Move over upstart and make way for systemd

Earlier this week the Debian technical committee voted to make systemd the default init system for Debian. It was a nail-biter to follow, and it essentially came down to a tie-breaker vote cast by Bdale Garbee.

The result is clear: systemd will be the default init system for Debian -- and also Ubuntu -- going forward.

Mark Shuttleworth of Canonical confirmed Ubuntu's decision to follow suit in a blog post called "Losing Graciously". No drama, no attempt to revote or repeal the vote.

If only politics worked that smoothly.

Now it's time to familiarize yourself with systemd. I recommend you start writing all future init scripts in systemd.

The time frame for obsolescence of upstart and sysVinit is unclear for Ubuntu, but I predict around 7 years, so you have time to migrate.

Here's how I got that number (remember that odd number of releases are 2 year support):

13.04 is already out and obviously not part of the decision
14.04 is too far into the development stages
15.04 nobody will use because it's not "true" LTS
16.04: the only logical next release to enforce this decision.

I'll be writing more about systemd in the future. First I'm going to begin my own conversation from upstart so I can figure out how to use the dang thing. I'm glad that now I can write a service that will work across multiple distros.

Zabbix Server 2.2 with Percona 5.6 Auto Install on Ubuntu

Here's an easy-install for Zabbix server 2.2 running on Percona 5.6.

Go here to clone the repo

Zabbix is an enterprise monitoring tool. I've been using it for about two years and find it decent, though it does have shortfalls (especially when dealing with aggregate metrics). If you're dealing with less than two or three hundred hosts, then I think Zabbix is a great tool.

Percona is a high performance mysql fork. This auto-install will download the Zabbix source code and compile it. This is the easiest way I can find to installing Zabbix server without using legacy mysql software.

If you're looking for high-performance metric aggregation, then may I suggest the venerable OpenTSDB or the tried-and-true graphite? These tools can be easily integrated with Zabbix via their respective APIs.

How to install

Simply clone the repo and run:

./bootstrap

Requirements

There are a few things that are assumed. The first is that you don't have apache running or installed. If you do then beware this will nuke your default site vhost and overwrite it with a Zabbix specific one. It also assumes you don't have mysql installed.

As always you should inspect the code before running it on your system. Enjoy and let me know if you have any issues.

UDP only rsyslog server and client on Ubuntu

The first thing you'll need to do is install a new version of rsyslog. There's a bug in the version that comes along with Ubuntu 12.04 that prevents rsyslog from listening on a privileged port if you're using drop-privileges. You can read instructions for installing a newer version of rsyslog here. Once you've done that, open up /etc/rsyslog.conf and uncomment the following lines:

#$ModLoad imudp

#$UDPServerRun 514

Restart rsyslog and you're done on the server. Now head over to a client and open up /etc/rsyslog.d/50-default.conf and make the following addition to the top of the file:

*.* @your_server:514

Note that the single @ sign is what designates the sending to UDP only. Restart rsyslog on the server and you can test to see if logs are being sent using the logger command:

logger -t TEST testing

Easily convert hex to ints and vice versa with python and the command line

I've started a lot of work lately with the ssd1306 oled display (which you can pick up for a few bucks on ebay) and my raspbery pi. While sending commands I've found it useful to be able to easily convert between ints and hexadecimal strings and back again.

To convert a hexadecimal value to an int on the command line:

python -c 'print int(0x7f)'
127

And back again:

python -c 'print hex(127)
0x7f

For floats you can use the float.hex method:

python -c 'print float.hex(120.5)'
0x1.e200000000000p+6

Maybe you want that trimmed:
python -c 'print float.hex(120.5)[:7]'

0x1.e20

It's worth noting that the '-c' flag being passed to python essentially tells python that the first argument is a script it should execute normally.

Verifying JSON easily on the command line

You can pipe stdout into python -mjson.tool to validate it. It makes for quick and easy json validation on the command line.

We'll create a simple json file:

> somefile.txt
{"someval": "something", "anotherval": 3}

Now pipe this into json.tools and check the output.

$ cat somefile.txt | python -mjson.tool
{
    "anotherval": 3,
    "someval": "something"
}

Cool. It even formatted it nicely for us. Let's break it and see what happens.

Single quotes are not valid according rfc4627.

> somefile.txt
{'someval': 'something', 'anotherval': 3}

$ cat somefile.txt | python -mjson.tool
Expecting property name: line 1 column 2 (char 1)

Not the most useful traceback, but at least you know it's not valid.

Using Saltstack to manage linux users

Saltstack makes it very easy to manage users. You can use pillars to predefine all of the users and add them later, or you can define them within a single sls state file.

By example here is an sls file that will add or remove any number of users to a system. If you want the user dropped from the system, change "present" to "absent" and run it again.

Thanks Will for fixes and pointing out that if you're not on a debian system you'll want to use something else for the "adm" group.

{% set users = {
  'someuser': {
    'state': 'present',
    'fullname': 'User One',
    'pub_key': 'ssh-rsa .... '
  },
  'someuser2': {
    'state': 'present',
    'fullname': 'User two',
    'pub_key': 'ssh-rsa .... '
  }
} %}
 
{% for name, user in users.items() %}
{{ name }}:
  {% set shell = user.shell | default('/bin/bash') %}
  {% set groups = user.groups | default(['sudo', 'adm']) %}
  user.{{ user.state }}:
    - fullname: {{ user.fullname }}
    - home: /home/{{ name }}
    - shell: {{ shell }}
    - groups:
    {% for group in groups %}
      - {{ group }}
    {% endfor %}
  {% if user.state == 'present' %}
ssh_key_{{ name }}:
  ssh_auth:
    - present
    - user: {{ name }}
    - names:
      - {{ user.pub_key }}
    - require:
      - {{ name }}
  {% endif %}
{% endfor %}

Connecting your raspberry pi to your wireless network

Update: 2015-05-01

This post is now out of date! Please see the official documentation for setting up wireless on your raspberry pi.

Why Wi-fi?

What good is a little tiny computer when it always needs to be attached to your router via and ethernet cable? Not very! I like that fact that my raspberry Pi is so small that I sometimes forget where I put them.

Literally. I have three and I can't remember where the third one is. It is online, though!

The best way to unwire is to go wireless. Disregard that dumb sentence and read this guide for connecting your raspberry pi to your wireless network using WPA encryption.

You need to get your hands on a linux-compatible wireless adapter. I recommend the Edimax Nano. It's cheap and works well with linux out of the box. No driver installation necessary.

It does have at least one major drawback, and that is that it supports wireless N but not at 5Ghz, making it effectively useless for wireless N networks. If you're fine with wireless G, then it's a decent and cheap solution.

Getting Started 

If it's not already installed, install wpa_supplicant.

$ sudo apt-get -y install wpasupplicant

We're going to change the adapter mode to "managed" and assign it an essid.

Managed is probably what you want, which says that the adapter is going to be roaming and connecting to different access points. You can find other options on the iwconfig man page.

$ iwconfig wlan0 mode Managed
$ iwconfig wlan0 essid <your clever router name>

Don't remember what your clever router is called? You can easily run a scan using iwlist scan

$ iwlist scan
wlan0     Scan completed :
          Cell 01 - Address: C0:C1:C0:7B:5A:03
                    ESSID:"Abraham Linksys"
                    Protocol:IEEE 802.11bgn
                    Mode:Master
                    Frequency:2.412 GHz (Channel 1)
                    Encryption key:on
                    Bit Rates:300 Mb/s
                    Extra:rsn_ie=30180100000fac020200000fac04000fac020100000fac020c00
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    Quality=100/100  Signal level=100/100

Ah yes, that's what I called it.

Next up we need to provide wpa_supplicant with a password so it can negotiate the encryption. We'll use the command wpa_passphrase for that.

The utility takes two arguments. The first is your essid, and the second is your password. You can omit your password from the command-line and it will prompt you for it.

$ wpa_passphrase "Abraham Linksys" "password"

network={
 ssid="Abraham Linksys"
 #psk="password"
 psk=ca863518c2996944d5357729cdca5e6e459c46b05cd285e8600babaf3e76cb09
}

Looks good, let's create a conf file with it. Remember to put your actual password in the "password" field.

$ wpa_passphrase "Abraham Linksys" "password" > /etc/wpa.conf

We're almost done. Now we have a way to negotiate our encryption. The only thing left is to edit our /etc/network/intefaces file with the new stuff. Open it up and make the following changes:

$ sudo vim /etc/network/interfaces 

auto lo
iface lo inet loopback

iface eth0 inet dhcp 

auto wlan0
iface wlan0 inet dhcp

pre-up wpa_supplicant -B -Dwext -iwlan0 -c /etc/wpa.conf

You'll notice the pre-up command there. That says to load wpa_supplicant as a daemon when you bring up this interface. Here's what the various switches for wpa_supplicant do:

-B 

Daemonize, meaning run in the background

-Dwext 

Use "wext" as the driver. This is the most common one and works with edimax. 

-iwlan0

Our interface.

-c /etc/wpa.conf 

The config file to use, which we just created.

Save it and then it's time to fire it up and see if we get an IP.

$ sudo ifup wlan0
$ ifconfig wlan0

wlan0     Link encap:Ethernet  HWaddr 80:1f:02:7c:84:08
          inet addr:10.0.0.7  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:426 errors:0 dropped:506 overruns:0 frame:0
          TX packets:189 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:67453 (65.8 KiB)  TX bytes:35122 (34.2 KiB)

It sometimes takes a few seconds for your adapter to connect to your access point and get an IP address.

And we're good to go. You've broken the cat5 yoke on your raspberry pi. Now you can put it anywhere in your house. Hook it up to monitor the temperature of your fridge, or put it behind your TV and stream wireless HD video from your PC. 

Nothing we did here is exclusive to the raspberry pi. In fact, this is exactly how I set up wireless on my ubuntu server laptops. That's the beauty of the RPI: the skills you learn are valuable linux skills.

Good luck and feel free to comment if you have any questions or problems.