Tim Child

In the past I have gone from Linux distro to Linux distro, but almost always a result of taking a CD, and doing a completely fresh install.  Its been the easiest way.  But with my next upgrade I am going to cross from Debian to Ubuntu and keep all my files and information but have the OS do the hard work.

As Ubuntu is based on Debian and use the same package management system I can do this, and reap the benefits of having all my linux boxes running on the same distro.

For the last couple of years I have been running Debian, but Ubuntu is making me switch mainly because on the machine that I need a desktop Linux machine its clearly better, and for servers its updated more regularly which helps with security patching.  The company running the Ubuntu project, Canonical, has committed to updating Ubuntu every 6 months and supporting old versions for 5 years, though I am sure that I will upgrade before that time is up!

My new Ubuntu server (actually installed from the server cd) is excellent, and I have just got up and running a (after a while of having this absent) a Ubuntu based MythTV box (using the desktop variant).  This box is also useful for web surfing on our LCD tv from a few feet away.

Last night I upgraded the MythTV box to the latest Edgy release, if you are doing the same I would give it a few hours.  My web connection coupled with the fact that this hardware is a few years old mean’t that it took along time!
I will create a link to my Debian Ubuntu wiki in this page as soon as I have detailed the procedure.

The modification I made to zussaweb the PHP frontend to HellaNZB is now available in sourceforge for downloaded as a 0.3 release.

They tidied it up abit, but I am glad it made it in after all the requests and emails that I got for this feature.

Now perhaps I should integrate a Newzbin RSS feed!!

So with my new Ubuntu server, I thought that I would shut it down everynight to save electricity, as it is taking about 100W constantly with all the harddrives spinning.

I am using an NForce motherboard, and using wakeonlan to start it up remotely, or when needed. So heres how I did it:

First I went into the motherboards BIOS and enabled all the power on lan settings, then I checked to see what the settings are on the box once it was booted.
sudo ethtool eth0

WOL was set to ‘D’ (disabled) so to enable it:
sudo ethtool -s eth0 wol g

Then I wanted it enabled everytime at boot so I edit:

sudo vi /etc/network/interfaces

And put in this line after telling the box to get its DHCP:

up ethtool -s eth0 wol g

Then I edit these to files and remove -i

vi /etc/init.d/reboot /etc/init.d/halt

Then shutdown the machine:

shutdown -h nowAnd from another (Debian Linux) machine I used wakeonlan to wake it, but the crucial thing is to put the MAC address in in reverse. This is a bug on NForce motherboards so you probably won’t have to do it with others.

At first I didn’t see the point of the list, but its a nice example of how experienced users setup certain things such as group sharing and also how to do certain tasks.

http://ftp1.sourceforge.net/souptonuts/How_to_Linux_and_Open_Source.txt

I have been looking at how I backup my data at home, and one thing that always comes to mind is how to get these backups of site, and preferrably into a different geographical area easily.

Well Amazon S3 storage was always on my mind, but recently Dreamhost have gone crazy with their storage offerings.  I know have over 400Gb of space with over 4Tb of transfer for a small outlay each month.

A cost comparison has been done here by Joseph Scott showing how the two compare:

http://joseph.randomnetworks.com/archives/2006/10/03/amazon-s3-vs-dreamhost/

I am going to be looking at implementing something with Dreamhost I think, I am not a major corporation, I am a home user with some data so I think Dreamhost will be fine.

Bacula and Backuppc are two projects that run on Debian that I will be checking out, and first and foremost I want to make sure that my data is encrypted quite strongly.  Though I am probably going to put up my photo archive just as is, to have easy access when needed.  More posts to come on this.

With all the nice scripts I have been writing for usenet on linux, I am running out of space all the time on my file server.   So soon, I am going to bite the bullet and upgrade my disks.

Currently I am thinking of taking on of my machines which is a sempron, underclocking it and putting in some new disks.
Firstly if I put in 3x320Gb Seagate barracudas I can use Linux to Raid-5 the 3 disks and use LVM to create a big partition that I can add to in the future.  My last problem with LVM was that one of my disks stopped working, so I would like to get around that problem as this is going to be the master filestorage for the house.  I will use a seperate 120Gb for /boot and a few other partitions for safety.

I also have some external disks (about 1Tb worth) so I will hang these off it aswell for backing up data / pictures and music but it will also give me the opportunity to install another 3 drives in the future with whats left.

Some good points of information I have found are:

http://www.gagme.com/greg/linux/raid-lvm.php

http://tldp.org/HOWTO/LVM-HOWTO/

http://episteme.arstechnica.com/eve/forums/a/tpc/f/96509133/m/435008610831

Once I have done this the other machines will be taken apart.  I don’t need an additional 3 servers or want to waste the electricity, but I will probably run VMWare Server on this new machine to have some flexibility.  That and a seperate openBSD based firewall / snort box will be my servers for now/future.

One thing I do when I have installed Debian is to tighten it down slightly. There are some great scripts to do this, such as bastille and also the securing debian howto but here is my top 10 lockdowns:

1. Secure users home directories
   chmod -R 700 /home
vi /etc/adduser.conf
2. Disable all services not used and make sure that sshd is running on protocol2.
3. Disable ftp (use ftpd-ssl or scp instead) and telnet (you should be using ssh)
4. Disable root from accessing sshd, so only a normal user can log on then su.
5. Configure logcheck to send logs to an outside email address.
   apt-get install logcheck
vi /etc/logcheck/logcheck.conf
   If you need to change the frequency, edit the cron file here:
   vi /etc/cron.d/logcheck
6. Get regular updates from your apt sources
7. Restrict system reboots/shutdown on the console:
   vi /etc/inittab

   ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

   vi /etc/shutdown.allow
Add your users in that are allowed to shutdown the system when logged in

8. Edit pam.d security files to match your security policy:
   cd /etc/security
9. Consider using tripwire to monitor any changes in binaries on your system.
10. Take a backup of the system. Always a good policy.

These are some really good instructions to joining a Debian box to an Active Directory domain using winbind.

http://www.ccs.neu.edu/home/battista/documentation/winbind/

The only step it didn’t say was to create a directory under /home with the name of the AD domain that you are joining so that pam.d can create the user directory when a user logs on for the first time.

One thing that I feel is harder than it should be with django is getting it working with Apache2. Sure the built in webserver is nice for development, but there comes a time when you need to step up and use a webserver for development that you can also deploy the site upon.

I have used Apache a lot in the past, but recently I have decided to move over to installing everything the Debian way, and this will reflect that. I am going to use python2.3, Apache2 and the version of mod_python that is in stable. You can follow the instructions if you have installed Apache2 and mod_python in otherways after this step if you wish.
To get Apache2 on debian with mod_python, simply:

1. apt-get install apache2
2. apt-get install libapache2-mod-python

For the rest of the tutorial, I am assuming that you have Django setup correctly, and working with your database. If not, I recommend installing the development version. It is easy to update using svn and there are some features that are better than the stable version I find. Once you have done this you can start to build your site. From then on you can create your apache virtualhost file:

I have decided to run my django site on a different port, but of course you can run it on different ipaddresses, and with different hostheaders. All you need to do is follow the apache 2 documentation for this. I feel this is already well documented so I will just show how I did it by running on different ports:

1. Edit the ports file for apache2 to tell it to listen on more than one port:
   vi /etc/apache2/ports.conf
2. Add this line to tell it to listen on port 8000:
   Listen 8000
3. Create a new sites file for this new virtual host:
   vi /etc/apache2/sites-available/djangosite
4. Now we need to put in the configuration details:

   
   
   
   SetHandler mod_python
   PythonHandler django.core.handlers.modpython
   PythonPath "['/home/tim/dev/projects/'] + sys.path"
   SetEnv DJANGO_SETTINGS_MODULE djangosite.settings
   PythonDebug On
   
   
   Alias /media "/var/www/djangosite/media"
   
   SetHandler None
   
   
   
   SetHandler None
   
   
   
   

   This gives us several things:

   • Sets up a virtualhost to listen on port 8000.
   • For the virtual host use mod_python.
   • PythonHandler is told to use Django.
   • Our PythonPath is updated with our site files, in my case my django projects are located in /home/tim/dev/projects/ so this is what I use. Point this to where your django files are kept.
   • Let django know to use the settings file for this project
   • The we setup an alias to serve the media files, as they don’t need to be served through mod_python we turn the handler off for the /media/ location. I will setup my media files in /var/www/djangosite/media
   • Finally tell apache2 not to use mod_python to serve image files.

5. Now save this file, and enable the site:
   a2ensite djangosite
6. Now create the webhosting directory, and the symbolic link for the admin directory, and check the permissions:

   mkdir /var/www/djangosite/
   cd /var/www/djangosite/
   ln -s /usr/lib/python2.3/site-packages/django/contrib/admin/media/
   chmod -R 755 /var/www/djangosite
   

7. The stop and start apache2 on your server (this is for Debian using init.d scripts, but whatever you do stopping then starting is better than a simple reload).
   /etc/init.d/apache2 stop; /etc/init.d/apache2 start

Once you have done that, check your site by point a webbrowser to the the machine that you have apache2 running on, but at port 8000 for instance if it is a localhost, tryhttp://127.0.0.1:8000.

One thing that I haven’t talked about is where it is best to place all the files used in creating a django site, and I have yet to read any documentation about this. This is why in the above I am point it to a dev subdirectory from my home directory. I don’t think this is a good idea for a production site, and perhaps it should go in somewhere off /var.

One thing is for sure, creating seperate directories for media and the actual files is a good idea, and you if you follow the django instructions you can take them up on the recommendation of using a seperate lightweight webserver to just serve these files.

To remove files depending on a certain date on Linux, Unix and OSX (and I presume using Cygwin on Windows) you can use the find command and get it to execute the rm command.

find . -atime +1 -exec rm {} \;

Will send all files in the current directory that are older than one day to the remove command. Its probably best to test it by looking at the files first:

find . -atime +1 -exec ls {} \;

That will show all the files that are over a day old. The remove command is of course useful for cleaning up log file directories from a cron job when daemons or programs running don’t clean up after themselves.