                           <tr>
                                   <td>Maintainer:</td>
                                   <td>Name of The Responsible Person</td>
                           </tr>
                           <tr>
                                   <td>Description:</td>
                                   <td>FastEthernet0/0 Connection to SYSTEM Segment </td>
                           </tr>
                           <tr>
                                   <td>ifType:</td>
                                   <td>ethernetCsmacd (6)</td>
                           </tr>
                           <tr>
                                   <td>ifName:</td>
                                   <td>Fa0/0</td>
                           </tr>
                           <tr>
                                   <td>Max Speed:</td>
                                   <td>12.5 MBytes/s</td>
                           </tr>
                           <tr>
                                   <td>Ip:</td>
                                   <td>172.28.201.10 ()</td>
                           </tr>
                   </table>
           </div>

"3661-fasteth00-systemsegment" is the filename of generated html file in path "/var/www/html/mrtgGraphics/relatedDevice/". Each interface has got a different filename like "3661-fasteth00-systemsegment". We have to keep " 2:CmmntyString@172.28.201.10:" part in that configuration file but we can change the other parts such as title, pagetop, and other expressions between html tags.

When we finish editing the configuration file, we have to execute mrtg command with this configuration file as below:

/bin/env LANG=C /usr/bin/mrtg /etc/mrtg/cfg-files/3661.cfg

But the problem is, this command should be re-executed every 5 minutes to get statistics continuously. We can use crontab for this goal. The crontab line is like following for this sample,

*/5 * * * * /bin/env LANG=C /usr/bin/mrtg /etc/mrtg/cfg-files/3661.cfg >/dev/null 2<&1

My MRTG server has got a lot of cfg files and I prepared crontab lines are like this,

0,5,10,15,20,25,30,35,40,45,50,55 * * * * /bin/env LANG=C /usr/bin/mrtg /etc/mrtg/cfg-files/3661.cfg >/dev/null 2<&1
1,6,11,16,21,26,31,36,41,46,51,56 * * * * /bin/env LANG=C /usr/bin/mrtg /etc/mrtg/cfg-files/otherfile.cfg >/dev/null 2<&1
2,7,12,17,22,27,32,37,42,47,52,57 * * * * /bin/env LANG=C /usr/bin/mrtg /etc/mrtg/cfg-files/anotherfile.cfg >/dev/null 2<&1

At this point, our MRTG structure is ready for use. The generated html files are located in path "/var/www/html/mrtgGraphics/relatedDevice/".

[root@mrtg relatedDevice]# ls -l | grep 3661-fasteth00-systemsegment
-rw-r--r-- 1 root root   4649 2011-10-13 16:45 3661-fasteth00-systemsegment-day.png
-rw-r--r-- 1 root root   6951 2011-10-13 16:45 3661-fasteth00-systemsegment.html
-rw-r--r-- 1 root root  98062 2011-10-13 16:45 3661-fasteth00-systemsegment.log
-rw-r--r-- 1 root root   4548 2011-10-13 15:30 3661-fasteth00-systemsegment-month.png
-rw-r--r-- 1 root root  98062 2011-10-13 16:40 3661-fasteth00-systemsegment.old
-rw-r--r-- 1 root root   4337 2011-10-13 16:35 3661-fasteth00-systemsegment-week.png
-rw-r--r-- 1 root root   4756 2011-10-13 04:40 3661-fasteth00-systemsegment-year.png
[root@mrtg relatedDevice]# 

If mrtg cfg file has got a lot of interface parts, so lots of html files will be generated. We will need an index page for this situation. We can use following command to generate an index page for our statistics pages.

indexmaker deviceA.cfg > index.html

This command will generate a file with name index.html. We have to move this file to "/var/www/html/mrtgGraphics/relatedDevice/" directory. 3661-fasteth00-systemsegment.html file has got a part like following:

<!-- Begin `Daily' Graph (5 Minute -->
           <div class="graph">
                   <h2>`Daily' Graph (5 Minute Average)</h2>
                   <img src="3661-fasteth00-systemsegment-day.png" title="day" alt="day" />
                   <table>
                           <tr>
                                   <th></th>
                                   <th scope="col">Max</th>
                                   <th scope="col">Average</th>
                                   <th scope="col">Current</th>
                           </tr>
                           <tr class="in">
                                   <th scope="row">In</th>
                                   <td>9117.6 kb/s (9.1%)</td>
                                   <td>3139.1 kb/s (3.1%) </td>
                                   <td>5966.2 kb/s (6.0%) </td>
                           </tr>
                           <tr class="out">
                                   <th scope="row">Out</th>
                                   <td>9144.2 kb/s (9.1%) </td>
                                   <td>3159.9 kb/s (3.2%) </td>
                                   <td>6001.8 kb/s (6.0%) </td>
                           </tr>
                   </table>
           </div>
<!-- End `Daily' Graph (5 Minute -->

This part contains numeric values of usage of related interface. We can capture these values every 5 minutes and write to mysql table. Also we can define some limits about that line and compare actual value and limit value. If actual value reaches limit value, the script will be able to generate an alert message. This article is only about the installation of MRTG, Apache http server, php5 and Mysql-Server. The next article will about "how to auto analyze mrtg results with php scripts".

DHCP server configuration on Linux.

This page is about configuring a dhcp3-server on a Debian system. You can install the service library with following command;

sudo atp-get install dhcp3-server

When you install dhcp3-server service, you will see dhcp3 directory in folder /etc. That directory contains dhcp3-server configuration file dhcpd.conf. My dhcp3-server service configuration file seems like this;

ddns-update-style none;
option domain-name "sample-dom.sample-com";
option domain-name-servers 172.28.202.143, 172.28.202.142;

default-lease-time 600;
max-lease-time 7200;

subnet 172.28.24.0 netmask 255.255.255.0 {
range 172.28.24.10 172.28.24.254;
option subnet-mask 255.255.255.0;
option broadcast-address 172.28.24.255;
option routers 172.28.24.1;
}

host printer {
hardware ethernet 00:26:73:04:08:3f;
fixed-address 172.28.24.37;
}

host printer1 {
hardware ethernet 00:00:f0:a6:ef:5b;
fixed-address 172.28.24.90;
}

host AccessPoint_Symbol {
hardware ethernet 00:A0:F8:A7:77:88;
fixed-address 172.28.24.70;
}
authoritative;

log-facility local7;

First 3 lines are abo ut dn s settings. You can set the domain in domain-name line and you can set dns servers on domai-name-servers line. You can also set multiple dns servers in a single line. If a client gets an ip address and never opens it for 7200 seconds, all information will be deleted for that client. So this date is called expiration date. subnet 172.28.24.0 netmask 255.255.255.0 part defines a scope between "{" and "}" characters. Scope properties are located between parentheses. For example, I want service to distribute ips only from the range of 172.28.24.10 and 172.28.24.254. I don't want the service to distribute ips from the range of 172.28.24.1 and 172.28.24.9. I also want to use this range to special purposes. And then, there are other options needed. subnet-mask, broadcast address and router address. Router address is usually called default gateway.

Host part is used for reservation. printer, printer1 and AccessPoint_Sympol parts are name of the reservations. You have to define a MAC address in a hardware ethernet line and you have to define some reserved ip addresses in fixed-address line. if you use "authoritative" line (you can delete it), all of the clients will record themself to dns server. The last line is just for defining the logging level.

Finally, you will need to start the service. You can use /etc/init.d/dhcp3-server shell script with start, stop, restart, force-reload or status options. If you execute that script without any parameter, it cats the possible options defined below:

/etc/init.d/dhcp3-server
Usage: /etc/init.d/dhcp3-server {start|stop|restart|force-reload|status}

How to configure site to site VPN profile on Linux,

In this little page I will describe how to configure a vpn connection between two different networks. This connection is usually called site2site vpn.


I used ipsectools and recoon projects to establish a vpn tunnel. In Debian distributions, to install required packages we type:

# sudo apt-get install ipsec-tools racoon

We have to edit some configuration files. I want to explain the related services using the sample configuration. We call Branche Office for the node on the left and central office for the other one. The vpn tunnel is shown in the picture above. The branche office, which is the one we are talking about is a Linux installed machine and the central office is using Nortel Contivity 1740 VPN BOX. The branch office has got 172.28.24.0 / 24 network address. The central office has got 172.28.0.0 / 16 network address. 172.28.0.0 / 16 is for to contain the brache office segment.

But as you know, If you look at from branch office, all other branch offices are behind the central office. So first of all, we have to fix this problem.

The problem is that, if we will define the destination network as 172.28.0.0/16, our vpn box device sends packets through the tunnel interface for accessing to 172.28.24.0 / 24 segment. But 172.28.24.0 / 24 segment is already connected to itself! In this sample, our vpn destination network is 0.0.0.0 / 0. Because, this is a branch office and we want to have full control on internet access requests from the branch office. The spd.conf file (/etc/spd.conf) seems like that;

spdadd 172.28.24.0/24 172.28.24.0/24 any -P in none;
spdadd 172.28.24.0/24 172.28.24.0/24 any -P out none;
spdadd 172.28.24.0/24 0.0.0.0/0 any -P out ipsec ah/tunnel/bb.bb.bb.bb-aa.aa.aa.aa/require;
spdadd 0.0.0.0/0 172.28.24.0/24 any -P in ipsec ah/tunnel/aa.aa.aa.aa-bb.bb.bb.bb/require;

first two lines are required to fix the problem. Last two lines are required to establish vpn tunnel. These are define tunnel source/destination networks and tunnel source/destinatio ends. (aa.aa.aa.aa is ip address of vpn catcher device on the central office and bb.bb.bb.bb is ip address of branch office box. So it is our linux ip address.)

This site to site vpn tunnel is using pre-shared key mechanism. So we need a pre-shared key configuration file. The file seems like that;

aa.aa.aa.aa [pre-shared key]

This file must be located in /etc/racoon directory in our defined system. The other configuration file that located in /etc/rac oon directory is racoon.conf:

listen {
adminsock "/var/run/racoon.sock" "root" "wheel" 0660;
}
path pre_shared_key "/etc/racoon/psk.txt";

path certificate "/etc";

remote aa.aa.aa.aa {
exchange_mode aggressive;
my_identifier fqdn "BranchOfficeName";

peers_identifier address aa.aa.aa.aa;
initial_contact on;
ike_frag on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo address 172.28.24.0/24 any address 0.0.0.0/0 any {
encryption_algorithm des,3des;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
lifetime time 5 min;
pfs_group 2;
}

the racoon.conf file contains this tunnel configuration, source and destionation network addresses and some ipsec option selections. So you can select different encryption options in this file. But the important point is, each ends should have the same selections. bb.bb.bb.bb might be a problem for you if it's changeable. If this ip address is changeable, you have to recognize the current value and you have to update it in /etc/spd.conf file. And then, you have to update it on the running service. You can use setkey command to manage tunnel properties.

setkey -D
setkey -DP
setkey -F
/etc/init.d/setkey {start|stop|restart|force-reload}

-D Dump the SAD entries, -F Flush the SAD entries and /etc/init.d/setkey is initialize shell script.

If you create new spd.conf file in different path, you have to kill existing setkey process (or you can use '/usr/sbin/setkey -F -FP' command) and load new conf file with following command:

kill existing setkey process;

/usr/sbin/setkey -F -FP

start setkey with new spd.conf file

/usr/sbin/setkey -f /etc/spd.conf

Finally, if your Linux box's public ip address is changable you can sense current ip address on external interface and update spd.conf file with following php script. It reads some informations from racoon.conf file. If you don't need these parts, you can mark the line with "#" to make it commented.

The filename is createSpd.php (full path: /root/fwscripts/createSpd.php):

#!/usr/bin/php
<?php
$k = 0;
$i = 1;
while($k < 5){
$lan = exec("/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/gawk -F ' ' '{print $2}' | /usr/bin/gawk -F ':' '{print $2}'");
$wan = exec("/sbin/ifconfig ppp0 | /bin/grep 'inet addr' | /usr/bin/gawk -F ' ' '{print $2}' | /usr/bin/gawk -F ':' '{print $2}'");
//$peer = 'aa.aa.aa.aa'; // you can use this line or following line. 
$peer = exec("/bin/grep remote /etc/racoon/racoon.conf | /usr/bin/gawk -F ' ' '{ print $2 }'");

$localNet = exec("/bin/grep sainfo /etc/racoon/racoon.conf | /usr/bin/gawk -F ' ' '{ print $3 }'");
$remoteNet = exec("/bin/grep sainfo /etc/racoon/racoon.conf | /usr/bin/gawk -F ' ' '{ print $6 }'");

$blan = strlen($lan);
$bwan = strlen($wan);

echo "strlen($lan):$blan,strlen($wan):$bwan \n";

     if($blan < "6" || $bwan < "6" ) {
             echo "LAN or WAN hasn't got usable ip address.\n";
             echo "The script wait and will be try again!!! ($i) # # # # # # # # # # # \n";
             $i++;
             sleep(10);
     } else {
     echo "writing to /etc/spd.conf file as collected information:\n";
     exec("/bin/rm -rf /etc/spd.conf.old;/bin/mv /etc/spd.conf /etc/spd.conf.old");
     exec("echo 'spdadd 172.28.10.254/32 0.0.0.0/0 any -P out none;' > /etc/spd.conf");
     exec("echo 'spdadd 0.0.0.0/0 172.28.10.254/32 any -P in none;' >> /etc/spd.conf");
     exec("echo 'spdadd $localNet $localNet any -P in none;' >> /etc/spd.conf");
     exec("echo 'spdadd $localNet $localNet any -P out none;' >> /etc/spd.conf");
     exec("echo 'spdadd $localNet $remoteNet any -P out ipsec ah/tunnel/$wan-$peer/require;' >> /etc/spd.conf");
     exec("echo 'spdadd $remoteNet $localNet any -P in ipsec ah/tunnel/$peer-$wan/require;' >> /etc/spd.conf");
     $k = 5;
     }
     if($i > 5){
             $k = 7;
     }
}
echo "FNSH\n";
?>

If you want to manage the setkey process with a shell script, you can practically use the following script.

#!/bin/sh

case "$1" in
     start)
             echo "Running ipsec VPN rules file: /etc/spd.conf";
             /root/fwscripts/createSpd.php
             /usr/sbin/setkey -f /etc/spd.conf
     ;;
     stop)
             echo "Remove ipsec VPN rules file: /etc/spd.conf"
             /usr/sbin/setkey -F -FP
     ;;
     restart)
             echo "Remove ipsec VPN rules file: /etc/spd.conf"
             /usr/sbin/setkey -F -FP
             echo "Running ipsec VPN rules file: /etc/spd.conf";
             /root/fwscripts/createSpd.php
             /usr/sbin/setkey -f /etc/spd.conf
     ;;
     *)
             echo "Usage: /etc/init.d/setkeyHandle {start|stop|restart}"
     ;;
esac

exit 0

And then, if you want to add this script to boot progress, you can use update-rc.d command in Debian based Linuxs like following,

# update-rc.d setkeyHandle defaults
Adding system startup for /etc/init.d/setkeyHandle ...
/etc/rc0.d/K20setkeyHandle -> ../init.d/setkeyHandle
/etc/rc1.d/K20setkeyHandle -> ../init.d/setkeyHandle
/etc/rc6.d/K20setkeyHandle -> ../init.d/setkeyHandle
/etc/rc2.d/S20setkeyHandle -> ../init.d/setkeyHandle
/etc/rc3.d/S20setkeyHandle -> ../init.d/setkeyHandle
/etc/rc4.d/S20setkeyHandle -> ../init.d/setkeyHandle
/etc/rc5.d/S20setkeyHandle -> ../init.d/setkeyHandle

If you don't want to use default values, you can define your values in the update-rc.d command like following;

# update-rc.d setkeyHandle start 20 2 3 4 5 . stop 80 0 1 6 .