Upgrading EOL Ubuntu versions

Upgrading older ubuntu versions is straight forward.

Just upgrade all packages

sudo aptitude update && sudo aptitude safe-upgrade

and the (after a reboot) do a 

sudo do-release-upgrade

This works fine, as long as the origin version is not EOL.
When your server is having a EOL version installed, then you must dig somewhat deeper:

You have to change the source repositories to old-releases (instead of achives as mentioned in many posts/sites)

So you do change sources.list to:

deb http://old-releases.ubuntu.com/ubuntu/ dapper main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ dapper-updates main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ dapper-security main restricted universe multiverse 

Then you can do the normal steps as mentioned above.
If the do-release-upgrade command is unknown, then you have to install it:

install update-manager-core

If by change you had the profile "ubuntu-desktop" installed, then first remove that one from your installation.

Modified /usr/lib/
python2.4/site-packages/UpdateManagerCore/DistUpgradeFetcherCore.py

#near line 28, add:
import time
# near the line 101-102, just after "tar.close()", add
    print "----- IT IS TIME NOW !-----"
 time.sleep(60)
# Note that you can adjust the time (60) by the value in seconds of your choice...
Theses lines should be like :
          tar.close()
          # Wait about 1 minute (time to modify update script)
          print "----- IT IS TIME NOW !-----"
          time.sleep(60)
          return True

# Note that you must keep the text idented

Run sudo do-release-upgrade

When the script sleeps, you have just 60 seconds to do the next step:
-- Modified /tmp/tmpXXXXXX/prerequists-sources.list and prerequists-sources.dapper.list and changed them to "old-releases" as well.

Then  wait until the script continues running and asks:

"Do you want to modify the sources list?"

Make sure you don't press enter along the way or it skips that question by assuming a "no".) It will say: "WARNING: Failed to read mirror file."

Go fix /etc/apt/sources.list back to the way it used to be now. With "us.archive" instead of "old-releases" (except for the security lines, that should just be "security.ubuntu.com".

Return to the update and say Yes.
The updater will modify /etc/apt/sources.list and replace all the dapper entries with hardy entries and continue updating using the servers.

Boot Linux Mint via PXE and NFS

Linux Mint is a linux distribution based on Ubuntu, which in turn is based on Debian.

Linux Mint does not use Unity as desktop manager, but instead uses a extended Gnome3 desktop manager with many additions, so it can be used by most peoples.

Naked Unity and Gnome3 desktops are somewhat confusing for normal and experienced users (At least this is how we did see reactions of users)

When you wish to netboot Linux Mint via PXE and NFS you need the following components:

1. A DHCP server which assigns the correct boot options
2. A TFTP server for loading the pxe environment and loading kernel and initrd
3. A NFS server to deliver the normal Mint squashfs

The setup is identical as for net booting ubuntu, you only have to make sure you specify the correct paths.
A typical pxelinux.cfg entry for mint looks like this:

LABEL Linux Mint 12 64-Bit

    kernel mint12-amd64/vmlinuz

    APPEND boot=casper netboot=nfs nfsroot=192.168.1.200:/srv/nfs/mint/12-amd64 initrd=mint12-amd64/initrd.lz --

In this case we have:
- On the tftp server we make a subdirectory called linux12-amd64
- In that directory we put the vmlinux and initrd.lz from the ISO image /casper/ directory
- On the NFS server we just expand the content of the mint iso file into /srv/nfs/mint/12-amd64

It should then work just fine

Search (and replace) Newlines in Excel

Excel is a great tool for simple and easy data management.
But sometimes there are just limitations (of the user).

For example replace all new lines (line breaks) with some other character sequences.
It can be done, you just have to know how:

1. Open the search replace dialog
2. In the search field enter CTRL+j  (It's OK, it shows nothing)
3. In the replace field enter the new sequecne (For example \n or 0x0a etc.)
4. Hit on "Replace all"

That's it, the magic is done.
Of course microsoft does not tell you this in his offline/online help (For whatever reasons)

Doing a Liferay migration from 3.6.1 to 6.0.6

Perhaps you have a older liferay installation and wish to get it updated to the current 6.0.6 release.
The normal upgrade procedure is doing it setp-by-step and it should work.

For me it worked only partially, I had to make some special steps to get a fully working upgrade across these versions.


The full details can be read here:

http://www.liferay.com/de/community/forums/-/message_boards/view_message/11773827#_19_message_11784521


Any yes, Liferay 6 rocks

Using free variables in nagios/icinga for snmp community settings

With icinga you can monitor your it environment. It's a fork of the well known nagios monitoring solution.

It's a dropin replacement of nagios with some good extensions/enhancements.

One of the pains to monitor services via SNMP is, that you usually have different SNMP communities per server. The simplest way is to define one service per service+host and there define the snmp community.

But after a your IT environment expands you will get many many service definition, all identical with the exception of the snmp community.

There is a simple way out of this: Use custom object variables
The original documentation can be found here.

The documentation is somewhat short, so here a complete example:

• On the host configuration, define a variable named _SNMP_COMMUNITY and assign it the value for the specified host.
• In the check command, specify the $_HOSTSNMP_COMMUNITY$ as the parameter for your command.

The trick is, that your variable names must always start with a underline character. (So it does not clash with other definitions).
The second trick is used when referring to the defined variable: Icinga/Nagios do prefix the variable name you defined with _HOST / _SERVICE or _CONTACT, depending on the place where the variable was specified.
The last trick is, that the leading _ of your variable definition is removed before the final name is built in the evaluation.

Example of such a command definition

define command {
        command_name check_snmp_disk_group
        command_line $USER1$/check_snmp_storage.pl -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$  -w $ARG1$ -c $ARG2$ -m $ARG3$ -r -T pl -f
        register                        1
}

The corresponding host definition has then to be similar to this:

define host {
        host_name                       servername
        alias                           serveralias
        address                         ipaddress
        _SNMP_COMMUNITY                 mysnmppassword
        register                        1
}

A great tool to manage your icinga/nagios configuration is NagiosQL.

Running windows 2008 r2 adprep on a server in a different language

When you have a older active directory system, for example based on a Windows 2003 or Windows 2008 server, you have to upgrade the ads schema by running adprep.exe

The adprep.exe tool is found on the windwos 2008r2 DVD in the support\adprep directory.
You can copy over the whole content of the directory (including subdirectories) to your ads master  server.

If the "old" server is running a 32-bit windows, then you can start adprep32.exe instead of adprep.exe.

Now adprep.exe should tell you something about "At least windows 2000 sp4 required"
If you don't get any messages from adprep, then the languages of the windows 2008r2 dvd and your old ads server do not match.

It might be tempting to just type "c" for continue, it will then do some of the work, but unfortunally not everything you need.
adprep does write a logfile, which can be found in C:\windows\debug\adprep (or C:\windows\system32\debug\adprep for a 32-bit system)
You will see error like

There is a syntax error in the input file
Failed on line 169.  The last token starts with 's'.
An error has occurred in the program

The reason for this is, that there are some strings missing for the adprep utility.
To get it working correctly, you have to rename the language subdirectory to match the servers language. (Chaning it in the control panel is not enough)
For example if your new server is running german, then the subdirectory is called de-de.
If the old server for example is installed in english, you have to rename the de-de directory to en-us.

Now you can again run adprep, you will receive the prompts in the original language from the dvd, but everything will process as expected.

Using FTPS with the commons jakarta net library

Using FTPS via the jakarta commons library is not that complicated.

But it has a few things to know:

The correct sequence is this:

FTPClient.connect("YourServer"); 
FTPClient.execPBSZ(0); 
FTPClient.execPROT("P"); 
FTPClient.login("YourUserName","YourPassword"); 

If you skip the execPBSZ or execPROT calls, then your ftps server will probably deny access to you.

If you receive strange errors like:

java.io.IOException: DerValue.getOctetString, not an Octet String 10 

or

Caused by: java.security.cert.CertificateParsingException: java.io.IOException:
DerValue.getOctetString, not an Octet String: 10
        at sun.security.x509.X509CertInfo.(Unknown Source)
        at sun.security.x509.X509CertImpl.parse(Unknown Source)
        at sun.security.x509.X509CertImpl.(Unknown Source)
        at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown S
ource)
        at java.security.cert.CertificateFactory.generateCertificate(Unknown Sou
rce)
        ... 16 more
Caused by: java.io.IOException: DerValue.getOctetString, not an Octet String: 10

        at sun.security.util.DerValue.getOctetString(Unknown Source)
        at sun.security.x509.Extension.(Unknown Source)
        at sun.security.x509.CertificateExtensions.init(Unknown Source)
        at sun.security.x509.CertificateExtensions.(Unknown Source)
        at sun.security.x509.X509CertInfo.parse(Unknown Source)

Then you (or your pfts server) are probably behind a checkpoint firewall.
There is nothing you can do, just talk with the firewall admin and tell him to fix the "FTP Bounce" attack.
He will see this in the logs:

Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)

Here is the option to disable this on a checkpoint firewall: