linux:debian:start
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
linux:debian:start [2011/11/02 01:08] – mod: added ejabberd versions stybla | linux:debian:start [2022/01/27 01:52] (current) – add link to how to build Debian package stybla | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Debian ====== | ====== Debian ====== | ||
+ | |||
+ | Despite I don't favour Debian distribution too much for this and that, this page is not meant as rant. | ||
+ | It is actually quick reference for me. If you find it useful, good. If not, just move on. | ||
+ | |||
+ | If you got offended by the content, I'm sorry. | ||
+ | |||
+ | ===== Other topics ===== | ||
+ | |||
+ | * [[apt-mirror|local APT mirror]] | ||
+ | * [[automatic-installation|automatic installation of Debian]] | ||
+ | * [[build_package|Building Debian packages]] | ||
+ | |||
+ | |||
===== Quick Tips and Tricks ===== | ===== Quick Tips and Tricks ===== | ||
+ | |||
+ | |||
+ | ==== APT fingerprints ==== | ||
+ | |||
+ | Print out all and full APT key fingerprints, | ||
+ | |||
+ | < | ||
+ | apt-key adv --list-public-keys --with-fingerprint --with-colons | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== cron.hourly/ | ||
+ | |||
+ | You want some job being executed on regular basis as a part of cron.hourly/ | ||
+ | nothing happens. What the problem might be, you ask? | ||
+ | |||
+ | - make sure script has '' | ||
+ | - make sure '' | ||
+ | - make sure script name consists of allowed characters. And yes, ' | ||
+ | |||
+ | This did happen to me and I fould myself scratching on the head. Despite being close to solution(yeah, | ||
+ | through '' | ||
+ | forum post in the end, resp. re-read man page again. | ||
+ | |||
+ | |||
+ | ==== Dependency hell ==== | ||
+ | |||
+ | **NOTE:** I have no idea how '' | ||
+ | nor as suggested one. Yes, I will have to read up on '' | ||
+ | |||
+ | Just to give an example. Installation of '' | ||
+ | |||
+ | If you don't want to give in so easy, because I don't need nor plan to utilize MySQL at this host right now, you can try: | ||
+ | |||
+ | < | ||
+ | root@foo:~# apt-get install --no-install-recommends < | ||
+ | </ | ||
+ | |||
+ | This way I ended up with what I wanted and needed - '' | ||
+ | However, I didn't get away with it in case of '' | ||
+ | |||
+ | |||
+ | ==== Change '' | ||
+ | |||
+ | Of course I mean changing '' | ||
+ | **'' | ||
+ | allows you to configure more stuff, yet I haven' | ||
+ | |||
+ | So, to do the trick: | ||
+ | |||
+ | < | ||
+ | root@foo:~# update-alternatives --config pager | ||
+ | </ | ||
+ | |||
+ | and choose whatever pager you like. My choice is **'' | ||
+ | already installed. You know to do that, don't you? | ||
+ | |||
+ | I don't know where to get list of alternatives nor I looked/ | ||
+ | To get list of " | ||
+ | |||
+ | < | ||
+ | root@foo:~# ls / | ||
+ | </ | ||
+ | |||
+ | |||
==== Migrating ejabberd 2.0.x to 2.1.x ==== | ==== Migrating ejabberd 2.0.x to 2.1.x ==== | ||
- | **WARNING - still work in progress!!!** | + | **WARNING - probably a bit incomplete, but who cares years later** |
Debian 6.0 Squeeze, however I think this doesn' | Debian 6.0 Squeeze, however I think this doesn' | ||
- | Migrating from: ejabberd-2.0.5-x86_84 | + | * **Migrating from**: '' |
- | Migrating to: ejabberd-2.1.5-3+squeeze1 | + | * **Migrating to**: |
+ | I recommend to backup ''/ | ||
+ | |||
+ | < | ||
+ | root@foo:~# # backup | ||
+ | root@foo:~# cp -apr / | ||
+ | |||
+ | root@foo:~# #restore, which is just way around | ||
+ | root@foo:~# cp -apr / | ||
+ | </ | ||
+ | |||
+ | === Version 1: === | ||
* dump database at old ejabberd | * dump database at old ejabberd | ||
< | < | ||
- | ejabberdctl backup / | + | root@foo: |
</ | </ | ||
- | * move backup(eg. by SCP) to new machine, if needed | + | * move backup, configs etc. to new machine, if needed, using eg. SCP |
* change hostname, if needed or got changed, as described in [[http:// | * change hostname, if needed or got changed, as described in [[http:// | ||
* restore database as shown bellow. Skipping tables can be iterative process: | * restore database as shown bellow. Skipping tables can be iterative process: | ||
Line 38: | Line 127: | ||
root@foo:~# sh / | root@foo:~# sh / | ||
</ | </ | ||
- | * enjoy | + | * now, I would like to say "**//enjoy//**", but there was no joy. I couldn' |
+ | === Version 2: === | ||
+ | |||
+ | * dump database at old server | ||
+ | < | ||
+ | root@foo:~# ejabberctl dump / | ||
+ | </ | ||
+ | * move backup, configs etc. to new machine, if needed, using eg. SCP | ||
+ | * start ejabberd at new server | ||
+ | * restore database | ||
+ | * you may try to restore database right away by following command. However, it didn't work for me, not even after removing '' | ||
+ | * **OR** FIXME write a parser to get rid of problematic things in .dump | ||
+ | * problematic stuff is: | ||
+ | * everything related to '' | ||
+ | * '' | ||
+ | * '' | ||
+ | < | ||
+ | root@foo:~# ejabberdctl load / | ||
+ | </ | ||
+ | * hopefully enjoy! | ||
+ | |||
+ | ==== Migrating ejabberd from Jessie to Stretch ==== | ||
+ | |||
+ | Yet another round fun. My private Jabber has been off for a long time, because client decided server is no good anymore. This was due to vulnerabilities in SSL/TLS, resp. OpenSSL(?) and there seemed to be no fix for Jessie. I've ignored it, because I didn't have time and it's not that important to me anyway. Now, on the verge of migration to Stretch, I couldn' | ||
+ | |||
+ | First of all, I found out I can neither perform backup or dump of ejabberd at Jessie. Mad props to devs, because all I had to do was to move ''/ | ||
+ | |||
+ | Second of all, there was the change of format of configuration file from whatever to YAML. In theory, you can convert old cfg to YAML via '' | ||
+ | |||
+ | < | ||
+ | ejabberdctl convert_to_yaml / | ||
+ | Error: erofs | ||
+ | </ | ||
+ | |||
+ | Not exactly nice, but worry not, because it's not that hard to adjust whatever needs to be adjusted, if your configuration is simple. | ||
+ | |||
+ | Last, but not least, was the certificate. I guess that was the issue on Jessie as well, but then I didn't really spend any time on it. Anyway, once I got ejabberd up and running, I couldn' | ||
+ | |||
+ | < | ||
+ | foo@bar: | ||
+ | CONNECTED(00000003) | ||
+ | 140252860966144: | ||
+ | --- | ||
+ | no peer certificate available | ||
+ | --- | ||
+ | No client certificate CA names sent | ||
+ | --- | ||
+ | SSL handshake has read 5 bytes and written 176 bytes | ||
+ | Verification: | ||
+ | --- | ||
+ | New, (NONE), Cipher is (NONE) | ||
+ | Secure Renegotiation IS NOT supported | ||
+ | Compression: | ||
+ | Expansion: NONE | ||
+ | No ALPN negotiated | ||
+ | SSL-Session: | ||
+ | Protocol | ||
+ | Cipher | ||
+ | Session-ID: | ||
+ | Session-ID-ctx: | ||
+ | Master-Key: | ||
+ | PSK identity: None | ||
+ | PSK identity hint: None | ||
+ | SRP username: None | ||
+ | Start Time: 1512468671 | ||
+ | Timeout | ||
+ | Verify return code: 0 (ok) | ||
+ | Extended master secret: no | ||
+ | --- | ||
+ | foo@bar:~/$ openssl s_client -connect XXX:5222 -starttls xmpp | ||
+ | CONNECTED(00000003) | ||
+ | --- | ||
+ | no peer certificate available | ||
+ | --- | ||
+ | No client certificate CA names sent | ||
+ | --- | ||
+ | SSL handshake has read 295 bytes and written 126 bytes | ||
+ | Verification: | ||
+ | --- | ||
+ | New, (NONE), Cipher is (NONE) | ||
+ | Secure Renegotiation IS NOT supported | ||
+ | Compression: | ||
+ | Expansion: NONE | ||
+ | No ALPN negotiated | ||
+ | --- | ||
+ | </ | ||
+ | |||
+ | Well, at least I've found out you must(?) disable SSLv2 in the config as well. Also, that there is '' | ||
+ | |||
+ | < | ||
+ | 2017-12-05 11: | ||
+ | 2017-12-05 11: | ||
+ | </ | ||
+ | |||
+ | So, as the last ditch effort, I've generated new SSL certificate. Lo behold, the miracle! Everything works now. I wonder what the problem was. May be SSL cert generated in ~ 2013 wasn't strong enough and that's what the issue was about from the get go. Comparison of old and new one: | ||
+ | |||
+ | < | ||
+ | Signature Algorithm: md5WithRSAEncryption | ||
+ | Signature Algorithm: sha256WithRSAEncryption | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Network services being started by default ==== | ||
+ | |||
+ | Ok, this is a bit of rant I have. Still, we are cool. | ||
+ | |||
+ | I found this one quite annoying, bothering and worrying at the same time. You have your fresh install, | ||
+ | or install new network service, and everything gets started. MySQL, HTTP server, mail server etc. everything | ||
+ | is up and running. Great, but you haven' | ||
+ | is as much as secure as possible(right??? | ||
+ | services when they' | ||
+ | |||
+ | So don't forget to check your fresh installation, | ||
+ | |||
+ | < | ||
+ | root@foo:~# netstat -nlp | less | ||
+ | </ | ||
+ | ==== Postfix ==== | ||
+ | |||
+ | === Configuration files from different Postfix/ | ||
+ | |||
+ | Simply - don't. If you do, make sure you modify your " | ||
+ | configs to reflect paths in Debian, or else ... problems. :-) | ||
+ | |||
+ | |||
+ | === Trailing hash '#' | ||
+ | |||
+ | Postfix version: | ||
+ | < | ||
+ | root@foo:~# apt-cache show postfix | ||
+ | Package: postfix | ||
+ | Priority: extra | ||
+ | Section: mail | ||
+ | Installed-Size: | ||
+ | Maintainer: LaMont Jones < | ||
+ | Architecture: | ||
+ | Version: 2.7.1-1+squeeze1 | ||
+ | </ | ||
+ | |||
+ | Error in log: | ||
+ | < | ||
+ | Nov 5 10:43:29 foo postfix/ | ||
+ | Nov 5 10:43:30 foo postfix/ | ||
+ | Nov 5 10:43:30 foo postfix/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | If you look at [[http:// | ||
+ | tells you where the problem is. However, it is one of less descriptive cases of | ||
+ | error. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | Config lines to blame: | ||
+ | < | ||
+ | alias_maps = hash:/ | ||
+ | [...] | ||
+ | alias_database = hash:/ | ||
+ | </ | ||
+ | |||
+ | Strange enough this works perfectly at different host ... and with different version of Postfix. Well ... shrug :-) | ||
+ | |||
+ | |||
+ | ==== SysV init scripts are complicated ==== | ||
+ | |||
+ | I've seen something like this at linuxquestions.org in thread regarding to SysV init vs. BSD init scripts. | ||
+ | |||
+ | I, as a Slackware user, like BSD init scripts. They' | ||
+ | don't see anything complicated on SysV init scripts unless you have to write one and you didn't bother to | ||
+ | read specifications and distribution specifications as well. Management of init scripts in Debian is easy. | ||
+ | |||
+ | //" | ||
+ | And how am I supposed to know where to link which one, if I want to enable service Foo? Screw this!"// | ||
+ | |||
+ | |||
+ | Heh, just calm down and relax. **'' | ||
+ | enable/ | ||
+ | |||
+ | < | ||
+ | root@foo:~# update-rc.d lighttpd disable | ||
+ | root@foo:~# update-rc.d lighttpd enable | ||
+ | </ |
linux/debian/start.txt · Last modified: 2022/01/27 01:52 by stybla