PostgreSQL 8.3 adding uuid-ossp on Debian

UUID is a nice way to generate (almost) unique id’s.

However on PostgreSQL 8.3 the data type exists, but if you wish to be able to generate UUID’s you need to get a module (in this case uuid-ossp).

On Debian this module is in the contrib package, so if you have not installed this before do it now

user@server:~$ sudo apt-get install postgresql-contrib

Then you need to “load” the module into PostgreSQL; or more accurately you tell PostgreSQL about the new functions this module has, how to reach them etc.
Depending on you security settings (in pg_hba.conf) you may need to log in as the postgres user on your system.

postgres@sever:~$ psql -d MYDB -U postgres -f /usr/share/postgresql/8.3/contrib/uuid-ossp.sql

apt-get WARNING: The following packages cannot be authenticated!

apt-get is verifying the packages before installing them.
If the keys are not up to date, then apt-get upgrade will issue a warning.

WARNING: The following packages cannot be authenticated!
  ure uno-libs3
Install these packages without verification [y/N]?

The way to solve this is rather simple, just run apt-get update and it should download the keys automatically.

apt-key handles keys, using apt-key list will show you the keys that are on the computer.

Limit the download speed of apt-get

Sometimes it is nice to limit the download speed of apt-get.

The way I do this is to create a file “/etc/apt/apt.conf.d/76download” and enter the following to it

Acquire{Queue-mode "access";http{Dl-Limit "50";};};

This will limit apt-get to at most 50 kb/s for apt-get.
Some other how to’s suggest the use of dl-limit but be adviced, dl-limit is per each connection apt-get does (normally it does 2 at a time); the one used above caps apt-get in total.

What program is using port x?

netstat can be used to figure out what program is using a port.

$ netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0    *               LISTEN      1096/sshd
tcp        0      0    *               LISTEN      1733/apache2
tcp6       0      0 :::22                   :::*                    LISTEN      1096/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     6338     1071/gdm-simple-sla @/tmp/gdm-greeter-LvjLQPzT
unix  2      [ ACC ]     STREAM     LISTENING     5165     1072/X              /tmp/.X11-unix/X0

If you have a lot open then grep can be used to only find what you are looking for

netstat -nlp|grep :22
tcp        0      0    *               LISTEN      1096/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1096/sshd

For windows, simply start with

netstat -n

apt-get update gives the error “E: Could not get lock /var/lib/apt/lists/lock – open (11: Resource temporarily unavailable)”

If running apt-get (or aptitude) and you get the following error:

$ apt-get update
E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the list directory

Then (most likely) explenation is that one of the sources have gotten a timeout and that a (cron) sheduled update task have gotten locked.
A simple solution for this is to find the cron process is locked, and kill it.

$ ps -a |grep apt
Warning: bad ps syntax, perhaps a bogus '-'? See
 3737 ?        SN     0:00 /bin/sh /etc/cron.daily/apt
 3833 ?        SN     0:00 apt-get -qq -y update -o APT::Update::Auth-Failure::=cp /usr/share/apt/apt-auth-failure.note /var/lib/update-notifier/user.d/
 3835 ?        SN     0:00 /usr/lib/apt/methods/http
 3838 ?        SN     0:00 /usr/lib/apt/methods/http
 3842 ?        SN     0:00 /usr/lib/apt/methods/http
 3869 ?        SN     0:00 /usr/lib/apt/methods/http
 4223 pts/0    R+     0:00 grep apt
$ kill -9 3833

If this happens often, then perhaps you should try to debug the sources and remove (or exchange) the source that is causing the problems.

sudo without password

Use visudo to edit /etc/sudoers

user host = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

user, host and or the list of commands to be run can be swapped with the keyword ALL.
However that is probably not a good idea in most cases.

more info on this is in the manpages sudoers(5)

apt-get update The following packages have been kept back

 apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  bind9-host dnsutils libbind9-50 libdns50 libisc50 libisccc50 libisccfg50 liblwres50 linux-generic linux-generic-pae linux-image-generic
0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.

The message has been kept back most often means that the upgrade was kept back due to dependencies that are not met.

Some possible solutions

  • A simple way is to invoke dselect to help out with the update. dselect performs the actions necessary to realize that state (for instance, the removal of old and the installation of new packages).
     apt-get dselect-upgrade
  • While apt-get and aptitude are basically the same, aptitude is sometimes better at handling dependencies than apt-get
     aptitude upgrade
  • Another solution is to install the package using apt-get install to install the upgraded package and let apt-get install the missing dependencies
     apt-get install dnsutils

Quickly configure shorewall on Debian

By definition shorewall is not a firewall, it is a way to (more) easily configure iptables to work as a firewall.

  • First install shorewall “$ apt-get intall shorewall”
  • Enter /etc/shorewall
  • Copy the example files from /usr/share/doc/shorewall-common/default-config/ (might also be located in /usr/share/doc/shorewall/default-config/) “$ cp /usr/share/doc/shorewall-common/default-config/* .”
  • Edit the files and enter the data that your system has
    • First create zones “$ nano zones”
       #ZONE   TYPE            OPTIONS         IN OPTIONS                OUT OPTIONS
      fw      firewall
      net     ipv4
      vpn     ipv4
    • Connect zones with interfaces”$ nano interfaces”
      net     eth0            detect          tcpflags,blacklist,dhcp
      vpn	tun0		-
    • Create policies “$ nano policy”
       #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
      fw              net             ACCEPT
      vpn             net             ACCEPT
      vpn             fw              ACCEPT
      fw              vpn             ACCEPT
      net             all             DROP            info
      all             all             DROP            info
    • Create rules “$ nano rules”
       #ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
      #                                               PORT(S) PORT(S)         DEST            LIMIT           GROUP
      ACCEPT          net             fw             tcp     22 # ssh
      ACCEPT          net             fw             tcp     80 # web
    • Verify that the rules are fine “$ shorewall check”
    • Edit /etc/default/shorewall and set startup to 1
       # prevent startup with default configuration
      # set the following varible to 1 in order to allow Shorewall to start
    • Start the firewall “$ /etc/init.d/shorewall start”

If you later decide to update rules, zones etc run “$ /etc/init.d/shorewall restart” to load the changes.

Magento: Installing on a debian server

To install magento on a fresh server use the following.

  • Install apache, mysql and PHP5 “$ apt-get install apache2 mysql-server php5 php5-mysql php-soap php5-mcrypt php5-curl php5-gd”
  • Edit the vhost config for the apache site [/etc/apache2/sites-enabled/000-default]
    • Verify that “AllowOverride” is set to All for the magento directory
  • Make sure that mof_rewrite is loaded; use “$ a2enmod rewrite” and then reload apache2
  • Edit /etc/php5/apache2/php.ini
    • “memory_limit” [the manual says] no less than 256Mb (preferably 512)
    • “max_execution_time” [this is the max time that a script may be left running] SOAP requests take time, so make suer it is at a reasonable time
    • “upload_max_filesize” Set this to a size that is reasonable depending on what you plan to upload (manuals might be large)
    • “post_max_size” Set this to a size that is reasonable depending on what you plan to post (manuals might be large); also make sure that the value and the modifier is correct (so that it says 8M and not just 8 for instance)
    • “display_errors” Set to Off
    • “log_errors” Set to On
    • “error_log” Set to a file that you will be able to find [if you wish to have it in a subdir; create that as root and give it permissions as apache log dir]
  • download magento (lastest version from magento
  • Upack it (I choose bzip2 format) “$ tar -jxvvf magento-downloader-” and make sure the files gets put in the directory you wish
  • Some directories have to be writable to the webserver (and all subdirectories, where there are)
    • var
    • var/.htaccess
    • app/etc
    • media
  • If you are using the downloader installation
    • “$./pear mage-setup .”
    • “$./pear install magento-core/Mage_All_Latest”
    • “$rm -rf downloader/pearlib/cache/* downloader/pearlib/download/*”
  • Create database and database user [this is to do it manually via mysql console]
    • “$mysql -uroot -p”
    • “mysql> create database magento;”
    • “mysql> use mysql;”
    • “mysql> INSERT INTO user (Host,User,Password) VALUES (‘localhost’, ‘magento’, PASSWORD(‘password’));”
    • “mysql> GRANT ALL ON magento.* TO ‘magento’;”
    • “mysql> FLUSH PRIVILEGES;”
    • “mysql> exit”
  • Go to the webserver and complete the installation
  • If you get stuck on the configuration page [that you get back to it even after adding correct information]:
    • Check “AllowOverride” in the apache config.
    • Check “post_max_size2 in the php.ini [also check so that the value is either absolute or has a modifier; 8 means 8 bytes while 8M means 8Mb]