Last Thursday, I upgraded to Ubuntu’s latest release, 7.10 aka Gutsy Gibbon. Overall, the upgrade went smoothly and after a few hours of downloading (the servers were slammed on release day), I had successfully upgraded with one minor issue. I had tweaked my Ubuntu 7.04 install to coax dual monitor support with my ATI Radeon 9200 video card, when I upgraded, the configuration that I had used was no longer supported. Since I had always had problems with this card in Linux, I decided that it was time to spring for a newer card that has better driver support.

Friday morning, I headed out to MicroCenter and picked up a BFG Tech GeForce 7300 GT (thanks Jason for the recommendation). After installing the new card I was prompted to enable the restricted Nvidia driver (Nvidia provides only closed source drivers, so they are restricted by default). I enabled the driver and rebooted the machine, but the Nvidia module wouldn’t load and the X server would fall back to failsafe mode. I was getting the following error in my Xorg.0.log:

(EE) NVIDIA(0): Failed to initialize the NVIDIA kernel module! Please ensure
(EE) NVIDIA(0): that there is a supported NVIDIA GPU in this system, and
(EE) NVIDIA(0): that the NVIDIA device files have been created properly.
(EE) NVIDIA(0): Please consult the NVIDIA README for details.
(EE) NVIDIA(0): *** Aborting ***

I tried uninstalling the restricted driver from Ubuntu and installing the driver from Nvidia site, but I got the same results. I even tried Envy without any luck. I then checked in /usr/lib/xorg/modules and found two modules for libnvidia-wfb with libnvidia-wfb.so.1 linked to the newer one. I guessed this was the issue so I ran the uninstall scripts for the official Nvidia driver as well as the uninstall scripts in Envy. I then reinstalled the driver via Envy and found that libnvidia-wfb.so.1 was linked to the older one (libnvidia-wfb.so.100.14.19). I was able to load X with the nvidia driver, after which I enabled the Ubuntu supported restricted Nvidia driver which allowed me to use compiz. A few more tweaks to xorg.conf and I was able to get dual monitor support back with twinview.

The only issue left is that the current config treats the dual monitors as one big desktop vs. two screens so when you maximize, it does so across both. Xinerama is supposed to fix this but unfortunately it looks like it isn’t currenly supported when using compiz (desktop effects). Here is a copy of my current xorg.conf working with the nvidia driver and dual monitors under Gutsy.

Gutsy is slick and I am now running compiz for the first time, the desktop effects are cool and give Ubuntu a cleaner, more robust feel.

It has been a year since I made the switch to Ubuntu on my primary desktop and I can happily say that I have no regrets. Ubuntu has proven to be a stable, secure and usable operating system that can play reasonably well in a Windows environment. On the school side, we have already migrated from Microsoft Office to OpenOffice.org and are in the process of moving from Exchange to Google Apps. Ubuntu is becoming a serious option for us when Microsoft drops support for XP in April 2009.

My last major concern is systems management and it looks like Ubuntu may be addressing that now with their new Landscape tool, which is included with their paid support contracts. I emailed Canonical (Ubuntu’s owner) about non-profit/educational pricing for support and found that they do offer a 30% discount for educational institutions (no word on non-profits) and an additional 10% discount for large quantities for a total of 40% off. At $250 retail, the discounted price per desktop would be $150/year for 9×5 desktop support. Having a support contract may also help alleviate concerns that my current staff/volunteer team isn’t as savvy with Linux as they are with Windows, although they are eager to learn.

Dell announced yesterday that they will expand Linux factory installed options to include their notebook and desktop lines (they already provide Linux options on their server line). Hopefully this will motivate the other major hardware vendors to do the same. I think Linux on the desktop will definitely be something we look at in a year or two when most of our desktops will be nearing end of life (with Windows XP). We already run OpenOffice.org and other open-source apps for the school so the switch to desktop Linux shouldn’t be too painful. Hopefully with the new support from Dell, there will be more offerings in the desktop management space (equivalents to group policy).

[Via Techdirt]

Penguin.swf announced the final version of Flash Player 9 for Linux (x86) today. This release is a much needed accomplishment for desktop Linux, with Firefox and Flash 9, the vast majority of websites are now workable.

There is a thread on Ubuntu Forums on how to install it without waiting for the repositories to update. I used this method successfully.

For those of you who haven’t tried Ubuntu yet, Lifehacker highlights a new Windows installer prototype that lets your run Ubuntu without messing with anything - I don’t think it gets much easier that!

When I started running Linux servers on VMware Server resource management became much more important. The limiting factor on the boxes I am running is RAM. The less RAM I could get a server to use, the more servers I could run. I put in a call to an old buddy of mine, Anton Thaker. Anton is a RedHat Certified Engineer (RHCE) and knows Linux better than anyone else I know. Anton wrote a mini-howto on freeing up resources by disabling unneeded services. Here it is:

Here’s a mini-howto to free up resources on a server system by disabling
unneeded services. This is for a Minimal install of CentOS 4.4.

First, a note on “Minimal” installations. I’ve gotten into a habit of
doing minimal installs and installing additional software as needed
after installation. Using “yum” to install needed RPMs and their
dependencies is very easy. The minimal installation reduces the number
of packages requiring updates, makes it easier to keep a server clean in
the long run and eliminates any kind of graphical environment. It also
requires only the first installation CD, where any other type of
installation will usually ask for 3 or all 4 CDs.

The proper RedHat way to disable a service from being started at bootup
is to use the “chkconfig” utility.

After installation the machine reboots. When you login disable as many
service as possible with the following commands:

chkconfig acpid off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig gpm off
chkconfig haldaemon off
chkconfig isdn off
chkconfig mdmonitor off
chkconfig messagebus off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xinetd off

You can turn off “microcode_ctl” if this is an AMD machine, and
“irqbalance” if there is only one CPU. If you plan on using plug and
play devices you should leave “haldaemon” and “messagebus” running. If
you did not do a minimal install you’ll have more services enabled.

Run the following to see what else is enabled:
chkconfig –list |grep “3:on” |awk ‘{print $1}’ |sort

On my machine the above command lists:
anacron
crond
iptables
kudzu
network
sendmail
sshd
syslog

I left “anacron” and “kudzu” enabled, because it’s something that will
run at startup and will not stay loaded when finished. Sendmail is
there for email notifications, and can probably be taken out.
Everything else in the list is pretty much the minimum.

If you are not sure what something does, you can look in the particular
service’s startup script to see the comments at the beginning. The
scripts are in the /etc/init.d directory.

Also instead of running 6 virtual terminals, I have only two. To
disable them, edit the /etc/inittab file and comment out the ones that
you don’t want running like this:

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6

Since this is a new install, make sure to run “yum update” and then
reboot the machine to apply the kernel update and stop the services that
we just disabled. If you don’t want to reboot, you can run “/etc/rc” to
stop the services not enabled in the current run level. It’s a good
idea to reboot to make sure that the system comes up properly.

The minimal installation takes about 721 MB of disk space. On a system
with 64 MB of RAM this setup utilizes about 17 MB of RAM.

Thanks for reading.

Anton Thaker.
RHCE

Over the past few months my Windows XP desktop was beginning to crawl, I knew that it was getting close to the time when it would need a clean wipe and maybe some hardware upgrades. I decided to invest in an extra gigabyte of RAM and one of the fastest hard drives on the market, the Western Digital Raptor. The Raptor I chose is a 150 GB, 10K RPM, 1.5 Gb/s hard drive with 16 MB cache. Total cost was about $350.

When the new memory and hard drive arrived I decided to go with installing Linux on my desktop instead of Windows XP. I had tried running Linux as my primary operating system on two different occasion but I always ended using XP again. The first time it was because there was no good Microsoft Outlook equivalent (Evolution was still flaky) and the second time was because we were doing a lot of work in MediaShout and there was no way to get that working in Linux. We still use MediaShout, but I am no longer heavily involved with building scripts so I can get away with not having it on my machine.

Our pilot test this summer running open source applications for the summer camp technology curriculum was successful and we are ditching Microsoft Office on the desktop (except Outlook) and running OpenOffice instead for all teachers and students. We will be saving quite a bit by not having to get all those extra Microsoft Office licenses. If it goes well this year we may even consider going Linux on the desktop as well.

With that in mind, I figured that it would make sense for to test how a Linux Desktop would integrate into our environment. I had read a lot about Suse Linux Enterprise Desktop (SLED) 10 and how well integrates with Active Directory so I decided to download the evaluation and give it a try. I kept getting errors trying to install, it couldn’t find the software catalog. After some time searching on Google and giving various boot options a try, I decided to see if Ubuntu would install easier (I had seen David’s post on the latest release).

Ubuntu Dapper Drake installed smoothly and in about 20 minutes I had my basic system up and running. The installation didn’t automatically detect my second monitor and I ended up having to copy someone’s X configuration off the web to get the extended desktop working properly. Next I ran Automatix which automates the installation of a lot of commonly used applications.

I was impressed, there has been definite improvement over the years on the Linux desktop, everything seem to work with far less bugs and interfaces are more refined.

Now I needed to see about joining our Active Directory Domain. Following the ActiveDirectoryWinbindHowto, I joined my desktop to our domain. It wasn’t too painful but it definitely was not as seamless as the SLED 10 reviews make it seam with its graphical interface. Now I could login to the Ubuntu desktop with my (or any) domain account.

I did login with my domain account and find that the audio stopped working, turns out that when logging in with a domain account, Ubuntu does not automatically add the user to all the necessary local groups. I ended up adding myself to the following groups (the default groups on a non domain account):

Now everything was working properly for the domain account and looking positive, I setup Evolution to connect to our Exchange server and it is working pretty well. I was able to connect to all my file shares without a problem and OpenOffice is working great. I was able to import all my Firefox bookmarks and extensions just by dragging them into my profile. For some reason Sage, my RSS reader extension in Firefox didn’t pick up the feeds when everything was copied over, so I just exported the OPML file from Sage on Windows Firefox and imported it back to Sage on Linux Firefox.

I do quite a bit of web work so I was curious to see how difficult it would be to install Internet Explorer on Ubuntu. I knew it could be done with Wine, but last time I had checked it was quite complex. Turns out that their is a slick script, IEs4Linux that handles the installation (provided Wine is already installed, I had installed it with Automatix). I downloaded the script and ran it, a few seconds later I had Internet Explorer up and running.

I have had the system up and running for two days now and I am very happy with it, it is stable, functional and blazing fast. I have noticed a couple sites that won’t run well because of the older version of Flash, hopefully Adobe will release a new version soon.

I think we still have a long way to go before we are ready to deploy Linux on the desktop at St. Mark’s, but this is definitely a good start.

A few days ago the floppy drive on my Windows XP desktop started buzzing periodically, I thought it was just me and maybe I had contracted a virus. I checked my Symantec Antivirus Corporate Edition and it hadn’t picked up anything so I installed AVG, still nothing. I thought maybe spyware, ran Spybot and ewido, nothing suspicious. I started to get reports of floppy drives going off all around the network, uh oh! I tried to think back and see what changes we had made that would affect the entire network. One of our volunteers, David, had done some tweaking in group policy on our domain policy, maybe something went awry. I emailed and he came in to check last night. We looked through the domain policy and discovered that it wasn’t even enabled right now so it couldn’t be the problem. Dave timed the interval and found that it goes off every 5 minutes, that number rung a bell, I had just been toying with the configuration files in OpenNMS and the default polling interval is 5 minutes. We logged in and temporarily turned off OpenNMS and the floppy drives stopped buzzing! Thank God it wasn’t a virus or spyware! We all had a good laugh and found that the SNMP polling was checking up on the floppy. Now that we know the cause, we can figure out the best way to deal with it.

At our first tech night last week, Magued one of our uber volunteers who is responsible for maintaining our Cisco firewalls and switches, lobbied us to get a network management platform up and running. Magued had lobbied for quite some time that we must get some kind of monitoring system up so that we weren’t blind as to what was happening on the network.

We had toyed with OpenNMS a few times but never put the full effort into launching it, so on Wednesday we pulled out a box and set it up for production use. Here is an overview on the install:

• Hardware: Sony Vaio PCV-RS420 P4 2.8, 1 GB RAM, 2-120 GB Software RAID 1.
• Operating System: CentOS-4.3.
• Configure for the software mirror
• Choose server/minimal install.
• Assign static IP address.
• Disable the firewall and SELinux.
• Log in via SSH or the terminal and start yum update to get the latest operating system and package updates.
• Install Webmin. Use the System -> Software Packages module to install new RPM packages.
• Follow the OpenNMS Installation Guide with a few things to watch our for…
• In section 2.3, the prerequisite RPM packages for RRDtool.
• rrdtool-1.2.15-1.el4.rf.i386.rpm
• rrdtool-devel-1.2.15-1.el4.rf.i386.rpm
• tcl-rrdtool-1.2.15-1.el4.rf.i386.rpm
• In section 2.4.1 of the guide, note that the second part should read:
  Find the line in the file that contains max_connections. It needs to read:
  max_connections = 256
  The line that contains shared_buffers.
  It needs to read:shared_buffers = 1024
• In section 3.3 note where the following variables are pointing to.
• $OPENNMS_HOME = /opt/OpenNMS
• $CATALINA_HOME = /var/tomcat4
• Edit the /opt/OpenNMS/etc/discovery-configuration.xml file so that it reflects the right subnets. It takes about 8 seconds to scan an IP address, so expect it ti take a while to discover all your hosts if you have a large network.
• Edit /opt/OpenNMS/etc/javamail-configuration.properties file to reflect the correct system sender account for notification emails.
• Uncomment org.opennms.core.utils.fromAddress=root@[127.0.0.1] and change the email address.
• Start up and begin to configure OpenNMS.
• Hint: Don’t turn on your notification status until you have configured notifications or else be prepared for a flood of emails.

After a few hours of discovery, all of our firewalls, managed switches and servers started showing up. After tech nights last night Magued helped us configure SNMP on our backbone switch and our main active directory server. SNMP is pretty cool, once configured right, OpenNMS “discovers” all the services and interfaces a device is running.

We got a good start on the network management system by getting it up and running, but the key is going to be in the configuration. We still have to get SNMP configured for all our firewalls and the rest of our servers. Once all our devices are configured correctly, we have to setup and tweak notifications. An added bonus to OpenNMS is that it does basic Asset Management. We have been looking for an asset management solution for a while but nothing jumped out at us, so I think we will start with this one for now. The nice thing with the integrated asset management will be that when we have an outage we can see exactly where/what the equipment is.

We have had OpenNMS up, running and minimally configured for two days now, it already caught a minor outage when our senior priest’s Internet connection went down at home. When the outage happened we realized the need for a way to correlate events so that when a connection that has equipment running on it goes down, we only get notified that the connection is down and not all the additional notifications for the rest of the equipment. It look like this will be released in an upcoming version, according to the OpenNMS Road Map.

Two of summer interns, Kyle and Travis, are wrapping up testing on their assigned projects. The first is an open source web content filter, we chose to use DansGuardian running on CentOS 4.3. The second is an open source spam/virus mail filter, we chose to use SpamAssassin and ClamAV, they found a pre-configured gateway called Piratefish which uses both and has good installation documentation.

They wrote up a rough draft on how they got DansGuardian up and running, I’ll post the final version shortly:

-Boot CentOS from disk 1
-choose skip
-choose next about 3 times,
-when it asks for installation type choose server
-automatically partition
-remove all partitions, yes you are sure
-next until firewall configuration, choose no firewall, and disable SELinux
-choose next, then click proceed when asks you to configure firewall
-make root password
-Package Group Selection
Editors
Development tools
-insert disks as needed
-log in as root
-type : ‘yum update’

-use WinSCP and place the webmin package in the root directory
-using putty type the commands:
‘rpm -U webmin-1.290-1.noarch.rpm’
to install webmin
-direct your browser to x.x.x.x:10000 (where x.x.x.x is the IP address of the box)
-click system, software packages, browse yum, type: squid, choose squid and click install
-using WinSCP copy and overwrite the squid config file to /root/etc/squid

-using WinSCP copy the dansguardian package to the root directory
-using WinSCP click networking, linux firewall, and setup a firewall using the defaults
-using putty type these commands:
tar –zxpf dansguardian-2.8.0.6.source.tar.gz
cd dansguardian-2.8.0.6
./configure
make
make install
make clean
cd
service squid start
service dansguardian start
service iptables stop
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 \
-j REDIRECT –to-port 8080
-using WinSCPcopy the html template file into the ‘/root/etc/dansguardian/languages/ukenglish/’ directory
-using putty type : ‘service dansguardian restart’
-using WinSCP copy the ‘dg-0.5.10-pr5.wbm’ file into the root directory
- using webmin, Click on webmin configuration, webmin modules
-install the file you just copied by selecting “from local file” and browsing for it by clicking the “…” button.
-using webmin, click servers, dansguardian, module config, and change the paths by deleting ‘/usr/local’ from any path that contains it.
-using WinSCP copy the ‘blacklists’ folder into ‘/etc/dansguardian/’
-using webmin, click system, scheduled cron jobs, create a new scheduled cron job
Execute as root
Copy the text from the ‘blacklistupdate’ text file into the “input to command” field:
type a command name and description
click the “simple schedule button” and choose “monthly (on the 1st)” from the dropdown menu
click save
-click the name of the cron you just made
-click run now
-edit ‘/etc/dansguardian/bannedsite’ list and remove the ‘#’’s to choose which blacklists you want to use, make sure the ‘#’ is removed before ‘*ip’ to enable IPs be blocked to protect against ‘ping’. Add any sites you wish to block in this file where it says to
-also edit ‘/etc/dansguardian/bannedurllist’ and perform the same basic actions.

-edit the file ‘/etc/rc.d/rc.local’ and add all the text from the ‘squidstartup’ text file.

-take the ‘phraselistsmay31’ file and extract it twice in the ‘/etc/dansguardian’ file

-Go to ‘network connections’ on the workstation you wish to have the internet filtered on, right click ‘local area connection’, click ‘properties’, click ‘Internet Protocol (TCP/IP), click ‘properties’, click ‘advanced’, click add, and add the IP address of the box that filters.

Found this on Digg, IBM engineers take a look at open source content management systems and decide to go with Drupal.

Using open source software to design, develop, and deploy a collaborative Web site, Part 1: Introduction and overview

We are currently testing out Drupal as a potential replacement for Joomla!, our current content management system for all our sites.