David North

A few weeks ago, the story broke that hitherto unheard of (by me, at least) Austrian hosting firm EDIS was offering free co-location of Raspberry Pis in their data centre. Since I hadn’t really found a use for mine (like almost every geek I know who bought one ‘just because’), I decided to give it a go. The plan is to use it to run Nagios to keep an eye on various machines I run back here in the UK.

This guy describes how you can make a start, and I pretty much followed his lead – install the basic Debian image from the official RPi site, then rip out everything graphical, set up an SSH server, firewall it and expand the root partition to fill the SD card. In my case, I didn’t bother shipping a USB stick in it – the 16GB SD card should be all the storage a basic monitoring installation will ever need.

The last thing to do before posting it (along with a USB cable to power it) is configure the IP addresses they gave you (you were cool enough to ask for IPv6 too, right?). I wrote /etc/network/interfaces like this:

auto eth0
allow-hotplug eth0
iface eth0 inet static
  address w
  netmask 255.255.255.0
  gateway x

iface eth0 inet6 static
  address  y
  # we're assigned a /112, but the routing is /48 based
  netmask 48
  gateway z

Obviously, replace the ws, xs, ys and zs with the settings they e-mailed you.

It’s worth noting (I had to ask EDIS to clarify this) that they don’t provide IPv4 DNS servers for you to use – go for Google public DNS or similar, with /etc/resolv.conf like this:

nameserver 8.8.8.8
nameserver 8.8.4.4

There’s not much you can do to test you’ve got the networking right, but I did boot it and check eth0 came up when a cable was plugged in, with the right IPs on it. You can also check the output of ‘sudo route -a’ to make sure the default route goes via the gateway it should.

I posted my Pi (Royal Mail’s standard air mail – cost about £2) this morning. I’ll write a follow-up when it’s arrived and running.

As if they weren’t an inefficient enough organisation to deal with in other respects, today a division of British Gas asked me to send them a remittance advice to:

CardiffC&MFinance@centrica.com

Yes, that really is an ampersand in the local part. Sufficiently unusual that trying to send to it upset my default-configured installation of Exim:

rejected RCPT <CardiffC&MFinance@centrica.com>: restricted characters in address

You can tone down the (perfectly reasonable) check for these iffy characters by exempting centrica.com from it: edit /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt and edit the domains line of the second ‘restricted characters in address’ ACL to read:

domains = !+local_domains : !centrica.com

I’d noticed for years that sending outbound e-mail from Thunderbird to my server on port 587 took far longer than it should have – about six seconds of staring at the progress bar.

Today, I was finally bored enough to work out the cause: Exim is configured to perform ident checks, which take 5 seconds to time out. Since port 587 only accepts mail from authenticated users, we can disable the ident checks for it:

rfc1413_hosts = ${if eq{$interface_port}{25}{*}{! $sender_host_address}}

If you’re running Debian, change the above in /etc/exim4/conf.d/main/02_exim4-config_options.

We‘ve been having a spot of bother with update-grub not working on our Debian Xen guests since upgrading them to squeeze.

The symptom: update-grub (as run after the installation of a new kernel package) fails because it’s ‘unable to find [a] GRUB drive for /dev/sda2 – check your device.map’. This happens using both grub-legacy and the new grub-pc package.

You’ll probably have run into this if your guests were created using xen-tools.

Skipping over the related bugs, the long and short of it seems to be:

• The way Xen pokes /dev/sda1 and /dev/sda2 (which are probably LVMs on your dom0) into your guests without a corresponding block device confuses grub
• grub used to be dumb enough to ignore the mysterious presence of ‘partitions’ with no block device and carry on anyway
• The versions in Debian Squeeze are just clever enough to be dangerous and fall over in this situation

Happily, we’ve worked out the fix. Grub is hard-coded to do the right thing in this situation if your disk devices are called ‘/dev/xvd[a-z]‘, so you need to:

1. Fix all references to ‘/dev/sda2′ to read ‘/dev/xvda’ (and /dev/sda1 to /dev/xvdb). In practice this means grub’s menu.lst and possibly your /etc/fstab if that isn’t by UUID
2. Edit the /etc/xen/guest-name file on the dom0 to rename the partitions (change the ‘root’ specifier and the lines in the ‘disk’ list)
3. Destroy (sudo xm destroy) your guest. Note that you must destroy and recreate it; rebooting won’t give Xen a chance to rename the devices.
4. Bring it up again with xm create -c config-file
5. Profit.

In no particular order…

• That Debian Squeeze will release in Q1 2011
• That I’ll discover a J2EE Servlet Container which isn’t totally horrible
• That some kind of reconciliation between the JCP and Apache will occur
• That Java 7 won’t be delayed forever
• That Python 3 will get adopted faster than PHP 5 or Java 1.5 did
• That we’ll finally see some major UK ISPs offering IPv6

Leave a comment if you can see anything I’ve missed, and we’ll check on them all at the end of the year…

Edit: As Michael points out in the comments, Oxford users can avoid the mess below by simply disabling hybrid mode.

So there I am, firing up the Advent to read my email between lectures when…

$ sudo vpn-connect oxford
vpnc-connect was built without openssl: Can't do hybrid or cert mode.

Gah? The VPN client has always worked in the past, but following the upgrade to Ubuntu Intrepid, it doesn’t. A quick search lead to a solution which can be summarised as:

$ cd /tmp
$ apt-get source vpnc
$ cd vpnc-0.5.1r275
$ $EDITOR Makefile

Uncomment the lines beginning with OPENSSL
Read this and despair for the future of open source software

$ sudo apt-get build-dep vpnc
$ dpkg-buildpkg

Wonder why it all collapses in a heap
Search and find this.

$ apt-get install libssl-dev
$ dpkg-buildpkg
$ cd ..
$ sudo dpkg -i vpnc_0.5.1r275-1ubuntu1_i386.deb

Wonder why this has changed between Hardy and Intrepid
Seriously consider going back to Windows on this machine.

Sigh.