Plesk 8.2; Debian 4; Broken packages

Tried to install Plesk 8.2 onto a fresh Debian 4 install and got this irritating message from the installer that was downloaded from the Plesk website:

N) Next page; P) Go back; Q) Cancel installing;
A) Select all; D) Deselect all;
To select or deselect a component, enter its number;
Type a number or a character of desired action [N]:
Exchanging information with licensing server.
Checking whether the package dependencies are resolved.
E: Broken packages
ERROR: Unable to install packages because of package dependency problems.
Not all packages were installed.
Please, contact product technical support.

I checked out the log in /tmp/ and didn't really get that much more help apart from chat about circular unmet dependancies.

Thankfully found a helpful post that suggested adding a line to the /etc/apt/sources.list:

deb http://autoinstall.plesk.com/debian/PSA_8.2.0 etch all

And then doing an

apt-get update
apt-get upgrade
apt-get install psa

Then going back to the autoinstaller and adding everything else... worked like a dream.

Spamassassin conf

I'd previously blogged about the use of DCC, Pyzor and Razor and suggested puting the LoadModule directive in /etc/spamassassin/local.cf

Well, on review of /var/log/messages I found that SpamGuardian (Plesk) creates a link from /var/qmail/mailnames/user_prefs to the local.cf SA file. Because it uses this every time spamd runs, it doesn't like the administrative directives and creates a whole host of logged errors.

The LoadModule directives should be put in v310pre.cf and v312pre.cf instead. Check that everything still works with a spamassassin --lint and by checking in the logs.

qmail attack

I was the recipient of an attack just yesterday. 22000+ emails popped into the qmail queue and severely impacted on functionality.

ps -ax | grep qmail
tail -f /var/log/messages
tail -f /var/log/syslog

I tried to use the Plesk GUI to look at the mail queue and remove the mails - but it just timed out. So, I downloaded qmhandle and used it to remove the queued messages.

Missing table psa.exp_event

Well, after the update of Plesk by the previous method, all was not well.
During the upgrade, dpkg failed to complete the install and eventually, after removing and the re-installing the psa debs, I was back up and running.

Well, I thought I was! Whenever I tried to do anything I'd get the following message:

MySQL query failed: Table 'psa.exp_event' doesn't exist
0: /opt/psa/admin/plib/common_func.php3:211
db_query(string 'INSERT INTO exp_event (source, event_type, event_time, obj_class, obj_id, host, user, flushed) VALUES ("plesk", "created", NOW(), "mailname", "*******@*****", "xx.xxx.xxx.xxx", "admin", "false")')
1: /opt/psa/admin/plib/api-rpc/loger.php:306
Log2Expand->Log2Expand(object of type ActionLog)
2: /opt/psa/admin/plib/class.ActionLog.php:534
ActionLog->submit()
3: /opt/psa/admin/plib/mail/MailName.php:1008
Mailname->update()
4: /opt/psa/admin/htdocs/domains/mail/mail_name_preferences.php:92

Clearly, I needed to add the table psa.exp_event.
Log into the mysql table by:

sudo -s
mysql -uadmin -p`cat /etc/psa/.psa.shadow`

Choose to use the psa table

USE psa

I found two suggestions for the table schema, but neither worked: 1, 2. Finally, I found this, and after creating the table, all was fixed:

DROP TABLE IF EXISTS `exp_event`;
CREATE TABLE `exp_event` (
`id` bigint(10) unsigned NOT NULL auto_increment,
`source` enum('pa','plesk') default NULL,
`event_type` enum('started','stopped','created','updated', 'deleted', 'status_changed', 'terminated', 'flushed', 'installed', 'uninstalled', 'siteapp_added', 'siteapp_removed', 'expired', 'exceeded') NOT NULL default 'started',
`event_time` datetime NOT NULL default '0000-00-00 00:00:00',
`obj_class` enum('license', 'service', 'ip_address', 'admin_info', 'siteapp', 'session_preferences', 'client', 'client_limits', 'client_status', 'client_prefs', 'client_perms', 'client_ip_pool', 'client_limit_traffic', 'client_limit_size', 'domain', 'domain_limits', 'domain_user', 'domain_limit_traffic', 'domain_limit_size', 'domain_status', 'phosting', 'fhosting', 'db_server', 'subdomain', 'mailname', 'webuser', 'maillist', 'dns_zone', 'mailname_antivirus', 'mailname_spamfilter', 'mailname_mailgroup', 'mailname_autoresponder', 'mailname_attachment', 'dashboard_preset', 'dashboard_preset_type', 'dashboard_preset_name') NOT NULL default 'license',
`obj_id` varchar(255) character set utf8 NOT NULL default '',
`host` varchar(255) character set utf8 NOT NULL default '',
`user` varchar(255) character set ascii NOT NULL default '',
`flushed` enum('true','false') NOT NULL default 'false',
PRIMARY KEY (`id`)
);
\q

Error: There is no release with ID PLESK_8_0_1.

I tried to run an update for my Plesk installation and was met with this error:
Error: There is no release with ID PLESK_8_0_1.

A quick google and I found this: http://kb.swsoft.com/en/2115

A quick read of the instruction on the download page told me that I didn't need a new licence to install 8.1 on an 8.0.x machine "Plesk 8.1 for Linux/Unix does not require a new product license for users upgrading from Plesk 8.0.x versions.". So, I downloaded with latest 8.1 installer with:

wget http://download1.swsoft.com/Plesk/Plesk8.1/Debian3.1/psa_installer_v3.1.2_build070419.14_os_Debian_3.1_i386

I needed to make it executable and run it, follow the instructions and I was up and running again

chmod +x installer_file_name
./installer_file_name

Spamassassin backport

I only seem to blog about spam!

Task: Plesk 8.0 - improve spam filtering

Plesk 8.0 on a Debian Sarge box comes with Spamassassin 3.0.3
I wanted to installed a more recent version along with Pyzor, Razor etc.

So, I needed to install spamassassin from the backports repro:
Alter sources.list...

deb http://ftp.uk.debian.org/debian sarge main
deb http://security.debian.org/ sarge/updates main contrib
deb http://www.backports.org/debian/ sarge-backports main

Then update the repros and install the later version of spamassassin

sudo apt-get update
sudo apt-get -t sarge-backports install spamassassin

Once this is done, follow the on-screen instructions and then the previous blogged installation of Pyzor and Razor.

Sounds simple... took ages to find out how to do it!

Spamguardian failure

I migrated accounts from one Plesk server to another using their cool migration feature. Everything worked swimingly apart from the fact that no mail was being delivered.

A quick look through the logs revealed this in /var/log/messages:

Nov ** **:**:** servername livesguardian(7032): Failed running maildir

I had a look on Google and found no help. Trying to run the command "maildir" on the server resulted in a "no such file" error. Comparing directory listings of other servers, I noticed that /usr/bin/maildir didn't exist! I have no idea why, so decided to copy the maildir binary from the other server.

All is working swimingly now.

Synchronising Plesk with unison

I wanted to synchronise my local files and server with one hosted on a Plesk server.

REMOTE
First, we need to make sure that the server has unison installed.
unison -version
If unison isn't installed, install it
If the version doesn't match the version on the local machine, download the binary from the unison site, move it to /usr/bin and create "ln -s" it to "unison"
Try unison -version again.
Make sure that you can run unison remotely - the first time it is run, it tried to create a .unison directory, so if the environment doesn't allow unison to write to the users home directory, it needs to be created first.

LOCAL
Now locally, create the directory we are going to sync with.
Create the unison config file.
It lives in .unison in your home directory and will look something like:

root = /var/www/vhosts/**site_name**/httpdocs/
root = ssh://**username**@**remote_host**/httpdocs/

Using either unison or unison-gtk, run the first sync

SpamAssasin upgrade with SpamGuardian

I wanted to update spamassassin on my Plesk install on a Debian machine. I have SpamGuardian installed too, so needed to make sure that once the upgrade of SpamAssassin was complete, I could still control the setup through the web-insterface and Plesk and SpamGuardian.

sudo -s
get the latest spamassassin deb:
dkpg -i the_spamassassin_file.deb

cd /etc/spamassassin
remove the old .cf files (I moved them to a nuke folder)
remove the Rules_du_jour files too
edit the local.cf file
check that everything is still working
spamassassin --lint
fix any errors

if you log into the Plesk control panel now, SpamGuardian will still show that you are using the old version...

Re-install SpamGuardian

Additional instructions can be found in various places.

UK2 server setup

I've not long purchased another server from UK2.net and installed Plesk 8.2 on it with Spam Guardian. It's interesting how I refine the install on each occasion, and this is probably as slick as it can get without being completely automated.

check the open ports on the server
login as root

Basic server setup

Once the email from UK2 has arrived with confirmation of the server, log into the server as root, change the password and upgrade all the current packages (be aware of previous kernel updates that have caused kernel-panics at boot:

ssh root@server12345.uk2net.com
passwd
nano /etc/apt/sources.list

deb http://ftp.uk.debian.org/debian/ etch main
deb-src http://ftp.uk.debian.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

apt-get update
apt-get upgrade

Upgrade out of date packages and setup the sudo function

apt-get install sudo
nano /etc/sudoers

Add the line %admin ALL=(ALL) ALL to the bottom of the file. Now add some real users and a group called admin; add users to the admin group if they are sudoers.

adduser username
groupadd admin
usermod -G admin username

Setup some other basic packages and admin tasks

apt-get install joe lynx
joe /etc/motd - Welcome to...
joe /etc/ssh/sshd_config - PermitRootLogin no
sudo /etc/init.d/ssh restart

Setup the hosts file (/etc/hosts)
Logout of the root account and setup passwordless login to the new server

ssh-keygen -t rsa - follow the hints (don't enter a passphrase)
ssh-copy-id -i ~/.ssh/id_rsa.pub username@host

Log into your new account and check that you aren't prompted for a password.

change hostname (/etc/hostname)
install webmin
sudo dpkg -i webmin...

• copy over installers
• install plesk
• login (admin:setup)
• change password
• change hostname
• check watchdog and change email address
• review licence

Other Plesk jobs on blog

• munin
• maxclients
• imap connections
• spamguardian
• totalbackup

(where /usr/bin/bzip2 doesn't exist and bzip2 has been installed, it may be in /bin/bzip2 - create a symlink)

Set time servers
apt-get install ntp ntp-server ntp-simple
ntpdate uk.pool.ntp.org
nano /etc/ntp.conf
add server 0.uk.pool.ntp.org (1.uk.... and 2.uk...)
/etc/init.d/ntp-server restart
ntpq (peer)
*

install the new ssl certificate or renew it through the instantssl web interface
set it as the default certificate for all IP addresses on the machine
make it the default certificate
remove the plesk ssl certificate

FILES THAT GET CHANGED ON A PLESK INSTALL

• motd
• sources.list
• hosts
• hostname
• ntp.conf

Spam and Plesk

I have been reinstalling a server of mine and voted for the latest and greatest Plesk version (8.2).

I still have a licence for Spam Guardian from 4psa, so I opted to install that too. For optimisation purposes, I did some digging and attempted to optomise my setup. Here's what I did:

Download the installer from the 4psa client area. On debian systems (which mine is) also download SafeCat from the client download area. Move the tarred installers to /usr/local/src.

unzip the installers - [tar -zxf]
chmod 777 sguardian_directory
sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin

Change to the sguardian direction and execute: sudo ./install.sh - follow instructions

• Ensure that domain and client creation and modification works
• Check the service restart works
• Install the license and perform the server checks again

apt-get install libnet-ip-perl libnet-dns-perl

If you want to install Pyzor, Razor, SPF and DCC, follow these instructions:

sudo -s

apt-get install python-gdbm python2.3-gdbm pyzor libdigest-hmac-perl libdigest-nilsimsa-perl libnet-dns-perl razor libmail-spf-query-perl libnet-cidr-lite-perl libsys-hostname-long-perl dcc-client

/usr/bin/pyzor --homedir /etc/mail/spamassassin/.pyzor discover
chown popuser.popuser -R /etc/mail/spamassassin/.pyzor
/usr/bin/razor-admin -create -home /etc/mail/spamassassin/.razor -conf=/etc/mail/spamassassin/.razor/razor-agent.conf
/usr/bin/razor-admin -discover -home /etc/mail/spamassassin/.razor
/usr/bin/razor-admin -register -home /etc/mail/spamassassin/.razor

If you get "Error 202 while performing register, aborting.", just re-execute the register command until the operation is successful.

Put the following in "/etc/spamassassin/local.cf" at the top of the file

loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::SPF
loadplugin Mail::SpamAssassin::Plugin::DCC
#loadplugin Mail::SpamAssassin::Plugin::TextCat

pyzor_options --homedir /etc/mail/spamassassin/.pyzor
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf

Then restart the server

/etc/init.d/spamassassin restart
spamassassin --lint

N.B.
The first time I tried this, I forgot to add the LoadModule directive for DCC. By default, it is not loaded because it isn't opensource. When I did a "spamassassin --lint", I got this, but all was fixed by adding the LoadModule... and restarting it again:

[26699] warn: config: failed to parse line, skipping: dcc_timeout 5
[26699] warn: config: failed to parse line, skipping: use_dcc 1
[26699] warn: config: failed to parse, now a plugin, skipping: ok_languages all
[26699] warn: lint: 2 issues detected, please rerun with debug enabled for more information

Finally, get those extra rule sets from SARE using RulesDuJour.
Copy the rules_du_jour script to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning:

crontab -e
04 4 * * * /usr/local/sbin/rules_du_jour

The following, is an example of the RDJ config file: don't add too many directives!

#!/bin/bash
# Version 1.21

# IMPORTANT! Edit the TRUSTED_RULESETS line to choose your RuleSets
TRUSTED_RULESETS="
SARE_REDIRECT
SARE_EVILNUMBERS0
SARE_EVILNUMBERS1
SARE_BAYES_POISON_NXM
SARE_HTML0
SARE_HTML1
SARE_HEADER
SARE_SPECIFIC
SARE_ADULT
SARE_BML
SARE_FRAUD
SARE_SPOOF
SARE_RANDOM
SARE_SPAMCOP_TOP200
SARE_OEM
SARE_GENLSUBJ0
SARE_GENLSUBJ1
SARE_UNSUB
SARE_URI0
SARE_URI1
SARE_OBFU
SARE_STOCKS
SARE_CODING
";

# Variable penetrance
# SARE_EVILNUMBERS
# SARE_HTML
# SARE_HEADER
# SARE_GENLSUBJ
# SARE_URI


# Left out
# SARE_HIGHRISK

SA_DIR="/etc/mail/spamassassin";
MAIL_ADDRESS="support@humblehosting.co.uk";
SINGLE_EMAIL_ONLY="true";
SA_LINT="spamassassin --lint";
SA_RESTART="/etc/init.d/spamassassin";
WGET="wget -N";
PERL="perl";
MAILCMD="mail";
GREP="grep";
RULES_DU_JOUR_SCRIPT="/usr/local/sbin/rules_du_jour";

#### End Local Settings ####

Gutsy testing

Gutsy (Ubuntu 7.10) has reached Tribe 4 (the 4th alpha release), so I reckon it's time to try it out on my local machine. And, I'm going to go back to the old trusty i386 version. And, after reading the feature in last month's Ubuntu newsletter about the badness of Automatix, that won't be on my list of things to install either.

Like usual, it's a fresh install using the live CD - which works out of the box.

Once the install is done, get the latests updates, add the restricted drivers for my nVidia dual head graphics card and restart. Thankfully, unlike a Windows install, that is the only restart I'll need for a while... and, I'm quite impressed at how quickly the shutodwn and restart is too.

Get the panels fixed and start the process of copying the backup files.

Add the medibuntu repro for some extra interesting stuff (like googleearth and skype), and perform a quick apt-get install to get the things I like that aren't on a default install.

echo "deb http://packages.medibuntu.org/ gutsy free non-free" | sudo tee -a /etc/apt/sources.list
wget -q http://packages.medibuntu.org/medibuntu-key.gpg -O- | sudo apt-key add - && sudo apt-get update

sudo apt-get install unison unison-gtk openssh-server joe easytag thunderbird googleearth skype msttcorefonts

Now, set the hostname and copy the hosts file from the backup folder. Setup keys:

ssh-keygen -t rsa

Finally, setup unison, copy 'backup' into the .unison directory and run "unision-gtk backup"
All done!

VNC and remote desktop (Ubuntu)

I was helping RoJ to setup his new Ubuntu machine (which he likes a lot) and decided that rather than just logging in via SSH, I'd try the old remote desktop.

So, I got him to enable remote desktop login (System -> Preferences -> Remote Desktop) and got him to check the "View your desktop" box. Then I made sure that he had port 5900 forwarding to his machine.


All I needed to do from my end was use the VNC viewer to get a beautiful live stream of his laptop 400 miles away:

vncviewer xxx.xxx.xxx.xxx:5900

Ubuntu Feisty 64

I'd previously tried a version of Ubuntu in 64-bit, but when I installed Feisty the last time, I plumped for the 32-bit version.

I decided today that it was worth giving the 64-bit version a go and using the full potential of my processor.

I'm glad to say that everything is working wonderfully, and there is a definite difference. The main speed hike has been seen when using Google Earth - the movement of the maps are now super smooth. There is also a definite improvement in load times of large apps like OO.

Down side is that flash won't work, so I'll have to follow some instructions on how to get it working... if I can be bothered.

And... I had to find a .deb for Thunderbird 2 since it's not in the repos yet and not part of Automatix2.

Increasing MaxClients

I noticed that in times of increased activity, my servers weren't responding. Having a look at the logs revealed "server reached MaxClients setting", so I was just stilling in a queue until somebody dropped off the server. Not a great position to be in when your client is shouting down the phone!

So, a quick trip to apache.conf which lives in /etc/apache2 on debian3.1 and a change to the settings.

I've created the following settings for the conf file: each section is part of the IfModule preforc declaration. A quick restart of apache and all is well.

prefork.c:

StartServers 8
MinSpareServers 5
MaxSpareServers 20
MaxClients 256
MaxRequestsPerChild 1000

worker.c:

StartServers 2
MaxClients 256
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0

perchild.c:

NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0

Using subdomains for plesk login

There is an interesting how-to here for using subdomain login for plesk admin sessions. Normally, you need to login at https://yourdomain:8443 - and lets face it, I kept forgetting the port number when I started using Plesk.

http://alexle.net/archives/152

Automatix2

I have just found Automatix2. It is basically an auto-installer for all those pesky programs that don't come with a simple apt-get install. It has a graphical interface not unlike Synaptic, but needs some terminal work to get it installed.

echo "deb http://www.getautomatix.com/apt feisty main" | sudo tee -a /etc/apt/sources.list

Then we need to add the key:

wget http://www.getautomatix.com/keys/automatix2.key
gpg --import automatix2.key
gpg --export --armor E23C5FC3 | sudo apt-key add -

Then all you need to do is update the packages db and install it.

sudo apt-get update
sudo apt-get install automatix2

It appears under:
Applications -> System Tools -> Automatix

It helpfully installs things like:

• Google Earth
• Skype
• Picassa
• RealPlayer
• Fonts
• Opera
• JRE
• Multimedia codecs

and the latest versions of many others.

Plesk and Debian disaster

I was doing some server maintenance on one of my servers which houses a Plesk install. The base is Debian and a simple apt-get upgrade, as employed on plenty of previous occasions, updated the packages that needed updating.

Unfortunately, the sources.list for apt were configured to get the latest stable version and Debian 3.1 has recently moved to Debian 4 (etch). Unfortunately, as I have since found, Plesk 8.1 doesn't like etch and despite my best attempts to roll back the changes, all was in vain.

Better still, the admin functions that allow migration of accounts didn't work. So, I was left delving into the mysql psa database to regenerate the installation on another machine before migrating the /var/www/vhosts and /var/qmail/mailnames directories. That of course meant hand creating all clients, domains, email, forwards, aliases, subdomains.......... the list seems endless.

All my servers have now have their sources.list changed to getting 3.1 updates only. I'll not do that again.

Total Backup problems

I've been hastled by the "do_backup already running" error when using 4PSAs Total Backup. It suddenly struck me that this error might be triggered because the remote system is running a backup when the local system is trying to try connecting for storage.

The other problem I had was exponential growth of the backups - the backups were taking backups of the backups!

You need to assign an exclude path if you put the backups in the /home or /var directories as I initially tried. You can't just put them in root either!

Edit the config file: /usr/local/tbackup/paths.cfg

tar_path /bin/tar
md5_path /usr/bin/md5sum
gpg_path /usr/bin/gpg
exclude_path /boot /dev /initrd /lib /misc /mnt /opt /proc /sbin /tmp /rbackup
include_path
tar_debug_file
log_level LOG_INFO

Well at least I've got the root of that problem now!

LDAP revisited

I revisited the LDAP config this morning thinking that if things didn't work, I'd maybe get some help from Dave who left a message on the blog over night.

I reloaded the base config file for phpLDAPadmin and started to add in server information:

server name: My LDAP server
server host: ldap.server.domain.ltd
server port: 389
server base: dc=server,dc=domain,dc=tld
server auth_type: cookie

Then, login via the browser:

Login DN: cn=admin,dc=server,dc=domain,dc=tld
password: blah

And it worked!

As far as getting thunderbird to find the contact details:

Name: obvious
Hostname: obvious
Base DN: ou=personal,dc=server,dc=domain,dc=tld
Port: 389
Bind DN: cn=admin,dc=server,dc=domain,dc=tld

TBird doesn't list the entries, but it you Shift+F, you can find the entries.
Go back to Options, and under Composition->Addressing, select the Directory server.

The autopopulation of the address fields still doesn't seem to work, but I can search and find my contacts, so things are looking up.

LDAP and thunderbird

I've always hankered after a central db for contacts. I just hate that going from machine to machine means that I can't have a list of people I email regularly and when a system re-install happens, all that data is lost - it's a pain the proverbial.

I decided that I'd give an LDAP installation a try. Why not install an LDAP server on my local webserver and point all my email clients to that? Hmmm...

UbuntuForums
Linux.com

sudo apt-get install slapd ldap-utils
sudo apt-get install db4.2-util
sudo /etc/init.d/slapd restart

You shouldn't have any errors - if you do... stop and pull your hair out (life shouldn't be this tough).

phpLDAPadmin is a web-based GUI for performing LDAP maintenance.

Well, in the end... after several attempts at setting it up, I finally got some data IN... only to find that I couldn't see it in TBird or Evolution. I need to try this again at some other point in the future. Maybe future Ubuntu releases will make this a trivial task! We can only hope so.

phpEclipse

I have been look at PHP IDEs for a while now. I'm quite happy playing around with gEdit and having some rudimentary code colouring, but it get confused with PHP and HTML at times and doesn't really work too well when you add in Javascript.

I did use the trial version of Zend Studio 5 for while on a previous incarnation of my system, but an upgrade came and I didn't want to shell out a significant amount of money for an IDE. I'd love to find an open source alternative...

I have tried BlueFish (2/5) and nuSphere (a lot of cash for not as good as Zend) along with other not so impressive alternatives.

Finally I stumbled across phpEclipse and thought I'd give it a go. It seems though, that from other blogs and forums, installation on Ubuntu Edgy is no mean feat. So, armed with google, I set off on another intrepid adventure.

After installing Eclipse and phpEclipse, finding some bugs and searching the internet to find solutions, I became more aware of another project: EasyEclipse.

EasyEclipse:
It does extactly what it says on the tin and a simple download will give you a working copy for Windows, Linux or Mac. I chose EasyEclipse for PHP, but if you have a LAMP server, there is a version for LAMP control too Basically, the different distributions comes with different pre-loaded modules. The PHP one has PHP, SVN, HTMLTidy and many more.

The download is about 130Mb, so takes a wee while, but there is no "install": just run the app and it works. You'll need Java installed and it works with Blackwater (the opensource version) as well as the official Java from Sun.

SVN:
Once downloaded and running, "change perspective" using the menu or the top right button and choose 'SVN repository'. Using the left hand side taskbar, add a new repository (http://www.carrubbers.org/svn/ccc/www) and check out. You'll be asked if you want to create a new project (yes) and asked for the location. For me, with the current apache config the way it was, this was '/home/ccc/'. Once the checkout was compelete, I just needed non-SVN files: images, xml and dbf, along with .ht*, postgres login and symlinks (see the previous post).

PHP browser:
There is a build in browser which seems to work pretty well. You'll need to specify the document_root and localhost vars first:

Window->Preferences:
PHPeclipse...->Project Defaults ->
localhost and document root

If the document_root is wrong, Eclipse seems to think that files that are included by the PHP files are not within the current project and gives errors.

NB: I couldn't find how to use SVN for a while. It's under the Navigator context menu under "Team".

Now I just need to work out how to use the build in apache controls, get SVN icons rather than CVS ones on the navigation pane and see about Postgres control too.

Then there is the task of getting debugging working: DBG is allegedly a good tool to use and natively supported (client side) in eclipse. It's just a case of installing the software server side - I'll try it locally first!

Plesk and Courier IMAP

Seeing "Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server" has been driving me insane!

Whenever I add another account to Thunderbird, I have to specify that it can only have one connection to the server per account and even then, if my wife switches on her machine, we have more than the prespecified Plesk maximum of 4 IMAP connections and we start getting errors.

I devided that enough was enough and went in search of a solution. I found it too :o)

perl -p -i -e 's/^MAXDAEMONS=40/MAXDAEMONS=80/g' /etc/courier-imap/imapd
perl -p -i -e 's/^MAXPERIP=4/MAXPERIP=40/g' /etc/courier-imap/imapd

Then a quick restart of the service and all should be working.

/etc/init.d/courier-imap stop
/etc/init.d/courier-imap start

These changes increase the maximum daemons to 80 and Maximum connections per IP to 40. Should be enought for us at the momnet, but may need altered in the future.

Local CCC

Getting a local copy of our website on my Ubuntu box for development purposes:


Local files:
We use svn on our church website as a versioning system and I need a local version for testing and development. First thing is to get a local copy of the repro and then add non-repro files (images etc).

sudo apt-get install subversion subversion-tools

The problem I have is remembering the repro address. Make sure that you're in /home/ccc

svn checkout http://www.carrubbers.org/svn/ccc/www/htdocs
svn checkout http://www.carrubbers.org/svn/ccc/www/userdb

The checkout happens and the path /home/ccc/htdocs/ should be correct. SVN doesn't cope with symbolic links at present - need to add them for pgadmin and lib/v1/

Get the postgres login details for the local filesystem.
Get a copy of the htpwd and htusergroup files.
Get a copy of the /image directory
Get a copy of all the xml and dbf files - they aren't in svn

~$ find -name *.xml | xargs tar rvf xml.tar
~$ find -name *.dbf | xargs tar rvf xml.tar

Apache:
Then comes the setup of apache.

sudo apt-get install apache2

Move the previously saved apache config to /etc/apache2/sites-available/ and enable the setup.

sudo a2dissite 000-default
sudo a2ensite ccc
sudo /etc/init.d/apache2 restart

Then we need to install PHP with dbase.

Postgres:
Finally, comes the addition of postgres - make sure the correct version is installed!

sudo aptitude search postgres
sudo apt-get install postgresql-8.1
sudo apt-get install phppgadmin pgadmin3

The other option would be to get the latest version of phppgadmin and install it in /usr/share/phadmin with a symbolic link from /admin/pgadmin.

Remote:
Connect to the CCC postgres db. Post 5432 is the standard port for postgres communication, but is closed on the CCC server. Set up a tunnel to it, but don't use port 5432 because we'll be running a local server on that port. SSH keys should be in place for passwordless login.

ssh -L5431:localhost:5432 carrubbers.org

Setup pgAdminIII to connect to the remote server using localhost:5431

Local:
Start to setup the local postgres server. First thing is to create a user.

~$ sudo su postgres -c createuser yourusername
~$ sudo su postgres -c psql yourusername
=# ALTER USER yourusername WITH PASSWORD 'yourpassword';
=# \q

Setup pgAdminIII to connect to the local server using localhost:5432


Get a local copy of the postgres database.

~$ pg_dump database_name > database
~$ tar -cf database.tar database
~$ scp database local_machine:

~$ createdb master
~$ tar -xf database.tar
~$ psql -d master

Or, if you need to get the data from the entire server, use:

~$ pg_dumpall -d > pg_server
~$ psql -f pg_server postgres

Irritatingly, it will ask for your password for every transaction. ie., for every database that is dumped!

That should be us done... have a quick test.

Plesk 8.1 and awstats

The new version of Plesk (8.1) does seem much nicer to use than 8.01 and has a couple of extra features. One such feature is the inclusion of awstats as standard. Domains are still assigned webalizer by default, but getting awstats is just a drop down box away on the domain setup page.

Once this is done, the stats are available at: www.domain.com/webstat and are viewable using the domain's ftp username and password.

This didn't work for me initially and I just got an error that the system hadn't run the statistics cron and if it didn't work within 24h, to check with my domain admin... that's me! Well, 24h passed and nothing had changed:

/usr/local/psa/admin/sbin/statistics --calculate-one --domain-name=domain.com

After a short wait, the process was complete and a pretty awststa page appeared where it should have been all along. I'll just have to wait and see if a) it updates and b) whether this needs to be done for other domains.

Plesk and migration

Migrating accounts between plesk servers is very simple. In most cases I just want to migrate a client with all their accounts and all their settings:

sudo -s
echo 'client_name' | /opt/psa/bin/pleskbackup --clients backup_file -list -
exit
scp backup_file_name username@remote_host:

That takes care of the backup and transfer, so all that is needed is a quick mapping of IP addresses on the new host and a restore. Disable the client on the initial server to ensure that mail doesn't get delivered and lost.

ssh username@remote_host
sudo -s
/opt/psa/bin/pleskrestore --create-map backup_file -map map_name
/opt/psa/bin/pleskrestore --restore backup_file -level clients -map map_name
exit

You'll need to ensure that the mapping of the domains for the client is done correctly if there are multiple IP addresses on both systems. Most of the time, Plesk gets it correct.

Flick the DNS and all is done with minimal downtime.

Skype and Ubuntu

I know that Skype isn't maintained within the Ubuntu repositories and there is good reason for that. I did however want it - mainly because we have good friends who will, from next week be in Mexico and they'll be using Skype on their Mac.

It's a simple process to get skype working on a Ubuntu Edgy box:

add the repository to the /etc/apt/sources.list

## Official Skype Repository
deb http://download.skype.com/linux/repos/debian/ stable non-free

then its a simple apt-get away

sudo apt-get update
sudo apt-get install skype

you'll find it under Applications > Internet > Skype

Unison and Plesk

I've been trying to optimise backups so that in the event of a catastrophic disaster on one of my servers, I'd be able to quickly and easily get them abck up and running - especially the ones that are hosting domains that are heavily email dependent or have shops. The last thing I need is people getting stressed about loosing email or money!

I've got total backup and think that it should be sufficient for performing incremental backups every day on a weekly rotation. What I'd prefer though is a mirror on a different server which could allow me to simply flick a big red DNS switch and let everything continue as if nothing had ever happened.

I'd need to work out what total backup actually backs up and sync those directories across two plesk servers... sounds complex and graught with potential disasters... and, if it's such a great idea, why can't I find somebody who's done it before?

Unison and USB

I was having some problems getting my trusty USB key and unison (the file sync software) to play together. It turns out that because my USB key is formatted as vFAT (or FAT32) to allow it to work on my Ubuntu box and Windoze machines (at work), I need to ensure that Unison doesn't try to mirror the permissions.

unison usb -perms=0

where usb refers to the file: /home/username/.unison/usb.prf

Using 4psa Total Backup

I have bought Total Backup from 4psa for Plesk and was having an issue with the automatic transfer of files from the host to backup server. Using FTP seems to work fine, but I couldn't work out how to use the SSH transfer.

I finally worked it out. You need to create a public/private key pair and then add these to the backup server's authorised keys within the profile of the user you want to log in as. I'd been doing this, but not as root and that was why the transfer was falling over - shame the debugging info wasn't that great.

Login to the backup server and create the account for the backup.

sudo adduser rbackup

Now log into the host server, create keys and enable passwordless login to the remote backup server - remember not to specify a passphrase for the key pair.

sudo -s
ssh-keygen -t rsa
ssh-copy-id -i /root/.ssh/id_rsa.pub rbackup@backup.server.tld

Confirm the login process by ssh rbackup@backup.server.tld

If you don't now create the directory that tbackup is expecting to log into remotely, it fails with a very unhelpful message. So, if (in the settings section of the tbackup page within Plesk), you have set backups to be stored in /rbackup/foo, you need to ensure that his exists on the remote system.

If there are issues with tbackup and you need to do some debugging:

/usr/local/tbackup/do_backup -d

MythTV

I've just been having a look at MythTV and am very interested in taking a Ubuntu Edgy (or Feisty) system and installing Myth on it. Myth, for those who don't know, is a media center which looks very polished. Then I could rip all my DVDs! Now there's a task that would take a significant amount of time!

Keeping an eye on hardware

Adding a task bar icon to keep an eye on hard drive and CPU temp was my latest challenge.

A challenge that was easily met by sensors-applet, a GNOME task bar applet:

sudo apt-get install sensors-applet
sudo apt-get install hddtemp

After that, a quick right click on the task bar and "Add to panel" was all that was needed before a graph akin to CPU usage appeared telling me how hot the CPU was - better get that fan turned up!

Plesk 8.1 and spamassassin

I've just finished putting together a new UK2 Plesk server and found a problem when trying to "spamassassin --lint" after installing Spam Guardian.

Failed to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin test, skipping:
 (Can't call method "bgsend" on an undefined value at
 /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 112.

It would appear as though some required perl libs aren't loaded which can be proven with:

# perl -e "use Net::DNS::Resolver"

So, a quick couple of apt-get installs are required to load the respective libraries:

# apt-get install libnet-ip-perl libnet-dns-perl

I'm not sure why these aren't loaded as dependancies of spamassassin, but adding the libs seems to have fixed the problem. Recheck the "spamassassin --lint" and the errors should have gone.

Setting up a new UK2 server

Basic server setup

Once the email from UK2 has arrived with confirmation of the server, log into the server as root, change the password and upgrade all the current packages (be aware of previous kernel updates that have caused kernel-panics at boot:

ssh root@server12345.uk2net.com
passwd
apt-get upgrade

Upgrade out of date packages and setup the sudo function

apt-get install sudo
nano /etc/sudoers

Add the line %admin ALL=(ALL) ALL to the bottom of the file. Now add some real users and a group called admin; add users to the admin group if they are sudoers.

adduser username
groupadd admin
usermod -G admin username

Setup some other basic packages and admin tasks

apt-get install joe lynx
joe /etc/motd - Welcome to...
joe /etc/ssh/sshd_config - PermitRootLogin no
sudo /etc/init.d/ssh restart

Setup the hosts file (/etc/hosts)

127.0.0.1 localhost.localdomain localhost

83.170.97.143 luffness.humblehosting.co.uk luffness

83.170.75.20 kilspindie.konsulting.ltd.uk kilspindie
83.170.73.70 kingsacre.konsulting.ltd.uk kingsacre
83.170.73.111 kingussie.konsulting.ltd.uk kingussie

Logout of the root account and setup passwordless login to the new server

ssh-keygen -t rsa - follow the hints (don't enter a passphrase)
ssh-copy-id -i ~/.ssh/id_rsa.pub username@host

Log into your new account and check that you aren't prompted for a password.

Firewall

The next job is to remove the firewall that comes preinstalled with some UK2 debian boxes. A quick check should allow confirmation of any rules that are set
sudo iptables -L

If rules are setup, the following commands followed by a reset should reset the firewall and remove it.

sudo -s
cd /etc/init.d/
rm -rf firewall
cd /etc/rc2.d/
./S22firewall_setup
shutdown -r now

Copy across the Plesk installer

chmod +w psainstaller....
./psainstaller...

choose the appropriate sections of Plesk to install and let the installer do the work.

Plesk web

Log into the Plesk web interface as admin:setup and follow the on screen instructions to setup the hostname, IP addresses, admin account and first client account.

• Check the firewall is installed and running
• Switch on and setup Watchdog
• Run the security check for the first time
• Increase server idle timeout (90 min)
• Run updater and update settings
• Setup IP addresses

• Fix contact name and login for client account
  

Copy across the 4PSA installers: Spam Guardian and Total Backup (minimum)
Also copy across the SafeCat deb (http://www.4psa.com/software)

Spam Guardian

move the tarred installer to /usr/local/src
unzip the installer - [tar -zxf]
chmod 777 sguardian_directory
double check the install.txt file

sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin
sudo ./install.sh - follow instructions

• Ensure that domain and client creation and modification works
• Check the service restart works
• Install the license and perform the server checks again

Double check that a "spamassassin --lint" doesn't throw any errors (in the early versions of 8.1 and SG 3.0.3, some libs were missing):

apt-get install libnet-ip-perl libnet-dns-perl

Copy the rules_du_jour scripts to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning.

Total Backup

move the tarred installer to /usr/local/src
unzip the installer - [tar -zxf]
chmod 777 sguardian_directory
double check the install.txt file

sudo apt-get install bzip2 ftp
sudo ./install.sh

Licences

Next important thing is to setup the licences for Plesk, Spam Guardian and Total Bakcup. Download them from their respective repositories and use the web-based GUIs for each system to seach for the licence and upload it.

Munin

sudo apt-get install munin-node
sudo joe /etc/munin/minin-node.conf

add host_name [hostname.example.com]
add allow ^192\.168\.2\.1$ [where 192.168.2.1 is the muine server IP]

sudo /etc/init.d/munin restart

Browse to the firewall module as admin and open a port:4949 to the IP address of the munin server.

Edgy Eft re-install

This is just a quick reminder of the install process for Edgy Eft. All in all, it took about 2 hours + data copying time.

CD install
login...

Basic setup
check hardware
sudo apt-get upgrade
restart...

stop gedit from saving backups!
change the gedit settings - font: monospace 9
change the terminal settings - font: monosapce 9

setup hostname
setup /etc/hosts
setup /etc/network/interface

Setup the GDM

sudo apt-get install nvidia-glx

backup the original working xorg.conf file
copy the xorg.conf file to /etc/X11
restart GDM

login...

auto-adjust both flat-panels
move panels and reset
add 'force-quit', 'system monitor'
create 4 desks
setup system monitor (50px) CPU, harddisk, network
add application icons


Add useful applications
add the universe repository

sudo apt-get install joe muine gstreamer0.8-mad gstreamer0.10-fluendo-mp3
sudo apt-get install easytag unison unison-gtk

Setup unison
copy usync to /usr/local/sbin/
copy data from backup server
copy unison config files to the .unison directory
perform the sync
copy mvb to /usr/local/sbin/
setup a panel launcher for unison-gtk backup
setup a panel launcher for unison-gtk usb -perms=0

Remaining setup
create desktop connections to useful servers
setup passwordless login with keys (don't enter a passphrase)

ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub username@host

setup printers
re-install google-earth