Tag: ubuntu

Reduce size of folder `/var/log/journal` and `/var/cache/abrt-di` in Ubuntu

Posted on by Bian Xi Leave a Comment on Reduce size of folder `/var/log/journal` and `/var/cache/abrt-di` in Ubuntu

Reduce size of folder /var/log/journal and /var/cache/abrt-di in Ubuntu

/var/log/journal

Check disk usage

journalctl --disk-usage

Change configuration

Edit /etc/systemd/journald.conf

SystemMaxUse=50M

Restart service

systemctl restart systemd-journald.service

/var/cache/abrt-di

Check Max size of the log files

$ grep -i size /etc/abrt/abrt.conf 
# Max size for crash storage [MiB] or 0 for unlimited
MaxCrashReportsSize = 1000

Check Max size of /var/cache/abrt-di

$ grep -i DebugInfoCacheMB /etc/abrt/plugins/CCpp.conf
DebugInfoCacheMB = 2000

References

Can I remove files in /var/log/journal and /var/cache/abrt-di/usr?

Switch or Boot into Text Mode in Ubuntu

Posted on by Bian Xi Leave a Comment on Switch or Boot into Text Mode in Ubuntu

Switch or Boot into Text Mode in Ubuntu

Switch into Text mode

Press Ctrl+Alt+F3 to tty3 text console, and switch back via Ctrl+Alt+F2.

Boot into Text mode

  • Edit /etc/default/grub

    • Disable GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
    • Set GRUB_CMDLINE_LINUX="text"
    • Set GRUB_TERMINAL="console" to disable graphical terminal.

  • Update grub by running command update-grub

  • Set system to multi user mode systemctl set-default multi-user.target

References

How to Boot Ubuntu 20.04 into Text / Command Console

Change configuration of `systemd-resolved`

Posted on by Bian Xi Leave a Comment on Change configuration of `systemd-resolved`

Change configuration of systemd-resolved

If the configuration in /etc/resolv.conf as below

...
nameserver=127.0.0.53
...

Most likely the DNS configuration is controlled by systemd-resolved service.

To confirm, run following command

lsof -i :53

or

ls -ld /etc/resolv.conf

Change configuration

Change /etc/resolv.conf

If change /etc/resolv.conf directly, the file will be overwritten by systemd-resolved again when next reboot, because the file /etc/resolv.conf is a link as below.

lrwxrwxrwx 1 root root 39 Oct  5  2021 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

If recreate the file /etc/resolv.conf, then it could be overwritten by systemd-resolved when run service reconfiguration.

Change /etc/systemd/resolved.conf

The configuration of systemd-resolved is in /etc/systemd/resolved.conf, it can be changed as below.

DNS=<DNS_Server>
Domains=<Doman_name>
....

References

Changing DNS with systemd-resolved

Migrate USB UEFI boot with iSCSI root Ubuntu to Proxmox VM

Posted on by Bian Xi Leave a Comment on Migrate USB UEFI boot with iSCSI root Ubuntu to Proxmox VM

Migrate USB boot with iSCSI root Ubuntu to Proxmox VM

To convert Ubuntu to Proxmox Virtual Environment, the migration is required.

Ubuntu configuration

The Ubuntu server has following configuration

  • Boots from USB device with /boot and /boot/efi filesystems.
  • Connect to iSCSI host using GRUB2 configuration
  • Root file system / is on iSCSI disk

Conversion

Create Proxmox VM

  • Create VM with 2GB disk
  • BIOS type is UEFI
  • Add EFI disk
  • Add Ubuntu Live CD and boot from CD

Create partition

Duplicating USB device partition to 2GB VM disk

Create filesystems

mkfs.vfat /dev/sda1
mkfs.btrfs /dev/sda2

Duplicate UUID

Duplicate UUID for /boot/efi

If don't change UUID for /boot/efi, later will need to change /etc/fstab file after reboot.

Duplicate UUID for /boot

Using following command to duplicate UUID for BTRFS filesystem

  • Retrieve partition from USB Ubuntu

    sfdisk -d /dev/sda

  • Create partitions on 2GB VM disk

  • Duplicate UUID of partition /boot/efi

  • Duplicate UUID of partition /boot

    btrfstune -U  /dev/sda2

Change network interface name in iSCSI configuration in Grub

  • Retrieve network interface name
ip a
  • Mount boot filesystem
mount /dev/sda2 /boot
  • Edit file /boot/grub/grub.cfg

Change all interface names in the grub.cfg.

linux /vmlinuz-5.4.0-113-generic ... ip=192.168.1.99::192.168.1.254:255.255.255.0:fish:ensXX::192.168.1.55

Reboot VM

References

Modifying a BTRFS filesystem UUID

Change partition UUID in Ubuntu

Posted on by Bian Xi Leave a Comment on Change partition UUID in Ubuntu

Change partition UUID in Ubuntu

Generate UUID

uuidgen

Change one partition

sgdisk -U <uuid> /dev/sda1

Change multiple partitions

Run following command to retrieve partitions info

sfdisk -d /dev/sda > /tmp/sda.dsk

Edit the UUID in the file /tmp/sda.dsk.

Run following command to reimport the modified partitions

sfdisk /dev/sda < /tmp/sda.dsk

References

Install OpenVPN client in ubuntu

Posted on by Bian Xi Leave a Comment on Install OpenVPN client in ubuntu

Install OpenVPN client in ubuntu

Due to PPTP might not available, OpenVPN can be a good choice.

Packages

apt install openvpn

Configuration file

Configuration file should be downloaded from OpenVPN server.

Test

openvpn --config client.ovpn

Enable option

In /etc/default/openvpn, enable following line

AUTOSTART="all"

Copy config file

cp client.ovpn /etc/openvpn/client.conf

Note: the file name should be client.conf

Enable password (Optional)

Change auth-user-pass to auth-user-pass pass in client.conf.

Then create account info in pass file, and change mode

chmod 400 /etc/openvpn/pass

Enable service

systemctl enable openvpn@client.service
systemctl daemon-reload
systemctl start openvpn@client

References

Linux - Autostart OpenVPN in systemd (Ubuntu)

Configure PPTP in Ubuntu

Posted on by Bian Xi Leave a Comment on Configure PPTP in Ubuntu

Configure PPTP in Ubuntu

Install packages

apt-get install pptp-linux

Configure password

vi /etc/ppp/chap-secrets

The format should be

pptpuser    PPTP    pptppassword    *

Create route script

Create file /etc/ppp/ip-up.d/route-traffic

#!/bin/bash

route add -net 192.168.1.0/8 dev ppp0

Change mode to executable

chmod +x /etc/ppp/ip-up.d/route-traffic

Create dial up configure

The name of file is defined as connection name, such as /etc/ppp/peers/<CONNECTON>

pty "pptp <HOST> --nolaunchpppd"
name <USER>
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam <CONNECTON>

Open filewall

iptables -A INPUT -i pptp -j ACCEPT
iptables -A OUTPUT -o pptp -j ACCEPT

Connect and disconnect

pon <CONNECTON>
poff <CONNECTION>

Troubleshooting

If didn't configure PPTP Passthrough on your NAT, then PPTP will failed.

PPTP uses a TCP channel on port 1723 for control and the GRE protocol to encapsulate data and create a VPN tunnel. The issue isn’t really PTPP itself but GRE; GRE doesn’t use ports. Since a requirement of NAT is that the connection must use an IP address and port number it doesn’t work with GRE. This is what PTPP passthrough addresses.

References

Set up Linux PPTP Client from the Terminal
Connect to PPTP server via command line on Ubuntu
pptp - 'Administrative Shutdown'. Error code is 0, Cause code is 0

Run do-release-upgrade to ubuntu 21.10

Posted on by Bian Xi Leave a Comment on Run do-release-upgrade to ubuntu 21.10

Run do-release-upgrade to ubuntu 21.10

Looks like a simple task, but ending with many things to do...

No screen

After run do-release-upgrade, I went to sleep, then ssh connection dropped due to iMac auto sleep. The installation stopped at asking question of grub installation.

When I check the process, got a process similar to below one, which is still at pts/1, which means the process is still running at another virtual terminal.

/usr/bin/python3 /tmp/ubuntu-release-upgrader-qzt422az/focal --mode=server --frontend=DistUpgradeViewText

When I try to run do-release-upgrade again, got following message.

# do-release-upgrade 
Checking for a new Ubuntu release
No new release found.

Then I try to run apt install screen, says apt is locked by process nnnn.

As suggested by others, I killed the process nnnn, and run following command, then the terminal change to installation virtual screen, and continued.

dpkg --configure -a

Error on grub-efi

Then got following error

# dpkg --configure -a
Setting up grub-efi-amd64-signed (1.173+2.04-1ubuntu47) ...
NTFS signature is missing.
Failed to mount '/dev/sda1': Invalid argument
The device '/dev/sda1' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?
dpkg: error processing package grub-efi-amd64-signed (--configure):
 installed grub-efi-amd64-signed package post-installation script subprocess returned error exit status 12
Errors were encountered while processing:
 grub-efi-amd64-signed

As suggested by others, I ran following commands, which remove grub2 and install grub, then no error any more.

Note: do backup of /etc/default/grub, and verify the contents. I didn't do this, caused more issues later

apt-get purge grub\*
sudo apt-get install grub-efi
sudo apt-get autoremove
sudo update-grub

No zpool found during reboot

The system go into initramfs mode after reboot, looks like iSCSI devices not found.

Then I booted from CD again, and found that iSCSI configuration in /etc/default/grub was missing.

After login to iSCSI, I mirror back the bpool and rpool back to local disk, and run following command to fix it.

update-initramfs -v -k $(uname -r) -c
update-grub

Forgot waiting for resilvering finish

Forgot wait for zpool sync finish, the I rebooted the server.

Note: Some people said it is ok, but my case is NOT OK.

After perform zpool resync again, got following error with local partition CKSUM = 1.

One or more devices has experienced an unrecoverable error.

This was caused by reboot, just perform following command to clean the flag.

zpool clear rpool

Booting hung

This is an old issue, caused by network shutdown before iSCSI drive dismount. Run following command,

systemctl edit --full open-iscsi.service

Comment out the following line

#ExecStop=/lib/open-iscsi/logout-all.sh

References

Sub-process /usr/bin/dpkg returned an error code (1)

Enable 2FA for Ubuntu

Posted on by Bian Xi Leave a Comment on Enable 2FA for Ubuntu

Enable 2FA for Ubuntu

Steps

Note: Do not logout from system before testing completed

  • Installing the Google Authenticator PAM module
sudo apt install libpam-google-authenticator
  • Configuring SSH

Add the following line at end of /etc/pam.d/sshd file

auth required pam_google_authenticator.so
  • Enable Challenge Response Authentication

Modify /etc/ssh/sshd_config

ChallengeResponseAuthentication yes
  • Disable password authentication

Modify /etc/ssh/sshd_config

PasswordAuthentication no
  • Restart the sshd daemon
sudo systemctl restart sshd.service

Configuring authentication for user

In a terminal, run following command:

google-authenticator

Anwser using recommended configuration:

Make tokens “time-base””: yes
Update the .google_authenticator file: yes
Disallow multiple uses: yes
Increase the original generation time limit: no
Enable rate-limiting: yes

Use Authy scan QR code and save it.

Testing

  • Disable user authorized_keys using root account
cd ~user
mv .ssh/authorized_keys .ssh/authorized_
  • Connect as the user using SSH

Note: Use Authy generate Verification code.

ssh host.example.com
Password: 
Verification code: 
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-90-generic x86_64)
  • Enable authorized_keys
mv .ssh/authorized_ .ssh/authorized_keys
  • Exit
exit
  • Connect as the user again using SSH
$ ssh host.example.com
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-90-generic x86_64)
  • Test sudo
$ sudo -i
[sudo] password for user:
#

Consolution

  • Disable SSH PasswordAuthentication is not effected, password is still required.

  • Enable public key authentication using authorized_keys will disable 2FA key, this is good for service account

  • Do not configure sudo, /etc/pam.d/sudo is not modified, especially when using it for none password execution, such as running in services.

  • Console access will not using 2FA, because this confiugration is for SSH.

References

Configure SSH to use two-factor authentication
How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04
Note: This was not successful, the document is wrong at following point. I think the second publickey should not be there

AuthenticationMethods publickey,password publickey,keyboard-interactive