msgbartop
Blog di Dino Ciuffetti (Bernardino in realtà)
msgbarbottom

28 Nov 15 How to enable HTML5 video playback in firefox

If you use Mozilla Firefox and you want to view video streaming with HTML5 embedded players, you may need to enable some video functionality into the firefox configuration.
For some reason obscure to me Mozilla Firefox will not play some HTML5 based video streaming, and the embedded player will probably fall back to Adobe Flash based streaming (that is what I don’t want since it’s closed source and it’s a very insecure application).

For example, youtube has a HTML5 based player that you could choose to use instead of flv. You can verify and enable HTML5 based streaming functionality of your browser navigating to https://www.youtube.com/html5.

In my case (Firefox 64 bit on Linux Debian) the tabs “Media Source Extensions”, “MSE & H.264” and “MSE & WebM VP9” are disabled by default.

If you want to enable those functionalities simply write “about:config” into the firefox navigation bar.
You will be alerted to pay attention to not modify things or your warranty will be broken.
Just ignore the warning and proceed.

Now, if you did not already, switch the following configuration parameters to true:

media.fragmented-mp4.exposed
media.fragmented-mp4.ffmpeg.enabled
media.fragmented-mp4.gmp.enabled
media.mediasource.webm.enabled
media.mediasource.enabled

If you try to refresh the HTML5 based youtube player, you should hopefully have all video streaming tabs ready and enabled.
If you want, you can now switch the youtube default player to HTML5.

24 Nov 15 HTTP request header from a query string parameter on apache reverse proxy

Suppose you have a apache httpd server working as a reverse proxy. Now suppose that this server has to set a HTTP request header called “token” to be attached to every request made to the backends, and that the header’s value must be copied from a query string parameter called “querytoken”.

This can be simply done with the help of mod_headers + mod_rewrite.

RewriteEngine On
RewriteCond %{QUERY_STRING} (?:^|&)querytoken=([^&]+)
RewriteRule (.*) - [E=QS_TOKEN:%1]

RequestHeader set token %{QS_TOKEN}e env=QS_TOKEN
ProxyPass / http://your_backend/

Will your external client make a request like this:

GET /?querytoken=somestuff HTTP/1.0
Host: example

The request header that apache will do to the backend will be something like this:

GET /?token=somestuff HTTP/1.1
Host: 127.0.0.1:1234
token: somestuff
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: example
X-Forwarded-Server: myserver.linux
Connection: Keep-Alive

The request header “token” with value “somestuff” is added to the request made to the backend.

04 Nov 15 Rescan iSCSI volume after resize on linux

If you need to resize a iSCSI volume you need to:

  1. resize the volume on the iSCSI target (ietd)
  2. rescan the volume on the iSCSI initiator (open-iscsi)
  3. resize the fs, if any

I’ll skip the resize procedure on the target, because it depends on how it’s made (lvresize, dd, etc).

The procedure to rescan the volume on the initiator (open-iscsi) is very simple and can be accomplished online.

iscsiadm -m node -R

Then, you can grow the filesystem, if any (xfs_grofs, resize_reiserfs, resize2fs, depending on your fs type).

30 Ott 15 How to check SSL/TLS protocol for a given server

If you need to check which SSL/TLS protocol version is implemented by your webserver, you can issue the following command:

dino@dam2knb:~$ echo | openssl s_client -connect 10.38.46.137:8443 2>&1 | grep Protocol
Protocol : TLSv1.2

30 Set 15 apache [error] (13)Permission denied: Cannot create SSLMutex

On one of the servers of one of my clients, a Solaris 5.8 sparc host, apache did not want to start.
It wrote the following error message on the error_log file:
cojo1@myserver $ cat error_log
[Wed Sep 30 12:24:11 2015] [error] (13)Permission denied: Cannot create SSLMutex

The problem, in my case, was about the permissions on /tmp.
Since these machines can be accessed by hundred people, someone thought well to change /tmp permissions to 0775. Everybody knows that if whould be 1777 instead.
The lack of both the sticky bit and write permissions to other did not make apache starting for non root users.

Hope this help someone.
Ciao, Dino.

08 Feb 15 Never say the truth to job interviews

After years of TI technical support middleware expert (and any offers received after a job interview that I had in june) it’s now time to explore new horizons, so I’m searching some new job.
In the meantime I’ll do the very minimum here at TI: I’ll turn my phone off and no more extra help to anyone.

NOTE1: never say the truth to job interviews;
NOTE2: never help heads and collegues;
NOTE3: never say you know something more or you’ll get new work for free;
NOTE4: always be cynic

27 Gen 15 How to get the device mapper name associated to LVM logical volumes

This is how to get the device mapper name (dm-1, dm-2, etc) associated to each LVM logical volume:

lvdisplay|awk '/LV Name/{n=$3} /Block device/{d=$3; sub(".*:","dm-",d); print d,n;}'

15 Nov 14 Dump and restore block device data on the fly by the network

Sometimes you may need to copy data from a block device (or LVM logical volume or snapshot) from one server to another., but you don’t want to dump the image to disk, move to the other server, then import. You may need (or just want) to copy on the fly, transfering data on the net.

To do this, and have ETA on the operation you need the pv executable. The command nc is used to stream data on the network, while pigz is used to compress data (gzip uses just one CPU, while pigz uses all available CPU, and it’s much faster).

On the origin server (server1) you have a block device (lvm logical volume in this case) called /dev/vg0/vm-111-disk-1, while on the destination server (server2) you want to overwrite a LVM logical volume called /dev/vg0/vm-112-disk-1 with data coming from the origin server.
To do this, assuming the device is big 20GB, you may run those commands:

Server side (destination server, server2, ip 192.168.0.2):

nc -l -n -p 2102 -q 2 | pigz -d | pv -pre –size=20G | dd iflag=fullblock bs=512k of=/dev/vg0/vm-112-disk-1

Client side (origin server, server1, 192.168.0.1):

dd if=/dev/vg0/vm-111-disk-1 bs=512k | pv -pre –size=20G | pigz | nc -q 2 192.168.0.2 2102

Data will be read, compressed, transfered on the network on (port TCP 2102 on our case, from 192.168.0.1 to 192.168.0.2), uncompressed on the destination server and restored on disk, and you’ll have ETA and progress indication:

Output server side (destination server, server2):

root@server2 ~ # nc -l -n -p 2102 -q 2 | pigz -d | pv -pre –size=20G | dd iflag=fullblock bs=512k of=/dev/vg0/vm-112-disk-1
[71.2MB/s] [=========================================================================================================================================>] 100%
40960+0 records in
40960+0 records out
21474836480 bytes (21 GB) copied, 296.436 s, 72.4 MB/s

Output client side (origin server, server1):

root@server1 ~ # dd if=/dev/vg0/vm-111-disk-1 bs=512k | pv -pre –size=20G | pigz | nc -q 2  192.168.0.2 2102
[72.2MB/s]
[=========================================================================================================================================>]
100%
40960+0 records
40960+0 records out
21474836480 bytes (21 GB) copied, 283.531 s, 75.7 MB/s

30 Ott 14 WPA2 connection without NetworkManager in Debian linux

This is a memo that I can use to remember how to enable WPA2 protected WiFI connections with debian without using NetworkManager.

All that you have to do is:

  • create the file /etc/wpa_supplicant/wpa_supplicant.conf with the following content:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=0
country=IT
ap_scan=2

network={
ssid=”My WiFI SSID”
psk=”mysupersecret password”
bssid=””
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=TKIP
}

  • if you want to set a static IP, add the following content to the file /etc/network/interfaces

iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.100.7
netmask 255.255.255.0
network 192.168.100.0
broadcast 192.168.100.255

  • if, instead, you want a dynamic address assigned by a DHCP server, add the following to /etc/network/interfaces

iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

  • now, setup the connection with this command by root (sudo before the command if you are on ubuntu):

ifup wlan0

  • when you have finisched with the connection, close it up with the command by root (sudo before the command if you are on ubuntu)

ifdown wlan0

 

28 Ott 14 Best rsync options to mirror a remote directory

If you want to mirror a remote directory via SSH, you may want to use the wonderful rsync command.

The rsync executable has many options, so, which is the correct option list to make an exact copy of a remote directory, maintaining permissions, ownerships, timestampts, copying only the modified files, and updating only the pieces of modified files?

Let me begin with an example. We want to full mirror the directory /mystuff on server 1.2.3.4 into /mystufflocal. The files deleted on 1.2.3.4 from the previous rsync will be removed locally too, so pay attention! If you don’t want to locally remove deleted files you can remove the “–delete” option.
If you want to compress the stream in transit you can add the “-z” option.
All we have to do is:

rsync -vartuh –inplace –delete –progress –stats -e “ssh -carcfour128” root@1.2.3.4:/mystuff/ /mystufflocal/

The trailing slashes are important because are used by rsync to understand precisely what should be transferred and where.