Perhaps you have a older liferay installation and wish to get it updated to the current 6.0.6 release.
The normal upgrade procedure is doing it setp-by-step and it should work.
For me it worked only partially, I had to make some special steps to get a fully working upgrade across these versions.
The full details can be read here:
http://www.liferay.com/de/community/forums/-/message_boards/view_message/11773827#_19_message_11784521
Any yes, Liferay 6 rocks
Wednesday, December 21, 2011
Thursday, December 1, 2011
Using free variables in nagios/icinga for snmp community settings
With icinga you can monitor your it environment. It's a fork of the well known nagios monitoring solution.
It's a dropin replacement of nagios with some good extensions/enhancements.
One of the pains to monitor services via SNMP is, that you usually have different SNMP communities per server. The simplest way is to define one service per service+host and there define the snmp community.
But after a your IT environment expands you will get many many service definition, all identical with the exception of the snmp community.
There is a simple way out of this: Use custom object variables
The original documentation can be found here.
The documentation is somewhat short, so here a complete example:
The second trick is used when referring to the defined variable: Icinga/Nagios do prefix the variable name you defined with _HOST / _SERVICE or _CONTACT, depending on the place where the variable was specified.
The last trick is, that the leading _ of your variable definition is removed before the final name is built in the evaluation.
Example of such a command definition
define command {
command_name check_snmp_disk_group
command_line $USER1$/check_snmp_storage.pl -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -w $ARG1$ -c $ARG2$ -m $ARG3$ -r -T pl -f
register 1
}
The corresponding host definition has then to be similar to this:
A great tool to manage your icinga/nagios configuration is NagiosQL.
It's a dropin replacement of nagios with some good extensions/enhancements.
One of the pains to monitor services via SNMP is, that you usually have different SNMP communities per server. The simplest way is to define one service per service+host and there define the snmp community.
But after a your IT environment expands you will get many many service definition, all identical with the exception of the snmp community.
There is a simple way out of this: Use custom object variables
The original documentation can be found here.
The documentation is somewhat short, so here a complete example:
- On the host configuration, define a variable named _SNMP_COMMUNITY and assign it the value for the specified host.
- In the check command, specify the $_HOSTSNMP_COMMUNITY$ as the parameter for your command.
The second trick is used when referring to the defined variable: Icinga/Nagios do prefix the variable name you defined with _HOST / _SERVICE or _CONTACT, depending on the place where the variable was specified.
The last trick is, that the leading _ of your variable definition is removed before the final name is built in the evaluation.
Example of such a command definition
define command {
command_name check_snmp_disk_group
command_line $USER1$/check_snmp_storage.pl -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -w $ARG1$ -c $ARG2$ -m $ARG3$ -r -T pl -f
register 1
}
The corresponding host definition has then to be similar to this:
define host {
host_name servername
alias serveralias
address ipaddress
_SNMP_COMMUNITY mysnmppassword
register 1
}
host_name servername
alias serveralias
address ipaddress
_SNMP_COMMUNITY mysnmppassword
register 1
}
A great tool to manage your icinga/nagios configuration is NagiosQL.
Tuesday, November 15, 2011
Running windows 2008 r2 adprep on a server in a different language
When you have a older active directory system, for example based on a Windows 2003 or Windows 2008 server, you have to upgrade the ads schema by running adprep.exe
The adprep.exe tool is found on the windwos 2008r2 DVD in the support\adprep directory.
You can copy over the whole content of the directory (including subdirectories) to your ads master server.
If the "old" server is running a 32-bit windows, then you can start adprep32.exe instead of adprep.exe.
Now adprep.exe should tell you something about "At least windows 2000 sp4 required"
If you don't get any messages from adprep, then the languages of the windows 2008r2 dvd and your old ads server do not match.
It might be tempting to just type "c" for continue, it will then do some of the work, but unfortunally not everything you need.
adprep does write a logfile, which can be found in C:\windows\debug\adprep (or C:\windows\system32\debug\adprep for a 32-bit system)
You will see error like
There is a syntax error in the input file
Failed on line 169. The last token starts with 's'.
An error has occurred in the program
The reason for this is, that there are some strings missing for the adprep utility.
To get it working correctly, you have to rename the language subdirectory to match the servers language. (Chaning it in the control panel is not enough)
For example if your new server is running german, then the subdirectory is called de-de.
If the old server for example is installed in english, you have to rename the de-de directory to en-us.
Now you can again run adprep, you will receive the prompts in the original language from the dvd, but everything will process as expected.
The adprep.exe tool is found on the windwos 2008r2 DVD in the support\adprep directory.
You can copy over the whole content of the directory (including subdirectories) to your ads master server.
If the "old" server is running a 32-bit windows, then you can start adprep32.exe instead of adprep.exe.
Now adprep.exe should tell you something about "At least windows 2000 sp4 required"
If you don't get any messages from adprep, then the languages of the windows 2008r2 dvd and your old ads server do not match.
It might be tempting to just type "c" for continue, it will then do some of the work, but unfortunally not everything you need.
adprep does write a logfile, which can be found in C:\windows\debug\adprep (or C:\windows\system32\debug\adprep for a 32-bit system)
You will see error like
There is a syntax error in the input file
Failed on line 169. The last token starts with 's'.
An error has occurred in the program
The reason for this is, that there are some strings missing for the adprep utility.
To get it working correctly, you have to rename the language subdirectory to match the servers language. (Chaning it in the control panel is not enough)
For example if your new server is running german, then the subdirectory is called de-de.
If the old server for example is installed in english, you have to rename the de-de directory to en-us.
Now you can again run adprep, you will receive the prompts in the original language from the dvd, but everything will process as expected.
Wednesday, November 2, 2011
Using FTPS with the commons jakarta net library
Using FTPS via the jakarta commons library is not that complicated.
But it has a few things to know:
The correct sequence is this:
If you skip the execPBSZ or execPROT calls, then your ftps server will probably deny access to you.
If you receive strange errors like:
or
Then you (or your pfts server) are probably behind a checkpoint firewall.
There is nothing you can do, just talk with the firewall admin and tell him to fix the "FTP Bounce" attack.
He will see this in the logs:
Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)
Here is the option to disable this on a checkpoint firewall:
But it has a few things to know:
The correct sequence is this:
FTPClient.connect("YourServer");
FTPClient.execPBSZ(0);
FTPClient.execPROT("P");
FTPClient.login("YourUserName","YourPassword");
If you skip the execPBSZ or execPROT calls, then your ftps server will probably deny access to you.
If you receive strange errors like:
java.io.IOException: DerValue.getOctetString, not an Octet String 10
or
Caused by: java.security.cert.CertificateParsingException: java.io.IOException:
DerValue.getOctetString, not an Octet String: 10
at sun.security.x509.X509CertInfo.(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown S
ource)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Sou
rce)
... 16 more
Caused by: java.io.IOException: DerValue.getOctetString, not an Octet String: 10
at sun.security.util.DerValue.getOctetString(Unknown Source)
at sun.security.x509.Extension.(Unknown Source)
at sun.security.x509.CertificateExtensions.init(Unknown Source)
at sun.security.x509.CertificateExtensions.(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
Then you (or your pfts server) are probably behind a checkpoint firewall.
There is nothing you can do, just talk with the firewall admin and tell him to fix the "FTP Bounce" attack.
He will see this in the logs:
Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)
Here is the option to disable this on a checkpoint firewall:
Monday, October 17, 2011
Building Thunderbird 3.1.15 for Ubuntu 11.10
If (for whatever reasons) you with to continue to use Thunderbird 3.1.x on Ubuntu 11.10, then you will have to build it yourself.
You can follow this guide, with a few exceptions:
Use the latest thunderbird 3.1.x (For example 3.1.15)
Then, when building it directly you will receive a few errors:
1. Patching os2.cc
2. Add GC 4.6 backward compatibility option in your mozconf file:
export CXXFLAGS="-fpermissive"
3. Patch the makefile to use correct linking order
After these changes you should be able to build thunderbird 3.1.x under Ubuntu 11.10
You can follow this guide, with a few exceptions:
Use the latest thunderbird 3.1.x (For example 3.1.15)
Then, when building it directly you will receive a few errors:
1. Patching os2.cc
--- a/gfx/ots/src/os2.cc+++ b/gfx/ots/src/os2.cc@@ -1,12 +1,14 @@ // Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include + #include "os2.h" #include "head.h" // OS/2 - OS/2 and Windows Metrics namespace ots {2. Add GC 4.6 backward compatibility option in your mozconf file:
export CXXFLAGS="-fpermissive"
3. Patch the makefile to use correct linking order
+--- a/mail/app/Makefile.in ++++ b/mail/app/Makefile.in +@@ -127,6 +127,8 @@ APP_XPCOM_LIBS = $(XPCOM_LIBS) + endif + + LIBS += \ ++ $(STATIC_EXTRA_LIBS) \ ++ $(MOZ_OTS_LIBS) \ + $(STATIC_COMPONENTS_LINKER_PATH) \ + $(MOZ_JS_LIBS) \ + $(EXTRA_DSO_LIBS) \ +@@ -185,8 +187,6 @@ DEFINES += $(STATIC_DEFINES) + CPPSRCS += $(STATIC_CPPSRCS) + EXTRA_DSO_LIBS += $(STATIC_EXTRA_DSO_LIBS) + REQUIRES += $(STATIC_REQUIRES) +-EXTRA_LIBS += $(STATIC_EXTRA_LIBS) +-EXTRA_LIBS += $(MOZ_OTS_LIBS) + + ifndef MOZILLA_1_9_2_BRANCH +
After these changes you should be able to build thunderbird 3.1.x under Ubuntu 11.10
Friday, September 23, 2011
MS SQL Server 2008 R2 SP1 fails with error 84C4000E
Windows updates are fine, they make sure your system gets updated when needed.
Sometimes you get strange error numbers with the message that a update did fail.
Today we had a error 84C4000E when installing SP1 of SQL Express 2008R2 on a Windows 2008 Server.
Normaly google helps solving the problem, not (completely) this time:
The only reference to the error number I was able to find was:
http://social.msdn.microsoft.com/Forums/es-ES/sqlserveres/thread/05050d46-d6f9-41e4-8276-46750dabe88f
Spanish... ok, google helps translating....
So it turned down to the following issue:
The simplest thing to solve this:
During installation we had similar problems and after some talk with MS support it did turn out that a German SQL Server 2008R2 can't be installed if the user locale was no German-Germany.
So changing it to the requested locale did the trick.
Strange enough, we later on wished to enter the product key... again the same problem and after more talk with MS support, changing the locale again did the trick...
According to MS support it should also be possible to change the locale to English-US and a german SQL Server should also be "installable"...
Sometimes you get strange error numbers with the message that a update did fail.
Today we had a error 84C4000E when installing SP1 of SQL Express 2008R2 on a Windows 2008 Server.
Normaly google helps solving the problem, not (completely) this time:
The only reference to the error number I was able to find was:
http://social.msdn.microsoft.com/Forums/es-ES/sqlserveres/thread/05050d46-d6f9-41e4-8276-46750dabe88f
Spanish... ok, google helps translating....
So it turned down to the following issue:
- Your windows server is installed/configured in a language not supported by SQL 2008R2
- Such "wrong" combinations are for example German-Swiss and trying to install a German edition of SQL 2008R2 (Or aparently also some variants of spanish)
The simplest thing to solve this:
- Just change your user locale from German-Swiss to German-Germany
- Install the service pack
- Change the user locale back to what is was previously
During installation we had similar problems and after some talk with MS support it did turn out that a German SQL Server 2008R2 can't be installed if the user locale was no German-Germany.
So changing it to the requested locale did the trick.
Strange enough, we later on wished to enter the product key... again the same problem and after more talk with MS support, changing the locale again did the trick...
According to MS support it should also be possible to change the locale to English-US and a german SQL Server should also be "installable"...
Thursday, September 1, 2011
Adding more redundancy to postfix with ldap store
When using postfix with a ldap backend for storing user data is a common setup.
There exist a lot of guides on how to do this, for example:
http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-backend-and-with-dovecot-as-imap-pop3-server-on-ubuntu-karmic-koala-9.10
or
http://linuxgazette.net/124/pfeiffer.html
These are good starting points for getting your MTA up and running.
When your business grows and becomes more "mission critical" it's time to look at what you can do to provide moreprotection against system failures.
As you might have seen, in the config file you have to add these ldap host definitions:
domains_server_host =
To protect you against ldap server failures, you can simply specify multiple ldap url's
in the standard ldap syntax.
This gives then:
domains_server_host = ldap:// ldap://
You can even add more servers to the list if required.
If you use smtp authentication for mail submission, then you probably also have saslauthd configured. To benefit from the same redundancy just modify the ldap_servers line in the saslauthd.conf file too
ldap_servers: ldap:// ldap://
After reloading postfix and saslauthd the new configuration is active
There exist a lot of guides on how to do this, for example:
http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-backend-and-with-dovecot-as-imap-pop3-server-on-ubuntu-karmic-koala-9.10
or
http://linuxgazette.net/124/pfeiffer.html
These are good starting points for getting your MTA up and running.
When your business grows and becomes more "mission critical" it's time to look at what you can do to provide moreprotection against system failures.
As you might have seen, in the config file you have to add these ldap host definitions:
domains_server_host =
To protect you against ldap server failures, you can simply specify multiple ldap url's
in the standard ldap syntax.
This gives then:
domains_server_host = ldap://
You can even add more servers to the list if required.
If you use smtp authentication for mail submission, then you probably also have saslauthd configured. To benefit from the same redundancy just modify the ldap_servers line in the saslauthd.conf file too
ldap_servers: ldap://
After reloading postfix and saslauthd the new configuration is active
Subscribe to:
Posts (Atom)