Frank van Bortel
...ramblings of Frank van Bortel...Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.comBlogger211125
Updated: 17 hours 43 min ago
Antiques
Apart from kind of being in the same position as I started blogging (recovering from surgery), I also ended my "productive" live and am enjoying a new status: pensionado.
Cleaning up
That status comes with a task of cleaning up, and I found some Oracle documentation, that might have antique value to some. Leave a comment when you are interested in one of the following items, and let me know Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Blinkt! on a Pine Rock64
Blinkt! on a Rock64
Small write up and reminder to myself: how to install the Blinkt by Pimoroni and get it to work on a Pine Rock64:
rock64@bcn0:~$ sudo apt install python-pip
rock64@bcn0:~$ sudo apt install python-dev python-setuptools
rock64@bcn0:~$ sudo pip install --upgrade setuptools
rock64@bcn0:~$ sudo pip install wheel
rock64@bcn0:~$ sudo pip install psutil
rock64@bcn0:~$ git clone Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
GDPR or AVG - regain control Part 2: Your Own Mail
Create your own mail server
Drop Yahoo, Google or Microsoft mail - they are reading your mail.
Debian, Postfix, Dovecot, MariaDb, rspamd
This is the second (and last) part of setting up your own internet tools in order to gain back control. Goal is to set up an email server (receive and send), secure it, and filter spam.
Hardware considerations
I used an abandoned ASRock ION330, where I Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
GDPR or AVG - regain control Part 1: Your Own Cloud
Create your own Cloud
Replace Google or Dropbox, and gain control over you own data. Encrypt it, protect it, share your data only with who you want.
ARM, Ubuntu and secured Nextcloud
This episode will be followed by an entry on email. For now, I settle for a relatively cheap ARM device (an ODroid XU4, to be precise), run it with Ubuntu, and install NextCloud.
The choice for Ubuntu has Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
We -as a country- are no longer to be trusted?
Who Do You Trust?
As legislation changed, Mozilla filed a bug with potential serious consequences. Check out bug 1408647.
Removing the root certificate as trusted authority makes it look asif any certificate, issued by any of the Dutch PKI organizations, is potential unsafe. Which is correct, to a point, as the law allows the use of false keys by the Ducth autorities.
Creepy.
That makes the Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
MS Windows 10 Creators Update
It failed. Again. As it has done since august. It has not improved. It's defenitely back to the 1.0 version - no, not a typo.
Seach the web for Win 10 upgrade 1703 failed, and will will be greeted with almost half a million hits.
MS: get your act together!
How about a course "Programming C for beginners"?!? There is NO NEED to reboot more than once (and not even that, actually), and once Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Nextcloud configuration
Nextcloud configuration issues on Debian 9 Stretch
In an attempt to get email and storage fixed, I am trying to get dovecot, postfix and nextcloud to integrate. With varying levels of success - what else is new?
Anyway, nextcloud greets with the fact I do not have OPcache enabled, and I should add to php.ini.
WRONG
NOT php.ini
So, I did... I added
opcache.enable=1
opcache.enable_cli=1
Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Debian Stretch and opendkim: connection refused, no listener at port 8891
Debian stretch opendkim behaviour changed
opendkim fails to sign!
In a nutshell... if you face this:
postfix/submission/smtpd[17385]: warning: connect to Milter service inet:localhost:8891: Connection refused
and you cannot find a listener process at port 8891:
netstat -nltp | grep 8891
returns nothing, and you find this in the /var/log/mail.log:
opendkim[18055]: OpenDKIM Filter v2.11.0 Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Storage Server: datasets, snapshots and performance
Datasets, snapshots and performance
This is a long post, but with lots of pictures. Kind of a management overview ;)
Datasets and snapshots
Datasets
As may have become clear from a previous post, I have one volume, with a (a -to date- single) dataset (ds1). This was not the result of experience, or deep thought, it was just copied from Benjamin Bryan who did an entry on ZFS hierarchy.
Makes Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Storage Server: FreeNAS: use your SSD efficiently
FreeNAS: use your SSD efficiently
ZIL and Cache
Not open for discussion; I think it is a complete waste of resources to use a 120, or 250GB SSD for logs, let alone cache, as FreeNAS will (and should!) use RAM for that. So, I searched and found a way to create two partitions on a single SSD, and expose these as ZIL (ZFS Intended Log) and cache to the pool.Mind you - there are performance testsFrankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Storage Server: Software - FreeNAS
Software: FreeNAS
All hardware has been implemented, all 13 harddisks and one SSD are connected, serial numbers, as well as physical, and logical locations noted.
Cramming 4 2.5" disks in the CD bay
Time to add some software.
I will install the latest and the greatest(?) FreeNAS software, V11.
Installation
The installation, due to IPMI being capable of mounting remote images, is a Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Asrock E3C224DI-14S IPMI not reachable
Documentation missing
There's definately some documentation missing on the IPMI settings. I managed to lock myself out of the IPMI (also know as 'Integrated Light Out', or ILO) management interface. Not sure how I managed to do that, but in the quest to find out how to restore devine powers, I noticed quite a lot of people suffered from this. And, the solution is quite simple, when you know Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Storage server
Storage server
Hardware
Aiming at 2 VDEVs of 5 or 6 disks each, I'd need a motherboard capable of running 12 disks.I used a SuperMicro board in the ESXi build, mainly because virtualization using bare metal hypervisors was quite new to me. However, these boards have quite a steep price.
There's a new motherboard by SuperMicro, that screams NAS, but that has not yet hit the shops.
So, I Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Storage Server: Firmware
Firmware
The first thing to do, in order to get any software RAID program to run, is to flash the controller out of RAID mode. Only then all of the disks will be seen as just a bunch of disks - nothing else. JBOD that is, for short.
The board I have, comes with a LSI SAS2308 controller, to with I want to connect 12 SATA drives using three SAS-to-SATA breakout cables.
Drivers
There are Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Things to do after you cloned a Virtual Machine
Clean up a cloned VM
After you made a clone of your (base) VM, you will need to do some stuff.
MAC-address
First of all, I suspect you have a different MAC-address than the original machine. VMWare does that, as long as you have your MAC address assigned automatically. VirtualBox will ask you whether to re-initialize the MAC-address while cloning.
The problem is the udev process, responsable Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Now, here's an idea...
Gaining control
Or rather - regaining control. Over my own data, and what's done with it.
Currently, I use several services, of which I know they are monitored. Several of these services fall under US legislation, although I'm not a US citizen. This allows several agencies to go through my documents, email and other stuff, whether I like that or not (I do not).
Of course, for some of this, I Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
OAM PS3 State-of-the-art
An attempt to run OAM 11G Release 2 PS3 on Oracle Linux 6.7, WLS 12C, RDBMS 12C.
Install Linux
Pretty straightforward. Used Oracle 6.7, as 7 is not certified. Create a 200MB /boot, and an LVM for /, both ext4.
Install just the server. Deselect *all* options, just X system and X legacy support (the OUI needs it). Some 566 packages will get installed.
Make sure it boots, and the network starts.
Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
OAM PS3 - continued
Allow auto start (production mode) for your scripts:
cd /oracle/user_projects/domains/oam_domain/servers
mkdir -p oam_server1/security
mkdir -p omsm_server1/security
mkdir -p oam_policy_mgr1/security
vi oam_server1/security/boot.properties
cp oam_server1/security/boot.properties omsm_server1/security/
cp oam_server1/security/boot.properties oam_policy_mgr1/security/
You can now use command line Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
refhost.xml kludge is fixed
No More missing packages
I wrote several times about manually editing refhost.xml. There's not need for it, just apply Patch 18231786.Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0
Wrong Java version on Unified Directory Server
Wrong version Java
After losing the battle with the OS guys for control over java, I keep stumbling upon environments that have wrong java versions due to the fact java is installed in /usr/java, or /usr/bin.In such cases, this is the result:which java
/usr/bin/java
As I do not have control over /usr/bin, I install java in /oracle/middleware/java, so I would
like which java
/oracle/middleware/Frankhttp://www.blogger.com/profile/07830428804236732019noreply@blogger.com0