Remote access to your Raspberry Pi with ssl/ssh multiplexer

One big advantage of Raspberry Pi is its low power consumption. I can power on it 7x24 and remote it at anytime (of course, assumed your router is also on). SSH from internet to your Pi is simple, by just forwarding port 22 or making the Pi is the default DMZ. However, some places only allows you to visit port 80 or 443, or you have to connect to the internal via a proxy server, which also blocks every ports but 80/443.

Since port 443 is an exception, why don't we set the SSH service to listen to it? Just modify /etc/ssh/sshd_config and add a line "Port 80" or "Port 443". It does work, but wait, what about if the Pi also serves as a Web Server with SSL enabled? If you choose 443 to serve SSH, then you can't have your web server to use SSL at 443. So how to solve this situation? Here is one of the possible approach.

Create a Soalris 8 zone (32bit) to a container

Last time I had successfully created a flar image from an old Solaris 8 server (ref). Now I have to setup a zone of Solaris 10 container and install the image into it. The overall idea is clear and easy. Normally just create the zone configuration, and install it from a "flar" image.

1. Create zone configuration

root@sol10 # zonecfg -z z_sol8
z_sol8: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:z_sol8> create -t SUNWsolaris8
zonecfg:z_sol8> set zonepath=/pool/zone/sol8
zonecfg:z_sol8> set autoboot=false
zonecfg:z_sol8> set ip-type=shared
zonecfg:z_sol8> add net
zonecfg:z_sol8:net> set address=192.168.123.123
zonecfg:z_sol8:net> set physical=nxge0
zonecfg:z_sol8:net> end
zonecfg:z_sol8> verify
zonecfg:z_sol8> commit
zonecfg:z_sol8> exit

Next install the zone from the flar image:       

Create a Wiki (Moinmoin) on Raspberry

Moinmoin is a very good Wiki application without using a DB. It is very fast, with easy syntax and I recommend to use it as a quick knowledge base for home or SME usage.

 This guide is to install moinmoin on a Raspberry Pi and make it accessible via Lighttpd (using fastcgi). It is assumed a virtual host is available for this wiki (eg. http://wiki.example.com )

The moinmoin program will be installed at /usr/local/moinmoin_engine while the instance will be installed at another place (eg. /usr/local/moinmoin_instance1. )

1. Download the latest source (1.9.5 as of this moment) at http://moinmo.in
2. extract the tar ball to a temp place (eg. /tmp)
3. under the source path, run

   python setup.py install --prefix=/usr/local/moinmoin_engine

4. mkdir the instance path

   mkdir /usr/local/moinmoin_instance1

5. copy the following directories from "engine" to "instance", and change the ownership to the lighttpd user:

   cp -r /usr/local/moinmoin_engine/share/moin/data /usr/local/moinmoin_instance1
   cp -r /usr/local/moinmoin_engine/share/moin/underlay /usr/local/moinmoin_instance1
   cp /usr/local/moinmoin_engine/share/moin/config/wikiconfig.py /usr/local/moinmoin_instance1
   cp /usr/local/moinmoin_engine/share/moin/server/moin.fcgi /usr/local/moinmoin_instance1
   chown -R www-data:www-data /usr/local/moinmoin_instance1

6. modify the moin.fcgi, locate the following lines:

   # a1) Path of the directory where the MoinMoin code package is located.
   #     Needed if you installed with --prefix=PREFIX or you didn't use setup.py.
   #sys.path.insert(0, 'PREFIX/lib/python2.3/site-packages')
   sys.path.insert(0, '/usr/local/moinmoin_engine/lib/python2.7/site-packages')
   
   # a2) Path of the directory where wikiconfig.py / farmconfig.py is located.
   #     See wiki/config/... for some sample config files.
   #sys.path.insert(0, '/path/to/wikiconfigdir')
   sys.path.insert(0, '/usr/local/moinmoin_instance1')
   
   ...
   
   ## this works around a bug in flup's CGI autodetection (as of flup 1.0.1):
   #os.environ['FCGI_FORCE_CGI'] = 'Y' # 'Y' for (slow) CGI, 'N' for FCGI
   os.environ['FCGI_FORCE_CGI'] = 'N'
   
   ...
   
   # Is fixing the script name needed?
   # Use None if your url looks like http://domain/wiki/moin.fcgi
   # Use '' if you use rewriting to run at http://domain/
   # Use '/mywiki' if you use rewriting to run at http://domain/mywiki/
   #fix_script_name = None  # <-- adapt="adapt" as="as" class="anchor" here="here" id="line-24" needed="needed" span="span">

fix_script_name = ''# <-- adapt="adapt" as="as" here="here" needed="needed" pre="pre">

Next prepare virtual host by appending the following block /etc/lighttpd/lighttpd.conf:

$HTTP["host"] =~ "wiki\.example\.com" {
        
  fastcgi.server += ( "/" =>
      ((
        "socket" => "/tmp/moin.socket",
        "min-procs" => 1,
        "max-procs" => 2,
        "check-local" => "disable",
        "bin-path" => "/usr/local/moinmoin_instance1/moin.fcgi",
        "fix-root-scriptname" => "enable"
      ))
  )

  alias.url += ( "/moin_static195" => "/usr/local/moinmoin_engine/lib/python2.7/site-packages/MoinMoin/web/static/htdocs")

}

Restart Lighttpd and the your own wiki is just born! 

For more information about user and administration guide, please refer the HelpContents.

PS: So here is the wiki running on my Raspberry Pi: http://wiki.jessed121.us/ . You can walk around and feel it.

Install Lighttpd, PHP5, MySQL on Raspberry Pi

To run a 'typical' server on Raspberry Pi, a Web server is necessary. If possible, it can run application (by PHP5, Java, Perl, Python, etc...). Apache may be the most famous web server, but here I choose Lighttpd is it is not as big as Apache. In fact, a lightweight server is more suitable. Also, it will use FastCGI to run PHP and Python, I will list out what applications/ services to be run on this server.

Finally Mysql is also a popular DB. At the beginning I don't want to install it as there may be a huge overhead on the Pi. In fact, some embedded DB such as sqlite would be a better option. However, there are still applications which only official support Mysql, so at last I decide to install it and hopefully can fine-tune it later.

So here is the steps...

Install Lighttpd and PHP5

1. Login as root
2. create the user and group "www-data"
3. Install the following packages:
   • apt-get update (get the latest repository)
   • apt-get install lighttpd php5-cgi

After installation, check the /etc/lighttpd/lighttpd.conf

include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

it will includes setting under /etc/lighttpd/conf-enabled. Make sure there is something like "fastcgi" and "fastcgi-php". (The settings can be fine tuned afterwards)

# ls /etc/lighttpd/conf-enabled/
10-fastcgi.conf  15-fastcgi-php.conf

Install Mysql

just install the packages "mysql-server", "php5-mysql"

Failed to exclude directories when running flarcreate on Solaris 8

When I tried to prepare a flash archive (flar) from an old Solaris 8 physical machine, I wanted to exclude two directories (say, /one and /two). I checked the syntax from web (and the man page), it should be:

flarcreate -n -c -S -R / -x /one -x /two
where -c is enable compression, -S is ignore size stats, -R is the root path

However, the directories /one and /two are still in the flar !

After doing some investigation and research from the web, it is believed that there is a bug of this script of the current version. Since it's too old and I don't want to apply any patch on it, I'd rather modify the script a bit in order fulfill my requirement:

Weather information from openweathermap.org JSON API by Python

The openweathermap.org offers JSON API to query weather information around the world. It is not difficult to use python to call the API, parse the JSON and gather the information.

Since all the request are from web, it'd better to prepare a simple function to fetch the HTML/JSON from the site:

import urllib2, json

def fetchHTML(url):
    req = urllib2.Request(url)
    response=urllib2.urlopen(req)
    return response.read()
   
Remember it is just for a quick and dirty approach. In real case we should handle exceptions (such as URL unreachable, network not found, etc)

Now we are ready to call the API. First of all we need to know the "id" of a City. http://openweathermap.org/data/2.1/find/name?q=<CITY>

My first Raspberry Pi

I bought my Raspberry Pi (with a transparent case) 2 weeks ago. Since its tiny size and low power consumption, I decided to run it in 7x24 as a light weight server.

When the Pi was just delivered, my Dad wondered its ability. Don't under estimate the configuration of it. I called it a "server" means it really fulfill my expectation.

Once I recieved it, what have I done to it:

Check utilization for Solaris 10

Seems "top" is not available (or not installed by default). Actually there is another command "prstat" which provide similar but more powerful functions:

#prstat -Z
   PID USERNAME  SIZE   RSS STATE  PRI NICE      TIME  CPU PROCESS/NLWP
  5147 root      206M   33M sleep   59    0   0:03:10 0.0% webservd/30
  1378 noaccess  157M  129M sleep   59    0   0:02:41 0.0% java/18
  2333 root      130M   90M sleep   59    0   0:07:52 0.0% java/72
  5060 root       82M   14M sleep   59    0   0:03:11 0.0% webservd/71
  5088 106        81M   20M sleep   59    0   0:03:11 0.0% webservd/72
  1865 root       63M   24M sleep  101    -   0:00:04 0.0% rgmd/43
  1009 root       51M   24M sleep   59    0   0:00:22 0.0% fmd/30
  1719 root       48M 4080K sleep  100    -   0:00:19 0.0% rpc.pmfd/23
  1119 root       44M   28M sleep   59    0   0:34:05 0.0% poold/8
    11 root       36M   29M sleep   59    0   0:00:30 0.0% svc.startd/13
  5094 root       34M   16M sleep   59    0   0:00:50 0.0% opceca/2
   861 root       28M 3520K sleep   59    0   0:00:00 0.0% pmmd/20
  5146 root       26M 3344K sleep   59    0   0:00:07 0.0% webservd/2
  5087 root       26M 2976K sleep   59    0   0:00:07 0.0% webservd/2
  5059 root       26M 2600K sleep   59    0   0:00:07 0.0% webservd/2
ZONEID    NPROC  SWAP   RSS MEMORY      TIME  CPU ZONE
     0       95  734M  566M   0.9%   1:05:10 0.0% global
     1       37  275M  112M   0.2%   0:10:00 0.0% zone1
     3       44  113M  112M   0.2%   3:18:50 0.1% zone2
     2       23   18M   26M   0.0%   0:01:21 0.0% zone3

Total: 199 processes, 4159 lwps, load averages: 0.43, 0.39, 0.38

Note that I run this command one a container with 3 zones. The -Z parameter provide a glance of the utilization of each zone. To view the utilization of an individual zone, you can run "prstat -z ":

Change network speed and duplex mode on Solaris 10

When I try to FTP some files using an interface, the speed is unexpectedly slow. Then I try to see the network interfaces status:

root@sunserver # dladm show-dev
nxge0           link: down      speed: 0     Mbps       duplex: unknown
nxge1           link: down      speed: 0     Mbps       duplex: unknown
nxge2           link: unknown   speed: 0     Mbps       duplex: unknown
nxge3           link: unknown   speed: 0     Mbps       duplex: unknown
igb0            link: up        speed: 100   Mbps       duplex: half
igb1            link: unknown   speed: 0     Mbps       duplex: half
igb2            link: up        speed: 100   Mbps       duplex: full
igb3            link: up        speed: 1000  Mbps       duplex: full

Seems 100 Half is a wrong setting. Since the speed is set by auto negotiation mode, we have to change it manually:

First, check the interface properties by "ndd":
root@sunserver # ndd -get /dev/igb0 ?
?                             (read only)
mtu                           (read and write)
min_allowed_mtu               (read only)
max_allowed_mtu               (read only)
adv_autoneg_cap               (read and write)
adv_1000fdx_cap               (read and write)
adv_1000hdx_cap               (read only)
adv_100fdx_cap                (read and write)
adv_100hdx_cap                (read and write)
adv_10fdx_cap                 (read and write)
adv_10hdx_cap                 (read and write)
adv_100T4_cap                 (read only)
link_status                   (read only)
link_speed                    (read only)
link_duplex                   (read only)
autoneg_cap                   (read only)
pause_cap                     (read only)
asym_pause_cap                (read only)
1000fdx_cap                   (read only)
1000hdx_cap                   (read only)
100fdx_cap                    (read only)
100hdx_cap                    (read only)
10fdx_cap                     (read only)
10hdx_cap                     (read only)
lp_autoneg_cap                (read only)
lp_pause_cap                  (read only)
lp_asym_pause_cap             (read only)
lp_1000hdx_cap                (read only)
lp_1000fdx_cap                (read only)
lp_100fdx_cap                 (read only)
lp_100hdx_cap                 (read only)
lp_10fdx_cap                  (read only)
lp_10hdx_cap                  (read only)
link_autoneg                  (read only)
tx_copy_thresh                (read and write)
tx_recycle_thresh             (read and write)
tx_overload_thresh            (read and write)
tx_resched_thresh             (read and write)
rx_copy_thresh                (read and write)
rx_limit_per_intr             (read and write)
intr_throttling               (read and write)
adv_pause_cap                 (read only)
adv_asym_pause_cap            (read only)

As those "read only" properties are not useful, let's filter out further:

SUN Cluster (3.3) installation screen dump

Just a screen dump of the installation. Assumed the Solaris 10 is installed and media of the cluster is ready.

---

Just a screen dump of the installation. Assumed the Solaris 10 is installed and media of the cluster is ready.

# cd 
# ./installer

Unable to access a usable display on the remote system. Continue in command-line mode?(Y/N)

Y

Java Accessibility Bridge for GNOME loaded.

 

 

Symmetrix Command Line

My current job needs to take care of some EMC storages, from DMX to VMAX (also some Clariion/VNX and Celerra). Since I forget all the symcli commands, I created the following tables for quick reference (the table will be updated time to time...) :

symcfg list -sid -v
symcfg list -sid -applications
symcfg list -sid -connections symcfg list -sid -connections -sorthost         symcfg list -sid -connections -capacity
symcfg -dir all list -sid symcfg -dir all list -sid -address symcfg -dir all list -sid -address -available
symcfg -sa all list -sid  symcfg -da all list -sid	SA: fc address DA: disk address
symcfg -fa all list -sid symcfg -fa all list -sid -port	check wwn and fibre connection
symcfg -sid  list -memory	Memory board
symcfg list -upatches -sid	Patches
symcfg -sid  list -env_data  symcfg show -sid  SystemBay -env_data	Hardware check
symcfg list -pools -sid  symcfg list -pools -sid -gb
symcfg list -pools -sid 3281 -gb -detail -thin	Thin pool only
symcfg list -datadev -sid 1226  symcfg list -datadev -sid 1226 -range 0000:0001  symcfg list -datadev -sid 1226 -range 0000:0001 -dev  symcfg show -pool <> -thin -gb -detail	Thin pool only
symcfg -sid $SID list -rdfg all  symcfg -sid $SID list -rdfg all -rdfa

   

symconfigure -sid $SID list -freespace
symdev list -sid $SID -da all -space symdev list -FA 7E -sid $SID (can use symcfg list -dir ALL to check)  symdisk list -sid $SID -da <> (can use sycmfg list -da all to check)
sympd list -sid $SID  sympd list -sid $SID -v
symdev list -inventory
symdisk  -sid $SID show 7A:C4  symdisk list -sid $SID -da symdisk list -sid $SID -by_diskgroup