linux

How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04

Jovan Stosic March 17, 2019

Introduction

An important part of managing server configuration and infrastructure includes maintaining an easy way to look up network interfaces and IP addresses by name, by setting up a proper Domain Name System (DNS). Using fully qualified domain names (FQDNs), instead of IP addresses, to specify network addresses eases the configuration of services and applications, and increases the maintainability of configuration files. Setting up your own DNS for your private network is a great way to improve the management of your servers.

In this tutorial, we will go over how to set up an internal DNS server, using the BIND name server software (BIND9) on Ubuntu 16.04, that can be used by your servers to resolve private hostnames and private IP addresses. This provides a central way to manage your internal hostnames and private IP addresses, which is indispensable when your environment expands to more than a few hosts.

The CentOS version of this tutorial can be found here.

 

Prerequisites

To complete this tutorial, you will need the following:

  • Some servers running in the same datacenter with private networking enabled. These will be your DNS clients.
  • A new server to serve as the Primary DNS server, ns1
  • (Recommended) A new server to serve as a Secondary DNS server, ns2
  • Administrative access with a sudo user to the above servers. You can follow our Ubuntu 16.04 initial server setup guide to set this up.

If you are unfamiliar with DNS concepts, it is recommended that you read at least the first three parts of our Introduction to Managing DNS.

Example Infrastructure and Goals

For the purposes of this article, we will assume the following:

  • We have two existing client servers that will be utilizing the DNS infrastructure we create. We will call these host1 and host2 in this guide. You can add as many as you’d like for your infrastructure.
  • We have an additional two servers which will be designated as our DNS name servers. We will refer to these as ns1 and ns2 in this guide.
  • All of these servers exist in the same datacenter. We will assume that this is the nyc3 datacenter.
  • All of these servers have private networking enabled (and are on the 10.128.0.0/16 subnet. You will likely have to adjust this for your servers).
  • All servers are somehow related to our web application that runs on “example.com”.

With these assumptions, we decide that it makes sense to use a naming scheme that uses “nyc3.example.com” to refer to our private subnet or zone. Therefore, host1‘s private Fully-Qualified Domain Name (FQDN) will be host1.nyc3.example.com. Refer to the following table the relevant details:

Host Role Private FQDN Private IP Address
ns1 Primary DNS Server ns1.nyc3.example.com 10.128.10.11
ns2 Secondary DNS Server ns2.nyc3.example.com 10.128.20.12
host1 Generic Host 1 host1.nyc3.example.com 10.128.100.101
host2 Generic Host 2 host2.nyc3.example.com 10.128.200.102
Note

Your existing setup will be different, but the example names and IP addresses will be used to demonstrate how to configure a DNS server to provide a functioning internal DNS. You should be able to easily adapt this setup to your own environment by replacing the host names and private IP addresses with your own. It is not necessary to use the region name of the datacenter in your naming scheme, but we use it here to denote that these hosts belong to a particular datacenter’s private network. If you utilize multiple datacenters, you can set up an internal DNS within each respective datacenter.

By the end of this tutorial, we will have a primary DNS server, ns1, and optionally a secondary DNS server, ns2, which will serve as a backup.

Let’s get started by installing our Primary DNS server, ns1.

 

Install BIND on DNS Servers

Note

Text that is highlighted in red is important! It will often be used to denote something that needs to be replaced with your own settings or that it should be modified or added to a configuration file. For example, if you see something like host1.nyc3.example.com, replace it with the FQDN of your own server. Likewise, if you see host1_private_IP, replace it with the private IP address of your own server.

On both DNS servers, ns1 and ns2, update the apt package cache by typing:

  • sudo apt-get update

Now install BIND:

  • sudo apt-get install bind9 bind9utils bind9-doc

IPv4 Mode

Before continuing, let’s set BIND to IPv4 mode. On both servers, edit the bind9 systemd unit file by typing:

  • sudo systemctl edit –full bind9

Add “-4” to the end of the ExecStart directive. It should look like the following:

/etc/systemd/system/bind9.service
. . .
[Service]
ExecStart=/usr/sbin/named -f -u bind -4

Save and close the editor when you are finished.

Reload the systemd daemon to read the new configuration into the running system:

  • sudo systemctl daemon-reload

Restart BIND to implement the changes:

  • sudo systemctl restart bind9

Now that BIND is installed, let’s configure the primary DNS server.

 

Configure Primary DNS Server

BIND’s configuration consists of multiple files, which are included from the main configuration file, named.conf. These filenames begin with named because that is the name of the process that BIND runs. We will start with configuring the options file.

Configure Options File

On ns1, open the named.conf.options file for editing:

  • sudo nano /etc/bind/named.conf.options

Above the existing options block, create a new ACL block called “trusted”. This is where we will define list of clients that we will allow recursive DNS queries from (i.e. your servers that are in the same datacenter as ns1). Using our example private IP addresses, we will add ns1, ns2, host1, and host2 to our list of trusted clients:

/etc/bind/named.conf.options — 1 of 3
acl "trusted" {
        10.128.10.11;    # ns1 - can be set to localhost
        10.128.20.12;    # ns2
        10.128.100.101;  # host1
        10.128.200.102;  # host2
};

options {

        . . .

Now that we have our list of trusted DNS clients, we will want to edit the options block. Currently, the start of the block looks like the following:

/etc/bind/named.conf.options — 2 of 3
        . . .
};

options {
        directory "/var/cache/bind";
        . . .
}

Below the directory directive, add the highlighted configuration lines (and substitute in the proper ns1 IP address) so it looks something like this:

/etc/bind/named.conf.options — 3 of 3
        . . .

};

options {
        directory "/var/cache/bind";

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
        listen-on { 10.128.10.11; };   # ns1 private IP address - listen on private network only
        allow-transfer { none; };      # disable zone transfers by default

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

        . . .
};

When you are finished, save and close the named.conf.options file. The above configuration specifies that only your own servers (the “trusted” ones) will be able to query your DNS server.

Next, we will configure the local file, to specify our DNS zones.

Configure Local File

On ns1, open the named.conf.local file for editing:

  • sudo nano /etc/bind/named.conf.local

Aside from a few comments, the file should be empty. Here, we will specify our forward and reverse zones.

Add the forward zone with the following lines (substitute the zone name with your own):

/etc/bind/named.conf.local — 1 of 2
zone "nyc3.example.com" {
    type master;
    file "/etc/bind/zones/db.nyc3.example.com"; # zone file path
    allow-transfer { 10.128.20.12; };           # ns2 private IP address - secondary
};

Assuming that our private subnet is 10.128.0.0/16, add the reverse zone by with the following lines (note that our reverse zone name starts with “128.10” which is the octet reversal of “10.128”):

/etc/bind/named.conf.local — 2 of 2
    . . .
};

zone "128.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.10.128";  # 10.128.0.0/16 subnet
    allow-transfer { 10.128.20.12; };  # ns2 private IP address - secondary
};

If your servers span multiple private subnets but are in the same datacenter, be sure to specify an additional zone and zone file for each distinct subnet. When you are finished adding all of your desired zones, save and exit the named.conf.local file.

Now that our zones are specified in BIND, we need to create the corresponding forward and reverse zone files.

Create Forward Zone File

The forward zone file is where we define DNS records for forward DNS lookups. That is, when the DNS receives a name query, “host1.nyc3.example.com” for example, it will look in the forward zone file to resolve host1‘s corresponding private IP address.

Let’s create the directory where our zone files will reside. According to our named.conf.local configuration, that location should be /etc/bind/zones:

  • sudo mkdir /etc/bind/zones

We will base our forward zone file on the sample db.local zone file. Copy it to the proper location with the following commands:

  • cd /etc/bind/zones
  • sudo cp ../db.local ./db.nyc3.example.com

Now let’s edit our forward zone file:

  • sudo nano /etc/bind/zones/db.nyc3.example.com

Initially, it will look something like the following:

/etc/bind/zones/db.nyc3.example.com — original
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.      ; delete this line
@       IN      A       127.0.0.1       ; delete this line
@       IN      AAAA    ::1             ; delete this line

First, you will want to edit the SOA record. Replace the first “localhost” with ns1‘s FQDN, then replace “root.localhost” with “admin.nyc3.example.com”. Also, every time you edit a zone file, you should increment the serial value before you restart the named process. We will increment it to “3”. It should look something like this:

/etc/bind/zones/db.nyc3.example.com — updated 1 of 3
@       IN      SOA     ns1.nyc3.example.com. admin.nyc3.example.com. (
                              3         ; Serial

                              . . .

Now delete the three records at the end of the file (after the SOA record). If you’re not sure which lines to delete, they are marked with a “delete this line” comment above.

At the end of the file, add your name server records with the following lines (replace the names with your own). Note that the second column specifies that these are “NS” records:

/etc/bind/zones/db.nyc3.example.com — updated 2 of 3
. . .

; name servers - NS records
    IN      NS      ns1.nyc3.example.com.
    IN      NS      ns2.nyc3.example.com.

Then add the A records for your hosts that belong in this zone. This includes any server whose name we want to end with “.nyc3.example.com” (substitute the names and private IP addresses). Using our example names and private IP addresses, we will add A records for ns1, ns2, host1, and host2 like so:

/etc/bind/zones/db.nyc3.example.com — updated 3 of 3
. . .

; name servers - A records
ns1.nyc3.example.com.          IN      A       10.128.10.11
ns2.nyc3.example.com.          IN      A       10.128.20.12

; 10.128.0.0/16 - A records
host1.nyc3.example.com.        IN      A      10.128.100.101
host2.nyc3.example.com.        IN      A      10.128.200.102

Save and close the db.nyc3.example.com file.

Our final example forward zone file looks like the following:

/etc/bind/zones/db.nyc3.example.com — updated
$TTL    604800
@       IN      SOA     ns1.nyc3.example.com. admin.nyc3.example.com. (
                  3     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
; name servers - NS records
     IN      NS      ns1.nyc3.example.com.
     IN      NS      ns2.nyc3.example.com.

; name servers - A records
ns1.nyc3.example.com.          IN      A       10.128.10.11
ns2.nyc3.example.com.          IN      A       10.128.20.12

; 10.128.0.0/16 - A records
host1.nyc3.example.com.        IN      A      10.128.100.101
host2.nyc3.example.com.        IN      A      10.128.200.102

Now let’s move onto the reverse zone file(s).

Create Reverse Zone File(s)

Reverse zone file are where we define DNS PTR records for reverse DNS lookups. That is, when the DNS receives a query by IP address, “10.128.100.101” for example, it will look in the reverse zone file(s) to resolve the corresponding FQDN, “host1.nyc3.example.com” in this case.

On ns1, for each reverse zone specified in the named.conf.local file, create a reverse zone file. We will base our reverse zone file(s) on the sample db.127 zone file. Copy it to the proper location with the following commands (substituting the destination filename so it matches your reverse zone definition):

  • cd /etc/bind/zones
  • sudo cp ../db.127 ./db.10.128

Edit the reverse zone file that corresponds to the reverse zone(s) defined in named.conf.local:

  • sudo nano /etc/bind/zones/db.10.128

Initially, it will look something like the following:

/etc/bind/zones/db.10.128 — original
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.      ; delete this line
1.0.0   IN      PTR     localhost.      ; delete this line

In the same manner as the forward zone file, you will want to edit the SOA record and increment the serial value. It should look something like this:

/etc/bind/zones/db.10.128 — updated 1 of 3
@       IN      SOA     ns1.nyc3.example.com. admin.nyc3.example.com. (
                              3         ; Serial

                              . . .

Now delete the two records at the end of the file (after the SOA record). If you’re not sure which lines to delete, they are marked with a “delete this line” comment above.

At the end of the file, add your name server records with the following lines (replace the names with your own). Note that the second column specifies that these are “NS” records:

/etc/bind/zones/db.10.128 — updated 2 of 3
. . .

; name servers - NS records
      IN      NS      ns1.nyc3.example.com.
      IN      NS      ns2.nyc3.example.com.

Then add PTR records for all of your servers whose IP addresses are on the subnet of the zone file that you are editing. In our example, this includes all of our hosts because they are all on the 10.128.0.0/16 subnet. Note that the first column consists of the last two octets of your servers’ private IP addresses in reversed order. Be sure to substitute names and private IP addresses to match your servers:

/etc/bind/zones/db.10.128 — updated 3 of 3
. . .

; PTR Records
11.10   IN      PTR     ns1.nyc3.example.com.    ; 10.128.10.11
12.20   IN      PTR     ns2.nyc3.example.com.    ; 10.128.20.12
101.100 IN      PTR     host1.nyc3.example.com.  ; 10.128.100.101
102.200 IN      PTR     host2.nyc3.example.com.  ; 10.128.200.102

Save and close the reverse zone file (repeat this section if you need to add more reverse zone files).

Our final example reverse zone file looks like the following:

/etc/bind/zones/db.10.128 — updated
$TTL    604800
@       IN      SOA     nyc3.example.com. admin.nyc3.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
; name servers
      IN      NS      ns1.nyc3.example.com.
      IN      NS      ns2.nyc3.example.com.

; PTR Records
11.10   IN      PTR     ns1.nyc3.example.com.    ; 10.128.10.11
12.20   IN      PTR     ns2.nyc3.example.com.    ; 10.128.20.12
101.100 IN      PTR     host1.nyc3.example.com.  ; 10.128.100.101
102.200 IN      PTR     host2.nyc3.example.com.  ; 10.128.200.102

Check BIND Configuration Syntax

Run the following command to check the syntax of the named.conf* files:

  • sudo named-checkconf

If your named configuration files have no syntax errors, you will return to your shell prompt and see no error messages. If there are problems with your configuration files, review the error message and the “Configure Primary DNS Server” section, then try named-checkconf again.

The named-checkzone command can be used to check the correctness of your zone files. Its first argument specifies a zone name, and the second argument specifies the corresponding zone file, which are both defined in named.conf.local.

For example, to check the “nyc3.example.com” forward zone configuration, run the following command (change the names to match your forward zone and file):

  • sudo named-checkzone nyc3.example.com db.nyc3.example.com

And to check the “128.10.in-addr.arpa” reverse zone configuration, run the following command (change the numbers to match your reverse zone and file):

  • sudo named-checkzone 128.10.in-addr.arpa /etc/bind/zones/db.10.128

When all of your configuration and zone files have no errors in them, you should be ready to restart the BIND service.

Restart BIND

Restart BIND:

  • sudo systemctl restart bind9

If you have the UFW firewall configured, open up access to BIND by typing:

  • sudo ufw allow Bind9

Your primary DNS server is now setup and ready to respond to DNS queries. Let’s move on to creating the secondary DNS server.

 

Configure Secondary DNS Server

In most environments, it is a good idea to set up a secondary DNS server that will respond to requests if the primary becomes unavailable. Luckily, the secondary DNS server is much easier to configure.

On ns2, edit the named.conf.options file:

  • sudo nano /etc/bind/named.conf.options

At the top of the file, add the ACL with the private IP addresses of all of your trusted servers:

/etc/bind/named.conf.options — updated 1 of 2 (secondary)
acl "trusted" {
        10.128.10.11;   # ns1
        10.128.20.12;   # ns2 - can be set to localhost
        10.128.100.101;  # host1
        10.128.200.102;  # host2
};

options {

        . . .

Below the directory directive, add the following lines:

/etc/bind/named.conf.options — updated 2 of 2 (secondary)
        recursion yes;
        allow-recursion { trusted; };
        listen-on { 10.128.20.12; };      # ns2 private IP address
        allow-transfer { none; };          # disable zone transfers by default

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

Save and close the named.conf.options file. This file should look exactly like ns1‘s named.conf.options file except it should be configured to listen on ns2‘s private IP address.

Now edit the named.conf.local file:

  • sudo nano /etc/bind/named.conf.local

Define slave zones that correspond to the master zones on the primary DNS server. Note that the type is “slave”, the file does not contain a path, and there is a masters directive which should be set to the primary DNS server’s private IP. If you defined multiple reverse zones in the primary DNS server, make sure to add them all here:

/etc/bind/named.conf.local — updated (secondary)
zone "nyc3.example.com" {
    type slave;
    file "slaves/db.nyc3.example.com";
    masters { 10.128.10.11; };  # ns1 private IP
};

zone "128.10.in-addr.arpa" {
    type slave;
    file "slaves/db.10.128";
    masters { 10.128.10.11; };  # ns1 private IP
};

Now save and close the named.conf.local file.

Run the following command to check the validity of your configuration files:

  • sudo named-checkconf

Once that checks out, restart BIND:

  • sudo systemctl restart bind9

Allow DNS connections to the server by altering the UFW firewall rules:

  • sudo ufw allow Bind9

Now you have primary and secondary DNS servers for private network name and IP address resolution. Now you must configure your client servers to use your private DNS servers.

 

Configure DNS Clients

Before all of your servers in the “trusted” ACL can query your DNS servers, you must configure each of them to use ns1 and ns2 as name servers. This process varies depending on OS, but for most Linux distributions it involves adding your name servers to the /etc/resolv.conf file.

Ubuntu Clients

On Ubuntu and Debian Linux servers, you can edit the /etc/network/interfaces file:

  • sudo nano /etc/network/interfaces

Inside, find the dns-nameservers line, and prepend your own name servers in front of the list that is currently there. Below that line, add a dns-search option pointed to the base domain of your infrastructure. In our case, this would be “nyc3.example.com”:

/etc/network/interfaces
    . . .

    dns-nameservers 10.128.10.11 10.128.20.12 8.8.8.8
    dns-search nyc3.example.com

    . . .

Save and close the file when you are finished.

Now, restart your networking services, applying the new changes with the following commands. Make sure you replace eth0 with the name of your networking interface:

  • sudo ifdown –force eth0 && sudo ip addr flush dev eth0 && sudo ifup –force eth0

This should restart your network without dropping your current connection. If it worked correctly, you should see something like this:

Output
RTNETLINK answers: No such process
Waiting for DAD... Done

Double check that your settings were applied by typing:

  • cat /etc/resolv.conf

You should see your name servers in the /etc/resolv.conf file, as well as your search domain:

Output
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.128.10.11
nameserver 10.128.20.12
nameserver 8.8.8.8
search nyc3.example.com

Your client is now configured to use your DNS servers.

https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-16-04

How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04 was last modified: March 17th, 2019 by Jovan Stosic

Moodle – File upload size

Jovan Stosic March 14, 2019

Modifying the php.ini file

These instructions show you how to change the file upload size by editing your php.ini file.

For the most part these instructions amount to the following. In the file /etc/php5/apache2/php.ini you need to change “post_max_size”, “upload_max_filesize” and “max_execution_time” to values that suit your needs using whatever editor you are used to.

Below are some line by line instructions for various installations of Moodle

Source: File upload size – MoodleDocs

Moodle – File upload size was last modified: March 14th, 2019 by Jovan Stosic

MySQL full unicode support – MoodleDocs

Jovan Stosic March 14, 2019 
- Change configuration settings for MySQL 
[client]
default-character-set = utf8mb4

[mysqld]
innodb_file_format = Barracuda
innodb_file_per_table = 1
innodb_large_prefix

character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
skip-character-set-client-handshake

[mysql]
default-character-set = utf8mb4

– Adjust the $CFG->dboptions Array in your config.php to make sure that Moodle uses the right Collation when connecting to the MySQL Server:

$CFG->dboptions = array(
  …
  'dbcollation' => 'utf8mb4_unicode_ci',
  …
);

 

Source: MySQL full unicode support – MoodleDocs

MySQL full unicode support – MoodleDocs was last modified: March 14th, 2019 by Jovan Stosic

How to Install Docker on Ubuntu 14.04 LTS

Jovan Stosic February 9, 2019

Introduction

Docker is a container-based software framework for automating deployment of applications. “Containers” are encapsulated, lightweight, and portable application modules.

Pre-Flight Check

  • These instructions are intended for installing Docker.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 14.04 LTS server, and I’ll be logged in as root.

Step 1: Installation of Docker

First, you’ll follow a simple best practice: ensuring the list of available packages is up to date before installing anything new.

apt-get update

Let’s install Docker by installing the docker-io package:

apt-get -y install docker.io

Link and fix paths with the following two commands:

ln -sf /usr/bin/docker.io /usr/local/bin/docker
sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/docker.io

Finally, and optionally, let’s configure Docker to start when the server boots:

update-rc.d docker.io defaults

Step 2: Download a Docker Container

Let’s begin using Docker! Download the fedora Docker image:

docker pull ubuntu

Step 3: Run a Docker Container

Now, to setup a basic ubuntu container with a bash shell, we just run one command. docker run will run a command in a new container, -i attaches stdin and stdout, -t allocates a tty, and we’re using the standard ubuntu container.

docker run -i -t ubuntu /bin/bash

That’s it! You’re now using a bash shell inside of a ubuntu docker container.

To disconnect, or detach, from the shell without exiting use the escape sequence Ctrl-p + Ctrl-q.

There are many community containers already available, which can be found through a search. In the command below I am searching for the keyword debian:

docker search debian

Source: How to Install Docker on Ubuntu 14.04 LTS | Liquid Web Knowledge Base

How to Install Docker on Ubuntu 14.04 LTS was last modified: February 9th, 2019 by Jovan Stosic

apt-get(8) – Linux man page

Jovan Stosic February 9, 2019

apt-get(8) – Linux man page

Name

apt-get – APT package handling utility – command-line interface

Synopsis

apt-get [options] [-o config=string] [-c=cfgfile] command [pkg]

Description

apt-get is the command-line tool for handling packages, and may be considered the user’s “back-end” to other tools using the APT library. Several “front-end” interfaces exist, such as synaptic and aptitude.

Commands

Unless the -h, or –help option is given, one of the commands below must be present.

update
Used to re-synchronize the package index files from their sources. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list(5). An update should always be performed before an upgrade or dist-upgrade.
upgrade
Used to install the newest versions of all packages currently installed on the system from the sources enumerated in /etc/apt/sources.list(5). Packages currently installed with new versions available are retrieved and upgraded; under no circumstances are currently installed packages removed, nor are packages that are not already installed retrieved and installed. New versions of currently installed packages that cannot be upgraded without changing the install status of another package will be left at their current version. An update must be performed first so that apt-get knows that new versions of packages are available.
dist-upgrade
In addition to performing the function of upgrade, this option also intelligently handles changing dependencies with new versions of packages; apt-get has a “smart” conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones, if necessary.
The /etc/apt/sources.list(5) file contains a list of locations from
which to retrieve desired package files. See also apt_preferences(5) for a mechanism for over-riding the general settings for individual packages.
install pkg(s)
This option is followed by one or more packages desired for installation. Each package is a package name, not a fully qualified filename (for instance, in a Fedora Core system, glibc would be the argument provided, not glibc-2.4.8.i686.rpm).
All packages required by the package(s) specified for installation will also
be retrieved and installed. The /etc/apt/sources.list(5) file is used to locate the repositories for the desired packages. If a hyphen () is appended to the package name (with no intervening space), the identified package will be removed if it is currently installed. Similarly a plus sign (+) can be used to designate a package to install. These latter features may be used to override decisions made by apt-get‘s conflict resolution system.
A specific version of a package can be selected for installation by
following the package name with an equals (=) and the version of the package to select. This will cause that version to be located and selected for install. Alternatively, a specific distribution can be selected by following the package name with a slash (/) and the version of the distribution or the Archive name (i.e. stable, testing, unstable).
Both of the version selection mechanisms can downgrade packages and must be
used with care.
Finally, the apt_preferences(5) mechanism allows you to create an
alternative installation policy for individual packages.
If no package matches the given expression and the expression contains one
of “.”, “?” or “*” then it is assumed to be a POSIX regular expression, and it is applied to all package names in the database. Any matches are then installed (or removed). Note that matching is done by substring so “lo.*” matches “how-lo” and “lowest”. If this is undesired, anchor the regular expression with a “^” or “$” character, or create a more specific regular expression.
remove pkg(s)
Identical to install except that packages are removed instead of installed. If a plus sign (+) is appended to the package name (with no intervening space), the identified package will be installed instead of removed.
source source_pkg
Causes apt-get to fetch source packages. APT will examine the available packages to decide which source package to fetch. It will then find and download into the current directory the newest available version of that source package. Source packages are tracked separately from binary packages via rpm-src type lines in the sources.list(5) file. This probably will mean that you will not get the same source as the package you have installed, or could install. If the –compile options is specified then the package will be compiled to a binary using rpmbuild, if –download-only is specified then the source package will not be unpacked.
A specific source version can be retrieved by following the source name with
an equals (=) and then the version to fetch, similar to the mechanism used for the package files. This enables exact matching of the source package name and version, implicitly enabling the APT::Get::Only-Source option.
Note that source packages are not tracked like binary packages, they exist
only in the current directory and are similar to downloading source tar balls.
build-dep source_pkg
Causes apt-get to install/remove packages in an attempt to satisfy the build dependencies for a source package.
check
Diagnostic tool; it updates the package cache and checks for broken dependencies.
clean
Clears out the local repository of retrieved package files. It removes everything but the lock file from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/.
autoclean
Like clean, autoclean clears out the local repository of retrieved package files. The difference is that it only removes package files that can no longer be downloaded, and are largely useless. This allows a cache to be maintained over a long period of time without it growing out of control. The configuration option APT::Clean-Installed will prevent installed packages from being erased if it is set to off.

Options

All command-line options may be set using the configuration file, the descriptions indicate the configuration option to set. For boolean options you can override the config file by using something like -f-, –no-f, -f=no or several other variations.

-d, –download-only
Download only; package files are only retrieved, not unpacked or installed.
Configuration Item: APT::Get::Download-Only.
-f, –fix-broken
Fix. Attempt to correct a system with broken dependencies in place. This option, when used with install/remove, can omit any packages to permit APT to deduce a likely solution. Any package(s) that are specified must completely correct the problem. This option is sometimes necessary when running APT for the first time; APT itself does not allow broken package dependencies to exist on a system. It is possible that a system’s dependency structure can be so corrupt as to require manual intervention. Use of this option together with -m may produce an error in some situations.
Configuration Item: APT::Get::Fix-Broken.
-m, –ignore-missing, –fix-missing
Ignore missing packages. If packages cannot be retrieved or fail the integrity check after retrieval (corrupted package files), hold back those packages and handle the result. Use of this option together with -f may produce an error in some situations. If a package is selected for installation (particularly if it is mentioned on the command-line) and it could not be downloaded then it will be silently held back.
Configuration Item: APT::Get::Fix-Missing.
–no-download
Disables downloading of packages. This is best used with –ignore-missing to force APT to use only the rpms it has already downloaded.
Configuration Item: APT::Get::Download.
-q, –quiet
Quiet. Produces output suitable for logging, omitting progress indicators. More q‘s will produce more quiet up to a maximum of two. You can also use -q=# to set the quiet level, overriding the configuration file. Note that quiet level 2 implies -y, you should never use -qq without a no-action modifier such as -d, –print-uris or -s as APT may decided to do something you did not expect.
Configuration Item: quiet.
-s, –simulate, –just-print, –dry-run, –recon, –no-act
No action. Perform a simulation of events that would occur but do not actually change the system.
Configuration Item: APT::Get::Simulate.
Simulate prints out a series of lines, each one representing an rpm
operation: Configure (Conf), Remove (Remv), Unpack (Inst). Square brackets indicate broken packages with an empty set of square brackets meaning breaks that are of no consequence (rare).
-y, –yes, –assume-yes
Automatic yes to prompts. Assume “yes” as answer to all prompts and run non-interactively. If an undesirable situation, such as changing a held package or removing an essential package, occurs then apt-get will abort.
Configuration Item: APT::Get::Assume-Yes.
-u, –show-upgraded
Show upgraded packages. Print out a list of all packages that are to be upgraded.
Configuration Item: APT::Get::Show-Upgraded.
-V, –verbose-versions
Show full versions for upgraded and installed packages.
Configuration Item: APT::Get::Show-Versions.
-b, –compile, –build
Compile source packages after downloading them.
Configuration Item: APT::Get::Compile.
–ignore-hold
Ignore package Holds. This causes apt-get to ignore a hold placed on a package. This may be useful in conjunction with dist-upgrade to override a large number of undesired holds.
Configuration Item: APT::Ignore-Hold.
–no-upgrade
Do not upgrade packages. When used in conjunction with install, no-upgrade will prevent packages listed from being upgraded if they are already installed.
Configuration Item: APT::Get::Upgrade.
–force-yes
Force yes. This is a dangerous option that will cause apt-get to continue without prompting if it is doing something potentially harmful. It should not be used except in very special situations. Using –force-yes can potentially destroy your system!
Configuration Item: APT::Get::force-yes.
–print-uris
Instead of fetching the files to install, their URIs are printed. Each URI will have the path, the destination file name, the size and the expected md5 hash. Note that the file name to write to will not always match the file name on the remote site! This also works with the source and update commands. When used with the update command, the MD5 and size are not included, and it is up to the user to decompress any compressed files.
Configuration Item: APT::Get::Print-URIs.
–reinstall
Re-Install packages that are already installed and at the newest version.
Configuration Item: APT::Get::ReInstall.
–list-cleanup
This option defaults to on, use –no-list-cleanup to turn it off. When on, apt-get will automatically manage the contents of /var/lib/apt/lists to ensure that obsolete files are erased. The only reason to turn it off is if you frequently change your source list.
Configuration Item: APT::Get::List-Cleanup.
-t, –target-release, –default-release
This option controls the default input to the policy engine. It creates a default pin at priority 990 using the specified release string. The preferences file may further override this setting. In short, this option lets you have simple control over which distribution packages will be retrieved from. Some common examples might be -t ‘2.1*’ or -t unstable.
Configuration Item: APT::Default-Release; see also the
apt_preferences(5) manual page.
–trivial-only
Only perform operations that are “trivial”. Logically this can be considered related to –assume-yes. Where –assume-yes will answer yes to any prompt, –trivial-only will answer no.
Configuration Item: fIAPT::Get::Trivial-Only.
–no-remove
If any packages are to be removed apt-get immediately aborts without prompting.
Configuration Item: APT::Get::Remove.
–only-source
Only has meaning for the source command. Indicates that the given source names are not to be mapped through the binary table. This means that if this option is specified, the source command will only accept source package names as arguments, rather than accepting binary package names and looking up the corresponding source package.
Configuration Item: APT::Get::Only-Source.
-h, –help
Show a short usage summary.
-v, –version
Show the program version.
-c, –config-file
Configuration File. Specify a configuration file to use. The program will read the default configuration file and then this configuration file. See apt.conf(5) for syntax information.
-o, –option
Set a Configuration Option. This will set an arbitrary configuration option. The syntax is -o Foo::Bar=bar.

Source: apt-get(8) – Linux man page

apt-get(8) – Linux man page was last modified: February 9th, 2019 by Jovan Stosic

virtual machine – Dynamic memory allocation in KVM – Stack Overflow

Jovan Stosic February 9, 2019

I have Ubuntu 16.04 host over which I installed a Virtual guest (Windows server 2012) using KVM. The total RAM available is 16 GB.

I have installed virtio balloon drivers. I have allocated 4GB current memory and 12GB maximum memory to the windows. However the windows sees 8GB unallocated memory as used memory. Please see the attached figure. Memory usage in Guest

When I open some heavy applications the memory assigned is limited to the available memory from 4GB. The computer behaves in the same manner when full memory is being utilized in the windows (does not run smoothly).

The windows can see all the 12 GB RAM but can only utilize 4 GB. How do I ensure that windows can utilize all off the 12GB of memory?

———————–
The behaviour you describe is simply the way the balloon driver operates. The hypervisor exposes a virtual machine with 12 GB of virtual DIMMs installed. The balloon driver then grabs 8 GB of this memory and gives it back to the hypervisor. The way it grabs memory varies per guest OS, but essentially it has to allocate it to make it appear to be in use, thus preventing the guest OS using it. The balloon driver does not automatically adjust depending on guest workload requirements. So if your windows guests needs more than 4 GB, you need to use libvirt/virsh on the host OS to change the balloon level, to give some of the “used” 8 GB back to the guest OS. If you want the guest OS to see & use the full 12 GB, simply don’t use the balloon driver at all.

https://stackoverflow.com/questions/43039272/dynamic-memory-allocation-in-kvm

virtual machine – Dynamic memory allocation in KVM – Stack Overflow was last modified: February 9th, 2019 by Jovan Stosic

virtualbox – How to change UUID in virtual box

Jovan Stosic February 3, 2019

The following worked for me:

  1. run VBoxManage internalcommands sethduuid “VDI/VMDK file” twice (the first time is just to conveniently generate an UUID, you could use any other UUID generation method instead)
  2. open the .vbox file in a text editor
  3. replace the UUID found in Machine uuid=”{…}” with the UUID you got when you ran sethduuid the first time
  4. replace the UUID found in HardDisk uuid=”{…}” and in Image uuid=”{}” (towards the end) with the UUID you got when you ran sethduuid the second time

Source: virtualbox – How to change UUID in virtual box – Stack Overflow

virtualbox – How to change UUID in virtual box was last modified: February 3rd, 2019 by Jovan Stosic

read Man Page – Linux

Jovan Stosic February 2, 2019

ead

Read one line from the standard input, (or from a file) and assign the word(s) to variable name(s).

Syntax
read [-ers] [-a aname] [-p prompt] [-t timeout] [-n nchars] [-d delim] [name…]

Key
-a aname
The words are assigned to sequential indices of the array variable aname, starting at 0.
aname is unset before any new values are assigned. Other name arguments are ignored.

-d delim
The first character of delim is used to terminate the input line, rather than newline.

-e If the standard input is coming from a terminal, readline is used to obtain the line.

-n nchars
read returns after reading nchars characters rather than waiting for a complete line of
input.
-p prompt
Display prompt on standard error, without a trailing newline, before attempting to read
any input. The prompt is displayed only if input is coming from a terminal.

-r Backslash does not act as an escape character. The backslash is considered to be part
of the line. In particular, a backslash-newline pair can not be used as a line continuation.

-s Silent mode. If input is coming from a terminal, characters are not echoed.

-t timeout
Cause read to time out and return failure if a complete line of input is not read
within timeout seconds. This option has no effect if read is not reading input from
the terminal or a pipe.

-u fd Read input from file descriptor fd.

This is a BASH shell builtin, to display your local syntax from the bash prompt type: help [r]ead

One line is read from the standard input, and the first word is assigned to the first name, the second word to the second name, and so on, with leftover words and their intervening separators assigned to the last name.

If there are fewer words read from the standard input than names, the remaining names are assigned empty values.

The characters in the value of the IFS variable are used to split the line into words.

The backslash character `\’ can be used to remove any special meaning for the next character read and for line continuation.

If no names are supplied, the line read is assigned to the variable REPLY. The return code is zero, unless end-of-file is encountered or read times out.

Examples

#!/bin/bash
read var_year
echo “The year is: $var_year”

echo -n “Enter your name and press [ENTER]: ”
read var_name
echo “Your name is: $var_name”

Source: read Man Page – Linux – SS64.com

read Man Page – Linux was last modified: February 2nd, 2019 by Jovan Stosic

terminal + ssh doesn’t display UTF correctly – Ask Ubuntu

Jovan Stosic February 2, 2019

I have a remote server, to which I connect via SSH.

On separate Mac OS and Gentoo computers, when I connect to this server, unicode works fine. On my brand new Ubuntu installation, I don’t see unicode on this server correctly and I can’t seem to insert them correctly either.

I have a file with a letter “ž”. When I less it locally, on Ubuntu, in Terminal, I see correct “ž”. When I less the same file on the aforementioned server via SSH, I see just – both in Terminal and xterm.

locale on the server shows me this

LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE=”en_US.UTF-8″
LC_NUMERIC=cs_CZ.UTF-8
LC_TIME=cs_CZ.UTF-8
LC_COLLATE=”en_US.UTF-8″
LC_MONETARY=cs_CZ.UTF-8
LC_MESSAGES=”en_US.UTF-8″
LC_PAPER=cs_CZ.UTF-8
LC_NAME=cs_CZ.UTF-8
LC_ADDRESS=cs_CZ.UTF-8
LC_TELEPHONE=cs_CZ.UTF-8
LC_MEASUREMENT=cs_CZ.UTF-8
LC_IDENTIFICATION=cs_CZ.UTF-8
LC_ALL=

Terminal has UTF8 encoding (and as I wrote, the unicode file is opened correctly when opened locally).

What can be wrong?
ssh gnome-terminal unicode
shareimprove this question
asked Feb 17 ’14 at 0:28
Karel Bílek
79431023
add a comment
1 Answer
active
oldest
votes
9

This answer to a similar question helped

https://askubuntu.com/a/144448/9685

Commenting out SendEnv LANG LC_* in the local /etc/ssh/ssh_config file fixed everything.
shareimprove this answer
edited Apr 13 ’17 at 12:25
Community♦
1
answered Feb 17 ’14 at 0:37
Karel Bílek
79431023

add a comment
 

Source: terminal + ssh doesn’t display UTF correctly – Ask Ubuntu

terminal + ssh doesn’t display UTF correctly – Ask Ubuntu was last modified: February 2nd, 2019 by Jovan Stosic

ssh through second network card using PUTTY – Google Groups

Jovan Stosic January 25, 2019
Hi,I am using Putty and want to open a ssh using a second network card,

I can find no settings whereby the second card can be selected.

I have the following settings
Running Win7
Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix  . :
IP Address. . . . . . . . . . . . : 192.168.1.170
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
IP Address. . . . . . . . . . . . : 10.0.0.5
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.1

Is there something that I am missing.

Another option would be to use telnet session, but I can also find no way of
forcing the telnet to go through the second card.

Thanks in advance

——————————————————————————

    AFAIK there is no way  in putty you can select  an  interface before opening
a SSH connection. One way to do this is to change the network interface “metric”
value. Just increase the “interface 1” metric value and W2K will start using the
interface 2 for all the network activity.

To change the metric do the following

Right click on the “My Network Places” -> right click on  the “Local Area
Connection” -> select properties ->select Internet Protocol (TCP/IP) ->select
properties-> click on advanced and change value of interface metric to “2”.
Click on “OK” .

Now putty (in fact all the apps) should start using the second interface for all the new connections.

Source: ssh through second network card using PUTTY – Google Groups

ssh through second network card using PUTTY – Google Groups was last modified: January 25th, 2019 by Jovan Stosic

Squid – Proxy Server

Jovan Stosic January 22, 2019

Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol (ICP), the Hyper Text Caching Protocol (HTCP), the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol (WCCP).

The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms, and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid caching proxy server for many users ensure it is configured with a large amount of physical memory as Squid maintains an in-memory cache for increased performance.

Installation
Configuration
References

Installation

At a terminal prompt, enter the following command to install the Squid server:

sudo apt install squid

Configuration

Squid is configured by editing the directives contained within the /etc/squid/squid.conf configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section.

Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary. Make this copy and protect it from writing using the following commands:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
sudo chmod a-w /etc/squid/squid.conf.original

To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:

http_port 8888

Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer’s hostname. In this example it is set to weezie

visible_hostname weezie

Using Squid’s access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only:

Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

acl fortytwo_network src 192.168.42.0/24

Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

http_access allow fortytwo_network

Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we’ll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/24 subnetwork:

Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

acl biz_network src 10.1.42.0/24
acl biz_hours time M T W T F 9:00-17:00

Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

http_access allow biz_network biz_hours

After making changes to the /etc/squid/squid.conf file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:

sudo systemctl restart squid.service

If formerly a customized squid3 was used that set up the spool at /var/log/squid3 to be a mountpoint, but otherwise kept the default configuration the upgrade will fail. The upgrade tries to rename/move files as needed, but it can’t do so for an active mountpoint. In that case please either adapt the mountpoint or the config in /etc/squid/squid.conf so that they match.

The same applies if the include config statement was used to pull in more files from the old path at /etc/squid3/. In those cases you should move and adapt your configuration accordingly.

Squid – Proxy Server was last modified: January 22nd, 2019 by Jovan Stosic