Sunday, March 4, 2018

OpenBSD tests: file writing and download

Part 1: File writing

512MB RAM
1 CPU vCore


mkdir -p test && cd test



# OS: OpenBSD


# Test 100: start here
  rm ../test/*
  repeat_times=100
  x=1
  while [ $x -le "$repeat_times" ]
  do
    dd if=/dev/zero of=r.$x.bin bs=1024 count=4096 2>> testLogger.log
    x=$(( $x + 1 ))
  done

  cat testLogger.log | grep secs | awk -v FS="(in|secs)" '{print $2}' >> tmpLogger.file
 
  echo 'Total time taken (in secs): '
  awk '{s+=$1} END {printf "%8.4f", s;}' tmpLogger.file

echo 'End of Test'
# Test 100: end here


###################


##################

#----

# Test 1000: start here
  rm ../test/*
  repeat_times=1000
  x=1
  while [ $x -le "$repeat_times" ]
  do
    dd if=/dev/zero of=r.$x.bin bs=1024 count=4096 2>> testLogger.log
    x=$(( $x + 1 ))
  done

  cat testLogger.log | grep secs | awk -v FS="(in|secs)" '{print $2}' >> tmpLogger.file

  echo 'Total time taken (in secs): '
  awk '{s+=$1} END {printf "%8.4f", s;}' tmpLogger.file

echo 'End of Test'
# Test 1000: end here


# OpenBSD 6.2

# Update (4 March 2018)
syspatch
reboot

#=----

Test 100: Results: (4 attempts) (OpenBSD 6.2)
3.3500
3.4260
3.1950
3.4380

Test 1000: Results: (4 attempts) (OpenBSD 6.2)
33.4410
34.5650
34.4910
33.6340



################################################

# OS: CentOS, Ubuntu, Debian

mkdir -p test && cd test

# Test 100: start here
  rm -rf ../test/*
  repeat_times=100
  x=1
  while [ $x -le "$repeat_times" ]
  do
    dd if=/dev/zero of=r.$x.bin bs=1024 count=4096 2>> testLogger.log
    x=$(( $x + 1 ))
  done

  cat testLogger.log | grep bytes | awk -v FS="(copied,|s)" '{print $3}' >> tmpLogger.file
 
  echo 'Total time taken (in secs): '
  awk '{s+=$1} END {printf "%8.4f", s;}' tmpLogger.file

echo 'End of Test'
# Test 100: end here

#######

# Test 1000: start here
  rm -rf ../test/*
  repeat_times=1000
  x=1
  while [ $x -le "$repeat_times" ]
  do
    dd if=/dev/zero of=r.$x.bin bs=1024 count=4096 2>> testLogger.log
    x=$(( $x + 1 ))
  done

  cat testLogger.log | grep bytes | awk -v FS="(copied,|s)" '{print $3}' >> tmpLogger.file
 
  echo 'Total time taken (in secs): '
  awk '{s+=$1} END {printf "%8.4f", s;}' tmpLogger.file

echo 'End of Test'
# Test 1000: end here


# CentOS 7.4

# Update (4 March 2018)
yum -y update
reboot

# Test 100: Results: (4 attempts) (CentOS 7)
2.2620
1.6376
1.5606
1.8752

# Test 1000: Results: (4 attempts) (CentOS 7)
15.8015
14.6734
14.8665
14.7682



# Ubuntu 16.04

# Update (4 March 2018)
apt update && apt -y upgrade
reboot

# Test 100: Results: (4 attempts) (Ubuntu 16)
2.2311
2.3433
1.9813
1.9542

# Test 1000: Results: (4 attempts) (Ubuntu 16)
17.7124
17.6261
16.9264
16.9259


# Debian 9

# Update (4 March 2018)
apt update && apt -y upgrade
reboot

# Test 100: Results: (4 attempts) (Debian 9)
2.2276
1.8756
2.0698
2.2601


# Test 1000: Results: (4 attempts) (Debian 9)
18.3741
17.0963
17.9382
16.4450


Part 2: Download

2 machines
512MB RAM
1 CPU vCore



download size : 4194304 (4.0M)

file created by:
dd if=/dev/zero of=filename bs=1024 count=4096

download by:
wget http://_ip_address_/filename

download from OpenBSD httpd server to CentOS client
(6 attempts)
49.2 MB/s
34.2 MB/s
36.6 MB/s
29.3 MB/s
42.9 MB/s
39.8 MB/s
Mean: 38.67 MB/s


download from CentOS Nginx server to OpenBSD client
(6 attempts)
39.3 MB/s
29.5 MB/s
25.7 MB/s
34.1 MB/s
31.6 MB/s
34.3 MB/s
Mean: 32.42 MB/s


download from OpenBSD httpd server to OpenBSD client
from A to B       from B to A
12.0 MB/s         24.0 MB/s
26.7 MB/s         31.5 MB/s
12.0 MB/s         11.8 MB/s
34.3 MB/s         26.8 MB/s
27.8 MB/s         30.7 MB/s
29.2 MB/s         28.0 MB/s
Mean: 23.67 MB/s  25.47  MB/s






Sunday, February 25, 2018

Install OpenBSD and use its httpd as fast as possible

This is an FAQ-style guide on installing OpenBSD and its httpd.

Difficulty to use this guide: beginner to intermediate.
Time spent on using this guide: around one to two hours.
Length of this guide: about 280 lines / paragraphs

Is this guide helpful?
To be helpful to you, you should be comfortable when you use the command line. (Type commands on Linux or OpenBSD)

Please back up your data before doing anything else.

httpd is the default web server of OpenBSD. OpenBSD's tradition to realize the developers' wishes causes httpd to be included in default OpenBSD installation.

Is httpd started by default? No. it is not started by default. You have to enable it first. In the file called /etc/rc.conf.local (not this: /etc/rc.conf), you should add httpd_flags= to enable it. You have just been correct that the line reads httpd_flags= with the equal sign at the end of the line. (httpd is not http.)

Let's get started by downdloading the ISO file for amd64. Most recent machines use amd64 as the CPU instruction set. So, if you use a machine bought after 2010, most probably your CPU supports amd64.

Where can we download an ISO file for amd64? The list of sites can be found here:
https://www.openbsd.org/ftp.html
If your server is in the USA, choose the sites in the USA. This makes downloading faster.
Example: My server is in Canada, hence I click the Canada link.

https://mirror.csclub.uwaterloo.ca/pub/OpenBSD/

As of 25 February 2018, the stable version is 6.2. I clicked 6.2. Then, amd64. (not arm64, which is something different) After that, get cd62.iso.

Okay, I have downloaded the ISO. I can burn a CD using the ISO file. Insert the CD into the machine and choose the CD when booting. (press Del or F2 key when booting and select CD as the first boot device)
Alternatively, as I am demonstrating, I mount the ISO file using a hosting provider's control panel.


After booting with the ISO file or CD, I should see many lines of text output in blue background. Then, I see:
Welcome to the OpenBSD/amd64 6.2 installation program.
(I)nstall, (U)grade,...

Now, press I and Enter.
Choose your keyboard layout -> Please press Enter.
System hostname? -> Press server001 and Enter
Which network interface do you wish to configure? [vio0] -> Press Enter.
IPv4 address for vio0? -> You need to consult your service provider. (xxx.xxx.xxx.xxx -> dot separated digits)
Netmask for vio0? -> You need to consult your service provider. (xxx.xxx.xxx.xxx -> dot separated digits, sometimes 255.255.255.0, sometimes 255.255.254.0 or some other answers)

IPv6 address for vio0? -> You need to consult your service provider. (xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx -> colon separated digits, with 1,2,3,4...0 and a,b,c,d,e,f)
IPv6 prefix length for vio0? [64] -> You need to consult your service provider. (This is also known as netmask.)
IPv6 default router? -> You need to consult your service provider. (The default gateway.)
Which network interface do you wish to configure? [done] -> Press Enter.
Default IPv4 route? -> You need to consult your service provider. (The gateway.)
DNS domain name? -> Press Enter
DNS nameservers? -> 8.8.8.8

Password for root account? -> randomkieow10
Password for root account? (again) -> randomkieow10
Start sshd(8) by default? -> Press Enter
Do you expect to run the X Windows System? [yes] -> Press Enter
Do you want the X Window System to be started by xenodm(1)? [no]  -> Press Enter
Setup a user? [no]  -> Press Enter

WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? [no] -> yes (set up pubkey later)

What timezone are you in? -> UTC -> Press Enter

Which disk is the root disk? [sd0]  -> Press Enter
Use (W)hole disk MBR,... [whole]  -> Press Enter
Use (A)uto layout,... [a]   -> Press Enter

Location of sets? -> http -> Press Enter
HTTP proxy URL? [none] -> Press Enter
HTTP Server? -> Press ? -> Press Enter -> Press Space bar to navigate -> I found my mirror -> I press q to quit, and press the number and Enter.
HTTP Server? [mirror.csc...ca]  -> Press Enter
Server directory? [pub/OpenBSD/6.2/amd64]  -> Press Enter
Select sets by entering a set name, a file pattern or 'all'. De-select sets by prepending a '-', e.g.: '-game*'...
Set name(s)? -> Press -game* and Enter
Set name(s)? [done]  -> Press Enter
Now, I see:
Get/Verify SHA256.sig    100% |**********...  2152   00:00
Signature Verified
...
Installing bsd ...
Location of sets? [done]  -> Press Enter
...
CONGRATULATIONS! Your OpenBSD install has been successfully completed!...

Type:
reboot
and hit Enter

Now, remove the CD or unmount the ISO file. (-> I clicked "Remove ISO" in my service provider's control panel)


That's all for installation.



login: root
Password: randomkieow10

To update the system:
Type:
syspatch

Then, press Enter.

I see:
Get/Verify syspatch62-001_tc_inv... 100% |***... 465KB  00:00
...

Now, type
reboot
and press Enter to cause the updates to take effect.

login: root
Password: randomkieow10


# It's a good idea to change the default sshd port
# to help reduce the chance of automatic attacks
vi /etc/ssh/sshd_config

#Port 22   # -> Change this line
Port 10489
#

## create a public key
ssh-keygen -t rsa -C "sshkeyname" -b 4096

## Hit Enter
Enter file in which to save the key : /root/.ssh/sshkeyname
Enter passphrase : randomieold46
Enter same passphrase again: randomieold46


ls /root/.ssh

# /root/.ssh/sshkeyname is the secret you keep
# /root/.ssh/sshkeyname.pub is what the server should contain
# in authorized_keys

cd /root/.ssh
cat sshkeyname.pub >> authorized_keys
cat authorized_keys
# I see:
ssh-rsa ...
# Then, I can copy the key with a password:

pkg_add zip

zip -e filerandom0123111.zip sshkeyname
randomuuii123123

# this is where I place the demo files
mkdir /var/www/htdocs/server121212.com

# I will download the encrypted secret later:
mv /root/.ssh/filerandom0123111.zip /var/www/htdocs/server121212.com/
ls /var/www/htdocs/server121212.com/


rcctl restart sshd




# Setting up OpenBSD httpd


echo 'httpd_flags=' >> /etc/rc.conf.local
cat /etc/rc.conf.local

cp /etc/examples/httpd.conf /etc/

vi /etc/httpd.conf

######### begin
ext_addr="*"

server "default" {
      listen on $ext_addr port 80
      root "/htdocs/server121212.com"
}

types {
      include "/usr/share/misc/mime.types"
}

######### end

Esc
:wq


# Create a sample file showing 1
echo 1 >> /var/www/htdocs/server121212.com/index.html

rcctl restart httpd

Now, you can start your web browser such as Google Chrome.
Type:
http://CopyYourIPAddressHere
Hit Enter

You should see 1.

# Getting your ssh secret key
# Use this key to connect.
# In your web browser:
http://CopyYourIPAddressHere/filerandom0123111.zip


# Back up your private secret key. Put it in a safe place.
# If you forget to back up, you will not be able to use it.


# Below is your client computer you are using
# to connect to the server.
# I am using a Linux desktop computer, not Windows:
# I installed unzip: apt install unzip # on Ubuntu, Debian

# Create destination folder
mkdir -p /home/CopyYourUserNameHere/.ssh/

unzip filerandom0123111.zip -d /home/CopyYourUserNameHere/.ssh/
# I see:
#Archive:  filerandom0123111.zip
#[filerandom0123111.zip] sshkeyname password:
randomuuii123123
Hit Enter
#  inflating: sshkeyname


# restrict the permissions
chmod 600 /home/CopyYourUserNameHere/.ssh/sshkeyname


# You connect on Linux by:

ssh -p 10489 -i '/home/CopyYourUserNameHere/.ssh/sshkeyname' \
root@CopyYourIPAddressHere


# On OpenBSD
# force people to use private secret key, not passphrase
vi /etc/ssh/sshd_config

PubkeyAuthentication yes  # remove # sign

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no


# To save this file:
Esc
:wq

# To apply the new changes:
rcctl restart sshd

# Test if passphrase authentication fails as expected (We use the secret key only)
# On your local computer:
ssh -p 10489 root@CopyYourIPAddressHere
# You should see:
Permission denied (publickey,keyboard-interactive).


# Test if you connect successfully on Linux by:

ssh -p 10489 -i '/home/CopyYourUserNameHere/.ssh/sshkeyname' \
root@CopyYourIPAddressHere

# Since I have backed up the secret elsewhere, I can remove the secret on server.

# Now remove the encrypted secret key on server
rm /var/www/htdocs/server121212.com/filerandom0123111.zip

# Now remove the private key on server
cd /root/.ssh
rm sshkeyname

# You can reboot to test if everything above works as expected:
reboot

# Just place fileA.html in /var/www/htdocs/server121212.com/
# Then, you can access it at http://CopyYourIPAddressHere/fileA.html


Saturday, August 26, 2017

A conservative general user is considering OpenBSD

Hello, I have tried different operating systems in the past ten years, Red Hat, CentOS, Ubuntu, Debian, Fedora, Apple Mac and Microsoft Windows. I would like to try something new. I would like to try OpenBSD.

What "try"? I try something to test if it suits my purpose, e.g. desktop usage including basic text editing in office software (OpenOffice / LibreOffice) as well as server usage including serving files and database connections.

I would say I am a general user because I have not participated in developing any of the operating systems. I developed some software on those operating systems in the sense of exercises or testing. Yeah, you can say that I am a conservative user. What does a conservative user do? He or she does testing most of the time before relying on some systems.

How does a conservative user test an operating system (OS)? He or she needs to know that the OS will boot correctly within a minute on a medium level personal computer, not necessarily using a very powerful central processing unit (CPU). Not everybody has a lot of money and will spend a lot of it on buying new computers and renewing computers every year, yes, I mean every year. Suppose you spent USD520 on buying a computer each year. You would have spent USD5200 on buying computers for ten years. Most computer users do not spend a lot of money all the time.

A conservative user needs to save some money for food, housing, clothes and transportation. The remaining amount could then be spent on computers. Microsoft Windows is expensive. It let me learn basic things out of the box.

Other OSes I mentioned are totally free of charge. I just needed more information or education to set up and they work very similarly. It was a workshop-like activity when I used Red Hat. The tutor gave me some practical set up advice from booting a CD to installing the OS. That means I could start installing an OS using a CD. A CD is an ancient tool where you can store some data. Some computers these days are not equipped with a CD ROM. They allow you to use USB devices to boot.

Apart from the economics a conservative user has to consider, he or she needs to think in the long run. After three years or four, will he or she be using the same computer and OS? He or she does not want to learn all over again. As technology evolves, human beings do not want to change the way they work with familiar things. People think of folders and files. They cannot think of other better ways of organizing the data. Artificial intelligence (AI) may help but not at this moment. AI needs to be trained to understand human beings.

Linux OSs _were_ quite good because they did not change very often, e.g. every 1.5 years. Now Linux OSes change every 1.5 years. The conservative user needs to test all over again to ensure that he or she can save files and can read files in addition to booting correctly. Since systemd was adopted on Linux OSes, e.g. Red Hat, CentOS, Fedora, Ubuntu and Debian, the OSes have become unreliable to the conservative user. The technical evidence includes being unable to boot and shutdown a computer correctly.

Thanks, Linux developers. I have learned to administer Linux servers and to user Linux on desktop computers.

Now technically OpenBSD does not change drastically to the point that a conservative user cannot boot a computer. Remember, "A job is running (seemingly forever)" systemd message.

The user needs to be sure that the system can boot correctly. He or she needs to consider OpenBSD. I have used OpenBSD for a few months and do not see any issues booting. I do not see any issues shutting down the machine either.

OpenBSD is the way to go. It has been a reliable system. I will continue to evaluate it because it has been reliable for a few months.

I know what I want. I want reliability. I do not want fancy features which do not work at all. Besides, OpenBSD is equipped with a better firewall than iptables on Linux OSes. The better one provides easier syntax and can reload firewall rules without halting current network connections. Everybody needs a firewall on the computer because the Internet has become a dangerous attack vector. Malicious software is so common, especially the one with a ransom note.

No one wants to be attacked. As the attack exists, the conservative user needs to do something to protect his or her data, e.g. photos taken many years ago. OpenBSD is a good choice. OpenBSD provides syspatch and pkg_add -Uu for updating software.

OpenBSD gives you good documentation. A conservative user needs to know where to look for help. Real help, I mean. Those commands not useful for fixing a problem are not real help. The documentation of OpenBSD really helped me from installing to using it as a basic computer.

A conservative user always focuses on doing basic things correctly. OpenBSD aims at correctness. I agree to the notion of correctness.


Saturday, August 19, 2017

Old admins think of systemd commands


My view echoes that of Carlos Fenollosa:

I had been riding the Linux wave for years, until I recently realized that my admin skills needed a total recycling. In a few years we've gone from /etc/init.d/sshd restart to service sshd restart to systemctl start sshd. That's a bit fast in my opinion, but I understand it's the price of progress, aimed to make computers boot faster and theoretically easier to administer for newcomers. Old admins, on the other hand, have a harder time adapting.

https://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html


The writers of the systemctl commands and other systemd commands failed to consider the impact on old admins.



When you have hundreds of old scripts without systemctl commands, and you are forced to switch to systemd, what do you think?


Hello, command writers, please think of the impact on old admins before you write. If redirecting from service sshd restart to systemctl start sshd does the trick, please always keep this command redirection.


Sunday, August 6, 2017

Public key of Google Chrome changed leading to NO_PUBKEY error

My terminal output


... Fetched 12.4 kB in 5s (2,191 B/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://dl.google.com stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6494C6D6997C215E

W: Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/Release 

W: Some index files failed to download. They have been ignored, or old ones used instead.





How to remove this warning

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -


Reference

Apt update error - “An error occurred during the signature verification” (Chrome) [duplicate]
https://askubuntu.com/questions/943146/apt-update-error-an-error-occurred-during-the-signature-verification-chrome

Wednesday, June 14, 2017

Firefox print freeze solved by iptables rules on Debian Linux

Firefox is a web browser you use to view web pages.

Try these if Firefox hangs when you press Ctrl + P to print:

# allow local connections to port 631

iptables -A INPUT -p tcp --sport 631 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -j DROP
iptables -A INPUT -p tcp --sport 631 -j DROP
iptables -A INPUT -j DROP

ip6tables -A INPUT -p tcp --dport 631 -s ::1 -d ::1 -j ACCEPT
ip6tables -A INPUT -p tcp --sport 631 -s ::1 -d ::1 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 631 -j DROP
ip6tables -A INPUT -p tcp --sport 631 -j DROP
ip6tables -A INPUT -j DROP

# save across reboot
netfilter-persistent save

iptables -L -n
ip6tables -L -n

Tuesday, January 24, 2017

A start job is running for Raise network interfaces (long time / 5 minutes)

This is January 2017. "systemd" should not be used for critical missions.

When the network was down (without electricity), I noticed:

A start job is running for Raise network interfaces (long time / 5 minutes)

In /etc/systemd/system.conf,

#default
#DefaultTimeoutStartSec=90s

#changed
DefaultTimeoutStartSec=40s

#default
#DefaultTimeoutStopSec=90s

#changed
DefaultTimeoutStopSec=40s


These settings did not work as expected. It was a long waiting time.

Thursday, June 9, 2016

Workaround: A stop / start job is running

A stop / start job is running ...

For this error, I do:


echo '' >> /etc/systemd/system.conf
echo 'DefaultTimeoutStartSec=6s' >> /etc/systemd/system.conf
echo 'DefaultTimeoutStopSec=6s' >> /etc/systemd/system.conf



systemctl reboot



This works for me.

Saturday, June 4, 2016

Print a page as a PDF file on Debian Jessie

For those people wondering how to print a page in a web browser as a PDF file successfully on Debian Jessie:

The command

aptitude install cups-core-drivers 

The following NEW packages will be installed:
avahi-daemon{a} bc{a} bind9-host{a} cups-browsed{a} cups-core-drivers cups-daemon{a} cups-filters-core-drivers{a} geoip-database{a} libavahi-core7{a} libbind9-90{a} libcupsmime1{a} libdaemon0{a} libdns100{a} libgeoip1{a} libisc95{a} libisccc90{a} libisccfg90{a} liblwres90{a} libnss-mdns{a} libqpdf13{a} poppler-utils{a} qpdf{a} ssl-cert{a} 0 packages upgraded, 23 newly installed, 0 to remove and 0 not upgraded. Need to get 4,620 kB of archives. After unpacking 13.4 MB will be used. Do you want to continue? [Y/n/?] y

An example

In Google Chrome, please see the example screenshot below after pressing Ctrl+P:

I click Save. I save the PDF file nearly immediately when the file is not too large. This is a virtual printer. It just prints to a file.

I can do something similar in Firefox.

Avoid cups-pdf in this case

In my experience on Debian Jessie, I should not use cups-pdf together with the setup above. Installation issues occur.


Friday, June 3, 2016

Go back to sysvinit while keeping systemd

Latest workaround:

Another workaround.
If I want systemd, see the workaround above.

If I want to use sysvinit, continue...

---

This is June 2016. systemd is still not for me. My current workaround:

The command

aptitude install sysvinit-core init-select

Choose sysvinit.

What does the command do?

This helps me to use sysvinit instead. I could not boot or shut down properly with systemd. For shutting down and booting correctly, I use this workaround. I will try to test if the problem ceases to exist.

Time constraint

I don't have enough time to look for systemd issues and fixes. 

Not publicized
I don't know why this command above is not publicized here: (when a user wants to go back to sysvinit)

systemd - system and service manager
https://wiki.debian.org/systemd

No obvious choice when installing Debian

There is no option to choose between systemd and sysvinit when installing Debian Jessie.  (I don't know how to do this when installing.) I can hopefully switch after installing.

Remove systemd or not

This command below will cause packages that depend on systemd to stop working:

Some packages depend on systemd. (Sigh) I will not remove systemd by

apt-get remove --purge --auto-remove systemd

as seen here:

How to remove systemd from a Debian jessie/sid installation
http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

Now, I go back to sysvinit while keeping systemd. More testing continues.