Debian 6 (squeeze) to 7 (wheezy) upgrade notes

Networking (firewall related)

Some of the older debian servers are firewalled using a command in the ”/etc/network/interfaces” file to load the iptables rules. For some reason this breaks the file on upgrade to Debian wheezy and the network interfaces don’t come up on boot. To fix, comment or remove the line:

pre-up iptables-restore < /etc/iptables.conf

and use the iptables-persistent package instead.

Also gives an error on

INPUT -i ! lo

Need to change to

INPUT ! -i lo

(To be fair, this has been deprecated for a while now)

Suhosin

php5-suhosin has been removed from wheezy. The upgrade sort of removes it, but it hangs around as a remove candidate package. Following http://pc-freak.net/blog/how-to-get-rid-of-php-warning-php-startup-unable-to-load-dynamic-library-usrlibphp520090626suhosin-so-on-debian-gnu-linux/ we check the package status with

dpkg -l | grep -i suhosin

and remove with

dpkg --purge php5-suhosin

This seems to fix the problem (don’t get emailed every so often by cron about it missing)

For next upgrade should remove it first.

Kernel

Make sure the generic kernel package is installed – have tended to choose the specific one in the past for no good reason.

apt-get install linux-image-amd64

This should ensure the 3.2 kernel is installed as part of the upgrade.

Getting the Windows automatic update prompt to appear (inc. RDP sessions)

Often the Windows update shield in the system tray won’t appear when you RDP into systems. A fairly reliable trick seems to be the following:

  1. Stop the Automatic Update service ( ”net stop wuauserv” from the command line ).
  2. Set the ”NextFeaturedUpdatesNotificationTime” key ( located at ”HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\” ) to a date and time slightly ahead (say a minute or two) of the present.
  3. Start the Automatic Update service ( ”net start wuauserv” ).

Or use this script (save as .vbs):

Dim newDate, newDateFormatted, newYear, newMonth, newDay, newHour, newMinute, newSecond, notificationString, strHTML
Dim objExplorer, objWshShell, objWMIService, objService

newDate = DateAdd("n", 2, Now)

newYear = Year(newDate)
newMonth = zeropad(Month(newDate), 2)
newDay = zeropad(Day(newDate), 2)
newHour = zeropad(Hour(newDate), 2)
newMinute = zeropad(Minute(newDate), 2)
newSecond = zeropad(Second(newDate), 2)

newDateFormatted = newYear & "-" & newMonth & "-" & newDay & " " & newHour & ":" & newMinute & ":" & newSecond

Private Function zeroPad(m, t)
zeroPad = String(t-Len(m),"0")&m
End Function

Set objExplorer = CreateObject("InternetExplorer.Application")

objExplorer.Navigate "about:blank"
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width = 400
objExplorer.Height = 200
objExplorer.Visible = 1
objExplorer.Document.Title = "Kicking Updater"

Set objWshShell = CreateObject( "WScript.Shell" )
Set objWMIService = GetObject( "winmgmts://./root/cimv2" )
Set objService = objWMIService.Get("Win32_Service.Name='wuauserv'")
objService.StopService()

While objService.Started
strHTML = strHTML & "<p>Waiting for wuauserv service to stop</p>"
objExplorer.Document.Body.InnerHTML = strHTML
WScript.Sleep 1000
Set objService = objWMIService.Get("Win32_Service.Name='wuauserv'")
Wend

objWshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextFeaturedUpdatesNotificationTime", newDateFormatted, "REG_SZ"
strHTML = strHTML & "</p>NextFeaturedUpdatesNotificationTime set to " & newDateFormatted & "</p>"
objExplorer.Document.Body.InnerHTML = strHTML

objService.StartService()

While Not objService.Started
strHTML = strHTML & "<p>Waiting for wuauserv service to start</p>"
objExplorer.Document.Body.InnerHTML = strHTML
WScript.Sleep 1000
Set objService = objWMIService.Get("Win32_Service.Name='wuauserv'")
Wend

strHTML = strHTML & "<p>Finished. The Update notifier should pop up in the tray at " & FormatDateTime(newDate, 3) & "</p>"
objExplorer.Document.Body.InnerHTML = strHTML

Set objService = Nothing
Set objWMIService = Nothing
Set objWshShell = Nothing
Set objExplorer = Nothing

Wscript.Quit

Matlab on OSX Mountain Lion (10.8)

OSX Mountain Lion (10.8) seems to change the order of the MAC addresses presented to flexlm licence processes. There is a page about various problems at the Mathworks website:

Why am I unable to launch MATLAB after upgrading to Mountain Lion?

At the bottom of the page it gives the command to run to determine which address the licence process is seeing:

/Applications/MATLAB_.app/etc/maci64/lmutil lmhostid

Windows Server 2003 (and XP) logon screen power config to allow reliable ACPI shutdown

It can sometimes be difficult to get Windows systems to shut down reliably using an ACPI signal (either the power button for a physical system, or an equivalent signal from a virtual machine hypervisor). Generally you find after the system has been on for a period of time, the first ACPI signal merely wakes up the screen. On a physical system this makes some sense – it shows you the system is in fact on already. To turn a physical system off you just press the power button again. For a virtual system this is not convenient, especially when you want the system to shut down cleanly when the host system is going down. The trick is to keep everything, particularly the screen, alive so that the first ACPI signal does actually initiate shutdown.

Power scheme configuration

Server 2003 and XP can do odd things with the standard power schemes. The most reliable way to make a power scheme stick appears to be to create a custom one. The registry files here create a new power scheme that really does leave the monitor on permanently.

For the current user:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies\6]
"Policies"=hex:01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,04,00,00,00,04,00,\
  00,00,00,00,3d,77,2e,f2,07,00,00,00,00,00,84,03,00,00,00,00,00,00,08,07,00,\
  00,00,00,64,64,64,64,91,7c
"Name"="Really always on"
"Description"="Non-standard power scheme that keeps the monitor on to allow reliable ACPI shutdowns"

For the default user (i.e. the one system uses at the logon screen):

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\PowerCfg\PowerPolicies\6]
"Policies"=hex:01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,04,00,00,00,04,00,\
  00,00,00,00,3d,77,2e,f2,07,00,00,00,00,00,84,03,00,00,00,00,00,00,08,07,00,\
  00,00,00,64,64,64,64,91,7c
"Name"="Really always on"
"Description"="Non-standard power scheme that keeps the monitor on to allow reliable ACPI shutdowns"

Save these as .reg files and merge them in as necessary.

Compare these policies to the “always on” policy – there are some differences in the data. It seems that quite often the standard policies get overwritten by something, possibly the global policy. Note that these policies have timeouts associated with the DC (i.e. battery) power profile, but this isn’t relevant for virtual servers (might want to think about this for physical systems on a UPS). Use ”powercfg -query” to see the power plan details.

Go to ”[HKEY_USERS\.DEFAULT\Control Panel\PowerCfg]” and set the ”CurrentPowerPolicy” value to ”6”.

Screen saver configuration

The screen saver also seems to interfere with things. To turn it off go to ”[HKEY_USERS\.DEFAULT\Control Panel\Desktop]” and set the ”ScreenSaveActive” value to ”0”.

Group Policy configuration

Remember to check that you can shut down the system without being logged on, as per Windows Server 2003 shutdown Group Policy

Windows Server 2003 change to multiprocessor HAL

According to http://technet.microsoft.com/en-us/library/cc782277(v=ws.10).aspx this should be simple. Trying it on a Server 2003 VM (that had been converted from Virtual Server 2005) didn’t give the options of the other HALs. The answer is at http://www.pimp-my-rig.com/2008/08/article-acpi-uniprocessor-to.html – use the command line devcon.exe tool and the .cmd script at http://www.pimp-my-rig.com/2008/10/acpi-multiprocessor-hal-upgrade-script.html .

Devcon can be downloaded from Microsoft at http://support.microsoft.com/kb/311272

The script is:

@echo off
@title "Upgrading to ACPI Multi-Processor HAL.."
cls

echo ====================================================
echo Upgrading to ACPI Multi-Processor HAL..
echo ====================================================
echo.
echo please wait..

devcon sethwid @ROOT\PCI_HAL\0000 := !E_ISA_UP !ACPIPIC_UP !ACPIAPIC_UP !ACPIAPIC_MP !MPS_UP !MPS_MP !SGI_MPS_MP !SYSPRO_MP !SGI_MPS_MP > nul
devcon sethwid @ROOT\ACPI_HAL\0000 := !E_ISA_UP !ACPIPIC_UP !ACPIAPIC_UP !ACPIAPIC_MP !MPS_UP !MPS_MP !SGI_MPS_MP !SYSPRO_MP !SGI_MPS_MP > nul
devcon sethwid @ROOT\PCI_HAL\0000 := +ACPIAPIC_MP > nul
devcon sethwid @ROOT\ACPI_HAL\0000 := +ACPIAPIC_MP > nul
devcon update %windir%\inf\hal.inf ACPIAPIC_MP > nul

echo.
echo ====================================================
echo Script Completed: press any key to reboot..
echo ====================================================

pause > nul

devcon reboot

Yumex setup on Fedora 17 LDXE

Yumex (I’ll probably remove it later, but it might be handy for removing cruft) complains that it can’t download stuff and bombs out. Even if yum proxy has been set and yum is working.

To fix, edit ”/etc/yumex.conf” and add the proxy in:

proxy = "http://your.cache.address:port"

The quotes are required!

Some information about the grub font error at http://unsolicitedbutoffered.blogspot.co.uk/2012/06/fedora-17-lxde-review-just-facts-mam.html

Migration of virtual machines from Proxmox 1.9 to 2.1

Procedure

  1. Create a storage area that both clusters can see (e.g. NFS on freenas box)
  2. Backup VM from 1.9 system to backup area.
  3. SSH to backup area and move backup tgz file from root of share (where 1.9 backs up) to dump directory (should have been created by connecting 2.1).
  4. Restore from backup in 2.1 (may want to keep the same VMID, to avoid inconsistent disk image numbers)
  5. Change hardware if required (VM won’t start if pointing to non-existent CD image, change network to appropriate bridge)

Network interface in Windows VMs

Not sure at moment whether changing the bridge affects anything, or whether it’s just due to the migration, but windows sees the network interface as a new device, so sets it using DHCP. Check via console!

Dokuwiki odd behaviour with <code> and <code text> syntax parser

Compare <code> and <code text> blocks:

<code>
*filter

# This will allow all loopback (lo0) traffic and drop all traffic to 127/8
# that does not use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

#  This accepts all already established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# This allows all outbound traffic
-A OUTPUT -j ACCEPT
</code>

 

<code text>
*filter

# This will allow all loopback (lo0) traffic and drop all traffic to 127/8
# that does not use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

#  This accepts all already established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# This allows all outbound traffic
-A OUTPUT -j ACCEPT
</code>

 

In dokuwiki text formatting option adds single spaces in the blank lines. Not helpful in the case of iptables rules files, where these spaces break the parser…