Archlinux installation notes

KEYBOARD

For slovenian keyboard

# loadkeys slovene

PARTITION

BIOS/GPT

Bios motherboard with gpt partition scheme

Use tools like parted, gdisk.

Prepare partitions

Gdisk

# gdisk /dev/sda
Create small 1-2Mb partition for bios (code: EF02)
Create small 1 Gb partition for BOOT (code: 8300)
Create swap partition in the size of RAM or at least 2Gb (code: 8200)
Create root partition 40Gb
Create home partition from the rest of the disk space

Format partitions (mkfs. , mkswap, swapon)

# mkfs.ext2 /dev/sda2 BOOT
# mkswap /dev/sda3 SWAP
# swapon /dev/sda3
# mkfs.ext4 /dev/sda4 ROOT
# mkfs.ext4 /dev/sda5 HOME

EFI/GPT

EFI motherboard with GPT partition scheme.

Prepare partitions

# gdisk
# gdisk /dev/sda

Create small 1 Gb partition for EFI (code: EF00)
Create swap partition in the size of RAM or at least 2Gb (code: 8200)
Create root partition 40Gb (it could be smaller)
Create home partition from the rest of the disk size.

You could create separate partitions (VAR, OPT).

Format partitions

# mkfs.fat -F32 /dev/sda1 EFI
# mkswap /dev/sda3 SWAP
# swapon /dev/sda3
# mkfs.ext4 /dev/sda4 ROOT
# mkfs.ext4 /dev/sda5 HOME

Mount partitions (root, boot, home)

# mount /dev/sda4 /mnt
# mkdir /mnt/{boot,home}
# mount /dev/sda1 /mnt/boot
# mount /dev/sda5 /mnt/home

Base system installation

# pacstrap -i /mnt base base-devel

Create mount points in fstab

# genfstab -U /mnt > /mnt/etc/fstab

CHROOT

# arch-chroot /mnt /bin/bash

Install extra programs with pacman

# pacman -S vim dhclient iw wpa_supplicant dialog firefox chromium gedit nautilus vlc terminator thunderbird pssh x11-ssh-askpass dunst rednotebook

Define/configure locale settings

# vim /etc/locale.gen
uncomment your default language (for example en_US.UTF-8)
# locale-gen
# vim /etc/locale.conf
LANG=en_US.UTF-8
# vim /etc/vconsole.conf
KEYMAP=slovene

TIME configuration

# tzselect
# ln -sf /usr/share/zoneinfo/Europe/Ljubljana /etc/localtime
# hwclock --systohc --utc

NTP or CHRONY

NTP daemon

# pacman -S ntp
# vim /etc/ntp.conf
# sysctl enable ntpd

CHRONY
https://wiki.archlinux.org/index.php/Chrony

# pacman -S chrony
echo "1 SHA1 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 40)" > /etc/chrony.keys
# chmod 640 /etc/chrony.keys
# vim /etc/chrony.conf
pool arch.pool.ntp.org iburst
pool arch.pool.ntp.org offline
server offline
server offline
server offline
maxupdateskew 5
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
rtconutc
rtcsync
# systemctl restart chrony
# systemctl enable chrony

INITRAMFS

# mkinitcpio -p linux

Install/configure BOOTLOADER

BIOS/GPT

# pacman -S grub
# grub-install --recheck /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg

UEFI/GPT

# bootctl install
# vim /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options root=/dev/sda4 rw
# vim /boot/loader/loader.conf
timeout 3
default arch
editor 1 (after successful reboot change to 0, for security reasons)

EFI Viewer/Manager

# pacman -S efibootmgr
# efibootmgr -v

HOSTNAME

# echo newhostname > /etc/hostname
# vim /etc/hosts
 
127.0.0.1 localhost.localdomain localhost newhostname
::1 localhost.localdomain localhost newhostname

Define ROOT PASSWORD

# passwd

EXIT FROM CHROOT MODE

 Ctrl + D

RESTART PC

# reboot

ADD FIRST USERS

# useradd -m -G wheel -s /bin/bash newuser
# passwd newuser

YAOURT

# pacman -S wget git curl lsof
 
$ git clone https://aur.archlinux.org/package-query.git
Cloning into 'package-query'...
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (16/16), done.
remote: Total 16 (delta 0), reused 16 (delta 0)
Unpacking objects: 100% (16/16), done.
Checking connectivity... done.
 
$ cd package-query
$ makepkg -si
$ cd ..
 
$ git clone https://aur.archlinux.org/yaourt.git
Cloning into 'yaourt'...
remote: Counting objects: 14, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 14 (delta 3), reused 14 (delta 3)
Unpacking objects: 100% (14/14), done.
Checking connectivity... done.
 
$ cd yaourt
$ makepkg -si
$ cd ..
 
$ rehash

XSERVER

# pacman -S xorg-server xorg-xrandr xorg-xrdb xautolock xorg-xinit
$ yaourt -S xf86-video-ati mesa-libgl mesa-vdpau (for radeon video cards)
$ yaourt -S xf86-video-intel (for intel video cards)

SOUND

# pacman -S pulseaudio pulseaudio-alsa alsa-utils
$ yaourt -S cmus

SUDO

# pacman -S sudo

Run visudo and uncomment wheel group.
Add newuser to wheel group.

ZSH (shell)

https://github.com/robbyrussell/oh-my-zsh

# pacman -S zsh
$ sh -c "$(wget https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

ENCRYPT HOME DIRECTORY

https://wiki.archlinux.org/index.php/ECryptfs#Encrypting_a_home_directory

$ yaourt -S ecryptfs-utils
# modprobe ecryptfs
# ecryptfs-migrate-home -u newuser

Login as new user

use README for help

remove temporary map /home/newuser.LJHFLAHL

PAM-a ecrypt configuration

# vim /etc/pam.d/system-auth
 
Open /etc/pam.d/system-auth and after the line containing auth required pam_unix.so add:
auth required pam_ecryptfs.so unwrap
Next, above the line containing password required pam_unix.so insert:
password optional pam_ecryptfs.so
And finally, after the line session required pam_unix.so add:
session optional pam_ecryptfs.so

I3 window manager

# pacman -S i3-wm i3lock i3status dmenu
$ vim .i3/config
# This file has been auto-generated by i3-config-wizard(1).
# It will not be overwritten, so edit it as you like.
#
# Should you change your keyboard layout some time, delete
# this file and re-run i3-config-wizard(1).
#
 
# i3 config file (v4)
#
# Please see http://i3wm.org/docs/userguide.html for a complete reference!
 
# Windows key
set $mod Mod4
 
# set $mod Mod1 <-- alt
 
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font pango:monospace 8
 
# This font is widely installed, provides lots of unicode glyphs, right-to-left
# text rendering and scalability on retina/hidpi displays (thanks to pango).
font pango:DejaVu Sans Mono 8
 
# Before i3 v4.8, we used to recommend this one as the default:
# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
# The font above is very space-efficient, that is, it looks good, sharp and
# clear in small sizes. However, its unicode glyph coverage is limited, the old
# X core fonts rendering does not support right-to-left and this being a bitmap
# font, it doesn’t scale on retina/hidpi displays.
 
# Use Mouse+$mod to drag floating windows to their wanted position
floating_modifier $mod
 
# start a terminal
bindsym $mod+Return exec i3-sensible-terminal
 
# kill focused window
bindsym $mod+Shift+q kill
 
# start dmenu (a program launcher)
bindsym $mod+d exec dmenu_run
# There also is the (new) i3-dmenu-desktop which only displays applications
# shipping a .desktop file. It is a wrapper around dmenu, so you need that
# installed.
# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
 
# change focus
bindsym $mod+j focus left
bindsym $mod+k focus down
bindsym $mod+l focus up
bindsym $mod+ccaron focus right
 
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
 
# move focused window
bindsym $mod+Shift+j move left
bindsym $mod+Shift+k move down
bindsym $mod+Shift+l move up
bindsym $mod+Shift+ccaron move right
 
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
 
# split in horizontal orientation
bindsym $mod+h split h
 
# split in vertical orientation
bindsym $mod+v split v
 
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
 
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
 
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
 
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
 
# focus the parent container
bindsym $mod+a focus parent
 
# focus the child container
#bindsym $mod+d focus child
 
# Name the workspaces
set $tag1 "1: term"
set $tag2 "2: www"
set $tag3 "3: mail"
set $tag4 "4: edit"
set $tag5 "5: nautilus"
set $tag6 "6: virtual"
set $tag7 "7: music"
set $tag8 "8: video"
set $tag9 "9: tor"
set $tag10 "10: term"
 
# assignment apps to a named workspace
#assign [class="^Terminator$"] → "1: term"
assign [class="^Tor Browser$"]"2: www"
assign [class="^Firefox$"]"2: www"
assign [class="^Chromium$"]"2: www"
assign [class="^Thunderbird$"]"3: mail"
assign [class="^Gedit$"]"4: edit"
assign [class="^libreoffice-startcenter$"]"4: edit"
assign [class="^Nautilus$"]"5: nautilus"
assign [class="^VirtualBox$"]"6: virtual"
assign [class="^Clementine$"]"7: music"
assign [class="^Vlc$"]"8: video"
assign [class="^Transmission-gtk$"]"9: tor"
 
# switch to workspace
bindsym $mod+1 workspace $tag1
bindsym $mod+2 workspace $tag2
bindsym $mod+3 workspace $tag3
bindsym $mod+4 workspace $tag4
bindsym $mod+5 workspace $tag5
bindsym $mod+6 workspace $tag6
bindsym $mod+7 workspace $tag7
bindsym $mod+8 workspace $tag8
bindsym $mod+9 workspace $tag9
bindsym $mod+0 workspace $tag10
 
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace $tag1
bindsym $mod+Shift+2 move container to workspace $tag2
bindsym $mod+Shift+3 move container to workspace $tag3
bindsym $mod+Shift+4 move container to workspace $tag4
bindsym $mod+Shift+5 move container to workspace $tag5
bindsym $mod+Shift+6 move container to workspace $tag6
bindsym $mod+Shift+7 move container to workspace $tag7
bindsym $mod+Shift+8 move container to workspace $tag8
bindsym $mod+Shift+9 move container to workspace $tag9
bindsym $mod+Shift+0 move container to workspace $tag10
 
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
 
# resize window (you can also use the mouse for that)
mode "resize" {
 # These bindings trigger as soon as you enter the resize mode
 
 # Pressing left will shrink the window’s width.
 # Pressing right will grow the window’s width.
 # Pressing up will shrink the window’s height.
 # Pressing down will grow the window’s height.
 bindsym j resize shrink width 10 px or 10 ppt
 bindsym k resize grow height 10 px or 10 ppt
 bindsym l resize shrink height 10 px or 10 ppt
 bindsym ccaron resize grow width 10 px or 10 ppt
 
 # same bindings, but for the arrow keys
 bindsym Left resize shrink width 10 px or 10 ppt
 bindsym Down resize grow height 10 px or 10 ppt
 bindsym Up resize shrink height 10 px or 10 ppt
 bindsym Right resize grow width 10 px or 10 ppt
 
 # back to normal: Enter or Escape
 bindsym Return mode "default"
 bindsym Escape mode "default"
}
 
bindsym $mod+r mode "resize"
 
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available)
#bar {
# status_command i3status
#}
#
bar {
 font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
 font pango:DejaVu Sans Mono 8
 
 colors {
 # Whole color settings
 background #000000
 statusline #ffffff
 separator #666666
 
 # Type border background font
 focused_workspace #008fff #007fff #ffffff
 active_workspace #333333 #5f676a #ffffff
 inactive_workspace #333333 #222222 #888888
 urgent_workspace #aa0000 #990000 #ffffff
 }
 # i3bar position
 position top
 # Using custom i3status.conf
 status_command i3status -c ~/.i3/i3status.conf
}
# floating programs #
#for_window [instance="torbrowser"] floating enable
###
#
###################################
# after 5 min lock screen 
#exec --no-startup-id xset dpms 600 
#
exec --no-startup-id xautolock -time 5 -locker "i3lock -u -t -e -c 000000 -i ~/Pictures/Ozadja/lock5.png -n" &
 
##################
# Startup programs
#
# setup background
exec --no-startup-id feh --bg-fill ~/Pictures/Ozadja/wall3.jpg
# start network manager
exec --no-startup-id nm-applet
# setup slovenian keyboard
exec --no-startup-id setxkbmap -layout si
# za pravilno delovanje jave
exec --no-startup-id wmname LG3D &
# setup displays
#exec ~/.i3/detect_displays.sh
 
 
######################################
# i3lock shutdown, reboot, lock screen
set $Locker i3lock -u -t -e -c 000000 -i ~/Pictures/Ozadja/lock5.png -n && sleep 1
 
set $mode_system System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown
mode "$mode_system" {
 bindsym l exec --no-startup-id $Locker, mode "default"
 bindsym e exec --no-startup-id i3-msg exit, mode "default"
 bindsym s exec --no-startup-id $Locker && systemctl suspend, mode "default"
 bindsym h exec --no-startup-id $Locker && systemctl hibernate, mode "default"
 bindsym r exec --no-startup-id systemctl reboot, mode "default"
 bindsym Shift+s exec --no-startup-id systemctl poweroff -i, mode "default" 
 
 # back to normal: Enter or Escape
 bindsym Return mode "default"
 bindsym Escape mode "default"
}
 
bindsym $mod+Pause mode "$mode_system" 
######################################
#
# pulse audio volume control
#bindsym XF86AudioLowerVolume exec /usr/bin/pactl set-sink-volume 0 -- '-5%'
#bindsym XF86AudioRaiseVolume exec /usr/bin/pactl set-sink-volume 0 -- '+5%'
#bindsym XF86AudioMute exec /usr/bin/pactl set-sink-volume 0 0
#bindsym XF86Launch1 exec /usr/bin/pactl play-sample that_was_easy
#bindsym XF86MonBrightnessUp exec /usr/bin/xbacklight -inc 10
#bindsym XF86MonBrightnessDown exec /usr/bin/xbacklight -dec 5
$ vim .i3/i3status.conf
 
# i3status configuration file.
# see "man i3status" for documentation.
 
# It is important that this file is edited as UTF-8.
# The following line should contain a sharp s:
# ß
# If the above line is not correctly displayed, fix your editor first!
 
general {
 output_format = "i3bar"
 colors = true
 interval = 5
}
 
order += "cpu_usage"
order += "cpu_temperature 0"
#order += "ipv6"
order += "disk /home"
#order += "run_watch DHCP"
#order += "run_watch VPN"
#order += "wireless _first_"
order += "ethernet _first_"
#order += "battery 0"
#order += "load"
order += "volume master"
order += "tztime local"
 
wireless _first_ {
 format_up = "Wifi: (%quality at %essid, %bitrate) %ip"
 format_down = "W: down"
}
 
ethernet _first_ {
 # if you use %speed, i3status requires root privileges
 format_up = "Eth: %ip (%speed)"
 format_down = "Eth: down"
}
 
battery 0 {
 format = "Bat: %status %percentage %remaining"
}
 
#battery 0 {
# format = "%status %percentage %remaining %emptytime"
# format_down = "No battery"
# status_chr = "⚇ CHR""
# status_bat = "⚡ BAT"
# status_full = "☻ FULL"
# path = "/sys/class/power_supply/BAT0/uevent"
# low_threshold = 10
#}
 
cpu_temperature 0 {
 format = "CPU Temp: %degrees °C"
 path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp1_input"
}
 
cpu_usage {
 format = "CPU: %usage"
}
 
run_watch DHCP {
 pidfile = "/var/run/dhclient*.pid"
}
 
run_watch VPN {
 pidfile = "/var/run/vpnc/pid"
}
 
tztime local {
 format = "%d-%m-%Y %H:%M:%S"
}
 
load {
 format = "%1min"
}
 
disk "/home" {
 format = "Home: %avail free"
}
 
volume master {
 format = "♪: %volume"
 format_muted = "♪: muted (%volume)"
 device = "default"
 mixer = "Master"
 mixer_idx = 0
}

FONTS

# pacman -S ttf-dejavu ttf-ubuntu-font-family ttf-ms-fonts(for winbox)

NETWORK MANAGER

https://wiki.archlinux.org/index.php/NetworkManager#Configuration

# pacman -S networkmanager networkmanager-openvpn
# systemctl enable NetworkManager.service
Created symlink from /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service to /usr/lib/systemd/system/NetworkManager.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/NetworkManager.service to /usr/lib/systemd/system/NetworkManager.service.
Created symlink from /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service to /usr/lib/systemd/system/NetworkManager-dispatcher.service.
# pacman -S polkit-gnome
# vim /etc/group
network:x:90:newuser pre># vim /etc/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules
 
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("network")) {
return polkit.Result.YES;
}
});

LAPTOP (hibernate laptop at 5% of the battery life

# vim /etc/udev/rules.d/99-lowbat.rules
 
# Suspend the system when battery level drops to 5% or lower
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"

TOUCHPAD

# vim /etc/X11/xorg.conf.d/50-synaptics.conf
Section "InputClass"
 Identifier "touchpad"
 Driver "synaptics"
 MatchIsTouchpad "on"
 Option "TapButton1" "1"
 Option "TapButton2" "2"
 Option "TapButton3" "3"
 Option "VertEdgeScroll" "on"
 Option "VertTwoFingerScroll" "on"
 Option "HorizEdgeScroll" "on"
 Option "HorizTwoFingerScroll" "on"
 Option "CircularScrolling" "on"
 Option "CircScrollTrigger" "2"
 Option "EmulateTwoFingerMinZ" "40"
 Option "EmulateTwoFingerMinW" "8"
 Option "CoastingSpeed" "0"
 Option "FingerLow" "35"
 Option "FingerHigh" "40"
EndSection

VIRTUALIZATION

VIRTUALBOX

# pacman -S virtualbox gksu
$ yaourt -S virtualbox-ext-oracle
# vim /etc/modules-load.d/virtualbox.conf
vboxdrv
vboxnetflt
vboxnetadp
vboxpci
$ sudo gpasswd -a newuser vboxusers
Adding user newuser to group vboxusers

LIBVIRT (KVM)

$ yaourt -S ebtables bridge-utils dnsmasq qemu virt-viewer
$ yaourt -S libguestfs (tools for edit qcow2 images)

Define storage pool
example: directory on external usb drive

# virsh pool-define-as usb dir - - - - /run/media/newuser/141226ea-ea1c-4d93-aa2a-dfc0ed87ebc8/VM

Import new image

$ virt-install \
--name servername \
--memory 1024 \
--disk /run/media/newuser/141226ea-ea1c-4d93-aa2a-dfc0ed87ebc8/VM/eduroam2.img \
--import

NESTED VIRTUALIZATION

# vim /etc/modprobe.d/modprobe.conf
options kvm_intel nested=1

PICTURE VIEWERS/EDITORS

$ yaourt -S shutter gimp feh

RDESKTOP (remotely manage windows computers)

 $ yaourt -S rdesktop

OFFICE

$ yaourt -S libreoffice-still

PDF reader

$ yaourt -S evince

NETWORK TOOLS

$ yaourt -S dnsutils whois ipcalc wireshark-cli nmap minicom net-tools
For wireshark ...
# gpasswd -a newuser wireshark
  Adding user newuser to group wireshark
# newgrp wireshark

DISK test tools

$ yaourt -S smartmontools

PRINTERS

$ yaourt -S cups cups-pdf
# systemctl start org.cups.cupsd.service
# systemctl enable org.cups.cupsd.service
 Created symlink from /etc/systemd/system/printer.target.wants/org.cups.cupsd.service to /usr/lib/systemd/system/org.cups.cupsd.service.
 Created symlink from /etc/systemd/system/sockets.target.wants/org.cups.cupsd.socket to /usr/lib/systemd/system/org.cups.cupsd.socket.
 Created symlink from /etc/systemd/system/multi-user.target.wants/org.cups.cupsd.path to /usr/lib/systemd/system/org.cups.cupsd.path.

From webpage http://localhost:631, we can add new printers

LCMC – cluster administration

$ yaourt -S jre7-openjdk lcmc

ZIP

$ yaourt -S file-roller p7zip unrar cdrkit

ANTIVIRUS

$ yaourt -S clamav
# touch /var/lib/clamav/clamd.sock
# chown clamav:clamav /var/lib/clamav/clamd.sock
# systemctl restart clamd.service

DOS TOOLS

$ yaourt -S dosfstools

WINE

# vim /etc/pacman.conf (uncomment)
[multilib]
Include = /etc/pacman.d/mirrorlist
 
$ yaourt -Syu
 
$ yaourt -S wine winetricks

FLASHPLAYER

$ yaourt -S flashplugin

TORRENT CLIENTS

$ yaourt -S transmission-cli deluge

I2P ANONYMOUS SERVICE DAEMON

 $ yaourt -S i2p
 $ sudo systemctl enable i2prouter.service
 Created symlink from /etc/systemd/system/multi-user.target.wants/i2prouter.service to /usr/lib/systemd/system/i2prouter.service.
 $ sudo systemctl start i2prouter.service

It works in firefox.

PASSWORD GENERATOR

$ yaourt -S apg

GPG SIGNATURE PROBLEMs
https://wiki.manjaro.org/index.php/Pacman_troubleshooting#.22Failed_to_commit_transaction_.28invalid_or_corrupted_package.29.22_Error

Solution:

# pacman-key --init
# pacman-key --populate archlinux
# pacman-key --refresh-keys
# pacman -Sc
# pacman -Syuu

GNOME KEYRING

https://wiki.archlinux.org/index.php/GNOME_Keyring

At the end of files we add:

# vim /etc/pam.d/login
 session optional pam_gnome_keyring.so auto_start
# vim /etc/pam.d/passwd
 password optional pam_gnome_keyring.so

SENSORS

$ yaourt -S lm_sensors

URL: https://wiki.archlinux.org/

Randomize xterm colors

A bash script to randomize the xterm colors defined in the .Xresources file.

Requirements: An original .Xresources file. It must, among other definitions, specify all the neccesary colors in the following form (order is irrellevant):

xterm*color0    :  #151503
xterm*color1    :  #843706
xterm*color2    :  #69750e
...
xterm*color15    :  #f4dfd8
xterm*background    :  #211d22

Usage:
Navigate to the directory where your system’s .Xresources file is located (most likely your home directory). Make sure it complies with the listed requirements. If so, copy it into a new file to which we from now on refer as the original file. Else edit it so it does and then create the copy:

 cp .Xresources .XresourcesOriginal 

Now we are ready to run the script. Verify that it is located in current directory and classified executable. Then run:

 ./randXcolors .XresourcesOriginal .Xresources 10 

Fell free to replace the number 10 with any integer in range from 0 to 255. That is the limit on the randomization range. As it increases the output will in average differ more and more from the original.
After the new .Xresources is generated, you can load it:

 xrdb .Xresources 

Restart your xterm to see the change take place. Repeating this process a couple of times will likely provide you with a truly amazing xterm color scheme.

Code:
Paste this into the randXcolor file.

#!/bin/bash 

# randXcolors - a bash script to randomize xterm colors

# Operating on the standard Xresources file it changes the xterm*color* and
# xterm*background variables in order to produce a copy with colors randomized.#
# The new color definitions are placed at the end of the new file.

# args: 1. filename - Original Xresources file
#       2. filename - Output Xresurces file
#       3. integer - The radius of randomization with regard to the 255 color
#           range

usage(){
    echo -e "Usage: $0 originalFilename destinationFilename randomRadius\n"
    exit 1
}

function rgb2hex()
#args: RRRGGGBBB color, -001<RRR<256 etc.
#returns #HEXHEX color
{
    local hex1=$(printf '%02x' $((10#${1:0:3}))) #10# transf 2 dec, $1 is arg
    local hex2=$(printf '%02x' $((10#${1:3:3})))
    local hex3=$(printf '%02x' $((10#${1:6:3})))
    echo "#$hex1$hex2$hex3"
}

function hex2rgb()
#args: #HEXHEX color
#returns RRRGGGBBB color
{
    local rgb1=$(printf '%03d' 0x${1:1:2})
    local rgb2=$(printf '%03d' 0x${1:3:2})
    local rgb3=$(printf '%03d' 0x${1:5:2})
    echo "$rgb1$rgb2$rgb3"
}

function randomizeHex()
#args #HEXHEX color, randomization radius
#returns #HEXHEX randomized color
{
    local rgb=$(hex2rgb $1)
    declare -a local rgbArr=(${rgb:0:3} ${rgb:3:3} ${rgb:6:3})
    local rgbRand=""
    for i in "${rgbArr[@]}"
    do
        local substr=$(echo $(($(shuf -i 0-$(($2 + $2)) -n 1) - $2)))
        local sum=$((10#$i + $substr))
        if [ $sum -gt "255" ]; then
            sum="255"
        elif [ $sum -lt "0" ]; then
            sum="0"
        fi
        rgbRand="$rgbRand$(printf '%03d' $sum)"
    done
    echo $(rgb2hex $rgbRand)
}

#input check
[[ $# -ne 3 ]] && echo -e "\nERROR\nWrong number of arguments.\n" && usage
[[ $1 == $2 ]] && echo -e "\nERROR\nDo not use the same file as input and"\
    "output.\nExiting...\n"\ && exit 1
[[ $3 -gt 255 ]] || [[ $3 -lt 0 ]] && echo -e "\nERROR.\nThe randomization"\
    "radius too large or too small to make any sense.\nUse values between 0"\
    "and 255, with less then 100 recommended.\nExiting...\n" && exit 1

#"main" function
cp "$PWD/$1" "$PWD/$2"
sed -i '/[Xx][Tt]erm\*color*/d' "$PWD/$2"
sed -i '/[Xx][Tt]erm\*background*/d' "$PWD/$2"
count=0
while read l; do
    if [ ${l:0:1} != "!" ]; then #dont touch comments
        if [[ $l == *[Xx][Tt]erm\*color* ]]; then
            echo "xterm*color"$count"    :  "$(randomizeHex "#${l#*#}" $3) \
                >> "$PWD/$2"
            count=$(($count + 1))
        elif [[ $l == *[Xx][Tt]erm\*background* ]]; then
            echo "xterm*background    :  "$(randomizeHex "#${l#*#}" $3) \
                >> "$PWD/$2"
        fi
    fi
done < "$PWD/$1"

Debian on BBB

These are instructions on how to put Debian for Beaglebone Black (BBB) on a SD card without using an additional SD card reader.

Hardware required: Beaglebone Black and a GNU/Linux computer, both connected to the same LAN, and a micro SD card.
Computer software required: a web browser, wget, md5sum, 7zip, arp-scan, openssh, dd.
BBB software required: a working GNU/Linux running from the eMMC.

Fire up your computer’s terminal. Chdir into an initially empty directory.

1) Navigate to the official BBB webpage using your preferred browser:

http://beagleboard.org/latest-images/

2) Download the latest Debian (or other) image via wget. Choose beetween the bootable and flashing-only version (according to your personal preference). You can also download the file using browser or bit torrent.

wget http://debian.beagleboard.org/images/bone-debian-7.5-2014-05-14-2gb.img.xz

3) Check its MD5 hash (optional).

md5sum *.xz

4) Unzip the file using 7zip (the extracted file will look like this: IMAGE_NAME.img):

7z x *.xz

5) Make sure your BBB is connected to the same local network your machine is connected to using ethernet cable. Also make sure the SD card has been put into its slot after BBB had been turned on and booted up.

Find your local ethernet name. It should look something like eth0. You will be able to find it using this command:

ls /sys/class/net

6) Arp-scan your home network to find the BBB’s IP adress:

sudo arp-scan --interface=YOUR_ETHERNET_NAME --localnet

7) The IP address corresponding to Texas Instruments, Inc in the third column should be your BBB’s. Now you can ssh into your device. If you’re using the default Ångström distribution, just hit enter when asked for password:

ssh root@YOUR_BBBS_IP

8) List bulk devices to find your SD card’s device name.

lsblk -f && lsblk

9) Take this step very seriously since not doing so could do harm to your BBB in step 11. You should be able to find the SD card device name by its size, filetype and name. The BBB comes with a 2GB on-board flash so make sure to filter that one out. The SD may include some partitions, for example mmcblk1p1 and/or mmcblk1p2. In my case, the SD device name was mmcblk1. We will be using the SD_NAME in the following steps.

Memorise the SD_NAME (or better yet, write it down) and unmount all of its partitions:

umount SD_NAME_PARTITION_MOUNTPOINTS

Make sure they had been unmounted using lsblk again.

10) Exit your ssh session:

exit

11) Please take this final step even more seriously and follow at your own risk. We will be using the dd image writing command, also known as the Data Destructor. You could easily destroy all data either on your machine or BBB so proceed carefully.

Clone the image to the SD card using ssh:

dd if=./IMAGE_NAME.img | ssh root@BBB_IP "dd of=/dev/SD_NAME bs=4M"

if stands for input, of for output. This will take a while. You should get a coffee. Or make tea. Take a quick nap in front of your computer. Once it’s done, you should end up with a SD-card ready for eMMC flash or boot.

Install a package from AUR on arch linux

The easiest way to install packages on arch Linux is from the official repositories using pacman. This is also the preferred way since the packages installed this way are updated through system-wide updates.

However – what if the package you need is not available in the official repos? Or perhaps you need a newer version? In this case you can follow this procedure:

1. Look it up on AUR

AUR stands for arch user repository. It is maintained by the community. Many packages are availible. AUR.

2. Check it

Check the dependencies. You will need to install them later if they are not installed on your system but no need to worry about that just yet. Read the discussion on the bottom of the page – it sometimes contains valuable info. If the package is flagged out of date you can consider yourself unlucky. These ones usually don’t work out of the box. Try – perhaps it does. Many packages are marked with “-git”. These ones use git to install the newest version of the software.

3. Download and untar

Download tarball archive using your browser. It is worthwhile using a special folder for all the programs you build for convenience. Once downloaded locate the file through console and run:

tar -zxvf package_name.tar.gz

cd package_name

4. Read the PKGBUILD file and build

PKGBUILD file contains all the information needed to install a package. You are advised to see it before install but it is not necessary.

Then run this command:

makepkg -src

s (syncdeps) installs the missing depencenies using pacman provided they are available through sync repos. In case they are not you can install them the way you are trying to install this one.

r (rmdeps) removes the dependencies after the build process is completed so your system does not get loaded with programs you do not need.

c (clean) cleans up leftover work files used during the build process.

In case build process was not not successful you can try to edit PKGBUILD file, leave a comment on the package AUR website or perhaps send a message to the mantainer.

5. Install using pacman

After a successful build process your current folder should contain a file with the extension .tar.xz. Install the package like this (as root):

sudo pacman -U *.tar.xz

U (upgrade) upgrades or adds package(s) to the system and installs the required dependencies from sync repos.

6. Mantain

You should treat your system well. Info regarding the arch linux maintenance is availible through the arch wiki.

Cisco 1841 + HWIC-4ESW + NAT

Cisco 1841 ethernet port + dialer interface

interface FastEthernet0/0
description == WAN interface
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
description == LAN interface
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!

interface Dialer1
description == pppoe to ISP
ip address negotiated
ip mask-reply
ip directed-broadcast
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname username@domain.tld
ppp chap password 7 060B162A5D4C222C1F
ppp pap sent-username username@domain.tld password 7 030E3100150D592954
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!

DHCP POOL

ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 4.4.4.4
domain-name your-domain.tld

VLAN configuration

interface Vlan2
description == LAN
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside <— important part in NAT translation
ip virtual-reassembly in

HWIC-4ESW ethernet port configuration

interface FastEthernet0/0/0
description == PC LAN
switchport access vlan 2
no ip address
!
interface FastEthernet0/0/1
description == AP LAN
switchport access vlan 2
no ip address
!

NAT

ip nat inside source list 1 interface Dialer1 overload

NAT ACL

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

Backup – restore user mailbox in Zimbra

Elegant way to backup or restore user mailbox in Zimbra.

Tested in Zimbra 8.x and works.

BACKUP user mailbox:

/opt/zimbra/bin/zmmailbox -z -m user@domain.tld getRestURL "//?fmt=zip" > /backup/dir/user@domain.tld.zip

RESTORE user mailbox:

/opt/zimbra/bin/zmmailbox -z -m user@domain.tld postRestURL "//?fmt=zip&resolve=reset" /backup/dir/user@domain.tld.zip

SOURCE:

http://blog.zimbra.com/blog/archives/2008/09/zcs-to-zcs-migrations.html

http://www.sfu.ca/~hillman/zimbra-hied-admins/msg00583.html

Connect cisco switch and linux server for kvm virtualization

We need bridge (brX) interface(s) for linux kvm virtualization.

EXAMPLE FOR 3 VLAN-S

VLAN-s must be defined on Cisco switch

VLAN 10 – IT vlan
VLAN 20 – DMZ vlan
VLAN 30 – guest vlan

Define vlan without ip (L2 switch):

switch# conf t
switch(config)# vlan 10
switch(config-vlan)# name vlan-it
switch(config-vlan)# end
switch# write

Define vlan with ip address (L3 switch):

switch# conf t
switch(config)# interface vlan 10
switch(config-if)# ip adress 192.168.10.1 255.255.255.0
switch(config-if)# description vlan-it
switch(config-if)# end
switch# write

INTERFACE CONFIGURATION ON CISCO SWITCH

Connection to network interface eth0 on linux server for vlan 10 and vlan 30 (trunk connection):

interface GigabitEthernet1/0/30
 description == kvm server IT
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,30
 switchport mode trunk

Connection to network interface eth1 on linux server for vlan 20 (trunk connection):

interface GigabitEthernet1/0/31
 description == kvm server DMZ
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 20
 switchport mode trunk

NETWORK CONFIGURATION ON LINUX SERVER (Debian)

linux-server:~# cat /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# VLAN 10 (IT vlan)
auto eth0.10
iface eth0.10 inet manual
        up ifconfig eth0.10 up

# KVM bridge , VLAN 10, via eth0 (management interface)
auto br10
iface br10 inet static
        address xx.xy.xz.10
        netmask xx.xy.xz.0
        network xx.xy.xz.0
        broadcast xx.xy.xz.255
        gateway xx.xy.xz.1
        dns-nameservers 8.8.8.8 4.4.4.4
        dns-search local.domain.com
        bridge_ports    eth0.10 
        bridge_maxwait  5
        bridge_fd       1
        bridge_stp      on

# VLAN 20 (DMZ vlan)
auto eth1.20
iface   eth1.20 inet manual
        up ifconfig eth1.20 up

# KVM bridge, VLAN 20, via eth1
auto br20
iface br20 inet manual
        bridge_ports    eth1.20
        bridge_maxwait  5
        bridge_fd       1
        bridge_stp      on

# VLAN 30 (guest vlan)
auto eth0.30
iface eth0.30 inet manual
        up ifconfig eth0.30 up

# KVM bridge, VLAN 30, via eth0
auto br30
iface br30 inet manual
        bridge_ports    eth0.30
        bridge_maxwait  5
        bridge_fd       1
        bridge_stp      on

Windows cmd haven

Reset IIS and reboot server from cmd

Start –> run –> cmd (as admin)

iisreset /reboot

Create directory link (example: move user profile to partition D)

1. Copy user profile to partition D

2. Delete original userprofile on partition C

3. Create link on C partition which points to D partition

C:\Users\mklink -d username-link D:\Users\username-dir

Zimbra migration from 7 to 8 + 32 bit to 64 bit server

WHAT IS THE GOAL

Migrate Zimbra 7 (mailboxes, documents,…) to new 64 bit server with Zimbra 8.0.

STEP BY STEP GUIDE

1. PREPARE OLD SERVER

name: mail.domain.tld
OS: Centos 5.8 32 bit
Zimbra: Zimbra 7.2.0

[zimbra@oldserver ~]$ cat /etc/redhat-release 
CentOS release 5.8 (Final) 

[zimbra@oldserver ~]$ zmcontrol -v 
Release 7.2.0_GA_2669.RHEL5_20120410001957 CentOS5 FOSS edition.

UPGRADE to latest zimbra for Centos 5.8(ZIMBRA 7.2.1)

# wget http://files2.zimbra.com/downloads/7.2.1_GA/zcs-7.2.1_GA_2790.RHEL5.20120815212042.tgz 
# tar xvzf zcs-7.2.1_GA ...
# cd zcs-7.2.1_GA ...
# ./install –platform-override

ERROR

Do you want to verify message store database integrity? [Y]
Verifying integrity of message store databases. This may take a while.

mysqld is alive

Database errors found.

/opt/zimbra/mysql/bin/mysqlcheck –defaults-file=/opt/zimbra/conf/my.cnf -S /opt/zimbra/db/mysql.sock -A -C -s -u root –auto-repair –password=XXXXXXXX

mysql.general_log
Error : You can’t use locks with log tables.
mysql.slow_log
Error : You can’t use locks with log tables.

This is a bug in mysql and does no hurm !!!

Upgrade was successfull. 🙂

Show new zimbra version:

[zimbra@oldserver ~]$ zmcontrol -v 
Release 7.2.1_GA_2790.RHEL5_20120815212042 CentOS5 FOSS edition.

Create backup directory for LDAP

# mkdir /backup # chown zimbra:zimbra /backup

Backup LDAP

[zimbra@oldserver ~]$ /opt/zimbra/libexec/zmslapcat -c /backup 
[zimbra@oldserver ~]$ /opt/zimbra/libexec/zmslapcat /backup

BACKUP localconfig.xml

[zimbra@oldserver ~]$ cp /opt/zimbra/conf/localconfig.xml /backup

Change IP ADDRESS

[root@oldserver ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
change IP to something else

Change HOSTNAME

# vim /etc/hostname 
# vim /etc/hosts 
change IP and hostname

Save mail address for SPAM and HAM accounts

[zimbra@mail ~]$ zmprov gacf | grep -i spamis 
zimbraSpamIsNotSpamAccount: ham.r4qmxkaq4@domain.tld 
zimbraSpamIsSpamAccount: spam.ydhu3gfxuh@domain.tld 
zimbraAmavisQuarantineAccount: virus-quarantine.jllqjtji@domain.tld

2. PREPARE NEW SERVER

name: mail.domain.tld
OS: Ubuntu 10.04 TLS 64bit
Zimbra: Zimbra 8.0 (first install 7.2.1)

Install Ubuntu server 10.04 LTS (minimal install + ssh server)

Create separate partition /opt for zimbra installation (size depend on size and quantity of mailboxes)

Use old mailserver hostname and IP adress

# vim /etc/hostname
mail

Prepare HOSTS file !!!

# vim /etc/hosts
127.0.0.1 localhost
192.168.1.X mail.domain.tld mail

Setup SSH

# vim /etc/ssh/sshd_config
AllowUsers zimbra ← add this line at the end

Download ZIMBRA 7.2.1

# wget http://files2.zimbra.com/downloads/7.2.1_GA/zcs-7.2.1_GA_2790.UBUNTU10_64.20120815212201.tgz

Untar Zimbra

# tar xvzf zcs-7.2.1...

Install ZIMBRA 7.2.1 to the NEW SERVER

# cd zcs-7.2.1...
# ./install.sh
... 

DNS ERROR resolving MX for mail.domain.tld
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [mail.domain.tld] domain.tld
Create domain: [mail.domain.tld] domain.tld
MX: mail.domain.tld (192.168.10.7)
Interface: 192.168.10.7
Interface: 127.0.0.1

done.

Checking for port conflicts

Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@domain.tld
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.lsmlhshnmy@domain.tld
+Enable automated spam training: yes
+Spam training user: spam.wyqzbievu@domain.tld
+Non-spam(Ham) training user: ham.vccas9hrzf@domain.tld
+SMTP host: mail.domain.tld
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://mail.domain.tld:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@domain.tld
+Version update source email: admin@domain.tld
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

CHANGE admin password …

4) Admin Password set

CHANGE antivirus quarantine user from old server.

5) Anti-virus quarantine user: virus-quarantine.jllqjtji@domain.tld

CHANGE spam training user from old server.

7) Spam training user: spam.ydku3gfyuh@domain.tld

CHANGE ham training user from old server.

8) Non-spam(Ham) training user: ham.r4ujxkaq4@domain.tld

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
...

As zimbra user do:

zmcontrol stop
rm -rf /opt/zimbra/data/ldap/config/*
rm -rf /opt/zimbra/data/ldap/hdb/*
mkdir -p /opt/zimbra/data/ldap/hdb/db /opt/zimbra/data/ldap/hdb/logs
# chown -R zimbra:zimbra /opt/zimbra/data/ldap

3. COPY DATA TO NEW SERVER

Copy DB_CONFIG from old server to new server

# scp /opt/zimbra/data/ldap/hdb/db/DB_CONFIG mail:/opt/zimbra/data/ldap/hdb/db/

Create BACKUP directory on NEW SERVER

root@mail:~# mkdir /backup

Copy LDAP DATA from OLD SERVER to NEW SERVER

# scp /backup/ldap.bak mail:/backup/
# scp /backup/ldap-config.bak mail:/backup/
root@mail:~# chown -R zimbra:zimbra /backup/

IMPORT LDAP DATA

zimbra@mail:~$ /opt/zimbra/openldap/sbin/slapadd -q -n 0 -F /opt/zimbra/data/ldap/config -cv -l /backup/ldap-config.bak
added: "cn=config" (00000001)
added: "cn=module{0},cn=config" (00000001)
added: "cn=schema,cn=config" (00000001)
added: "cn={0}core,cn=schema,cn=config" (00000001)
added: "cn={1}cosine,cn=schema,cn=config" (00000001)
added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001)
added: "cn={3}zimbra,cn=schema,cn=config" (00000001)
added: "cn={4}amavisd,cn=schema,cn=config" (00000001)
added: "olcDatabase={-1}frontend,cn=config" (00000001)
added: "olcDatabase={0}config,cn=config" (00000001)
added: "olcDatabase={1}monitor,cn=config" (00000001)
added: "olcDatabase={2}hdb,cn=config" (00000001)
_#################### 100.00% eta   none elapsed            none fast! 
Closing DB...

IMPORT LDAP CONFIG

zimbra@mail:~$ /opt/zimbra/openldap/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -cv -l /backup/ldap.bak
added: "cn=zimbra" (00000001)
added: "cn=admins,cn=zimbra" (00000002)
added: "uid=zimbra,cn=admins,cn=zimbra" (00000003)
added: "uid=zmreplica,cn=admins,cn=zimbra" (00000004)
added: "cn=appaccts,cn=zimbra" (00000005)
added: "uid=zmnginx,cn=appaccts,cn=zimbra" (00000006)
added: "uid=zmpostfix,cn=appaccts,cn=zimbra" (00000007)
added: "uid=zmamavis,cn=appaccts,cn=zimbra" (00000008)
added: "cn=zimlets,cn=zimbra" (00000009)
added: "cn=cos,cn=zimbra" (0000000a)
added: "cn=servers,cn=zimbra" (0000000b)
added: "cn=xmppcomponents,cn=zimbra" (0000000c)
added: "cn=globalgrant,cn=zimbra" (0000000d)
added: "cn=config,cn=zimbra" (0000000e)
added: "cn=default,cn=cos,cn=zimbra" (0000000f)
added: "cn=mime,cn=config,cn=zimbra" (00000010)
added: "cn=message/rfc822,cn=mime,cn=config,cn=zimbra" (00000011)
added: "cn=text/html,cn=mime,cn=config,cn=zimbra" (00000012)
added: "cn=text/enriched,cn=mime,cn=config,cn=zimbra" (00000013)
added: "cn=text/plain,cn=mime,cn=config,cn=zimbra" (00000014)
added: "cn=text/calendar,cn=mime,cn=config,cn=zimbra" (00000015)
added: "cn=all,cn=mime,cn=config,cn=zimbra" (00000016)
added: "cn=mail.domain.tld,cn=servers,cn=zimbra" (00000017)
added: "dc=tld" (00000018)
added: "dc=domain,dc=tld" (00000019)
added: "uid=root,ou=people,dc=domain,dc=tld" (0000001b)
added: "uid=postmaster,ou=people,dc=domain,dc=tld" (0000001c)
added: "cn=conference.mail.domain.tld,cn=xmppcomponents,cn=zimbra" (0000001d)
added: "cn=com_zimbra_adminversioncheck,cn=zimlets,cn=zimbra" (0000001e)
added: "cn=com_zimbra_bulkprovision,cn=zimlets,cn=zimbra" (0000001f)
added: "cn=com_zimbra_ymemoticons,cn=zimlets,cn=zimbra" (00000020)
added: "cn=com_zimbra_cert_manager,cn=zimlets,cn=zimbra" (00000021)
added: "cn=com_zimbra_phone,cn=zimlets,cn=zimbra" (00000022)
added: "cn=com_zimbra_date,cn=zimlets,cn=zimbra" (00000023)
added: "cn=com_zimbra_email,cn=zimlets,cn=zimbra" (00000024)
….
#################### 100.00% eta   none elapsed            none fast!         
Closing DB...

COPY localconfig.xml from OLDSERVER to NEWSERVER

#  scp /backup/localconfig.xml mail:/backup/

EDIT localconfig.xml

BACKUP localconfig.xml on the NEWSERVER

zimbra@mail:~$ cp /opt/zimbra/conf/localconfig.xml /opt/zimbra/conf/localconfig.xml.orig

EDIT localconfig.xml and change values to values from OLDSERVER
(from /backup/localconfig.xml)
...
a. zimbra_mysql_password
b. mysql_root_password
c. zimbra_logger_mysql_password (Note: Transfer/copy this value to the new 64-bit server only if available from the old 32-bit server.)
d. mailboxd_keystore_password (Note: Transfer/copy this value to the new 64-bit server only if available from the old 32-bit server.)
e. mailboxd_truststore_password
f. mailboxd_keystore_base_password
g. zimbra_ldap_password
h. ldap_root_password
i. ldap_postfix_password
j. ldap_amavis_password
k. ldap_nginx_password
l. ldap_replication_password

REMOVE data from NEW SERVER

zimbra@mail:~$ rm -rf /opt/zimbra/db/data/*

COPY DATA from OLD SERVER

[root@oldserver ~]# scp -r /opt/zimbra/db/data/* mail:/opt/zimbra/db/data/

Copy MESSAGES and INDEX files from OLD SERVER to NEW SERVER

[root@oldserver ~]# scp -r /opt/zimbra/store/* mail:/opt/zimbra/store/
[root@oldserver ~]# scp -r /opt/zimbra/index/* mail:/opt/zimbra/index/

Transfer KEYSTORE

[root@oldserver ~]# scp /opt/zimbra/mailboxd/etc/keystore mail:/opt/zimbra/mailboxd/etc/keystore

+ Change keystore PASSWORD

[zimbra@oldserver ~]$ zmlocalconfig -s mailboxd_keystore_password
mailboxd_keystore_password = oldpassword
zimbra@mail:~$ zmlocalconfig -e mailboxd_keystore_password=oldpassword ← use oldpassword

COPY smtp,ldap,nginx CERTIFICATE and KEY from OLD to NEW server

# scp /opt/zimbra/conf/smtpd.crt mail:/opt/zimbra/conf/smtpd.crt
# scp /opt/zimbra/conf/smtpd.key mail:/opt/zimbra/conf/smtpd.key
# scp /opt/zimbra/conf/slapd.* mail:/opt/zimbra/conf/
# scp /opt/zimbra/conf/nginx.* mail:/opt/zimbra/conf/

COPY ZIMLETS FROM OLD SERVER

root@mail:~# scp -r root@oldserver:/opt/zimbra/zimlets-deployed/* /opt/zimbra/zimlets-deployed/

FIX PERMISSION as root

root@mail:~# chown -R zimbra.zimbra /opt/zimbra
root@mail:~# /opt/zimbra/libexec/zmfixperms

Start ZIMBRA 7.2.1 on NEW SERVER

zimbra@mail:~$ zmcontrol start

FIX ERRORS

ERROR 1

Host mail.domain.tld
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Failed.

Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)

zimbra logger service is not enabled! failed.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Failed.
Starting amavisd...Config file "/opt/zimbra/conf/amavisd.conf" does not exist, at /opt/zimbra/amavisd/sbin/amavisd line 1799.
failed.

Starting freshclam...done.
Starting clamd...ERROR: Can't open/parse the config file /opt/zimbra/conf/freshclam.conf
failed.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Failed.
Starting saslauthd...saslauthd[8646] :set_auth_mech : failed to initialize mechanism zimbra

failed.
zmsaslauthdctl failed to start
Starting stats...Done.

SOLUTION 1

[root@oldserver ~]# scp /opt/zimbra/conf/amavisd.conf mail:/opt/zimbra/conf/
[root@oldserver ~]# scp /opt/zimbra/conf/freshclam.conf mail:/opt/zimbra/conf/
root@mail:~# /opt/zimbra/libexec/zmfixperms ← fix permission

ERROR 2

Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! Failed.

SOLUTION 2

CREATE CERTIFICATES

# sh reg-ssl-zimbra.sh ← run script as root

script to regenerate certificate
***********************************************************************************
#!/bin/bash
################################################################################################################
# Regenerate SSL Cert
################################################################################################################
su - zimbra -c 'zmcontrol stop'
rm -rf /opt/zimbra/ssl/*
rm -rf /opt/zimbra/ssl/.rnd
/opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
/opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
vi  /opt/zimbra/bin/zmcertmgr

# Find line 
# SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}" 
# and change to your company name

# then find and change you want value days expire cert validation_days=365 to validation_days=3650
# save /opt/zimbra/bin/zmcertmgr

/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca -localonly
/opt/zimbra/bin/zmcertmgr createcrt self -new
/opt/zimbra/bin/zmcertmgr deploycrt self

su - zimbra -c 'zmcontrol start'

/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/bin/zmcertmgr deployca

su - zimbra -c 'zmupdateauthkeys'
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
### End Script **********************************************************************

......

Host mail.domain.tld
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...done.
** Saving global config key zimbraCertAuthorityKeySelfSigned...done.
** Copying CA to /opt/zimbra/conf/ca...done.
Updating keys for mail.domain.tld
Fetching key for mail.domain.tld
Updating keys for mail.domain.tld
Updating /opt/zimbra/.ssh/authorized_keys

::service mta::

notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=

::service proxy::

notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=

::service mailboxd::

notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=

::service ldap::

notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=

ERROR 3

Message: system failure: Cannot WRITE index directory (mailbox=6 idxPath=/opt/zimbra/index/0/6/index/0) Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

SOLUTION 3

# chown -R zimbra.zimbra /opt/zimbra
# /opt/zimbra/libexec/zmfixperms

ERROR 4

Click to MAILQUEUE on WEB CONSOLE produce:

Message: system failure: exception during auth {RemoteManager: mail.domain.tld->zimbra@mail.domain.tld:22} Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

Message: system failure: exception during auth {RemoteManager: mail.domain.tld->zimbra@mail.domain.tld:22} Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

SOLUTION 4 ???

zimbra@mail:~$ zmprov ms mail.domain.tld zimbraRemoteManagementPort 22

PROBABLY INTERFACES FILE !!!!

There was no gateway in /etc/network/interfaces

add gateway 192.168.1.1

After I changed interfaces file, restart network with

# service networking restart

Pay attention at hosts file !!!

zimbra@mail:~$ cat /etc/hosts
127.0.0.1      localhost
192.168.1.X    mail.domain.tld   mail

NOW everything works fine.

Test MAIL SERVER by sending and receiving mail.

4. UPGRADE TO ZIMBRA 8.0

Download new Zimbra

# wget http://files2.zimbra.com/downloads/8.0.0_GA/zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627.tgz

Unpack ...

# tar xvzf zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627.tgz 

Install zimbra ...

# cd zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627
# screen ./install.sh

….

Starting mysql...done.
ERROR 1133 (42000) at line 2: Can't find any matching row in the user table
ERROR 1396 (HY000) at line 1: Operation DROP USER failed for ''@'mail'

Zimbra 8.0 now works. 🙂

Check running SERVICES;

# netstat -tupane | less

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 105652 23807/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 310009 19028/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 321441 23103/java
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN 0 321442 23103/java
tcp 0 0 0.0.0.0:7072 0.0.0.0:* LISTEN 0 321443 23103/java
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 321436 23103/java
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 321432 23103/java

Setup a FIREWALL:

# ufw allow proto tcp from 192.168.1.0/24 to any port 22
# ufw allow proto tcp from 192.168.1.0/24 to any port 7071
# ufw allow proto tcp from 192.168.1.0/24 to any port 7072
# ufw allow proto tcp from any to any port 25
# ufw allow proto tcp from any to any port 443
# ufw allow proto tcp from any to any port 993
# ufw enable
# ufw logging on

HELP from Zimbra wiki:

http://wiki.zimbra.com/wiki/Platform_and_OS_Independent_ZCS_to_ZCS_Migration_Using_Rsync
http://wiki.zimbra.com/wiki/Network_Edition:_Moving_from_32-bit_to_64-bit_Server
http://wiki.zimbra.com/wiki/Server_Live_sync

replace failed disk in raid 1

SCENARIO:

OS: linux debian 6

Software Raid: raid 1 created with mdadm

Failed drive: sata drive (/dev/sda) of size 500Gb

New drive: same size or bigger sata drive. In my case 1Tb sata drive

WHAT TO DO:

1. Shutdown server,
2. Replace failed disk,
3. Start server,
4. Rebuild Raid 1,
5. Update grub.

LOOK FOR WORKING DISK

With fdisk I looked how is active disk in Raid 1 configured.

root@server:~# fdisk /dev/sdb 
Command (m for help): p 

Device Boot Start End Blocks Id System 
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect 
/dev/sdb2 14 293 2249100 fd Linux raid autodetect 
/dev/sdb3 294 60801 486030510 fd Linux raid autodetec 

I used fdisk to create same size raid partitions on new disk:

PREPARE NEW DISK

# fdisk /dev/sda
n p 1 
n p 2
n p 3

n - new partition
p - primary partition
t - type of partition (used fd (Linux raid) for all 3 partitions on disk /dev/sda)
a - add bootable flag to first partition
w - write changes to disk

REBUILD RAID 1 with MDADM:

# mdadm /dev/md0 -a /dev/sda1 

NEW DISK:

root@server:~# fdisk /dev/sda 
Command (m for help): p 
Device Boot Start End Blocks Id System 
/dev/sda1 * 1 13 104391 fd Linux raid autodetect 
/dev/sda2 14 293 2249100 fd Linux raid autodetect 
/dev/sda3 294 60801 486030510 fd Linux raid autodetect 

BUILDING RAID 1:

root@server:~# cat /proc/mdstat 
Personalities : [raid1] 
md2 : active raid1 sda3[2] sdb3[1] 486030400 blocks [2/1] [_U] [==>..................] recovery = 14.0% (68114752/486030400) finish=147.5min speed=47214K/sec 
md1 : active raid1 sda2[0] sdb2[1] 2249024 blocks [2/2] [UU] 
md0 : active raid1 sda1[0] sdb1[1] 104320 blocks [2/2] [UU] 
unused devices: 

ALL DISKS UP AND RUNNING

root@server:~# cat /proc/mdstat Personalities : [raid1] 
md2 : active raid1 sda3[0] sdb3[1] 486030400 blocks [2/2] [UU] 
md1 : active raid1 sda2[0] sdb2[1] 2249024 blocks [2/2] [UU] 
md0 : active raid1 sda1[0] sdb1[1] 104320 blocks [2/2] [UU] 
unused devices: 

UPDATE CONFIGURATION

# mdadm --examine --scan > /etc/mdadm.conf

GRUB INSTALL/UPDATE ON NEW DISK

# grub-install /dev/sda 
# update-grub /dev/sda 

Example of howto remove a failed disk from array:

# mdadm --fail /dev/md0 /dev/sdb3
# mdadm --remove /dev/md0 /dev/sdb3 

IF PROBLEMS WITH update-grub … update-grub failed with no such disk …

SOLUTION

# mv /boot/grub/device.map /boot/grub/device.map.old 
# update-grub