Month: July 2015

Restart MailScanner in cPanel

Weirdly, this isn't cover so i might as well just write it down here. If you have MailScanner installed on your cPanel, the best thing to do after you've made a changes is to restart the service, but you'll find out that MailScanner isn't around as a service. So to restart cPanel as a services, you'll need to restart via cPanel script

/scripts/restartsrv mailscanner

and you'll see something like this,

-bash-4.1# /scripts/restartsrv mailscanner
Waiting for “mailscanner” to restart …………………………………………waiting for “mailscanner” to initialize ………………………………
…finished.

Service Status
	Checking MailScanner daemons:
	2049
	2050
	2111
	2264

The service “mailscanner” failed to start with the message: Checking MailScanner daemons:
2049
2050
2111
2264

Log Messages
	Jul 28 14:37:23 chopper MailScanner: MailScanner setting UID to mailnull (47)
	Jul 28 14:37:48 chopper MailScanner: Deleted 1 messages from processing-database
	Jul 28 14:37:47 chopper MailScanner: Uninfected: Delivered 1 messages
	Jul 28 14:37:47 chopper MailScanner: Delivery of nonspam: message 1ZJyQp-0007At-KW from [email protected] to [email protected] with subject  [Emporium Blog 2] Please moderate: "Paypal Utilizes Credit Card Machinery for Malaysians to Withdraw Funds"

mailscanner has failed. Please contact your system administrator if the service does not automagically recover.

You'll notice that the service mentioned that mailscanner has failed, just ignore it. As long as the daemons is up, it's kicking.

Using Command line to start, stop or reboot remote server with iDrac racadm

I've always like to set my Dell iDrac network management ip to a private one as compared to a public ones. However, when a dell server is causing a problem, i might not be able to access the server web interface since its an internal ip and the server might not be able to connect directly via ssh. In this case, how do i reboot the server without calling help from the datacenter? Apparently, there is a tool call racadm which can be used to assist such incident.

If you have access to the other network servers where you can still ping the dell iDrac private ip, you can fire the following commands to ensure that your server will reboot itself.

racadm -u ADMIN -p ADMIN -r 192.168.0.123 serveraction hardreset

In the above, case, i am connect to the idrac 192.168.0.123 and login with the ADMIN and password ADMIN to do a 'serveraction' with a hardreset. You can specifies the action. The options for the string are:

  • powerdown – Powers down the server module.
  • powerup – Powers up the server module.
  • powercycle – Issues a power-cycle to the server module.
  • hardreset – Issues a hard reset to the server module.

But do remember to install OpenManage or racadm on your server or else you are on your own! For more options available using racadm visit their doc page.

Easy Setup OpenVPN in 5 minutes with Debian or Centos or Ubuntu

Ok, i bet some times you will want to setup OpenVPN real quick in less than 5 minutes but have to go through with a lot of instruction and it might not work! Especially if you are on a VPS! Now let me explain how i did it in 5 minutes thanks to Nyr. If you are installing this on an OpenVZ machine, please update your host file as instructed at the bottom of this article, if you are not, just continue reading by firing up a VPS machine or a physical machine and fire the following instruction.


wget git.io/vpn --no-check-certificate -O ~/openvpn-install.sh; bash openvpn-install.sh

regardless of Debian, Centos or Ubuntu, this will work fine! Now, the script will ask you a few questions and starts installing

Welcome to this quick OpenVPN "road warrior" installer

I need to ask you a few questions before starting the setup
You can leave the default options and just press enter if you are ok with them

First I need to know the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 192.168.100.99

What port do you want for OpenVPN?
Port: 1194

Do you want OpenVPN to be available at port 53 too?
This can be useful to connect under restrictive networks
Listen at port 53 [y/n]: y

Do you want to enable internal networking for the VPN?
This can allow VPN clients to communicate between them
Allow internal networking [y/n]: y

What DNS do you want to use with the VPN?
   1) Current system resolvers
   2) OpenDNS
   3) Level 3
   4) NTT
   5) Hurricane Electric
   6) Yandex
DNS [1-6]: 2

Finally, tell me your name for the client cert
Please, use one word only, no special characters
Client name: example

I am installing OpenVPN in a OpenVZ machine. Therefore, i am throwing in the private ip of the machine instead of the public ones. Once the script finish installing and setup, it will ask you the following questions,

If your server is NATed (LowEndSpirit), I need to know the external IP
If that's not the case, just ignore this and leave the next field blank
External IP: 23.132.16.23

Finished!

Your client config is available at ~/cluster.ovpn
If you want to add more clients, you simply need to run this script another time!

And you will get a user ovpn file to install it into your computer! Now, if you would like to add more user, do the following

bash ~/openvpn-install.sh

and you will see the following screen.

Looks like OpenVPN is already installed
What do you want to do?

1) Add a cert for a new user
2) Revoke existing user cert
3) Remove OpenVPN
4) Exit

Select an option [1-4]:

This is specially easy for anyone to just setup your OpenVPN machine in less than 5 minutes and furthermore, you can easily config more users using the same old script. Pretty neat stuff if you asked me!

Installing OpenVPN in OpenVZ

Now, there are a few more things to do if you are in an OpenVZ, on the host machine, you might want to add the following criteria so that iptables is available and internet is forwarding to your client.

at the bottom of /etc/vz/vz.conf you will see the following configuration

## Defaults for containers
VE_ROOT=/var/lib/vz/root/$VEID
VE_PRIVATE=/var/lib/vz/private/$VEID

## Filesystem layout for new CTs: either simfs (default) or ploop
#VE_LAYOUT=ploop

## Load vzwdog module
VZWDOG="no"

## IPv4 iptables kernel modules to be enabled in CTs by default
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
## IPv4 iptables kernel modules to be loaded by init.d/vz script
IPTABLES_MODULES="$IPTABLES"

## Enable IPv6
IPV6="yes"

## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"

change it to the following

## Defaults for containers
VE_ROOT=/var/lib/vz/root/$VEID
VE_PRIVATE=/var/lib/vz/private/$VEID

## Filesystem layout for new CTs: either simfs (default) or ploop
#VE_LAYOUT=ploop

## Load vzwdog module
VZWDOG="no"

## IPv4 iptables kernel modules to be enabled in CTs by default
#IPTABLES="ipt_REDIRECT ipt_LOG ipt_state ipt_recent xt_connlimit ipt_owner iptable_nat ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
## IPv4 iptables kernel modules to be loaded by init.d/vz script
#IPTABLES_MODULES="$IPTABLES"

## Enable IPv6
#IPV6="yes"

## IPv6 ip6tables kernel modules
#IP6TABLES="ip6t_REDIRECT ip6t_REJECT ip6t_tos ip6t_limit ip6t_multiport ip6t_TCPMSS ip6t_tcpmss ip6t_ttl ip6t_length ip6t_LOG ip6t_state ip6t_recent xt_connlimit ip6t_owner ip6table_nat ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"

## IPv4 iptables kernel modules to be enabled in CTs by default
IPTABLES="ipt_REDIRECT ipt_owner ipt_recent iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_state iptable_nat"
## IPv4 iptables kernel modules to be loaded by init.d/vz script
IPTABLES_MODULES="$IPTABLES"

## Enable IPv6
IPV6="yes"

## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"
SKIP_SYSCTL_SETUP=yes

and make sure ip forward is enable by going to /etc/sysctl.conf and update the following to '1'

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1

and make sure Tun/TAP is enable for your VPS

# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state

If you are not seeing the above, do the following on your host machine,

vzctl set 101 --devnodes net/tun:rw --save
vzctl set 101 --devices c:10:200:rw --save 
vzctl stop 101 
vzctl set 101 --capability net_admin:on --save
vzctl start 101 
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 chmod 600 /dev/net/tun

Once you've done the above, then starts installing OpenVPN with the scripts by Nyr.

**UPDATE**
And remember to port forward port 1194 and 53!

-A PREROUTING -i vmbr1 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.100.2:53
-A PREROUTING -i vmbr1 -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.100.2:1194
-A PREROUTING -i vmbr1 -p tcp -m tcp --dport 1194 -j DNAT --to-destination 192.168.100.2:1194

WooCommerce Email Verification WordPress Code

Ok, i though this will be available since Woocommerce is pretty popular but HOW COME NO ONE ACTUALLY MAKE THIS CODE AND OPEN SOURCE IT?! Holy cow! I search it everywhere and couldn't find WooCommerce verifying user email before allowing the user to access WordPress without verifying whether their email is authentic. In the end i wrote it myself and i'm gonna throw it out for people to use.

Basically the code has to be placed within function.php in your theme, you can also make this into a WordPress plugin and fine tune it if you like. However, please share the code out cause mine isn't the most perfect out there. I am just gonna throw it out and see what other improvement can others suggest or create. Cheers!

// this is just to prevent the user log in automatically after register
function wc_registration_redirect( $redirect_to ) {
        wp_logout();
        wp_redirect( '/sign-in/?q=');
        exit;
}
// when user login, we will check whether this guy email is verify
function wp_authenticate_user( $userdata ) {
        $isActivated = get_user_meta($userdata->ID, 'is_activated', true);
        if ( !$isActivated ) {
                $userdata = new WP_Error(
                                'inkfool_confirmation_error',
                                __( '<strong>ERROR:</strong> Your account has to be activated before you can login. You can resend by clicking <a href="/sign-in/?u='.$userdata->ID.'">here</a>', 'inkfool' )
                                );
        }
        return $userdata;
}
// when a user register we need to send them an email to verify their account
function my_user_register($user_id) {
        // get user data
        $user_info = get_userdata($user_id);
        // create md5 code to verify later
        $code = md5(time());
        // make it into a code to send it to user via email
        $string = array('id'=>$user_id, 'code'=>$code);
        // create the activation code and activation status
        update_user_meta($user_id, 'is_activated', 0);
        update_user_meta($user_id, 'activationcode', $code);
        // create the url
        $url = get_site_url(). '/sign-in/?p=' .base64_encode( serialize($string));
        // basically we will edit here to make this nicer
        $html = 'Please click the following links <br/><br/> <a href="'.$url.'">'.$url.'</a>';
        // send an email out to user
        wc_mail($user_info->user_email, __('Please activate your account'), $html);
}
// we need this to handle all the getty hacks i made
function my_init(){
        // check whether we get the activation message
        if(isset($_GET['p'])){
                $data = unserialize(base64_decode($_GET['p']));
                $code = get_user_meta($data['id'], 'activationcode', true);
                // check whether the code given is the same as ours
                if($code == $data['code']){
                        // update the db on the activation process
                        update_user_meta($data['id'], 'is_activated', 1);
                        wc_add_notice( __( '<strong>Success:</strong> Your account has been activated! ', 'inkfool' )  );
                }else{
                        wc_add_notice( __( '<strong>Error:</strong> Activation fails, please contact our administrator. ', 'inkfool' )  );
                }
        }
        if(isset($_GET['q'])){
                wc_add_notice( __( '<strong>Error:</strong> Your account has to be activated before you can login. Please check your email.', 'inkfool' ) );
        }
        if(isset($_GET['u'])){
                my_user_register($_GET['u']);
                wc_add_notice( __( '<strong>Succes:</strong> Your activation email has been resend. Please check your email.', 'inkfool' ) );
        }
}
// hooks handler
add_action( 'init', 'my_init' );
add_filter('woocommerce_registration_redirect', 'wc_registration_redirect');
add_filter('wp_authenticate_user', 'wp_authenticate_user',10,2);
add_action('user_register', 'my_user_register',10,2);

Ok, i have tested this code with the latest Woocommerce and WordPress 4.2.2. Now, just modify this to suit your needs. It's not perfect yet but i'll leave the perfect version for you guys. Enjoy!

How to List Images on Proxmox Ceph with RBD

Ok, Ceph, its a pretty new file storage for me which assist in Proxmox clustering. As much as i like it, there are a lot of things that isn't readily available on the internet. Especially for novice user like myself. Thing such as listing all the images out of a particular Proxmox machine that are using Ceph. If you look at the Ceph documentation, it will link you to rbd which said,

rbd is a utility for manipulating rados block device (RBD) images, used by the Linux rbd driver and the rbd storage driver for Qemu/KVM. RBD images are simple block devices that are striped over objects and stored in a RADOS object store. The size of the objects the image is striped over must be a power of two.

If you are looking on how to resize or list an image, the block device commands documentation on RBD might helps.

Now, to list out all your proxmox ceph images (so you can resize etc.), you will need to do login to the machine and do the following,

rbd list  --pool twopiz

where twopiz is the pool i created on proxmox database as shown below,
Screen Shot 2015-07-06 at 4.36.39 PM
if you have another pool, you'll just need to let it know how what pool to list them out. Once you do that, destorying, creating and etc. will be simple.