SVN on Apache2 over SSL using Shadow Authentication

18Jun09

Generally, you want to avoid sharing same account for web and system, because if the web account is compromised, the door to the system will be wide open. Not only that, basic authentication by Apache sends password in clear text, any packet sniffer can easily decipher the login credentials.

However, there are cases where authenticating against system users do make sense, like when you have SVN repository on the same server as your fileserver. You, or at least me, don’t want to maintain two separate user database for your SVN and fileserver. It’s bad enough that the samba account is using it’s own user database. Back to shadow authentication, fortunately there are ways to minimize the security risk in doing that. One, you can deploy SSL connection to the client. Two, you can leave the server unexposed to the rest of the world, keeping  it safe behind the firewall. If a remote connection is needed, use VPN.

Now that we got that out of the way, lets deploy some kick-ass SVN system:

To make your life easier, do the installation in steps, making sure that each installation works before proceeding to the next step. One minute of checking will save you hours of troubleshooting if something were to go wrong. Here’s the order that I got my system up:

1. Install Apache2
2. Enable SSL mod
3. Install SVN
4. Enable DAV mod
5. Configure SVN over Apache
   For steps 1 to 5, I somewhat follow this guide
6. Enable auth_shadow mod
   apt-get install libapache2-mod-auth-shadow
a2enmod mod_auth
7. Re-configure the SVN using shadow authentication
   #... omitted
<Location /svn>
DAV svn
SVNParentPath /var/svn/repository
AuthType Basic
AuthShadow on
AuthName "Subversion Repository"
AuthBasicAuthoritative off
AuthUserFile /etc/apache2/htpasswd
Order allow,deny
Allow from all
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
#... omitted


For steps 6 and 7, I will give credits to http://www.howtoforge.com/apache_mod_auth_shadow_debian_ubuntu and http://adam.shand.net/iki/2008/apache_tips_and_tricks/ for giving me pointers.

Filed under: work   |  Leave a Comment
Tags: apache, authentication, DAV, shadow, SSL, SVN

Resizing LVM Partition of ESXi guest

10Jun09

I have a Ubuntu Server running as one of the virtual machine, as my standard practice, I only allocated 8GB for a vanilla installation. Today, one instance of the server requires far more than that, hence requires me to provision more. The thing is, if I had partitioned the virtual disk normally (without LVM), things would be simpler:

1. Resize virtual disk from VI Client
2. Boot the vm with gparted ISO and resize the partition. Gparted will recognize the simple non-LVM partition and will be able to resize it easily.
3. Boot the os vm and resize the filesystem using resize2fs.

Things are a bit more complicated with LVM, but still pretty straightforward, especially once u understand more how LVM works.

1. Resize virtual disk from VI Client
2. Depending on the current partition layout, you might have to this part differently. Boot with Gparted, and resize the extended partition only. The Logical partition that contains the LVM would not be recognized by gparted hence it can’t resize it for you.
3. Boot the VM and proceed with the following
   • Resize the physical volume pvresize or create new physical volume pvcreate (after creating LVM partition using fdisk)
     pvcreate /dev/sda6
   • if you create new physical volume, add it to the current group using vgextend
     vgextend VG /dev/sda6
   • Resize the logical volume using lvresize .
     lvresize -l +100%FREE /dev/VG/root
   • Resize the filesystem
     resize2fs /dev/VG/root

   For some reason pvresize won’t work for me, so I had to create new partition every time.

Filed under: Uncategorized   |  Leave a Comment

Migrating Xen to ESXi

27May09

After almost 6 months evaluating two virtualization solutions: Opensource Xen and VMware ESXi, it’s  time to do some consolidation. It’s actually partially triggered by the need to put a RAID system in place. The Xen server will become the new ESXi server, and the ESXi server will be used as the SAN server

The target system is running on AMD Phenom X4 9550 and Asus M3A-EM with 4GB DDR2. This particular box is not that ESXi friendly. Both the storage and network controller are not recognizable without going through some modification on the oem.tgz file. But it doesn’t matter, as I’ll be using usb stick to boot the ESXi and adding Intel NIC to the board.

As I’ve done it a couple of times, installation was no longer an issue. Moving the VMs from Xen to ESXi however, seems to be a challange. The P2V tool that vmware provided doesn’t seem to work with linux system, or maybe paravirtualized linux system. Either way, it doesn’t work. A couple of sources did show a couple of hard ways, but somehow none of them convinced me. As I don’t have time for research, I went on with the good old manual way of rebuilding the server and copying the files and configuration file from one VM to another. One *nix tool that really helped me on this: scp.

The Xen server was running OK and stable actually, but what had to be done, had to be done. This is taken before the shutdown:

budi@localhost.localdomain:~$ uptime
20:40:20 up 138 days, 10:15,  2 users,  load average: 4.07, 3.91, 3.46

Filed under: Uncategorized   |  2 Comments

Whitebox SAN Server

27May09

Over the weekend I was busy re-assigning the role of one of the desktops into a SAN server. This machine runs on AMD Athlon 64 1.8Ghz and Gigabyte K8-NF9 with 2GB DDR and 80GB IDE disk. No special casing nor rack system were used, just the good old desktop tower casing and some 400watts power supply.

To beef the system up here’s what I’ve added:

• Areca Raid Controller 1220 – $860
  8 channel SATA, PCIe, RAID 0 1 10  5 6 JBOD
• 6 x 750GB Western Digital Green Power – $119 x 6
• Some old PCI graphic card – $0

Before all the RAID disk comes in, I instaled Openfiler 2.3 and make sure everything runs smoothly. It wasn’t such a clear cut at the begining, and the fact that you need to pay US$30 for the documentation doesn’t help much. But, yeah, googling around will definitely get you somewhere.

Once that’s done, the controller is installed along with all the 6 harddisks. Thanks to its simple yet comprehensive RAID management software, I was able to set it up pretty quicky. Before I knew it, I have 6 disks running as RAID 6, just by clicking here and there from the browser.

What I wasn’t sure was whether I should allocate all space to a single LUN or just allocate enough as that would leave the options open for me to expand or create new LUNs in the future. Being the newbie I am,  I went with the former option.

What again confuses me is that in openfiler, you can again have more logical volumes in each LUN. This time, I leave some space behind just in case. I allocate 500GB iSCSI for ESXi, another 2×10GB for me to test around with native OS, and lastly I have 20GB formatted as ext3 and shared via samba.

Next thing to do I guess is to benchmark the performance and tune it up a little. Adding server class NICs can also be considered, let’s see if I can get hold of those intel cards.

Filed under: Gadgets, work   |  Leave a Comment

Quickly Erase Data for Nokia Phones

22Sep08

http://technogra.ph/20080121/sections/tips-and-tricks/nokia-code-quickly-delete-everything-on-your-phone/

Want to immediately remove those scandalous photos and videos before selling your Nokia phone? Type in *#7370* on the main screen. The phone will ask if you want to proceed. It’ll then ask for your phone’s security code (if you haven’t set one, it’s 12345) to proceed. This will clear any information stored on the unit and reset all settings to factory fresh, so be careful!

Filed under: Gadgets   |  Leave a Comment

Agent based simulation

22Sep08

These 3 should be a good starting point:

http://repast.sourceforge.net/

http://gillesdaniel.com/natlab/

http://ccl.northwestern.edu/netlogo/

Filed under: work   |  Leave a Comment
Tags: agent simulation

Passed Traffic Police test

12May08

6am, i was already awake and getting myself ready for the biggest day on “the road to class 2B license”. 7.50 we started to the warm up session, continued with the briefing at 8.45. It lasted for 45 minutes, after which the real test takes place. I was given tag number 21, I won’t be forgetting that number for a while now.

Long story short, I passed with 14 demerit points: 2×2 wobble while stopping + 4×1 fail to check blindspot + 2×1 delay moving off + 2×1 improper checking of blind spot + 2×1 wide turning

Overall, it took me 23 practical class, 7 theory lessons and practice, 1 theory test and 1 practical test. Total dollars: $615.59. Hours on bike: ~30

Time to look for a bike…

Filed under: life   |  Leave a Comment

Sage – Octave

22Apr08

What the the heck are those. Well, that’s what I need to find out. You see, there will be a couple of new staff that will be coming and supposedly actively using those 2. So there has to be someone who go out there and explore as much as possible, and come back to teach them everything about it. That’s right, that someone is me.

For starters, i mange to find the respective websites.

• Sage: http://sagemath.org/
• Octave: http://www.gnu.org/software/octave/

Let’s get started.

Filed under: work   |  Leave a Comment
Tags: octave, sage

Setting up SVN in Apache over SSL

22Apr08

I find this particular page is very helpful: http://wiki.freaks-unidos.net/Apache2%20SSL%20and%20Subversion%20in%20Debian

Basically you need to:

1. Install Apache and openSSL if you have not done so.
2. Create RSA key and secure it
3. Create or copy a new site configuration file and enable it
4. Enable SSL module
5. Install subversion, subversion-tools and libapache2-svn
6. Create the new repo and change owner to www-data or just change owner if you already have a repo previously.
7. Configure site definition file to include the new repo
8. Create password file
9. Restart Apache and test.

Visit the site for full detail.

Filed under: work   |  Leave a Comment

Wiiiiii……..

22Apr08

Last night was my very first serious encounter with Wii. It was quite fun, mostly due to the never-before experienced control system. It uses a remote that’s sensitive to movement and orientation. Various light games that requires timing and precision were the menu for that night. I do think Wiis are great for partys, where you can have up to 4 players at one time, playing a fairly light, yet competitive games.  Just remember to keep the fragiles as far away as possible from the living room. Cause things can be quite brutal.

Filed under: play   |  Leave a Comment