Blog

Blog

Install OpenVPN client in ubuntu

Install OpenVPN client in ubuntu

Due to PPTP might not available, OpenVPN can be a good choice.

Packages

apt install openvpn

Configuration file

Configuration file should be downloaded from OpenVPN server.

Test

openvpn --config client.ovpn

Enable option

In /etc/default/openvpn, enable following line

AUTOSTART="all"

Copy config file

cp client.ovpn /etc/openvpn/client.conf

Note: the file name should be client.conf

Enable password (Optional)

Change auth-user-pass to auth-user-pass pass in client.conf.

Then create account info in pass file, and change mode

chmod 400 /etc/openvpn/pass

Enable service

systemctl enable openvpn@client.service
systemctl daemon-reload
systemctl start openvpn@client

References

Linux - Autostart OpenVPN in systemd (Ubuntu)

Configure PPTP in Ubuntu

Configure PPTP in Ubuntu

Install packages

apt-get install pptp-linux

Configure password

vi /etc/ppp/chap-secrets

The format should be

pptpuser    PPTP    pptppassword    *

Create route script

Create file /etc/ppp/ip-up.d/route-traffic

#!/bin/bash

route add -net 192.168.1.0/8 dev ppp0

Change mode to executable

chmod +x /etc/ppp/ip-up.d/route-traffic

Create dial up configure

The name of file is defined as connection name, such as /etc/ppp/peers/<CONNECTON>

pty "pptp <HOST> --nolaunchpppd"
name <USER>
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam <CONNECTON>

Open filewall

iptables -A INPUT -i pptp -j ACCEPT
iptables -A OUTPUT -o pptp -j ACCEPT

Connect and disconnect

pon <CONNECTON>
poff <CONNECTION>

Troubleshooting

If didn't configure PPTP Passthrough on your NAT, then PPTP will failed.

PPTP uses a TCP channel on port 1723 for control and the GRE protocol to encapsulate data and create a VPN tunnel. The issue isn’t really PTPP itself but GRE; GRE doesn’t use ports. Since a requirement of NAT is that the connection must use an IP address and port number it doesn’t work with GRE. This is what PTPP passthrough addresses.

References

Set up Linux PPTP Client from the Terminal
Connect to PPTP server via command line on Ubuntu
pptp - 'Administrative Shutdown'. Error code is 0, Cause code is 0

Troubleshooting Hashicorp Vault SSH Certificate Login

Troubleshooting Hashicorp Vault SSH Certificate Login

If can not login via SSH, normally can use -vvv as SSH option in SSH client command to verify, but it could be very long to read.

Another way is use systemctl status sshd command at server side to check the error.

For example, the output of systemctl status sshd got following lines,

Dec 12 00:40:37 example-host systemd[1]: Started OpenBSD Secure Shell server.
Dec 12 00:40:54 example-host sshd[22712]: error: Certificate invalid: expired
Dec 12 00:40:54 example-host sshd[22712]: Connection closed by authenticating user ubuntu 101.78.78.154 port 53369 [preauth]
Dec 12 00:41:12 example-host sshd[22716]: error: Certificate invalid: name is not a listed principal
Dec 12 00:41:12 example-host sshd[22716]: Connection closed by authenticating user ubuntu 101.78.78.154 port 53372 [preauth]

The first error shows vault signed certificate at client side had expired, need to rerun vault command to regenerate signed certificate.

The second error shows the user name was used in client is not listed in vault signed certificate, so need to use correct user name or configure a new role in the vault.

Run do-release-upgrade to ubuntu 21.10

Run do-release-upgrade to ubuntu 21.10

Looks like a simple task, but ending with many things to do...

No screen

After run do-release-upgrade, I went to sleep, then ssh connection dropped due to iMac auto sleep. The installation stopped at asking question of grub installation.

When I check the process, got a process similar to below one, which is still at pts/1, which means the process is still running at another virtual terminal.

/usr/bin/python3 /tmp/ubuntu-release-upgrader-qzt422az/focal --mode=server --frontend=DistUpgradeViewText

When I try to run do-release-upgrade again, got following message.

# do-release-upgrade 
Checking for a new Ubuntu release
No new release found.

Then I try to run apt install screen, says apt is locked by process nnnn.

As suggested by others, I killed the process nnnn, and run following command, then the terminal change to installation virtual screen, and continued.

dpkg --configure -a

Error on grub-efi

Then got following error

# dpkg --configure -a
Setting up grub-efi-amd64-signed (1.173+2.04-1ubuntu47) ...
NTFS signature is missing.
Failed to mount '/dev/sda1': Invalid argument
The device '/dev/sda1' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?
dpkg: error processing package grub-efi-amd64-signed (--configure):
 installed grub-efi-amd64-signed package post-installation script subprocess returned error exit status 12
Errors were encountered while processing:
 grub-efi-amd64-signed

As suggested by others, I ran following commands, which remove grub2 and install grub, then no error any more.

Note: do backup of /etc/default/grub, and verify the contents. I didn't do this, caused more issues later

apt-get purge grub\*
sudo apt-get install grub-efi
sudo apt-get autoremove
sudo update-grub

No zpool found during reboot

The system go into initramfs mode after reboot, looks like iSCSI devices not found.

Then I booted from CD again, and found that iSCSI configuration in /etc/default/grub was missing.

After login to iSCSI, I mirror back the bpool and rpool back to local disk, and run following command to fix it.

update-initramfs -v -k $(uname -r) -c
update-grub

Forgot waiting for resilvering finish

Forgot wait for zpool sync finish, the I rebooted the server.

Note: Some people said it is ok, but my case is NOT OK.

After perform zpool resync again, got following error with local partition CKSUM = 1.

One or more devices has experienced an unrecoverable error.

This was caused by reboot, just perform following command to clean the flag.

zpool clear rpool

Booting hung

This is an old issue, caused by network shutdown before iSCSI drive dismount. Run following command,

systemctl edit --full open-iscsi.service

Comment out the following line

#ExecStop=/lib/open-iscsi/logout-all.sh

References

Sub-process /usr/bin/dpkg returned an error code (1)

Duplicate partition table in ubuntu

Duplicate partition table in ubuntu

Note: Haven't got chance to test this.

Duplicate partitions

sfdisk -d /dev/sdX > part_table
sfdisk /dev/sdY < part_table

This will keeping the same disk & partition IDs, mainly for backup and restore partition purpose.

Generate new partition IDs

grep -v ^label-id part_table | sed -e 's/, *uuid=[0-9A-F-]*//' | sfdisk /dev/sdY

References

How to copy the partition layout of a whole disk using standard tools

Selection of container orchestration platform

Selection of container orchestration platform

I'm trying to manage my docker containers using container orchestration platform. There are a few of them can be used.

Variations

Docker Swarm

Easy to setup and manage existing docker machines.

Kubernetes (K8s)

Widely used.

K3S

K3s is Rancher’s k3s Kubernetes distro, lightweight, single binary, and low resource usage.

Openshift

Complex

Consideration

Unlike company environments, most of my docker containers applications have individual database. The application usage is low, autoscaling isn't a requirement for me but the backup and restore is important.

References

k8s vs k3s
Docker Swarm vs Kubernetes: how to choose a container orchestration tool

Memory upgrade for Synology DS2419+

Memory upgrade for Synology DS2419+

As mentioned in memorystock.com, Synology DS2419+ can use Dual Rank Memory (16GB DDR4 PC4-19200 2400MHz SODIMM NON-ECC Unbuffered 260pin 1.2V CL15 Dual Rank MemoryStock Part# 977ms-977). But my last upgrade failed using Dual Rank memory, only Single Rank works.

Some people mentioned that Synology NAS can use 32GB RAM, but some people said it will cause data corruption if exceed max supported memory. I just upgraded my DS1812+ more than officially supported memory size, hope it will be ok.

References

Synology 64GB DDR4 Unofficial Memory Upgrade Test for DiskStation NAS
Synology NAS Unofficial Memory Upgrade Guide
Memory Upgrade for Synology DiskStation DS2419+ Computer

Renumber storage pools and volumes in Synology NAS

Renumber storage pools and volumes in Synology NAS

Story

For me, memorizing is a big issue, especially for logicless items. If it is anti-logic environment, I would make many mistakes which causes huge headache.

Numbering in Synology NAS is an issue for me, I got one volume2 but in storage pool 1, the volume1 is in storage pool 2. Normally, my thinking is simple, all packages are installed in volume1 and all iSCSI LUN created in volume1 as well, because I got SSD cache for volume1.

But above configuration confused me when ever received notification, I need to think about which volume got issue because the notification mentioned storage pool instead.

Today, thinking about change storage pool name again, because I know it is a setting hold by Synology, not Linux OS. Then I got answer.

Warning

Luckily I got issue with my DSM6, not DSM7, because they said that this can not be done in DSM7.

Renumber storage pool

Read storage pool number

# synospace --meta -e
[/dev/vg1/volume_1]
---------------------
Descriptions=[]
Reuse Space ID=[]
[/dev/vg1]
---------------------
Descriptions=[]
Reuse Space ID=[reuse_2]

Above result shows device /dev/vg1 is numbered as Storage Pool 2

Set number

To set storage pool number for specific device, use following command

# synospace --meta -s -i reuse_{storage_pool_number} {device_name}

Change volume number

Note: This one, I haven't tested. But if it works, then I might want to try to shink volume next time

Stop services

Stop all docker containers, etc., then stop all services using following command

syno_poweroff_task -d

list LV

lvm lvscan

rename LV

lvm lvrename {VG name} {old LV name} {new LV name}

Reboot

reboot

Shared folders and iSCSI services should be automatically modified and checking all you services are running correctly.

References

Renaming/renumbering storage pools and volumes
Synology Rename Volume and Storage Pool

Unplugged wrong disks in DS2419+

Unplugged wrong disks in DS2419+

Today, made a mistake, unplugged wrong disk in DS2419+, and caused it hang. At that time, I was moving 3 shared folders as well.

After hard reboot, everything back to orginal, I'm quite suprise, this is the second time I unplugged wrong disk in Synology NAS. Quite happy with this product, only one issue for me, they can not handle disk with bad sector well.