Linux | Tom's Notes

Challenge with FM radio signal… Raspberry Pi to the rescue!

By Tomica Kaniski in Other 27/03/2023 2 Comments

Not so long ago (actually, a weekend or two ago), I was presented with a real-life issue – an issue that needs to be taken care of… ASAP!

Production was suffering. Production of high-quality foods in my mom’s kitchen, that is! 🙂

So, what was the issue?

To better help you understand the issue, we need to introduce you to the environment first – there’s my mom’s kitchen, from where many amazing dishes come out on a daily basis.

And there’s a small FM radio in this kitchen, providing her company when cooking alone – nothing special, but it’s an essential part of the kitchen (and the overall cooking process)!

About two weekends ago, the user (mom) starts complaining that the radio is having issues with the reception of her favorite FM station. It’s not good when users start complaining, of course. Especially if they are the important ones!

If this isn’t taken care of, production (of food) may suffer! 🙂

So, let’s solve the issue.

As nothing has changed from the FM radio perspective, it seems that the issue is somewhere else. After a short research, it seems that adding a new frequency to the user’s favorite radio station somehow impacted the remaining two (one of which we were using)… and now we’re having bad reception.

Tried to switch to the other two frequencies… didn’t help. This station is transmitted in at least three frequencies, but none of it provides us a good reception anymore.

Even tried with another antenna… no luck.

Switching to another radio station… is not an option. 🙂

When I was thinking about other options, I remembered that this radio station also streams over the Internet (like the example I’m using below)!

Splendid!

As I had this spare Raspberry Pi just standing there, collecting dust, an idea was born – turn it into the “Internet radio”!

The initial solution needs to be basic as possible, headless, work as soon as connected, wireless (as much as possible), and stream the radio station in question. Rather than ditching the FM radio, I’ll use it for the output part – so, Raspberry Pi’s 3,5mm output as an input to the AUX IN of the FM radio, using its amplifier and speakers (switching to AUX input is just one click away, which is fine).

I started by preparing my Raspberry Pi:

downloaded Raspberry Pi Imager
used it to download and customize the Raspbian image (Raspberry PI OS (32-bit)):
- set hostname
- enabled SSH
- set username and password
- configured wireless LAN
- configured locale settings
booted my Raspberry Pi and did additional configuration via the included raspi-config utility:
- configured System Options – Boot/Auto Login – Console Autologin
- configured some other tiny things (like extending the storage, etc.)

Now it seems that I’m prepared for bringing up the “software part”.

After some reading and trying things out, I decided to go with VLC Player.

Now I just need to make it play what I want, play it on power on and without any other interaction.

Luckily, it’s not thaaat hard! 🙂

### check that you have your radio station's stream address (the right one)!
### i'll use https://audio.radio-banovina.hr:9998/stream, not https://www.radio-banovina.hr/uzivo/

# install all updates:
sudo apt update && sudo apt dist-upgrade -y

# install VLC (if not already):
sudo apt install vlc -y

# when I tried to play the stream, I got an error stating that the TLS certificate is not trusted
# so, I downloaded and copied CA (AlphaSSL CA - SHA256 - G2) and Root CA (GlobalSign Root CA) certificates into the /usr/local/share/ca-certificates/:
sudo cp *.crt /usr/local/share/ca-certificates/*

# and updated the certificates in use:
sudo update-ca-certificates

# that took care of the TLS error and stream could finally run:
vlc https://audio.radio-banovina.hr:9998/stream

### check that you have your radio station's stream address (the right one)!

### i'll use https://audio.radio-banovina.hr:9998/stream, not https://www.radio-banovina.hr/uzivo/

# install all updates:

sudo apt update && sudo apt dist-upgrade -y

# install VLC (if not already):

sudo apt install vlc -y

# when I tried to play the stream, I got an error stating that the TLS certificate is not trusted

# so, I downloaded and copied CA (AlphaSSL CA - SHA256 - G2) and Root CA (GlobalSign Root CA) certificates into the /usr/local/share/ca-certificates/:

sudo cp *.crt /usr/local/share/ca-certificates/*

# and updated the certificates in use:

sudo update-ca-certificates

# that took care of the TLS error and stream could finally run:

vlc https://audio.radio-banovina.hr:9998/stream

Great! That works if I manually start it… and there are no issues.

For the autostart part, I’m choosing to run it as a service, so:

### create the service file /etc/systemd/system/runRadio.service:
sudo nano /etc/systemd/system/runRadio.service

### inside the file, insert something like this:
[Unit]
Description=runRadio

[Service]
User=tomica
Environment="DISPLAY=:0"
ExecStartPre=/bin/sleep 30
ExecStart=/usr/bin/vlc -I dummy "https://audio.radio-banovina.hr:9998/stream"
WorkingDirectory=/home/tomica
Restart=always

[Install]
WantedBy=multi-user.target

### to register this service, I'm using standard commands:
sudo systemctl enable runRadio.service
sudo systemctl start runRadio.service
sudo systemctl status runRadio.service

### tips:
### - VLC shouldn't start with 'root', so this is why I'm using a user 'tomica'
### - -I dummy is something I learned during troubleshooting - it doesn't work (as a service) without specifying the correct (I)nterface!
### -  also, I'm using sleep 30 to make sure everything is up before starting a player (could be nicer, but... works!)

### create the service file /etc/systemd/system/runRadio.service:

sudo nano /etc/systemd/system/runRadio.service

### inside the file, insert something like this:

[Unit]

Description=runRadio

[Service]

User=tomica

Environment="DISPLAY=:0"

ExecStartPre=/bin/sleep 30

ExecStart=/usr/bin/vlc -I dummy "https://audio.radio-banovina.hr:9998/stream"

WorkingDirectory=/home/tomica

Restart=always

[Install]

WantedBy=multi-user.target

### to register this service, I'm using standard commands:

sudo systemctl enable runRadio.service

sudo systemctl start runRadio.service

sudo systemctl status runRadio.service

### tips:

### - VLC shouldn't start with 'root', so this is why I'm using a user 'tomica'

### - -I dummy is something I learned during troubleshooting - it doesn't work (as a service) without specifying the correct (I)nterface!

### - also, I'm using sleep 30 to make sure everything is up before starting a player (could be nicer, but... works!)

And… that’s it!

With a few hits and misses, there’s finally a simple wireless Internet radio, which starts playing once Raspberry Pi powers on (and connects to WiFi, and waits for 30 seconds, of course)! No more bad FM reception and the user is satisfied! 🙂

Cheers!

Found my forgotten Raspberry Pi

By Tomica Kaniski in Other 07/12/2020 2 Comments

And, naturally, decided to put it to use (although, for exactly what… is currently unclear). ?

So… how?

As there was already a micro SD card inside my Raspberry Pi, I was all set!

Basically, what I had to do:

download the OS image (Raspberry Pi OS Lite)
download imaging software (Etcher)
extract the OS onto micro SD card
enable SSH by adding an empty file called “ssh” (yes, without any extension) to the boot volume
boot it up
set it up as I like

Extracting the OS image onto micro SD card is a “breeze” with right tools – select OS image, select where do you want to put it and click Flash:

After it’s finished, don’t forget to enable yourself the SSH access (it’s easier that way):

Done.

Let’s put the card back into Raspberry Pi and boot it up.

Few seconds later, you can use (e.g.) Windows Terminal and included SSH client to access your Raspberry Pi (default networking option is DHCP, with default username of pi and password raspberry):

I wanted to “tweak” my installation a bit (with the provided raspi-config script), so I’ve used the following for disabling unnecessary devices, custom network settings, etc.:

# raspi-config script is located in /usr/bin/raspi-config
# settings (some of them) are located in /boot/config.txt

# update the raspi-config script (or you can use 'sudo raspi-config nonint do_update') and vim... is nice to have
sudo apt update
sudo apt install -y raspi-config vim

# set static ip address (configure in '/etc/dhcpcd.conf', can check interfaces with 'ip link' - can be done nicer, but... :))
echo 'interface eth0' | sudo tee -a /etc/dhcpcd.conf
echo 'static ip_address=192.168.12.101/24' | sudo tee -a /etc/dhcpcd.conf
echo 'static routers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf
echo 'static domain_name_servers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf

# set password (for user 'pi')
echo "pi:MyExtraSecretPass#123" | sudo chpasswd

# set boot options to my liking
sudo raspi-config nonint do_boot_behaviour B1
sudo raspi-config nonint do_boot_wait 1

# set/disable unnecessary interfaces
sudo raspi-config nonint do_camera 1
sudo raspi-config nonint do_ssh 0
sudo raspi-config nonint do_vnc 1
sudo raspi-config nonint do_spi 1
sudo raspi-config nonint do_i2c 1
sudo raspi-config nonint do_serial 1
sudo raspi-config nonint do_onewire 1
sudo raspi-config nonint do_rgpio 1
sudo raspi-config nonint do_memory_split 16
sudo raspi-config nonint do_expand_rootfs
sudo raspi-config nonint do_wifi_country HR
sudo raspi-config nonint do_change_timezone Europe/Zagreb

# upgrade packages and set hostname
sudo apt upgrade -y
sudo raspi-config nonint do_hostname pimaster
sudo reboot

# ssh back into your pimaster
ssh pi@192.168.12.101

# raspi-config script is located in /usr/bin/raspi-config

# settings (some of them) are located in /boot/config.txt

# update the raspi-config script (or you can use 'sudo raspi-config nonint do_update') and vim... is nice to have

sudo apt update

sudo apt install -y raspi-config vim

# set static ip address (configure in '/etc/dhcpcd.conf', can check interfaces with 'ip link' - can be done nicer, but... :))

echo 'interface eth0' | sudo tee -a /etc/dhcpcd.conf

echo 'static ip_address=192.168.12.101/24' | sudo tee -a /etc/dhcpcd.conf

echo 'static routers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf

echo 'static domain_name_servers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf

# set password (for user 'pi')

echo "pi:MyExtraSecretPass#123" | sudo chpasswd

# set boot options to my liking

sudo raspi-config nonint do_boot_behaviour B1

sudo raspi-config nonint do_boot_wait 1

# set/disable unnecessary interfaces

sudo raspi-config nonint do_camera 1

sudo raspi-config nonint do_ssh 0

sudo raspi-config nonint do_vnc 1

sudo raspi-config nonint do_spi 1

sudo raspi-config nonint do_i2c 1

sudo raspi-config nonint do_serial 1

sudo raspi-config nonint do_onewire 1

sudo raspi-config nonint do_rgpio 1

sudo raspi-config nonint do_memory_split 16

sudo raspi-config nonint do_expand_rootfs

sudo raspi-config nonint do_wifi_country HR

sudo raspi-config nonint do_change_timezone Europe/Zagreb

# upgrade packages and set hostname

sudo apt upgrade -y

sudo raspi-config nonint do_hostname pimaster

sudo reboot

# ssh back into your pimaster

ssh pi@192.168.12.101

And after a while, my Raspberry Pi is finally ready:

Cheers!

Figuring out your public IP address with PowerShell

By Tomica Kaniski in Other 23/07/2019 0 Comment

Sometimes, you need to know your public IP address because of… reasons. My particular reason was creating firewall rule to limit SSH only from my current public IP address, to a machine on the Internet. And how to do it?

You can always use free services like What Is My IP?, which shows you your public IP address in a nice form:

But there are also other ways – if you’re running Linux (or WSL) and do a Google search for the command that can help you, you’ll probably get this (https://askubuntu.com/questions/95910/command-for-determining-my-public-ip?noredirect=1&lq=1):

curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

1	curl -s checkip.dyndns.org \| sed -e 's/.Current IP Address: //' -e 's/<.$//'

And if you’re using Windows, PowerShell is here to help you! I like “oneliners”, even if they are not always easy to read:

($($(Invoke-WebRequest -Uri "http://checkip.dyndns.org").ParsedHtml.getElementsByTagName('body')).innerText).TrimStart("Current IP Address: ")

1	($($(Invoke-WebRequest -Uri "http://checkip.dyndns.org").ParsedHtml.getElementsByTagName('body')).innerText).TrimStart("Current IP Address: ")

I’m sure that my friend Aleksandar (PowerShell guru & Microsoft MVP) has a better way, but for me, this works just fine. 🙂

Hope it helps!

Cheers!

Creating some virtual machines in Azure with PowerShell

By Tomica Kaniski in Other 15/03/2019 0 Comment

The other day I was creating some Linux virtual machines (I know, I know…) and, with Azure being my preferred hosting platform, I’ve decided to create this machines by using a simple PowerShell script. Not because I’m so good at PowerShell, but because I like it… and sometimes I really don’t like clicking through the wizard to create multiple machines.

I wanted to create multiple machines with ease, each with “static” IP address from the provided subnet, accessible via the Internet (SSH, HTTP) and running the latest Ubuntu Linux, of course.

So, I was browsing through the official documentation (a.k.a. docs.com, more specifically https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-powershell), and I’ve come up with this (my version of the official docs):

# prerequisites
Install-Module -Name Az -AllowClobber -Scope CurrentUser

# connect to Azure
Connect-AzAccount
Select-AzSubscription "<YOUR_SUBSCRIPTION_ID>"

# create VMs
$vmname = "myVM1"
$ip = "10.11.11.11"
$rg = "myResourceGroup"
$loc = "WestEurope"
$vnet = Get-AzVirtualNetwork -Name $rg -ResourceGroupName $rg
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnet.Name -VirtualNetwork $vnet
$pip = New-AzPublicIpAddress -Name "$vmname-pip" -ResourceGroupName $rg -Location $loc -AllocationMethod Dynamic -IdleTimeoutInMinutes 4
$nsg_ssh = New-AzNetworkSecurityRuleConfig -Name "ssh" -Protocol "Tcp" -Direction "Inbound" -Priority 300 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22 -Access "Allow"
$nsg_web = New-AzNetworkSecurityRuleConfig -Name "web" -Protocol "Tcp" -Direction "Inbound" -Priority 301 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Access "Allow"
$nsg = New-AzNetworkSecurityGroup -Name "$vmname-nsg" -ResourceGroupName $rg -Location $loc -SecurityRules $nsg_ssh,$nsg_web
if(Test-AzPrivateIPAddressAvailability -IPAddress $ip -ResourceGroupName $rg -VirtualNetworkName $vnet.Name){
  $ipconfig = New-AzNetworkInterfaceIpConfig -Name "$vmname-ip" -Subnet $subnet -PrivateIpAddress $ip -PublicIpAddress $pip
  $nic = New-AzNetworkInterface -Name "$vmname-nic" -ResourceGroupName $rg -Location $loc -IpConfiguration $ipconfig -NetworkSecurityGroupId $nsg.Id
}
$securePassword = ConvertTo-SecureString ' ' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("tomica", $securePassword)
$vmConfig = New-AzVMConfig -VMName $vmname -VMSize "Standard_A1_v2" | Set-AzVMOperatingSystem -Linux -ComputerName $vmname -Credential $cred -DisablePasswordAuthentication | Set-AzVMSourceImage -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "18.10" -Version "latest" | Add-AzVMNetworkInterface -Id $nic.Id
$sshPublicKey = cat ~/.ssh/id_rsa.pub
Add-AzVMSshPublicKey -VM $vmconfig -KeyData $sshPublicKey -Path "/home/tomica/.ssh/authorized_keys"
New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig

# prerequisites

Install-Module -Name Az -AllowClobber -Scope CurrentUser

# connect to Azure

Connect-AzAccount

Select-AzSubscription "<YOUR_SUBSCRIPTION_ID>"

# create VMs

$vmname = "myVM1"

$ip = "10.11.11.11"

$rg = "myResourceGroup"

$loc = "WestEurope"

$vnet = Get-AzVirtualNetwork -Name $rg -ResourceGroupName $rg

$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnet.Name -VirtualNetwork $vnet

$pip = New-AzPublicIpAddress -Name "$vmname-pip" -ResourceGroupName $rg -Location $loc -AllocationMethod Dynamic -IdleTimeoutInMinutes 4

$nsg_ssh = New-AzNetworkSecurityRuleConfig -Name "ssh" -Protocol "Tcp" -Direction "Inbound" -Priority 300 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22 -Access "Allow"

$nsg_web = New-AzNetworkSecurityRuleConfig -Name "web" -Protocol "Tcp" -Direction "Inbound" -Priority 301 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Access "Allow"

$nsg = New-AzNetworkSecurityGroup -Name "$vmname-nsg" -ResourceGroupName $rg -Location $loc -SecurityRules $nsg_ssh,$nsg_web

if(Test-AzPrivateIPAddressAvailability -IPAddress $ip -ResourceGroupName $rg -VirtualNetworkName $vnet.Name){

$ipconfig = New-AzNetworkInterfaceIpConfig -Name "$vmname-ip" -Subnet $subnet -PrivateIpAddress $ip -PublicIpAddress $pip

$nic = New-AzNetworkInterface -Name "$vmname-nic" -ResourceGroupName $rg -Location $loc -IpConfiguration $ipconfig -NetworkSecurityGroupId $nsg.Id

}

$securePassword = ConvertTo-SecureString ' ' -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ("tomica", $securePassword)

$vmConfig = New-AzVMConfig -VMName $vmname -VMSize "Standard_A1_v2" | Set-AzVMOperatingSystem -Linux -ComputerName $vmname -Credential $cred -DisablePasswordAuthentication | Set-AzVMSourceImage -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "18.10" -Version "latest" | Add-AzVMNetworkInterface -Id $nic.Id

$sshPublicKey = cat ~/.ssh/id_rsa.pub

Add-AzVMSshPublicKey -VM $vmconfig -KeyData $sshPublicKey -Path "/home/tomica/.ssh/authorized_keys"

New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig

If this helps you with similar task – you’re welcome.

Cheers!

Software Management in Linux (Packt)

By Tomica Kaniski in Other 05/12/2018 0 Comment

Learn software management with advanced Linux administration in this tutorial by Frederik Vos, a Linux trainer and evangelist and a senior technical trainer of virtualization technologies, such as Citrix XenServer and VMware vSphere.

— post by Frederik Vos, provided by Packt —

Software management

In the old days, installing software was a matter of extracting an archive to a filesystem. There were several problems with this approach:

It was difficult to remove the software if the files were copied into directories that were also used by another software
It was difficult to upgrade software, maybe because the files were still in use or were renamed
It was difficult to handle shared libraries

That’s why Linux distributions invented software managers.

The RPM software manager

In 1997, Red Hat released the first version of their package manager, RPM. Other distributions such as SUSE adopted this package manager. RPM is the name of the rpm utility, as well as the name of the format and the filename extension.

The RPM package contains the following:

A CPIO archive
Metadata with information about the software, such as a description and dependencies
Scriptlets for pre and post-installation scripts

In the past, Linux administrators used the rpm utility to install/update and remove software on a Linux system. If there was a dependency, the rpm command was able to tell exactly which other packages you needed to install. However, the rpm utility couldn’t fix the dependencies or possible conflicts between packages.

Nowadays, the rpm utility isn’t used any longer to install or remove software; instead, you use more advanced software installers. After the installation of software with yum (Red Hat/CentOS) or zypper (SUSE), all the metadata goes into a database. Querying this rpm database with the rpm command can be very handy.

A list of the most common rpm query parameters are as follows:

Parameter	Description
-qa	List all the installed packages.
-qi <software>	List information.
-qc <software>	List the installed configuration files.
-qd <software>	List the installed documentation and examples.
-ql <software>	List all the installed files.
-qf <filename>	Shows the package that installed this file
-V <software>	Verifies the integrity/changes after the installation of a package; use -va to do it for all installed software.
-qp	Use this parameter together with other parameters if the package is not already installed. It’s especially useful if you combine this parameter with –script to investigate the pre and post-installation scripts in the package.

The following screenshot is an example of getting information about the installed SSH server package:

The output of the -V parameter indicates that the modification time has changed since the installation. Now, make another change in the sshd_config file:

sudo cp /etc/ssh/sshd_config /tmp
sudo sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config

1 2	sudo cp /etc/ssh/sshd_config /tmp sudo sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config

If you verify the installed package again, there is an S added to the output, indicating that the file size is different, and a T, indicating that the modification time has changed:

Other possible characters in the output are as follows:

S	File size
M	Mode (permissions)
5	Checksum
D	Major/minor on devices
L	Readlink mismatch
U	User ownership
G	Group ownership
T	Modification time
P	Capabilities

For text files, the diff command can help show the differences between the backup in the /tmp directory and the configuration in /etc/ssh:

sudo diff /etc/ssh/sshd_config /tmp/sshd_config

1	sudo diff /etc/ssh/sshd_config /tmp/sshd_config

You can also restore the original file as follows:

sudo cp /tmp/sshd_config /etc/ssh/sshd_config

1	sudo cp /tmp/sshd_config /etc/ssh/sshd_config

The DPKG software manager

The Debian distribution doesn’t use the RPM format; instead, it uses the DEB format invented in 1995. The format is in use on all Debian and Ubuntu-based distributions.

A DEB package contains:

A file, debian-binary, with the version of the package
An archive file, control.tar, with metadata (package name, version, dependencies, and maintainer)
An archive file, data.tar, containing the actual software

Management of DEB packages can be done with the dpkg utility. Like rpm, the utility is not in use any longer to install software. Instead, the more advanced apt command is used. All the metadata goes into a database, which can be queried with dpkg or dpkg-query.

The important parameters of dpkg-query are as follows:

-l	Lists all the packages without parameters, but you can use wildcards, for example, dpkg -l ssh
-L <package>	Lists files in an installed package
-p <package>	Shows information about the package
-s <package>	Shows the state of the package

The first column from the output of dpkg -l also shows a status as follows:

The first character in the first column is the desired action, the second is the actual state of the package, and a possible third character indicates an error flag (R). ii means that the package is installed.

The possible desired states are as follows:

(u) unknown
(h) hold
(r) remove
(p) urge

The important package states are as follows:

n(ot) installed
H(a)lf installed
Hal(F) configured

Software management with YUM

Your Update Manager or Yellowdog Updater Modified (YUM) is a modern software management tool that was introduced by Red Hat in Enterprise Linux version 5, replacing the up2date utility. It is currently in use in all Red Hat-based distributions but will be replaced with dnf, which is used by Fedora. The good news is that dnf is syntax-compatible with yum.

Yum is responsible for:

Installing software, including dependencies
Updating software
Removing software
Listing and searching for software

The important basic parameters are as follows:

Command	Description
yum search	Search for software based on package name/summary
yum provides	Search for software based on a filename in a package
yum install	Install software
yum info	Information and status
yum update	Update all software
yum remove	Remove software

You can also install patterns of software, for instance, the pattern or group File and Print Server is a convenient way to install the NFS and Samba file servers together with the Cups print server:

Command	Description
yum groups list	List the available groups.
yum groups install	Install a group.
yum groups info	Information about a group, including the group names that are in use by the Anaconda installer. This information is important for unattended installations.
yum groups update	Update software within a group.
yum groups remove	Remove the installed group.

Another nice feature of yum is working with history:

Command	Description
yum history list	List the tasks executed by yum
yum history info <number>	List the content of a specific task
yum history undo <number>	Undo the task; a redo is also available

The yum command uses repositories to be able to do all the software management. To list the currently configured repositories, use:

yum repolist

1	yum repolist

To add another repository, you’ll need the yum-config-manager tool, which creates and modifies the configuration files in /etc/yum.repos.d. For instance, if you want to add a repository to install Microsoft SQL Server, use the following:

yum-config-manager --add-repo \
  https://packages.microsoft.com/config/rhel/7/\
  mssql-server-2017.repo

yum-config-manager --add-repo \

https://packages.microsoft.com/config/rhel/7/\

mssql-server-2017.repo

The yum functionality can be extended with plugins, for instance, to select the fastest mirror, enabling the filesystem / LVM snapshots and running yum as a scheduled task (cron).

Software management with Zypp

SUSE, like Red Hat, uses RPM for package management. But instead of using yum, they use another toolset with Zypp (also known as libZypp) as backend. Software management can be done with the graphical configuration software YaST or the command-line interface tool Zypper. The important basic parameters are as follows:

Command	Description
zypper search	Search for software
zypper install	Install software
zypper remove	Remove software
zypper update	Update software
zypper dist-upgrade	Perform a distribution upgrade
zypper info	Show information

There is a search option to search for a command, what-provides, but it’s very limited. If you don’t know the package name, there is a utility called cnf instead. Before you can use cnf, you’ll need to install scout; this way, the package properties can be searched:

sudo zypper install scout

1	sudo zypper install scout

After this, you can use cnf:

If you want to update your system to a new distribution version, you have to modify the repositories first. For instance, if you want to update from SUSE LEAP 42.3 to version 15.0, execute the following procedure:

First, install the available updates for your current version:

sudo zypper update

1	sudo zypper update

Update to the latest version in the 42.3.x releases:

sudo zypper dist-upgrade

1	sudo zypper dist-upgrade

Modify the repository configuration:

sudo sed -i 's/42.3/15.0/g' /etc/zypp/repos.d/repo*.repo

1	sudo sed -i 's/42.3/15.0/g' /etc/zypp/repos.d/repo*.repo

Initialize the new repositories:

sudo zypper refresh

1	sudo zypper refresh

Install the new distribution:

sudo zypper dist-upgrade

1	sudo zypper dist-upgrade

Now, reboot after the distribution upgrade.

Besides installing packages, you can also install the following:

patterns: Groups of packages, for instance, to install a complete web server including PHP and MySQL (also known as a lamp)
patches: Incremental updates for a package
products: Installation of an additional product

To list the available patterns, use:

zypper patterns

1	zypper patterns

To install them, use:

sudo zypper install --type pattern <pattern>

1	sudo zypper install --type pattern <pattern>

The same procedure applies to patches and products. Zypper uses online repositories to view the currently configured repositories:

sudo zypper repos

1	sudo zypper repos

You can add repositories with the addrepo parameter, for instance, to add a community repository for the latest PowerShell version on LEAP 15.0:

sudo zypper addrepo \
  https://download.opensuse.org/repositories\
  /home:/aaptel:/powershell-stuff/openSUSE_Leap_15.0/\
  home:aaptel:powershell-stuff.repo

sudo zypper addrepo \

https://download.opensuse.org/repositories\

/home:/aaptel:/powershell-stuff/openSUSE_Leap_15.0/\

home:aaptel:powershell-stuff.repo

If you add a repository, you must always refresh the repositories:

sudo zypper refresh

1	sudo zypper refresh

Software management with apt

In Debian/Ubuntu-based distributions, software management is done via the apt utility, which is a recent replacement for the utilities, apt-get and apt-cache.

The most-used commands include:

Command	Description
apt list	List packages
apt search	Search in descriptions
apt install	Install a package
apt show	Show package details
apt remove	Remove a package
apt update	Update catalog of available packages
apt upgrade	Upgrade the installed software
apt edit-sources	Edit the repository configuration

Repositories are configured in /etc/apt/sources.list and files in the /etc/apt/sources.list.d/ directory. Alternatively, there is a command, apt-add-repository, available:

apt-add-repository \
  'deb http://myserver/path/to/repo stable'

1 2	apt-add-repository \ 'deb http://myserver/path/to/repo stable'

The apt repositories have the concept of release classes:

Old stable, tested in the previous version of a distribution
Stable
Testing
Unstable

They also have the concept of components:

Main: Tested and provided with support and updates
Contrib: Tested and provided with support and updates, but there are dependencies that are not in main, but for instance, in non-free
Non-free: Software that isn’t compliant with the Debian Social Contract Guidelines (https://www.debian.org/social_contract#guidelines)

Ubuntu adds some extra components:

Universe: Community provided, no support, updates possible
Restricted: Proprietary device drivers
Multiverse: Software restricted by copyright or legal issues

If you found this article interesting, you can explore Frederik Vos’ Hands-On Linux Administration on Azure to administer Linux on Azure. Hands-On Linux Administration on Azure will help you efficiently run Linux-based workloads in Azure and make the most of the important tools required for deployment.

Cheers!

Deploying Linux machines by using System Center 2016: Virtual Machine Manager templates

By Tomica Kaniski in Other 04/09/2017 0 Comment

In light of “Microsoft loves Linux” initiative, you can now deploy your Linux virtual machines by using templates in the System Center 2016: Virtual Machine Manager. As I was searching on how to do this (successfully), there were couple of articles that helped, so I’ve decided to do a short list of all the necessary steps (in one place).

Steps to make your Linux VM template deployments work:

create a new (Generation 2) virtual machine (as you would normally do)
install the Linux operating system in that virtual machine (as you would normally do)
- HINT: A list of supported Linux distributions and versions on Hyper-V is available here.
install the Linux Integration Services (LIS) (as per this post):
- open the “modules” file
  
  Shell
  
  sudo nano /etc/initramfs-tools/modules
  
  1
  
  sudo nano /etc/initramfs-tools/modules
- add the following to the end of this file:
  
  hv_vmbus hv_storvsc hv_blkvsc hv_netvsc
  
  1
  2
  3
  4
  
  hv_vmbus
  hv_storvsc
  hv_blkvsc
  hv_netvsc

- save it (Ctrl+X and Y)
- install LIS and reboot the machine by using the following commands:
  
  Shell
  
  sudo apt-get install --install-recommends linux-tools-virtual-lts-xenial linux-cloud-tools-virtual-lts-xenial sudo update-initramfs -u sudo reboot
  
  1
  2
  3
  
  sudo apt-get install --install-recommends linux-tools-virtual-lts-xenial linux-cloud-tools-virtual-lts-xenial
  sudo update-initramfs -u
  sudo reboot
- check if the services are running by using the command:
  
  Shell
  
  sudo lsmod
  
  1
  
  sudo lsmod
install the Virtual Machine Manager agent (as per this post):
- share the folder C:\Program Files\Microsoft System Center 2016\Agents\Linux on your VMM machine
- copy the VMM agent files to Linux virtual machine
  - as a real Windows admin, I did it through the GUI
- install the agent:
  
  Shell
  
  sudo ./install scvmmguestagent.1.0.2.1075.x64.tar
  
  1
  
  sudo ./install scvmmguestagent.1.0.2.1075.x64.tar
fix the boot for Generation 2 virtual machine (boot information is by default stored in the VM configuration file, not on disk – Ben wrote a great article on this “issue”)
- Ben’s way (didn’t work for me):
  - change directory to the boot EFI directory
    
    Shell
    
    sudo cd /boot/efi/EFI
    
    1
    
    sudo cd /boot/efi/EFI
  - copy the ubuntu directory in to a new directory named boot
    
    Shell
    
    sudo cp -r ubuntu/ boot
    
    1
    
    sudo cp -r ubuntu/ boot
  - change directory to the newly created boot directory
    
    Shell
    
    sudo cd boot
    
    1
    
    sudo cd boot
  - rename the shimx64.efi file
    
    Shell
    
    sudo mv shimx64.efi bootx64.efi
    
    1
    
    sudo mv shimx64.efi bootx64.efi
- TriJetScud’s way in the comments (worked for me with Ubuntu 16.04 Generation 2 VM):
  
  Shell
  
  sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --no-nvram --removable
  
  1
  
  sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --no-nvram --removable
shutdown the virtual machine and copy its VHDX to the VMM Library
- HINT: Don’t forget to refresh the VMM Library.
go to the VMM Library, right-click the copied VHDX and select the Create VM template option
proceed with creating the template as you normally would, to the part Configure Operating System
- HINT: If you are using Secure boot, don’t forget to select the MicrosoftUEFICertificateAuthority template in hardware settings.
there, under Guest OS profile, you select the option to create a new Linux operating system customization settings
next you specify your guest OS settings and finish creating the template
now you can create a new Linux virtual machine from the template you’ve configured!

Hope it helps!

Cheers!

Office 365 and BIND

By Tomica Kaniski in Other 15/07/2014 15 Comments

And now… something completely different. Smile

The other day I was “playing” with setting up Office 365 for one of our clients – they have Linux machines for their DNS servers, and BIND as their DNS solution. As this was my first encounter with configuring BIND by myself, I just wanted to share steps I’ve taken to make it work (in my lab environment) – maybe it will help someone…

DISCLAIMER: I’m not a Linux/UNIX expert! I try to figure out what I need, and then try to make this work… with the help of Internet resources (or experts), of course. There is plenty of resources on how to do this already, but I like to have things in one place if I need them again.

So, I’ve began my experiment with wondering which Linux distribution should I take. After some consulting (thanks, Ingrid Smile ), the final choice was pretty easy – Fedora (criteria – had to be relatively easy to use (for non-Linux person like me), had to work in Hyper-V without much trouble, and there should be someone who can help if I got stuck). Smile

After a pretty simple installation process (wizard, Next, …, Next, Finish), I’ve had my Fedora box up and running.

Now, the more complicated part – setup this box to be BIND server, and load the correct records in it, so that Office 365 can add and verify my domain.

Here are the high-level steps (I’ve used Terminal, with su rights):

1. install few packages to get things up and running:

yum -y install bind bind-utils bind-libs nano

1	yum -y install bind bind-utils bind-libs nano

2. configure the BIND (DNS) server to run at startup:

chkconfig named on

1	chkconfig named on

3. query the firewall rules for UDP port 53 access:

iptables -vnL | grep 53

1	iptables -vnL \| grep 53

4. open the required firewall ports (list of TCP and UDP ports):

iptables -I INPUT 3 --proto udp --dport 53 -j ACCEPT
iptables -I INPUT 4 --proto tcp --dport 53 -j ACCEPT

1 2	iptables -I INPUT 3 --proto udp --dport 53 -j ACCEPT iptables -I INPUT 4 --proto tcp --dport 53 -j ACCEPT

5. edit the /etc/named.conf file:

nano /etc/named.conf

1	nano /etc/named.conf

6. comment the lines that are preventing your BIND server from responding to “outside” requests:

...
 // listen-on port 53 { 127.0.0.1; };
 // listen-on-v6 port 53 { ::1; };
...

...

// listen-on port 53 { 127.0.0.1; };

// listen-on-v6 port 53 { ::1; };

...

7. add your local subnet to allowed list (and add some forwarders for resolving other domains and records):

...
allow-query { 192.168.0.0/24; };
forwarders { 8.8.8.8; 8.8.4.4; };
...

...

allow-query { 192.168.0.0/24; };

forwarders { 8.8.8.8; 8.8.4.4; };

...

8. enable recursion:

recursion yes;

1	recursion yes;

9. add your zone and a “pointer” to your zone file:

zone "o365.kaniski.eu" {
     type master;
     file "/var/named/o365.kaniski.eu.db";
};

zone "o365.kaniski.eu" {

type master;

file "/var/named/o365.kaniski.eu.db";

};

10. create and edit the zone file specified:

nano /var/named/o365.kaniski.eu.db

1	nano /var/named/o365.kaniski.eu.db

11. add the required records to your zone file (by the instructions that Office 365 gives you; sorry about the formatting):

$TTL 7D
$ORIGIN o365.kaniski.eu.
@	IN	SOA	ns1.o365.kaniski.eu. hostmaster.o365.kaniski.eu. (
					2014071501
					8H
					2H
					4W
					1D )
;
@	IN	NS	ns1.o365.kaniski.eu.
@	3600	IN	TXT	"MS=ms10101010"
@	3600	IN	TXT	"v=spf1 include:spf.protection.outlook.com -all"
@	3600	IN	MX	0	o365-kaniski-eu.mail.protection.outlook.com.
autodiscover	3600	IN	CNAME	autodiscover.outlook.com.
_sip._tls	3600	IN	SRV		100	1	443	sipdir.online.lync.com.
_sipfederationtls._tcp	3600	IN	SRV	100	1	5061	sipfed.online.lync.com.
sip	3600	IN	CNAME	sipdir.online.lync.com.
lyncdiscover	3600	IN	CNAME	webdir.online.lync.com.
msoid	3600	IN	CNAME	clientconfig.microsoftonline-p.net.

$TTL 7D

$ORIGIN o365.kaniski.eu.

@ IN SOA ns1.o365.kaniski.eu. hostmaster.o365.kaniski.eu. (

2014071501

1D )

;

@ IN NS ns1.o365.kaniski.eu.

@ 3600 IN TXT "MS=ms10101010"

@ 3600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"

@ 3600 IN MX 0 o365-kaniski-eu.mail.protection.outlook.com.

autodiscover 3600 IN CNAME autodiscover.outlook.com.

_sip._tls 3600 IN SRV 100 1 443 sipdir.online.lync.com.

_sipfederationtls._tcp 3600 IN SRV 100 1 5061 sipfed.online.lync.com.

sip 3600 IN CNAME sipdir.online.lync.com.

lyncdiscover 3600 IN CNAME webdir.online.lync.com.

msoid 3600 IN CNAME clientconfig.microsoftonline-p.net.

12. save the files, and check the new zone:

named-checkzone o365.kaniski.eu. /var/named/o365.kaniski.eu.db

1	named-checkzone o365.kaniski.eu. /var/named/o365.kaniski.eu.db

13. restart the service and start using it:

service named restart

1	service named restart

And Office 365 response after this – success! Smile

Things I’ve learned during this “adventure”:

you should be careful about the trailing “.” (dot) in FQDN-s that you are using – if you miss it somewhere, you’ll get errors loading the zone
there are great guides that can help you – one of them is BIND9 Server: How to (although I’ve seen it a bit too late )
don’t be afraid to ask for help!

I cannot stress this enough – this recipe is not the secure way of doing things – it’s sole purpose is to make BIND work in my lab environment!

If I missed (or misunderstood) something, feel free to comment and correct me.

Cheers!

Updated (20160917): There was a tiny error in my zone file – switched priority and weight fields (thank you, Lenny, for pointing it out).