Quantcast

Ben McCann

Co-founder at Connectifier.
ex-Googler. CMU alum.

AngelList Twitter LinkedIn Google+

Setting up NX

03/26/2013

I wanted a remote graphical environment on a machine in the cloud. It’s very easy to download NX and install it. You’ll also have to run sudo apt-get install ubuntu-desktop unity-2d gdm if you’re on a server, since the server install doesn’t come with a graphical environment by default.

NX 4

If you run into a problem with the lock screen rejecting your password then you can fix it with it:

sudo chown root:shadow /sbin/unix_chkpwd
sudo chmod 2755 /sbin/unix_chkpwd
sudo chown root:shadow /etc/shadow
sudo chmod g+r /etc/shadow

If you get the message “Your evaluation period has expired” or similar, you can solve that by uninstalling NX, deleting /usr/NX, and then re-installing /usr/NX

If you get the message “Could not locate the ssh client at ‘C:\Program Files (x86)\NoMachine\bin\nxssh.exe’” then it’s because you’ve installed the free version of NX which does not support SSH, so you’ll need to install the pro version.

NX 3

To run unity-2d with NX 3, you’ll need to hit “Configure…” and then in the “Desktop” section, select “Unix” and “Custom”, press “Settings…”, choose “Run the following command”, fill in “gnome-session –session=ubuntu-2d”, and set the “New virtual desktop” option.

Securing NX 3

You can increase the security over the default NX installation, by following these instructions :

  • Download and install the client, node, and server in that order
  • In /etc/ssh/sshd_config add the nx user by setting AllowUsers nx and restart the ssh daemon sudo /etc/init.d/ssh restart.
  • NX uses a deprecated location for the ssh authorized_keys file, so you must fix that or you will get a public key authentication failed error. Open /usr/NX/etc/server.cfg and change #SSHAuthorizedKeys = "authorized_keys2" to SSHAuthorizedKeys = "authorized_keys". Now run sudo mv /usr/NX/home/nx/.ssh/authorized_keys2 /usr/NX/home/nx/.ssh/authorized_keys if there’s an authorized_key2 file present.
  • Run sudo /usr/NX/scripts/setup/nxserver –install
  • If you’ve disabled SSH passwords then you’ll also need to set EnableUserDB = "1" and EnablePasswordDB = "1" in /usr/NX/etc/server.cfg and then run sudo /usr/NX/bin/nxserver –useradd $USER since we’ve disabled passwords when we locked down SSH.
  • Change the default NX key.  Run sudo /usr/NX/bin/nxserver –keygen.  In your NX client, open “Configure…” > “General” tab > “Key …” and copy the contents of “/usr/NX/share/keys/default.id_dsa.key” into the key window and save it.
  • Optional for connecting to multiple servers at once:  Change DisplayBase in /usr/NX/etc/server.cfg.
  • Restart the NX server to pickup your changes: sudo /etc/init.d/nxserver restart

Connecting to SoftLayer VPN on Ubuntu

12/09/2012

SoftLayer has a private network which is accessible only via VPN. It took me a really long time to figure out how to connect on Ubuntu 12.04 running on VirtualBox.

To configure the VPN connection, from the network manager icon in the top right corner click: “VPN Connections” > “Configure VPN…”. Use a PPTP VPN, enter the gateway, set the username and password, and then under “Advanced…” uncheck all the authentication methods except MSCHAPv2 and check “Use Point-to-Point encryption (MPPE)”

ubuntu_vpn_advanced_dialogue

If you’re running under VirtualBox then you’ll need to update the “Network” tab to use the attached to “Bridged Adapter” setting instead of the default “NAT”.

Custom OS install on SoftLayer

10/31/2012

SoftLayer will allow to setup a handful of OS images by default, but requires you to jump through extra hoops if you’d like to provide your own ISO or go through the OS install screens yourself. For example, this is most likely the way you’d install LVM if you’d like to backup your database via LVM snapshots.

You’ll first need to put the ISO in your lockbox, which you can find details for from the hardware page for your instance:

benmccann@mongo2:~$ wget http://releases.ubuntu.com/12.04/ubuntu-12.04.1-server-amd64.iso
benmccann@mongo2:~$ ftp lockbox01.service.softlayer.com
Name (lockbox501.service.softlayer.com:benmccann): SLLBXXXXXX-X
331 Password required for SLLBXXXXXX-X
Password:
230 User SLLBXXXXXX-X logged in
ftp> put ubuntu-12.04.1-server-amd64.iso

Next you’ll need to mount the image on your instance. Go to the hardware page for the instance you’re using and click the “IPMI address” link. Connect to the PPTP VPN and then paste the “Remote Mgmt IP” in the URL bar of your browser and enter the accompanying username and password. Go to “Virtual Media” > “CD-ROM Image”. Ping your lockbox to get its IP address since the DNS name will not work here.

$ ping lockbox01.service.softlayer.com
PING lockbox01.service.softlayer.com (10.1.194.50) 56(84) bytes of data.

Enter the details making sure to use the IP address instead of hostname and to include the lockbox username in your path:

Share host: 10.1.194.50
Path to image: \SLLBXXXXXX-X\ubuntu-12.04.1-server-amd64.iso
User: SLLBXXXXXX-X
Password: ********

At this point you’ll need to file a ticket with SoftLayer to change the boot order of your machine to boot off the CD instead of the hard drive. You should probably go ahead and try the next step, but then just be aware if the machine boots up without giving you the option to install the new OS then the support ticket will be required.

From the page where you got the IP address, username, and password for the IPMI web console, you can get instructions for downloading IPMIView and connecting to your instance. Do “File” > “New…” > “System” and after you connect click on the “KVM Console” tab then “Launch KVM Console”. Now click to the “IPM Device” tab and reset the machine. At this point you should see your machine in the KVM window and you can install your OS.

Resyncing a very stale MongoDB Replica

08/22/2012

I logged into the primary member of the replica set and ran rs.status() which showed me that the replica was too stale (“error RS102 too stale to catch up”):

{
	"_id" : 4,
	"name" : "55.55.55.55:27017",
	"health" : 1,
	"state" : 3,
	"stateStr" : "RECOVERING",
	"uptime" : 502511,
	"optime" : {
		"t" : 1340841938000,
		"i" : 5028
	},
	"optimeDate" : ISODate("2012-06-28T00:05:38Z"),
	"lastHeartbeat" : ISODate("2012-08-22T22:47:00Z"),
	"pingMs" : 0,
	"errmsg" : "error RS102 too stale to catch up"
},

The MongoDB wiki has some instructions on resyncing a very stale replica. I chose to go the simplest route of doing a full resync. To do this I had to figure out where the data was stored, so I looked in /etc/mongodb.conf to see that the dbpath was set to /var/lib/mongodb. Stopping the node, deleting the data directory, and then restarting the node solved the problem. You’ll need the key file (if you’re using auth) and the data directory to both exist with the proper ownership and permissions to bring the node back up.

Installing Windows 7

07/29/2012

If you need to re-install Windows 7 because you got a new hard drive, you can download a copy of Windows from Microsoft here and then enter your existing product key.  ABR provides one way to get your existing product key.  You can also get a product key for Windows 7 Ultimate and Microsoft Office from Microsoft Bizspark if you run a startup.  If you want to upgrade your existing copy of Windows to a higher edition you can do that by searching for Windows Anytime Upgrade in the start menu.

Google video chat volume on Windows

07/22/2012

I frequently use Google video chat. It was common for the person on the other end to have difficulty hearing me, which I eventually realized was because the microphone level kept being auto-adjusted to very low levels. It turns out that it was Google video chat constantly auto-adjusting the volume level and that the behavior can be turned off by editing a registry setting.

  • Open regedit
  • Navigate to: HKEY_CURRENT_USER\Software\Google\Google Talk Plugin
  • Change the audio-flags value data to 1

The audio-flags registry key is not there on a clean install of Windows, but will show up once you change the Google video chat settings in GMail.  Note that if you ever change the video chat settings in GMail then it will override the registry settings and you will need to set this flag again.

Backing Up MySQL with Percona Xtrabackup

05/25/2012

You can create a MySQL backup with Percona Xtrabackup by running:
$ innobackupex --user=DBUSER --password=DBUSERPASS /path/to/BACKUP-DIR/

You can then restore the backup with:

$ xtrabackup --prepare --datadir=/var/lib/mysql --target-dir=/path/to/BACKUP-DIR/
$ sudo service mysql stop
$ sudo mv /var/lib/mysql ~/dbbackup
$ sudo mv /path/to/BACKUP-DIR /var/lib/mysql
$ sudo chown -R mysql:mysql /var/lib/mysql
$ sudo service mysql start
$ mysql -u root -p
mysql> GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY 'password from /etc/mysql/debian.cnf' WITH GRANT OPTION;

Setting up the RockMongo GUI on Ubuntu

04/17/2012

The easiest way to get started is to install Apache and PHP:

$ sudo apt-get install apache2 php5 php-pear

If you need to edit the Apache ports because you already have another server running on port 80 then edit /etc/apache2/ports.conf.

You’ll need to install the PHP Mongo connector:

sudo pecl install php_mongo

Add “extension=mongo.so” to the “Dynamic Extensions” section of /etc/php5/apache2/php.ini and restart Apache with sudo service apache2 restart.

Download the latest RockMongo and unzip it under /var/www. You should now be able to login with the default username and password of admin/admin.

Brewer’s CAP Theorem Explained

03/24/2012

When dealing with distributed systems, Brewer’s CAP theorem is often brought up when discussing how a system will behave in certain error conditions. The CAP theorem means that you can only have two of: consistency, availability, and partition tolerance.

Here’s what you’ll be giving up for each of the three that you may sacrifice:

  • C: Consistency means that two different machines will return the same responses for the same query.
  • A: Availability means that requests will be answered even if a machine goes down.
  • P: Partition tolerance means that the system continues to function even if there’s a network outage that stops communication.

Web developers rarely want to give up P since that means you could get split brain syndome where the data is out-of-sync between machines. As a web developer, CAP means you must make the choice between having a site that never goes down, but regularly return stale data or a site that never returns stale data, but goes down if there’s a problem.  Thus the real choice is between C and A in this context. A bank website would choose consistency over availability. Getting the balance in someone’s account wrong is worse than having the site be down.  Google chose availability, which is why you never see it go down. The tradeoff is that it may be looking at a slightly stale version of the index when ranking some queries.

Newer Posts
Older Posts