Install an OpenVPN server and connect to it on windows

March 22, 2012 by · Comments Off on Install an OpenVPN server and connect to it on windows
Filed under: linux, security, troubleshooting 

Follow the tutorial on linode to install openvpn:
http://library.linode.com/networking/openvpn/debian-6-squeeze

Attention:
Both openvpn and dnsmasq shall be installed on the server.

And on the file /etc/openvpn/server.conf, the following line must be exist and not commented :
push “redirect-gateway def1”

By default the line is :
;push “redirect-gateway def1 bypass-dhcp”
The semi-colon should be removed, and “bypass-dhcp” should be removed too.

redirect-gateway option to configure the VPN as the default gateway (implemented on Linux and Windows only).

redirect-gateway bypass-dhcp option to add a route
allowing DHCP packets to bypass the tunnel, when the
DHCP server is non-local. Currently only implemented
on Windows clients.

Another tip: In the local directive in the begging of server.conf, ip address of your server should be configured:
local 102.83.214.229

On the client, just install OpenVPN GUI on windows, and download client.conf, ca.crt, client1.crt, client2.key to the OpenVPN/Config folder from the VPN server. The config folder is located at C:\Program Files\OpenVPN\config on my system.

And rename client.conf to vpn-server.ovpn (a mandatory step), start OpenVPN client and click connect.

Some faqs:
1.How to tell if openvpn is installed correctly on the sever.
Just run netstat -na|grep 1194 to check whether it is listening, and check whether the process is running by ps. 1194 is the listening port configured at server.conf

2.Why I cann’t telnet to the 1194?
openvpn is an UDP server by default, you can’t telnet to an UDP port.

3.How could I check if my client is connected to the server?
If the OpenVPN tray turn to green, you are connected to the server.
And you can ping the vpn server, if it replies, it is connected:
ping 10.8.0.1

4.Why I could not visit some sites on the world after connected to the openvpn server.
If your local DNS server is polluted and you are not redirect DNS lookup to VPN server, you will still not be able to open the blocked site. On the vpn server, dnsmasq must be installed, and the following exact line exist at server.conf
push “redirect-gateway def1”

5.How could check the route process to a host such as twitter from linux/windows?
on linux: traceroute twitter.com
on windows: tracert twitter.com

You can also run nslookup on windows, and host/digg on linux for debugging.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

How to install a network HP printer on Arch linux

March 16, 2012 by · Comments Off on How to install a network HP printer on Arch linux
Filed under: linux, troubleshooting 

The printer package does not work as it should be on my arch for HP laser jet P2035n. It costs me some hour to get it to work. Here’s the steps.

1). Install cups service
pacman -S cups cups-pdf hplip pyqt3 python2-pyqt
pacman -S system-config-printer-gnome
rc.d cups start

2). To add device and install hp driver:
1. Run ‘hp-setup’ as root.
2. Click ‘Show Advanced Options’ button and check-enable ‘Manual Discovery’.
3. Enter IP address 192.168.59.63 in the ‘…device ID…’ entry and click ‘Next’ to install driver.

3). run system-config-printer as root, to add printer

# system-config-printer
click “Add”, Select Device -> Network Printer -> input the IP address of the printer such as “192.168.1.3”, click “Find” -> “Process”

If you encounter the following error:
File “/usr/share/system-config-printer/newprinter.py”, line 1531, in getNetworkPrinterMakeModel
debugprint (host + “: ” + args)
TypeError: cannot concatenate ‘str’ and ‘list’ objects

You should comment out the error line at 1531 of newprinter.py, and then continue to add the printer.

4). Finally, you can run hp-check to see what problems exists for the printer.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Could not chdir to home directory /home/USER: Permission denied

March 16, 2012 by · 3 Comments
Filed under: linux, troubleshooting 

We changed the home folder to /data/home/USER.

When I ssh to our centos server. It shows error “Could not chdir to home directory /home/USER: Permission denied”, however loggin ok. I must manually run cd ~ to go to the home directory.

Googled around, and found it is caused by selinux. The solution:

To disabling selinux or change it from enforcing to permissive.
vi /etc/sysconfig/selinux
change SELINUX from enforcing to permissive: SELINUX=permissive, then reboot.

For server could not be rebooted:
#setenforce permissive

You can check if set correctly
#getenforce

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Pyramid FAQ: from the beginning to production deployment

February 12, 2012 by · 4 Comments
Filed under: python, troubleshooting 

I started to write pyramid applications 3 weeks ago, as a python and pyramid novice.  Now the application goes to production.  In the development process, many errors and problems happened to the application, although the pyramid documentation is very good, some latest changes are not included in the reference document.

I wrote down the common problems I came across ,  and the solution I chose against the problem here.

1. How to install pyramid?

For help getting Pyramid set up, try the official install guide.

Also you may be interested at my pyramid installation guide.

2. Is there a quick start?

Yes, there is. To get the feel of how a Pyramid web application is created, go to the single file tasks tutorial page on the official site.

But be careful, the single file application is just for learning. It is single threaded which is not suitable for most production deployment. And it is not good for maintenance when all content in a single file.

3. How could I create a project for production deployment?

A scaffold project could be created for production deployment. A scaffold project means a template project. You can create project from scaffold.  See the outdated official wiki tutorial for a general guide, the tutorial is for pyramid 1.2 which is different from 1.3. For current pyramid 1.3, you should read this document: Pyramid documentation 1.3 . I’ve written  A quick start for python pyramid for quick reference of pyramid project creation.

4.When I create project by the wiki tutorial of Pyramid and run paster create xxx, it shows command not found?

Paster may not be installed. And if you are using pyraid 1.3 paster is not needed any more, see official Pyramid documentation 1.3 for detail.

5. The wiki tutorial said run “paster serve development.ini” to start pyramid. But paster does not exist.

Paster serve is replaced by pserve in pyramid 1.3.

$ ../bin/pserve development.ini

6. When I run “pserve development.ini” to start pyramid by Pyramid documentation 1.3. It shows error: “pkg_resources.DistributionNotFound: waitress”.

In pyramid 1.3a7, a new dependency waitress is introduced. You can install the packed by easy_install or pip: pip install waitress

7.When I start pyramid by pserve, it allows visiting of only 1 concurrent user.

pserve is single threaded, and is for development purpose. For multithreaded production deployment, you should take one of these wsgi server.

8. Is there a simple way to deploy pyramid as multithreaded application?

Yes, you can Gunicorn to deploy pyramid as multithreaded application.

Firstly install gunicorn and eventlet:

$easy_install gunicorn eventlet

Then create file runapp.py as the following lines:

from paste.deploy import loadapp 

application = loadapp('config:production.ini', relative_to='.')

Then run the following command to start pyramid as multithreaded application:

$gunicorn --workers=2 --worker-class=eventlet --bind 127.0.0.1:80 runapp

the worker-class means to start gunicorn in async mode(multi threaded).

 

And for single threaded deployment, you can easily run Gunicorn with `pserve production.ini` if you’ve been using with Waitress. Just replace the [server:main] section within production.ini as shown in the document: http://gunicorn.org/run.html#paster-serve

http://gunicorn.org/design.html#contents

http://gunicorn.org/configure.html#worker-class

 

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

How to convert string with timezone info to date in python

February 6, 2012 by · Comments Off on How to convert string with timezone info to date in python
Filed under: python, troubleshooting 

In python, time.strftime() and time.strptime() can be used to format a date to string, and convert string to date. But it is thought buggy in the pyhon strptime() at 2.x version.

For example, if you invoke strptime(), It does not work as expected.

from datetime import datetime

dt='Sat Jan 28 12:27:31 +0800 2012';
datetime.strptime(dt,'%a %b %d %H:%M:%S %z %Y')

error shows as:  ValueError: ‘z’ is a bad directive in format ‘%a %b %d %H:%M:%S %z %Y’

Then how can we convert string with timezone information to date?For example, given a date string “Sat Jan 28 12:27:31 +0800 2012”, you need the represented date. You can take the convenient of email.utils like this on python 2.x:

import email.utils
from datetime import datetime

dt =u'Sat Jan 28 12:27:31 +0800 2012';

# parse the date string to several parts,
#  date_tz is a list: (2012, 1, 28, 12, 27, 31, 0, 1, -1, 28800)
date_tz = email.utils.parsedate_tz(dt);  

mydate=datetime(*date_tz[:6]);  # new a datetime by the first 6 elements of the list

Footnote: I checked  python 3.2, the strptime works in the first snippet. You may reference the “What’s new in python 3.2“.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Solution for nginx “504 Gateway Time-out”

January 28, 2012 by · 4 Comments
Filed under: server, troubleshooting 

When my website routes path /mybackup to pyramid application.”504 Gateway Time-out” occured. And I set  several fastcgi parameters in the nginx.conf a following:

 fastcgi_connect_timeout 300s;
 fastcgi_send_timeout 300s;
 fastcgi_read_timeout 300s;
 fastcgi_buffer_size 128k;
 fastcgi_buffers 8 128k;

But it doesn’t work. And then found that nginx was proxy_pass the path to pyramid(wsgi), so the fastcgi config does not help (it only works for fastcgi), the complete configuration is:

location /mybackup {
       send_timeout 180;
       proxy_read_timeout 120;
       proxy_connect_timeout 120;
       index  index.jsp index.html index.htm;
       proxy_pass http://127.0.0.1:8080;
       proxy_set_header  X-Real-IP  $remote_addr;
}
Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Why Load Balance not work in Hessian C# client calling to hessian service?

November 9, 2011 by · Comments Off on Why Load Balance not work in Hessian C# client calling to hessian service?
Filed under: design, java, troubleshooting 

When I was migrating our application from C# to Java, our Java service moved ahead of  the client application. The client application is in C#. And we export service through Hessian service. So we call java hessian service through C# hessian client.

But we met a big problem on load balance after the new application deployed. The load is never balanced on the C# hessian client’s request. The service is invoked through F5.

After digging into the code of C# hessian, I found the cause: C# Hessian Client uses HttpWebRequest with default properties to call java hessian service, while the default HttpWebRequest’s KeepAlive property is true. That means after the C# client connected to a load balance server, it will keep on calling the same back-end service and the request from this client will not routed to other back-end service.

So the solution is to change the default KeepAlive property in file CHessianMethodCaller.cs

HttpWebRequest req = webRequest as HttpWebRequest;

req.KeepAlive = false;  // newly added line to assure load balance work

 

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)