Difference between revisions of "Sysadmin Notes"

Revision as of 10:04, 17 July 2008

Notes on system administration gotchas, snafus, etc.

Linux Unable to See/Use My 2nd CPU Core

CPU #1 not responding - cannot use it.
powernow-k8: Found 1 AMD Athlon(tm) 64 X2 Dual Core Processor 5600+   
processors (1 cpu cores) (version 2.00.00)

Santa brought me an HP Pavilion a6230n for Christmas 2007. It came with an AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ stepping 03, 3GB of RAM, 400 GB SATA, decent nVidia graphics, etc. When I installed both FC7 and FC8, I received the above warning messages in my log files. Linux was unable to use the 2nd core. Fixing this involved installing a BIOS update, for this model, that I downloaded from HP. Unfortunately, the BIOS update would only run under Windows Vista so I had to re-install Vista on the machine.

Fun with Dovecot IMAP, Postfix, Squirrel Mail, Apache, etc.

I recently lost a disk and paid to have it recovered. When I re-loaded my home directory, some of my file permissions got mangled.

When I tried to log into my Webmail facility, I received the following error message:

ERROR: Could not complete request.
Query: LSUB "" "*"
Reason Given: Permission denied

Fixing this problem involved finding all the Dovecot files in my home directory and changing the ownership and group back to my user rather than root.

Look for .subscriptions and .imap in your Mail directory (or mail) and check the ownership and permissions.

Fun with Java Keystores: How to import an existing private key and cert into a Java Keystore

I use SSL outside of Java for many things including Web servers, LDAP, SSL programming, etc. Consequently, most of my systems already have private keys and x509 certs. Java's keytool program makes it nearly impossible (as far as I can tell) to import pre-existing keys and certs into an existing or new keystore. Plus, the various Java keystore GUIs are hard to use (I cannot figure them out) or are not open source.

I came across this web page that describes how to do so. I summarize here just in case this web page goes away. We assume the private key is in key.pem and the cert is in cert.pem (both are in PEM format).

Convert the key and cert from PEM format to DER format using openssl command

Use openssl to convert from PEM to DER format.

openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

Put key and cert into a new Java Keystore

Use the ImportKey.java class to take the key and cert and place it in a newly constructed JKS keystore. I modified the ImportKey java source to use the keystore password changeit and to use the key alias importkey and to save the resulting keystore in the file jetty.keystore

java ImportKey key.der cert.der

Getting Apache to work with Subversion and LDAP Authentication

I use both LDAP and NIS internally for directory services although I am migrating everything to LDAP. I recently installed and created a Subversion repository for my source code. I wanted Apache 2.x to provide access to the repository and I wanted to use LDAP (LDAPS actually) to authenticate users so that I did not have to do yet another .htusers file.

To get everything working, I placed the following directives in conf.d/subversion.conf. I already had https working on the server and configured it to load SSL at startup.

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
<Location /repos>
   DAV svn
   SVNPath /columbia4/repos
   AuthType Basic
   AuthName "Subversion repository"
   AuthBasicProvider ldap
   AuthzLDAPAuthoritative on
   Require valid-user
   AuthzLDAPMethod ldap
   AuthLDAPUrl ldaps://columbia.krupczak.org/dc=krupczak,dc=org?uid
</Location>