Archive for the ‘Linux’ Category

Docker Portainer

January 31st, 2017 No comments

Managing docker through the cli can sometimes be a pain. Portainer is the management interface I use know to make life a little easier. You can run it on your local docker by issueing the following command:

docker run -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data -p --restart always --name portainer portainer/portainer

You might also want to enable the remote management api over tcp. edit /etc/default/docker and add the following:

DOCKER_OPTS='-H tcp:// -H unix:///var/run/docker.sock'

restart the docker daemon afterwards:

sudo service docker restart

To remove dangling volumes I use the following script:

docker volume rm $(docker volume ls -qf dangling=true)
Categories: Linux Tags:

Git Cheat Sheet

November 25th, 2016 No comments

Small cheat sheet of git commands I frequently use.

Cloning a repository

git clone <remote-url>

Revert changes in working copy

git checkout .

Revert changes in a single file

git checkout <file>

Revert all local commits

git reset

Remove untracked files and directories

git clean -fd

Show stash diff

git stash show -p <stash-id>

Clear all stashes

git stash clear

Show remotes

git remote -v

Switch branch

git checkout <branch>

Show local unpushed commits

git log origin/master..HEAD

Show local unpushed commit diff

git diff origin/master..HEAD

Undo commit

git reset HEAD~
Categories: Linux, Uncategorized Tags:

Self Signed Certificate Script

November 18th, 2016 No comments

Just a small script to generate self signed certificates.

if [[ $EUID -ne 0  ]]; then
    echo "This script must be run as root" 1>&2
    exit 1
if [ "$#" -ne 1 ]; then
        echo "No site name supplied e.g. jenkins"
openssl genrsa -des3 -passout pass:x -out $1.pass.key 2048
openssl rsa -passin pass:x -in $1.pass.key -out $1.key
rm $1.pass.key
openssl req -new -key $1.key -out $1.csr
openssl x509 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt
Categories: Linux Tags:

Raspberry Pi – RAID 1 with NFS

June 18th, 2016 No comments

I decided to give my Raspberry Pi a new life and installed the latest version of Raspbian.
I also ordered two similar usb sticks of the same size to make a raid 1 (mirrored) device with mdadm which I want to export with NFS.
Note that you should be knowing what you are doing since any of these steps might lead to data loss.

# Short session as root
sudo -i
# Determine where the usb sticks are.
fdisk -l
# Remove existing partitions and create the new Linux partitions. Combination of the following commands: p, d, n and w
fdisk /dev/<usb-device1>
fdisk /dev/<usb-device2>
# Install adm. When asked about installing it to the root os answer with 'none' since we will keep booting from the sd card.
apt-get install mdadm
mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/<usb1-partition1> /dev/<usb2-partition1>
# Check if everything is ok.
mdadm --detail /dev/md0
# Write stuff to the mdadm config
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
# Create the fs (-m 0 = no reserved blocks)
mkfs.ext4 -m 0 /dev/md0
mkdir /mnt/raid
mount /dev/md0 /mnt/raid
# I copied the directories I wanted to move over to the raid device (/var, /tmp, /opt, /root)
# copy var without the symlinks use the same command for the other directories.
find /var -depth -type f -o -type d | cpio -pamVd /mnt/raid
# Determine the uuid of the raid device to be used in fstab
blkid /dev/md0

Edit fstab to mount everything from the raid device.

UUID="<your_raid_uuid>"        /mnt/raid       ext4    defaults,noatime        0       2
/mnt/raid/var   /var            none    defaults,bind           0       0
/mnt/raid/tmp   /tmp            none    defaults,bind           0       0
/mnt/raid/root  /root           none    defaults,bind           0       0
/mnt/raid/home  /home           none    defaults,bind           0       0
/mnt/raid/opt   /opt            none    defaults,bind           0       0

Next I installed nfs and created a dir for the nfs shares.

apt-get install nfs-kernel-server
# Don't forget to start rpcbind. Otherwise you will have strange problems connecting to your nfs share from other machines. (Connection timed out most probably)
service start rpcbind
mkdir /mnt/raid/share
mkdir /export
cd /export
ln -s /mnt/raid/share

Edited /etc/exports

/export/share ,sync,no_subtree_check)
# export everything. Restart nfs to be certain our changes made it.
exportfs -r
service nfs-kernel-server restart

Well that’s it for now. I will be testing this to see how it holds up on my Raspberry.

Categories: Linux Tags:

Encrypting an external drive

July 26th, 2015 No comments

I wanted to encrypt the disks that I use to regularly make a backup so I can put it offsite without that nagging thought that just about anyone can read it’s contents when it gets stolen/lost.

Find out the name of the disk you want to encrypt. I usually use a ‘sudo fdisk -l’ to find out which disk. In my case /dev/sdc3 so I will use that in this example. Substitute with your own unless you want to lose data.

Make sure your disk is not mounted:

sudo umount /dev/sdc3

It is good practice to fill the disk with some initial garbage to make any decryption attempts harder.

sudo dd if=/dev/urandom of=/dev/sdc3

Initial creation:

# Login as root
sudo -i
# Install cryptsetup
apt-get install cryptsetup
# I am using a passphrase to setup the encryption you could optionally use a keyfile. Check out the manual for more info.
cryptsetup -y create crypt /dev/sdc3
# Create an ext4 filesystem. (-m 0 -> No reserved blocks for root, this is an external disk)
mkfs.ext4 -m 0 /dev/mapper/crypt
# Create a directory to mount to and mount
mkdir /mnt/crypt && mount /dev/mapper/crypt /mnt/crypt


sudo cryptsetup create crypt /dev/sdc3
sudo mount /dev/mapper/crypt /mnt/crypt

That did it for me. I just wanted a small barrier to chase away curious people.

Categories: Debian, Ubuntu Tags: ,

Tomcat – High CPU Breakdown

June 5th, 2015 No comments

Determine the process id (PID) of the process that has high CPU load.

The culprit:

16397 tomcat    24   0 2809m 1.2g  26m S 197.4 14.8 112:28.42 java

Use top, ps or the java jps tool. I used jps here.

sudo -u tomcat jps -l


16397 org.apache.catalina.startup.Bootstrap

We then try to create a thread dump with the java jstack tool.

sudo jstack 16397 > stacktrace.dmp


16397: Unable to open socket file: target process not responding or HotSpot VM not loaded
The -F option can be used when the target process is not responding
sudo jstack -F 16397 > stacktrace.dmp

If that is also not working you can try quitting the process.

sudo -u tomcat kill -QUIT 16397

You will need to check the logs to see the stacktrace.

You can then check out the running threads and their state. I found that some threads were in a blocking state due to a few java.lang.OutOfMEmoryError errors.

To get more detailed information we can also use the jmap command to do a little deeper digging.

sudo jmap -dump:file=thread_dump.16379.dmp -F 16397
Categories: Linux Tags:

Blank screen during install

November 30th, 2013 No comments

I had some problems while installing Ubuntu/Linux Mint on a laptop. The screen went blank.
After some investigation it turned out that the backlight was turned off. (Intel GMA 4500m chipset)
To fix this I found two options that worked (default brightness buttons on laptop were not working)

Add the following boot options:


This option allows me to use the brightness controls on the laptop and thus restore the brightness to a viewable state.
If that doesn’t work you could also turn off i915. That will allow you to pass the setup at first. Maybe install an OpenSSH server and then go in to output a acceptable value into the backlight.


After this I created a init.d script called backlight to set the backlight to a valid value at boot.

First I got the current value:

cat /sys/class/backlight/intel_backlight/actual_brightness

Use that in the backlight script.

echo 72250 > /sys/class/backlight/intel_backlight/brightness

This will probably only work when acpi_osi=Linux during boot. You can add that option to grub later on.
Edit (/etc/default/grub) add the rule to GRUB_CMDLINE_LINUX_DEFAULT, GRUB_CMDLINE_LINUX or GRUB_CMDLINE_DEFAULT and run update-grub2 afterwards.

Make it executable.

chmod +x backlight

Make it run at different runlevels.

update-rc.d backlight defaults 00

That should restore the backlight at some point during boot. Not an ideal solution, but at least a working one.

Categories: Linux, Ubuntu Tags: , , ,

Setting up an OrientDB server on Ubuntu

January 19th, 2013 13 comments

Go to the directory you want to install OrientDB.

cd /opt

Download one of the two flavors of OrientDB (standard or graph edition). (If you don’t know which to take, pick the Graph Ed.)

sudo wget
#sudo wget

Unpack the file

sudo tar -zxvf orientdb-1.3.0.tar.gz

I usually remove the tar.gz file and add a symlink

sudo rm orientdb-1.3.0.tar.gz
sudo ln -s orientdb-1.3.0/ orientdb

Configure the default orientdb password. (I use vi, you use your own favorite editor ;))

sudo vi orientdb/config/orientdb-server-config.xml

Go to the section [orient-server > storages > storage] in the xml, change the default username and password and save the file

<!-- Default in-memory storage. Data are not saved permanently. -->
<storage path="memory:temp" name="temp" userName="yourUsername" userPassword="yourPassword" loaded-at-startup="true" />

Get the root password for later use or/and add your own preferred account in [orient-server > users]:
(I prefer to remove the root account and add a new one)

<user name="yourUsername" password="yourPassword" resources="*"/>

As the file is holding passwords it might be a good idea to remove the read permission for other users.

sudo chmod 640 /opt/orientdb/config/orientdb-server-config.xml

Create a user that will run the server:

# -d, --home-dir HOME_DIR       home directory of the new account
# -M, --no-create-home          do not create the user's home directory
# -r, --system                  create a system account
# -s, --shell SHELL             login shell of the new account (/bin/false =  no login)
# -U, --user-group              create a group with the same name as the user
sudo useradd -d /opt/orientdb -M -r -s /bin/false -U orientdb

Change ownership of orientdb directory/links:

sudo chown -R orientdb.orientdb orientdb*

Modify the user group rights so that users in the orientdb group can invoke shell scripts.

sudo chmod 775 /opt/orientdb/bin
sudo chmod g+x /opt/orientdb/bin/*.sh
sudo usermod -a -G orientdb yourUsername

Copy the init.d script:

sudo cp orientdb/bin/ /etc/init.d/

Update the init.d script with this sed script or just edit the file. (The copied one)

sudo sed -i "s|YOUR_ORIENTDB_INSTALLATION_PATH|/opt/orientdb|;s|USER_YOU_WANT_ORIENTDB_RUN_WITH|orientdb|" /etc/init.d/

And change the following lines, we use sudo because our system account does not have a login shell.

# You have to SET the OrientDB installation directory here (if not already done so)
#su -c "cd \"$ORIENTDB_DIR/bin\"; /usr/bin/nohup ./ 1>../log/orientdb.log 2>../log/orientdb.err &" - $ORIENTDB_USER
sudo -u $ORIENTDB_USER sh -c "cd \"$ORIENTDB_DIR/bin\"; /usr/bin/nohup ./ 1>../log/orientdb.log 2>../log/orientdb.err &"
#su -c "cd \"$ORIENTDB_DIR/bin\"; /usr/bin/nohup ./ 1>>../log/orientdb.log 2>>../log/orientdb.err &" - $ORIENTDB_USER
sudo -u $ORIENTDB_USER sh -c "cd \"$ORIENTDB_DIR/bin\"; /usr/bin/nohup ./ 1>>../log/orientdb.log 2>>../log/orientdb.err &"

Update the rc.d dirs

cd /etc/init.d
sudo update-rc.d defaults

The server will now start and stop on startup/shutdown. For now we start it by hand.

sudo /etc/init.d/ start

Verify that it is running by opening the studio (e.g. http://localhost:2480/) or run ‘sudo /etc/init.d/ status’.

Now we can log in and create a new database,
Start the console:


Create a new database:

create database remote:/yourDatabaseName yourUsername yourPassword local

Done. Grab a beer, you’ve earned it. 😉

PS3 Bluetooth Remote with XBMC on Linux

January 14th, 2013 1 comment

I used my PS3 bluetooth remote for a while to control my XBMC. But not all keys were mapped because by default the device is mapped as a HID device with only several buttons mapped to actual keys. I found this great howto to be able to use and program all buttons on the remote. Follow the basic steps there to build and install the bdremote driver.

I needed to modify several scripts a bit and added an extra script to be able to log the battery level. (And maybe in the future send some sort of notification when it is almost empty)
I modified the rc.local script a bit:
(Make sure you set your ID correctly, eg: 00:00:00:00:00:00)

#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
# By default this script does nothing.
service bluetooth stop
sleep 1
/usr/local/bin/bdremoteng -a 00:00:00:00:00:00 -p 8888 -t 600 -b /home/yourusername/scripts/ &
sleep 1
mkdir /var/run/lirc
/usr/sbin/lircd -H null --connect
sleep 1
service bluetooth start
ln -s /var/run/lirc/lircd /dev/lircd
exit 0

Used the default Lircmap.xml (~/.xbmc/userdata/Lircmap.xml):

  <remote device="SonyBDRemote">

And I modified the keymap (~/.xbmc/userdata/keymaps/remote.xml) a bit:

        <!-- <obc102>FilterSMS2</obc102>
        <!-- <obc102>FilterSMS2</obc102>

And the script:

echo "Current battery level is: $2" > /home/yourusername/battery_level.txt

Happy XBMC-ing! 🙂

Categories: Linux Tags: , , , , ,

Raspberry Pi with Arch Linux

November 26th, 2012 1 comment

Installation on SD-card

Installed Arch Linux on my raspberry pi. I didn’t want any gui schmui and this image seemed like a pretty clean option to me.

Downloaded the image, checked the sha1sum and dd’ed the file onto an sd card. (Determined the /dev/yoursddevice name by doing an fdisk -l)

sudo dd bs=4M if=/path/to/your/image/arch-linux.img of=/dev/yoursddevice

Waiting a few minutes, drinking some beer. Done.

Expanding the root partition

My card was 4GB and the downloaded img is only 2GB. This would result in some unused space and I wanted to use it. Add another partition or resize the current. Now is a good time as the device is not in use.

sudo fdisk -uc /dev/mmcblk0
Command (m for help): p
Disk /dev/mmcblk0: 3904 MB, 3904897024 bytes
64 heads, 32 sectors/track, 3724 cylinders, total 7626752 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0004f23a
        Device Boot      Start         End      Blocks   Id  System
/dev/mmcblk0p1   *        2048      186367       92160    c  W95 FAT32 (LBA)
/dev/mmcblk0p2          186368     3667967     1740800   83  Linux
Command (m for help): d
Partition number (1-4): 2
Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
Partition number (1-4): 2
# !!! Make sure next value is the same as the start of the deleted partition !!!
First sector (186368-7626751, default 186368): 186368 <-- That value! Same in this case, but can be different.
Last sector, +sectors or +size{K,M,G} (186368-7626751, default 7626751): 
Using default value 7626751
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.

Wanted to run resize2fs but it prompted me to run e2fsck first.

sudo e2fsck -f /dev/mmcblk0p2

Resize the partition. (-p shows progress bar)

sudo resize2fs -p /dev/mmcblk0p2

Awesome, full SD-card will be available now. Unmount and put it in the rpi.
(I used a microSDHC (4GB, class 4) card from kingston with adapter which didn’t work. So I bought a set of regular 4GB class 4 SDHC cards from kingston)


In my first installations I just used the HDMI interface and an ethernet cable. Later I decided that it would be nice to have wifi as well. So I picked up an Edimax EW-7811Un Wireless USB Adapter.

You can set up your wireless interface in advance by mounting the new partition after writing the downloaded image with dd. Paths mentioned after this are of course relative to /mnt/sdcard

sudo mkdir /mnt/sdcard
sudo mount /dev/mmcblk0p2 /mnt/sdcard

To use it with the rpi I edited the /etc/conf.d/netcfg file and added ‘wireless-wlan0‘ to the networks array. I also added a DHCP_TIMEOUT=30 to allow for a bit more time for the wireless interface to get an IP-address.

# Enable these netcfg profiles at boot time.
#   - prefix an entry with a '@' to background its startup
#   - set to 'last' to restore the profiles running at the last shutdown
#   - set to 'menu' to present a menu (requires the dialog package)
# Network profiles are found in /etc/network.d
NETWORKS=(ethernet-eth0 wireless-wlan0)
# Specify the name of your wired interface for net-auto-wired
# Specify the name of your wireless interface for net-auto-wireless
# Array of profiles that may be started by net-auto-wireless.
# When not specified, all wireless profiles are considered.
#AUTO_PROFILES=("profile1" "profile2")

I then copied an example config:

cp /etc/network.d/examples/wireless-wpa /etc/network.d/wireless-wlan0

Originally it looks like this:

DESCRIPTION='A simple WPA encrypted wireless connection'
## Uncomment if the supplied ESSID is hexadecimal
# Uncomment this if your ssid is hidden

I only changed the ESSID and KEY values to match my wireless network settings. This is probably the most basic setup. For more advanced setups check out the netcfg and wireless sections in the arch wiki.

Reducing write cycles

I am not running any production-critical apps on my raspberry nor do I use any programs that require atime/relatime to be running. So I enabled the noatime option for the root partition and mounted /var/log as tmpfs as I don’t have any interest in these logs. (/tmp was already mounted as tmpfs)

My new /etc/fstab now looks like this:

# /etc/fstab: static file system information
# <file system>        <dir>         <type>    <options>          <dump> <pass>
/dev/mmcblk0p1  /boot           vfat    defaults        0       0
/dev/mmcblk0p2  /               ext4    defaults,noatime        0       0
tmpfs           /var/log        tmpfs   defaults,noatime,mode=0755,size=5%      0       0

Further installation

Inserting the sd-card into the Raspberry Pi. It booted okay. (If it is not check this list to see if your SD-card is compatible) Hostname was alarmpi at that moment so I just ssh-ed into it. You can scan with nmap if you don’t now which address your machine got. (Or check your router). Do this only when you have permission to scan the network. The command you could use looks something like this:

nmap -p 22 --open -sV | less
# My raspberry was listed as:
# 22/tcp open  ssh     OpenSSH 6.1 (protocol 2.0)
# MAC Address: B8:27:EB:XX:XX:XX (Unknown)
ssh root@alarmpi
   #password = root, so you probably want to change that asap. :)
   #and then create a new user so you don't have to login with root
useradd -m yourUserName
passwd yourUserName

I then ran a system update to prevent unfound packages later on:

pacman -Syu

I then installed vim. As my favorite editor.

pacman -S vim
ln -s $(which vim) /usr/local/bin/vi
ln -s $(which vim) /usr/local/bin/view

Changed the hostname to something else. (jukepi in my case, I want to use this one as a jukebox)

vi /etc/hostname
    #alarmpi -> yourHostName

I then disabled root login with SSH. (After testing my new account worked)

vi /etc/ssh/sshd_config

Uncommented PermitRootLogin and changed to ‘no’

PermitRootLogin no

Save and restart sshd

systemctl restart sshd

Changed my timezone with tzselect

    # Get the options

I modified /etc/timezone and added the outcome to the generic profile in /etc/profile

# Set our default path
export PATH
# Set timezone
export TZ
# Load profiles from /etc/profile.d

Reloaded the profile

source /etc/profile

Modified the /etc/ntpd.conf by adding a few ntp server to sync with.


And restarted the ntpd daemon

systemctl restart openntpd

And checked if date was correct by running date.

#Mon Nov 26 22:46:14 CET 2012

Installed alsa-utils and mpg123 for sound

pacman -S alsa-utils mpg123

Make sound module to auto-load. (It isn’t by default)

vi /etc/modules-load.d/snd_bcm2835.conf
# Load Sound

To play sound through jackplug: (Found this info here)

amixer cset numid=3 1

Or to play sound through HDMI:

amixer cset numid=3 2

Add your user to the audio group to have it play sounds.

usermod -G audio -a yourUserName

And test it if you like:

aplay police_s.wav

If you get this error:

ALSA lib confmisc.c:768:(parse_card) cannot find card '0'
ALSA lib conf.c:4246:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4246:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1251:(snd_func_refer) error evaluating name
ALSA lib conf.c:4246:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:4725:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2217:(snd_pcm_open_noupdate) Unknown PCM default
aplay: main:696: audio open error: No such file or directory

Then you need to add your user to the audio group. 🙂

usermod -G audio -a yourUserName
# to apply the group directly, you can start a new login shell
# su -l yourUserName

VLC (As a service)

Because I couldn’t play every audio stream I decided to install vlc. (Which conveniently comes with a web interface)

pacman -S vlc

I got some 404 messages while installing for several packages so I looked them up on google and downloaded/installed them by hand. (Presumably because my install was not up-to-date atm. Run pacman -Syu to upgrade to latest version)

wget ftp://blablabla/missing-packagename-version.pkg.tar.armv6h.pkg.tar.gz
pacman -U missing-packagename-version.pkg.tar.armv6h.pkg.tar.gz
pacman -S vlc

After running cvlc I got some pulseaudio messages. Stating that it was missing. 🙂

pacman -S pulseaudio pulseaudio-alsa
# libao to make mpg123 work with pulse
pacman -S libao
# change /etc/libao.conf 'alsa' => 'pulse' to make it work with pulse

After that I rebooted to make sure everything was loaded/working ok. (And it did, used paplay police_s.wav to test)

I edited the vlc http .hosts file to allow access from my network:

vi /usr/share/vlc/lua/http/.hosts
# And added

To run vlc headless with http interface:

cvlc --intf http --http-host <yourIpHere> --http-port 8080 <fileName|streamUrl>

Running VLC + PulseAudio is lot heavier than just mpg123 (~40% for VLC + ~10% for Pulse vs ~10% mpg123) but I like the flexibility it gives me.

I want to create some kind of jukebox so the next thing to do is to create a systemd service to run vlc.
We will first create the script which we will place in /etc/rc.d

sudo vi /etc/rc.d/vlc
case "$1" in
                echo "Starting VLC"
		su -l -c "/usr/bin/cvlc --intf http --http-port 8080 <fileName|streamUrl> &" <yourUsername>
                echo "Stopping VLC"
		killall vlc
                $0 stop
                sleep 1
                $0 start
                echo "usage: $0 {start|stop|restart}"
exit 0

Now we will create a systemd service file.

vi /usr/lib/systemd/system/vlc.service
Description=VLC Daemon
ExecStart=/etc/rc.d/vlc start
ExecReload=/etc/rc.d/vlc restart
ExecStop=/etc/rc.d/vlc stop

The last step is enabling the service.

systemctl enable vlc.service

Google Go

The next one to install is Google Go. I wanted to be able to spend the rest of the cpu power as effectively as possible.
At the moment there is no (official) package available for Google Go so we will have to build it from source.
I used Dave Cheney’s excellent tutorial to install it but then for Arch Linux. (No need to install libc6-dev btw) I made symbolic links in /usr/bin to the compiled binaries go, godoc and gofmt.


After completing your setup it might be a good idea to create a backup which you can tuck away for a rainy day. My previous SD-card was unrecoverable after some ungrateful and ungraceful shutdowns. To be able to get the system up and running asap we will create a gzipped image. Shutdown your rpi gracefully and let’s create an image of the sd-card.

dd if=/dev/mmcblk0 conv=sync,noerror bs=1M | gzip -c  > /mnt/yourbackuplocation/rpi.img.gz

Restoring the file:

gunzip -c /mnt/yourbackuplocation/rpi.img.gz | dd of=/dev/mmcblk0 conv=sync,noerror bs=1M