Tips and tricks on installing CentOS 5.3 x86_64, Vmware 2.0.1, eRPTS on an IBM X3400.

I was in Binalonan last weekends to help my friend Bryan setup his electronic Real Property System on his brand new server. This is to share what we basically did...

Specs: Intel Quad Core 2.0 with Intel VT, 3 x 250 SATA HDD (hot swappable), 8Gb RAM DDR2

For RAID configuration, please refer to documentation as provided by the IBM supplier.

In our case, we did a RAID 1 on the first 2 HD, while the remaining HD was configure as a hot spare.

Get CentOS 5.3 x86_64 from http://centos.org. Best download speed is via Torrent. Make sure you get the x86_64 to maximize your machine.

Install CentOS. For best results, allocate partitions for the following /boot, /, swap, /tmp, /usr, /var, /home, and a separate partition for the vmware machines (e.g. /vmware).

On selecting packages to install, make sure you check on the Development Libraries and Development Tools and try to prune other packages that you may not need at all (e.g. openoffice, gimp, etc.). As a server, you may also opt to put a password on your boatloader.

Upon installation, configure network first to a static IP (e.g. 192.168.10.200) and make sure it will connect to the Internet.

Update your CentOS installation

$ yum update

Reboot after update.

Edit /etc/fstab. On the options concerning ext3 partitions, put noatime after defaults as an optimization.

/dev/sda1 /boot ext3 defaults,noatime 1 1

Then edit /etc/sysctl.conf to add the following lines at the bottom:

vm.swappiness = 0
vm.overcommit_memory = 1
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
vm.dirty_expire_centisecs = 1000
dev.rtc.max-user-freq = 1024

You must also turn off some services that your host server won't need during boottime like cups, etc.

Reboot for the new optimizations to take effect.

Install VMWare 2.0.1. Check documentation for installation instructions. Actually you can accept almost all the defaults except for the location of the virtual machine which you must set to the partition you intended solely for erpts (e.g. /vmware).

After installation, edit /etc/vmware/config:

If your CPU was 2.0 then its

host.cpukHz=2000000

Then add the following lines

host.noTSC = TRUE
ptsc.noTSC = TRUE

Access Vmware with your web browser via http://localhost:8222, with root as admin user.

Edit host configuration as desired.

We may now create a virtual machine where we will install eRPTS.

Tips: When adding a virtual disk, put a check on Allocate Disk Space Now and Split into 2Gb files. Under policies, select Optimize for Performance. We allocated 40 Gb of disk space for this VM.

Allocate at least 2Gb of RAM and use only single processor. No need to add floppy disk and USB controller. Configure NIC to Bridged.

You may now proceed with the installation of erpts. You may also partition your drive into /boot, /, swap, /tmp, /usr, /home, and /var. Take note that /var should have the biggest allocation, perhaps not lower than 20Gb for it will store the database files. Partitioning on this case will ease down I/O traffic.

Configure network to a static ip that is in range with the static IP of the host machine. (e.g. 192.168.10.100). Apply erpts patches as instructed during the trainings. Update the database into 57 tables.

Time again for some optimizations in the eRPTS Guest Machine...

Edit /etc/fstab and add noatime on /var line...

/dev/sda5 /var ext3 defaults,noatime 1 2

Download the following kernel packages (optimized kernels for vm guests)

http://people.centos.org/tru/kernel-vm/4/RPMS/i386/kernel-vm-2.6.9-78.0.22.EL.i686.rpm
http://people.centos.org/tru/kernel-vm/4/RPMS/i386/kernel-vm-devel-2.6.9-78.0.22.EL.i686.rpm

Install the kernel and development libraries with the –-nodeps option

rpm -ivh -–nodeps kernel-vm-2.6.9-78.0.22.EL.i686.rpm
rpm -ivh –-nodeps kernel-vm-devel-2.6.9-78.0.22.EL.i686.rpm

Edit /boot/grub/menu.list. Make sure the default is set to 0.

And add the following at the end of the kernel line of kernel-vm-xxxx

noapic nolapic acpi=off clocksource=acpi_pm elevator=noop

Save and exit.

Edit /etc/sysctl.conf to add the following lines

vm.swappiness = 0
vm.overcommit_memory = 1

Then remove unnecessary services during boot time like cups, smb, etc. YMMV

Reboot guest machine for settings to take effect.

On the host machine, edit the .vmx file of the just created virtual machine. Its located where you put the virtual machine itself.

Add the following lines at the bottom

MemTrimRate = “0″
sched.mem.pshare.enable = “FALSE”
MemAllowAutoScaleDown = “FALSE”

Optional!

It is possible to install the latest phpmyadmin on eRPTS. Get phpmyadmin on their website.

You may also install the mysql 4.1 package from eBPLS with instructions to be posted here soon.

Use with caution though and as always, YMMV. :)

Wait! No USB? Well now that you are a linux sysad, try using the scp command to transfer files from your host machine to the guest machine. Syntax is as follows:

scp sourcefiles root@ipaddressofguestmachine:/specific/path/of/target/folder

And how did this installation fare? We chose a certain page at eRPTS where it usually takes them around 60 to 80 seconds to open. With this setup, it now opens in only about 3 to 8 seconds.

Not bad, aye?

That's all for now, I hope this helps!

Faceoff: PCLOS 2009.1 vs LinuxMint KDE CE 6

In the past few days, I was lucky to be able to test drive two wonderful Linux distributions that both promises to work "out of the box" -- PCLinuxOS 2009.1 and LinuxMint KDE Community Edition 6.

My rig is only a Lenovo G400, with 1Gb of RAM, 120 Gb SATA HD, Built in Video (‎Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller) and Sound (82801G (ICH7 Family) High Definition Audio Controller), NetLink BCM5906M Fast Ethernet PCI Express as NIC, and BCM4311 802.11b/g WLAN for Wireless.

Before using trying out these two distros, I was happily using Ubuntu 8.10 on this laptop.

PCLOS and Mint KDE share many similar characteristics. They both use the K Desktop Environment. They are both derivatives from "bigger" Linux distros. Both promised an excellent "out of the box" experience thus loaded with the necessary plugins and codecs needed for every average user to enjoy his/her everyday computer use. Both distros are using the Synaptic Package Manager for software management. Development of both distros are being led by one guy namely Texstar for PCLOS, and Clem for LinuxMint.

But the similarity ends here.

PCLOS is based on Madriva Linux while LinuxMint KDE CE is based on Ubuntu. PCLOS is a meta or rolling distro, Mint is not. PCLOS is true to its promise of being able to play almost all types of media files, with LinuxMint KDE, I don't have sound on some .3gp and .mp4 files.

Although both uses Synaptic, PCLOS uses rpms while Mint uses debs. PCLOS uses KDE 3.5.10, while LinuxMint is now using KDE 4.2.

Installation with both distros on this rig is a breeze as I didn't encountered any problems at all with both distros using easy to use wizards.

On hardware support, I had varying results.

PCLOS was not able to activate my Fn keys at the start (I had to install Keytouch), while LinuxMint was able to activate almost every key right after installation. I also have this feeling that LinuxMint KDE 6 handled power management for this laptop better than PCLinuxOS but then again, both were able to suspend my laptop well and that what matters most.

Network management is way too easy with PCLOS than that of the KNetwork Manager installed on LinuxMint KDE 6. To make matters worst for Mint, I can't seem to make my wireless work. It was so easy with Ubuntu 8.10 but a no go with Mint (this was the ultimate deal breaker for me). With PCLOS, I didn't had to install or download anything. I simply configured it with the wizard incorporated on its Control Center. No fuss or whatsoever.

Built in sound just works, the same thing with the video as both can use Compiz with it.

More softwares are installed by default with PCLOS. However, I had problems with Frostwire which I had to do a "killall" command before I can kill it. HDDTEMP and POWERTOP aren't working well on PCLOS too. HDDTEMP on PCLOS says that it doesn't support my drive but hddtemp on Mint can. PowerTop on PCLOS doesn't work on my Lenovo, but powertop on Mint just works.

However, perhaps its because of KDE 4.2, I had stability problems with LinuxMint KDE 6. Random crashes and slowdowns. I can't use the wireless card with it. Mint doesn't even have a GUI for connecting with PPPOE. And as compared with KDE 3.5 and the PCLOS Control Center, Mint doesn't offer as much tools to work onas PCLOS does.

And personally, I don't like Amarok 2 on Mint as much as I love Amarok on PCLOS. Kaffeine on PCLOS is able to play almost everything, unlike VLC or DragonPlayer on Mint which can "play" some videos but with no sound. Where is the joy in that?

After an update using mintUpdate, I found myself wondering why I can't hear anymore any sound with Youtube videos with Mint. Did I just broke something with that update? Along the way, I also unknowingly broke my Mint system as some widgets (which I love so much) suddenly ceased to function. I didn't know what happened. I just installed some apps using mintInstall then after a reboot, some of my widgets aren't functioning anymore much to my dismay.

And with Mint, sometimes when I try to restart or shut it down, sometimes it will turn off or restart, sometimes it just sits there doing nothing.

PCLOS is much more stable. Almost every app from the repos works well except for the three apps I mentioned earlier. And I haven't ever experienced breaking my system after an update.

One thing I like more about PCLOS is that it has its very own repository of applications unlike in Mint where I still see some Ubuntu lines on their /etc/apt/sources.list file.

And the mklivecd script simply rocks with PCLOS along with RedoMBR and other utilities which Mint doesn't unfortunately have. (Or perhaps they some equivalent but still mklivecd works better than the others)

My verdict?! Obviously, after installing PCLOS then wiping it out for LinuxMint, here I am again with PCLOS. So how was I able to restore my PCLOS installation so easily? Good thing that I used mklivecd to create my very own PCLinuxOS, loaded with my fave goodies and with all the updates.

I simply reinstalled the whole thing using my custom PCLOS and everything were back to its proper places. :)

Make no mistake about it. This is not an anti LinuxMint or anti KDE 4.2 post. I love LinuxMint especially its main Gnome edition. I love how KDE 4.2 looks and still fancy plasma, plasmoids, widgets or whatever you want to call them. (Hey, I miss the Picture Frame widget!!!)

But I have a life to live and a choice to make.

Perhaps someday when the Ripper Gang is finished with their KDE 4.x rendition, I won't hesitate to install and use KDE 4.x on this laptop knowing that it is finally stable to let me get my job done.

IpKungfu NAT + DHCP server + Transparent SquidI

For 2 months and a half, I forced myself to believe that an appliance router would be enough to share our (measly) internet connection within our local area network.

Well, it was actually enough to share the internet connection but not enough to control how it shares the connection and speed it up. Since it was configured as a DHCP server, we are having a hard time monitoring what PC is viewing this and that. We also cannot effectively filter out "undesireable websites" via the appliance router.

So I had to go back to my old setup... NAT + Squid + Built-in Filter and now plus DHCP server. We were using Ubuntu 8.10 and I thought it would be easy after all this time I am configuring such setup. It was actually easy, except for one thing... NETWORK setup on Intrepid.

Okay, here is the setup. I have two NICs, eth0 and eth1. eth1 is connected to the Internet with a dynamic IP while eth0 is connected to the LAN and to be configured with a static IP.

I tried to use the built-in Network Manager but there seems to be a bug on it. It won't save static IP configuration after a reboot. So, eventhough I have configured eth0 with an IP of let's say 192.168.2.1... after a reboot it would still and again ask for a dynamic IP.

Darn!

Perhaps, there could be other better solutions out there for static IP to work on Network Manager but I did it on a way that I am comfortable... get my hands dirty on /etc/network/interfaces. Here it goes!

1. Disable Network Manager

sudo update-rc.d -f NetworkManager remove

1.1 Open and edit /etc/network/interfaces (dynamic eth1, static eth0).

gksu gedit /etc/network/interfaces

My /etc/network/intercafes looks like this:

auto lo eth0 eth1
iface lo inet loopback
iface eth0 inet static
address 192.168.2.1
netmask 255.255.255.0

iface eth1 inet dhcp

Reboot

2. Install and configure DHCP

2.1 Install

sudo apt-get install dhcp3-server

2.2 Configure DHCP to provide reserved IPs to specific computers.

2.2.1 Open DHCP conf file, edit to provide ip range 192.168.2.0/24 plus reserved IPs for specific PCs.

gksu gedit /etc/dhcp3/dhcpd.conf

Copy, paste, and edit the following configuration according to your LAN settings (leave out the comments),

default-lease-time 600;
max-lease-time 7200;

option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.2.1; # This should be your Squid/NAT server
option domain-name-servers 208.67.222.222, 208.67.220.220; # These are OpenDNS settings
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.160 192.168.2.169; # Edit accordingly
}
host linksys {
hardware ethernet 00:21:29:65:7a:66;
fixed-address 192.168.2.170;
}
host ecenter1 {
hardware ethernet 00:07:e9:01:b5:dc;
fixed-address 192.168.2.171;
}
host ecenter2 {
hardware ethernet 00:07:e9:01:bc:be;
fixed-address 192.168.2.172;
}

Of course, we have more PCs but I have to cut it to three. :) To get the MAC address of each PC, issue the ifconfig command (ipconfig /all for Windows PC).

2.2.3 Restart dhcpd for the settings to take effect.

sudo service dhcpd restart

3. Configure NAT via Ipkungfu (transparent redirection will be done later)

3.1 To save space, Please just read my blogspot on this at LINK . Additional info at LINK, which was actually partially based on my blogspot too. :) Don't forget to reboot thereafter.

4. Configure squid with minimal configuration. I just lifted and edited accordingly my previous post on this:

First install squid via apt-get or synaptic:

sudo apt-get install squid

After installation, edit Squid's configuration file:

sudo gedit /etc/squid/squid.conf

In the /etc/squid/squid.conf file, search and edit the following options/tags:

#TAG:http_port
http_port 3128 transparent

#OPTION WHICH AFFECT THE CACHE SIZE
cache_mem (1/4 of the your RAM) MB

(e.g. assuming your RAM is 1Gb then its "cache_mem 250 MB")

#LOGFILE PATHNAMES AND CACHE DIRECTORIES
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir diskd /cache (capacity of your /cache in MB) 16 256

(make sure /cache already exists)

#RECOMENDED MINIMUM CONFIGURATION
acl netxxx src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx

(specify your network and netmask e.g. "acl mynet src 192.168.0.0/255.255.255.0)

# AND FINALLY DENY ALL OTHER ACCESS TO THE PROXY
http_access allow netxxx

(e.g. "http_access allow mynet")

#TAG:Visible_hostname
visible_hostname (yourserver name)

At the terminal, change the ownership of the existing /cache folder:

sudo chown proxy:proxy /cache

Then create swap directories at /cache:

sudo squid -z

Then fireaway squid!

sudo /etc/init.d/squid start

5. Enable transparent redirection via IpKungfu

5.1 Open and edit /etc/ipkungfu/redirection.conf.

gksu gedit /etc/ipkungfu/redirection.conf

Uncomment the line that has 3128 on it.

tcp:80:3128:internal # transparent squid proxy

5.2 Restart IpKungfu for settings to take effect.

sudo /etc/init.d/ipkungfu restart

My squid configuration was actually configured to filter out undesirable websites and that will be tackled on my next blogpost.

Till then!

Hardy Heron on Lenovo 3000 g400

Ahhh finally! A laptop issued to me by the LGU of Paniqui, Tarlac.

Ta Da! Its a Lenovo 3000 G400. The specs are on the Lenovo website .

It was bought from Computer Zone in Tarlac City (beside the Tarlac Cathedral). As you already saw the price at the link I gave you... does this mean that a local store would sell it higher?

Surprisingly, it didn't. It was priced almost just the same plus a free webcam and mouse... not to mention the gorgeous bag that goes with it.

It only has MSDOS as its Operating System which is actually a PLUS for me. First, it saved us money from MS licenses and secondly, even if they will give me a laptop with a copy of licensed MS Windows on it, I will still reformat it in favor of Linux.

Installing Ubuntu Linux (Hardy Heron) on it was a breeze. Everything was auto detected, including the wireless card. However, it seems that it won't work at first. Some googling around brought me to a simple how-to by Invaleed .

Luckily for me, the how-to worked seamlessly.

Next step is to install various codecs and plugins essential for daily work and surfing needs. I first edited the /etc/apt/sources.list file to enable all the software repositories on it. It simply involves uncommenting a few lines.

Then I also included the Medibuntu repos with the following commands:

sudo wget http://www.medibuntu.org/sources.list.d/hardy.list -O /etc/apt/sources.list.d/medibuntu.list
sudo apt-get update && sudo apt-get install medibuntu-keyring && sudo apt-get update

Then I installed everything I need with this command:

sudo apt-get install build-essential avant-window-navigator linux-header-$(uname -r) ubuntu-restricted-extras audacious vlc k3b wifi-radar grip acidrip aptoncd

After about two hours (internet connection at the office is crappy at the most) everything got installed. I then proceeded to http://gnome-look.org to get some icon sets, gdm themes and wallpapers for some eye candy.

All in all, my laptop now looks like this: Click Here

The dock at the bottom is avant-window-navigator which will only work when compiz is activated. Good thing I have Intel as video so I don't any problem enabling compiz on this laptop.

Almost every key on this laptop works with Ubuntu except for the orange NOVO key. The weight is just right for me although some say it looks kinda bulky. I love the screen and the keyboard layout. My hands just fit in. Suspend and hibernate works without a problem.

I haven't tested the internal modem but no I have no problem with that. Earphones are working, including the integrated mic. Battery applet indicates that the battery would last 2 hours and 55 minutes when fully charged. CPU scaling seems to work out just fine. CPU temperature is from 42 to 57 degrees Celsius.

And oh, when I installed the wireless drivers.... I suddenly noticed that when I started working on it, a scratching sound blurts out.

I desperately tried to trace everything to the point that I wanted to reinstall everything.... only to find out that the sound was caused by my palm movement over the integrated mic on my left. Stupid me! All it takes is for me to mute the mic.

One thing I don't like?! The touchpad. It doesn't feel as responsive as the other touchpads that I have used. Its a good thing that I always have my USB retractable mouse with me.

All in all I am very much impressed with Lenovo 3000 g400 and with Ubuntu Hardy Heron. I love the simple black Lenovo design that looks cool and sturdy which is complemented by the stability and responsiveness of Ubuntu Hardy. If ever I'll have money to buy a laptop of my own, I won't hesitate to buy the same laptop.

Low priced laptop + free open source software = Best Everyday Computing ever!

Me, Avant, and my Wallpaper

Just two screenshots showing avant-windows-navigator with a nice green wallpaper on LinuxMint Daryna.

Screenshots taken out of boredom waiting for Hardy (which I'll be using for server purposes) and Mint 5.0.

Green is cool with Mint, aye?!

Arno's Iptables Firewall on my Ubuntu Gutsy

Ipkungfu is acting weird on Ubuntu Gutsy box lately. It sometimes locks the machine from the other PCs in the LAN (I can't ssh or vnc to it) and even disables the transparent proxying for Squid :(. I can't seem to find the problem so every time it locks the server (which acts as squid proxy, router, gateway, dhcp, and vmware server host) I simply reinstall ipkungfu and it works again but then after a few more days, the server got locked up again. :(

So what I did is to try find another easy to use firewall script... and that is when I came upon Arno's Iptables Firewall. To quote from its freshmeat.org entry:

"Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included."

To install it on ubuntu, fire up synaptic then look for and install the arno-iptables-firewall package. It will also install the following packages: gawk and lynx.

After the download it will run a simple wizard that will also questions like what is your internet and external interfaces, what ports should be allowed, etc. After answering the questions, it will be installed and is ready to run.

To enable transparent proxying, open with your favorite text editor the file "/etc/arno-iptables-firewall/firewall.conf" and then search for the term "3128" and then simply uncomment the line pertaining to it.

To reconfigure your firewall, simply do a "sudo dpkg-reconfigure arno-iptables-firewall" and an easy to understand text-based wizard will come up. To make it run on boot, do a "sudo invoke-rc.d arno-iptables-firewall start" command.

So far its running great on my machine. Remember when I blogged about ipkungfu kicking firestarter out of my machine? Now it seems arno is ready to kick ipkungfu, but let me find out first after a series of tests.

For the FAQ on arno, read here.

VCDGear and WinFF on Ubuntu Gutsy

I once had this challenge on how to convert a .dat file on a VCD to mpeg. After scouring the web, I stumbled upon VCDGear which has a GUI version built for Windows and a Console version for Linux.

Unfortunately, its not at the repositories but its easy to install. Simply download the file from this page and then double click on the deb file and easy does it.

Execute it by typing vcdgear at the terminal and you'll see the options and command syntax to follow. For more info, visit http://vcdgear.com.

Another app I love is WinFF. I first saw it at PCLOS repos but its not included at the Ubuntu repos. Simply download the deb file from here and double click on it to install.

WinFF is a cross platform batch GUI for FFMPEG. It will convert most any video file that FFmpeg will convert. WinFF does multiple files in multiple formats at one time. You can for example convert mpeg's, flv's, and mov's, all into avi's all at once.

Great for converting flv's downloaded from Youtube to 3gp's to be uploaded to cellphones. :)

For more info, visit http://biggmatt.com/winff/.

Enjoy!