Browsed by
Category: Linux

Ubuntu 14.04 LXC Setup with Unprivileged Containers

Ubuntu 14.04 LXC Setup with Unprivileged Containers

I have been spending a lot of time searching for alternatives to virtual machines. I do love my VMs but I hate the idea of dedicating resources (such as RAM) that never get used. There is memory ballooning but it is a trade off for the usage of other resources. Also I am crazy and obsessive about efficiency. VMs still have their place but we now have a new, awesome tool available to us: LXC.

Install

The LXC team offers us a PPA making this setup super easy. This will also handle future updates for us.

Install the software…
sudo apt-add-repository -y ppa:ubuntu-lxc/stable
sudo apt-get update
sudo apt-get install lxc

Network

Optional
You could skip this step but then you would only be able to access your containers on the same host on which they are run. There is also port forwarding (say, via iptables) but that is overly complicated for anything other than simple TCP/UDP stuff (and boring). We are going to do a bridge so that all containers can access the network and all remote hosts can access the containers as if they were physical machines on the network.

This should have been installed with LXC but just to be safe…
sudo apt-get install bridge-utils

Fire up your favorite text editor and open /etc/network/interfaces. In it add
auto lxcbr0
iface lxcbr0 inet static
 address [primary IP address]
 netmask [primary netmask]
 gateway [primary gateway]
 dns-nameservers [primary DNS server(s)]
 bridge_ports [primary network interface]

replacing everything above within and including the brackets.

Next we need to replace all lines for the primary network interface with
iface eth0 inet manual

You may have multiple network segments. Configuring this is left as an exercise for the user.

Unprivileged Containers

We could just start creating containers now. However a potential problem may arise as they will all be run as root. Theoretically this is fine because you should never be able to break out of a container but bugs happen. So we are not making ourselves more vulnerable than we need to be we will be setting up unprivileged containers to be run as our unprivileged user.

Allow our user account to use the bridge…
echo "$USER veth lxcbr0 1024" | sudo tee -a /etc/lxc/lxc-usernet

Create Upstart script…
In /etc/init/lxc-unprivileged.conf add…
description "LXC Unprivileged Containers"
author "Mike Bernson <mike@mlb.org>"

start on started lxc

script
 USERS="[user]"

 for u in $USERS; do
  cgm create all lxc$u
  cgm chown all lxc$u $(id -u $u) $(id -g $u)
  lxc-autostart -L -P /home/$u/.local/share/lxc | while read line;
  do
   set -- $line
   /usr/local/bin/startunprivlxc lxc$u $u $1
   sleep $2
  done
 done
end script

Make sure to replace [user] with your user account.

Create the container start script…
In /usr/local/bin/startunprivlxc add…
#!/bin/sh

cgm movepid all $1 $$
sudo -iH -u $2 -- lxc-start -n $3 -d

… and make it executable…
sudo chmod +x /usr/local/bin/startunprivlxc

Create our mappings and settings for our containers to use…
mkdir -p ~/.config/lxc/
echo "lxc.id_map = u 0 100000 65536" > ~/.config/lxc/default.conf
echo "lxc.id_map = g 0 100000 65536" >> ~/.config/lxc/default.conf
echo "lxc.network.type = veth" >> ~/.config/lxc/default.conf
echo "lxc.network.link = lxcbr0" >> ~/.config/lxc/default.conf

Create Contaiers

Here is where the magic happens.

lxc-create --name [name] --template download

Again with the text editor open ~/.local/share/lxc/[name]/config. In it add
lxc.start.auto = 1

Make sure to replace [name] with your container name in both commands.

These two steps will allow you to create new, unprivileged containers which autostart on boot running the distribution, release, and architecture of your choice.

Attach to Contaiers

In order to get into the console you only need a single command…
lxc-attach --name [name]

If you like you can use this to install an SSH server (do not forget to setup a new user so you are not logging in as root). You could also just log into the host and lxc-attach each time. Up to you.

More

There are many more things you can do. For example, create separate networks (say, one for public communications and another for container-to-host-to-container communications) or limit resources so one rouge container does not ruin it for the others and the host itself. A dedup‘ing filesystem (such as ZFS) would also probably get great ratios.

Research, experiment, and play with this very cool bit of engineering.

Sources

https://www.launchpad.net/~ubuntu-lxc/
https://help.ubuntu.com/lts/serverguide/network-configuration.html
https://help.ubuntu.com/lts/serverguide/lxc.html

Thanks

Mike Bernson

https://lists.linuxcontainers.org/pipermail/lxc-users/2015-January/008221.html
https://lists.linuxcontainers.org/pipermail/lxc-users/2015-January/008222.html

Compile and Install PostgreSQL 9.2.x from Source on Ubuntu 13.04 Server

Compile and Install PostgreSQL 9.2.x from Source on Ubuntu 13.04 Server

Working on a project for which I am using MySQL. As much as I love the thing it has been scaring me a little since Oracle bought them. They have pledged to keep the project open-source friendly a while back but I still worry. PostgreSQL seems like it might be a good fit for me so here are the steps I took to get it up and running from source on Ubuntu 13.04 Server.

  • Make sure our required tools are installed:


    sudo apt-get update
    sudo apt-get install zlib1g-dev libreadline6-dev gcc make

  • Download the latest source and extract:


    wget ftp://ftp.postgresql.org/pub/source/v9.2.x/postgresql-9.2.x.tar.bz2
    tar xjfv postgresql-9.2.x.tar.bz2

    Note
    I am using v9.2.4 for this example as it was the latest at the time of this writing. Simply replace x with your version number.

  • Compile and install:


    cd postgresql-9.2.x/
    ./configure
    make -j y world
    sudo make install-world

    Note
    Replace y with the number of processor cores you would like to use. This step generally does not take long so if you wanted to omit -j and its argument all together that would also work.

  • Copy start up script:


    sudo cp contrib/start-scripts/linux /etc/init.d/postgresql

  • Remove working directory:


    cd ../
    rm -rf postgresql-9.2.x/
    rm postgresql-9.2.x.tar.bz2

  • Add user:


    sudo useradd postgres

  • Create data directories:


    sudo mkdir /var/lib/postgresql/
    sudo chown postgres:postgres /var/lib/postgresql/

    Create data:


    sudo su - postgres -c "/usr/local/pgsql/bin/initdb -D /var/lib/postgresql/"

  • Create configuration directory:


    sudo mkdir /etc/postgresql/
    sudo chown postgres:postgres /etc/postgresql/

    Move configuration:


    sudo mv /var/lib/postgresql/postgresql.conf /var/lib/postgresql/pg_hba.conf /var/lib/postgresql/pg_ident.conf /etc/postgresql/

    Open postgresql.conf:


    sudo nano /etc/postgresql/postgresql.conf

    Change postgresql.conf:


    data_directory = '/var/lib/postgresql/'
    external_pid_file = '/var/run/postgresql.pid'

    Note
    These are the bare minimum changes. You will probably want to scan the file and change it to better suit your needs.

  • Open start up script:


    sudo nano /etc/init.d/postgresql

    Change start up script:


    PGDATA="/etc/postgresql/"
    PGLOG="/var/log/postgresql.log"

    Under ## EDIT FROM HERE add:


    PGGROUP=postgres
    PGPID="/var/run/postgresql.pid"

    Above su - $PGUSER -c "$DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1, under start) add:


    touch $PGPID
    chown $PGUSER:$PGGROUP $PGPID

    Under su - $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast", under stop) add:


    rm $PGPID

  • Make start up script executable:


    sudo chmod +x /etc/init.d/postgresql
    sudo update-rc.d postgresql defaults

  • Start service:


    sudo service postgresql start

  • [Optional] Make commands available to all users:


    sudo ln -s /usr/local/pgsql/bin/* /usr/local/bin/

    [Optional] Make C includes and libraries available to all users:


    sudo ln -s /usr/local/pgsql/include/* /usr/local/include/
    sudo ln -s /usr/local/pgsql/lib/* /usr/local/lib/
    sudo ldconfig

    Note
    These just make life slightly easier. If you prefer you can always just call everything by their absolute paths or put them in your $PATH.


Sources
http://www.postgresql.org/docs/current/static/installation.html
http://www.postgresql.org/docs/9.2/static/server-start.html

Compile and Install Redis 2.6.x from Source on Ubuntu 13.04 Server

Compile and Install Redis 2.6.x from Source on Ubuntu 13.04 Server

Working on a project for which I am using MySQL. As much as I love my relational databases they may not always be the best tool for the job. As such, for the first time, I am evaluating other solutions. Redis seems like it might be a good fit for me so here are the steps I took to get it up and running from source on Ubuntu 13.04 Server.

  • Make sure our required tools are installed:


    sudo apt-get update
    sudo apt-get install make gcc

  • Download the latest source and extract:


    wget http://redis.googlecode.com/files/redis-2.6.x.tar.gz
    tar xzfv redis-2.6.x.tar.gz

    Note
    I am using v2.6.14 for this example as it was the latest at the time of this writing. Simply replace x with your version number.

  • Compile and install:


    cd redis-2.6.x/
    make -j y
    sudo make install

    Note
    Replace y with the number of processor cores you would like to use. This step generally does not take long so if you wanted to omit -j and its argument all together that would also work.

  • Copy and open Redis configuration:


    sudo mkdir /etc/redis/
    sudo cp redis.conf /etc/redis/
    sudo nano /etc/redis/redis.conf

    Change the following options:


    daemonize yes
    dir /var/lib/redis/
    syslog-enabled yes
    syslog-ident redis
    syslog-facility local0

    Note
    These are the bare minimum changes. You will probably want to scan the file and change it to better suit your needs.

  • Remove working directory:


    cd ../
    rm -rf redis-2.6.x/
    rm redis-2.6.x.tar.gz

  • Add user:


    sudo useradd redis

  • Create data directories:


    sudo mkdir /var/lib/redis/
    sudo chown redis:redis /var/lib/redis/
    sudo mkdir /var/log/redis/
    sudo chown redis:redis /var/log/redis/

  • Setup start up script:


    sudo nano /etc/init.d/redis-server

    Within this file add the following and save/close:


    #! /bin/sh

    ### BEGIN INIT INFO
    # Provides: redis-server
    # Required-Start: $syslog $remote_fs
    # Required-Stop: $syslog $remote_fs
    # Should-Start: $local_fs
    # Should-Stop: $local_fs
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: redis-server - Persistent key-value db
    # Description: redis-server - Persistent key-value db
    ### END INIT INFO

    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    DAEMON=/usr/local/bin/redis-server
    DAEMON_ARGS=/etc/redis/redis.conf
    NAME=redis-server
    DESC=redis-server
    PIDFILE=/var/run/redis.pid

    test -x $DAEMON || exit 0

    set -e

    case "$1" in
    start)
    echo -n "Starting $DESC: "

    touch $PIDFILE
    chown redis:redis $PIDFILE

    if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
    then
    echo "$NAME."
    else
    echo "failed"
    fi

    ;;

    stop)
    echo -n "Stopping $DESC: "

    if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
    then
    echo "$NAME."
    else
    echo "failed"
    fi

    rm -f $PIDFILE

    ;;

    restart|force-reload)
    ${0} stop
    ${0} start

    ;;

    status)
    echo -n "$DESC is "

    if start-stop-daemon --stop --quiet --signal 0 --name ${NAME} --pidfile ${PIDFILE}
    then
    echo "running"
    else
    echo "not running"

    exit 1
    fi

    ;;

    *)
    echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2

    exit 1

    ;;
    esac

    exit 0

    Make script executable:


    sudo chmod +x /etc/init.d/redis-server
    sudo update-rc.d redis-server defaults

  • Start the server:


    sudo service redis-server start


Notes

  • I have not experimented with this on a 32-bit machine but I doubt it would be very useful for anything other than seeing what is what. If you are going to use this in anything remotely resembling a production environment I would use a 64-bit machine without question.
  • I disabled snapshotting for my tests as I will not need it. If you end up using it– such as in the default configuration– you might want to add vm.overcommit_memory = 1 to /etc/sysctl.conf.
Encrypted Linux Mint 13 and Linux Mint 14 Install

Encrypted Linux Mint 13 and Linux Mint 14 Install

As an updated version of my previous article, here are the steps I took to get an encrypted Linux Mint 14 install. This article should also be used for Linux Mint 13 as I discovered some very minor issues with the old method (seriously, they were so minor I would not bother reinstalling if you were not already planning to).

So, zzzoooooommm:

  • Boot into any Linux Mint 13 or Linux Mint 14 installation disc.
  • Setup our storage:
    • In a terminal install and load the required tools: sudo apt-get install -y cryptsetup lvm2 && sudo modprobe dm-crypt
    • In a terminal partition sda: ( echo "o" ; echo "n" ; echo "p" ; echo "1" ; echo "" ; echo "+256M" ; echo "n" ; echo "p" ; echo "2" ; echo ""; echo ""; echo "w" ) | sudo fdisk /dev/sda
      • Some might call a 256MB /boot partition a bit excessive. Storage is cheap so it does not bother me too much but you could go down to ~64MB or so. Resizing an encrypted partition is not as easy as resizing an unencrypted one so if you are unsure ~128MB might be a better minimum.
      • This will wipe all of sda.
    • [Optional] In a terminal, if you are very paranoid, fill your encrypted partition with random garbage using one of these:
      • Much faster: sudo dd if=/dev/urandom of=/dev/sda2 bs=1M
      • More secure: sudo shred /dev/sda2
    • In a terminal create an encrypted LUKS device: sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/sda2
    • In a terminal open the encrypted device: sudo cryptsetup luksOpen /dev/sda2 system
      If you would like to do multiple installations you can replace system with virtually any name you like so long as you replace it with the same name throughout this article. I suggest you use the inteded hostname either way.
    • In a terminal create your encrypted logical volumes: sudo vgcreate system /dev/mapper/system && sudo lvcreate -n root -l 100%FREE system
    • In a terminal format the partitions: sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system-root
      • I always like to specify -m 0 for both filesystems (turns off the reserved blocks percentage). If everything explodes, for some reason, and I can not boot I can always get in with a LiveCD.
  • Install Linux Mint 14:
    • Open the Install Linux Mint shortcut on the desktop.
    • When asked about the the automatic partitioning select Something else.
    • Select /dev/sda1 and click the Change… button.
      • Under Use as select Ext2 file system.
      • Under Mount point select /boot.
    • Select /dev/mapper/system-root and click the Change… button.
      • Under Use as select Ext4 journaling file system.
      • Under Mount point select /.
    • Make sure /dev/sda is selected for Device for boot loader installation.
    • Click Install Now.
      • When it complains about the swap space just continue as we will do this later.
      • When it complains about the the existing partitions not being formatted just continue. We formatted them in a previous step but if you like you can do it again here to get the installer filesystem defaults.
    • [Optional] When you get to the Who are you screen check Log in automatically. Since you will need to enter a passphrase to unencrypt the disk there is no threat if the machine falls into the wrong hands (there are a lot of ninjas in my apartment). I recommend setting the user password to match the encrypted passphrase for simplicities sake.
    • When the installation is completed and you are prompted to restart select Continue Testing.
  • Ready new Linux Mint 14 installation:
    • In a terminal mount new installation: sudo mount /dev/mapper/system-root /mnt && sudo mount /dev/sda1 /mnt/boot && sudo mount -o bind /dev /mnt/dev && sudo mount -o bind /sys /mnt/sys && sudo mount -t proc proc /mnt/proc
    • In a terminal change into new installation: sudo chroot /mnt
    • In a terminal setup network resolution: echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" >> /etc/resolv.conf
    • In a terminal install and load the required tools: apt-get install -y cryptsetup lvm2
    • In a terminal setup our configuration for booting: echo "system UUID=$(ls -l /dev/disk/by-uuid | grep sda2 | cut -d ' ' -f 9) none luks" > /etc/crypttab && update-initramfs -u -k all
    • [Optional] In a terminal add swap: dd if=/dev/zero of=/swap bs=1M count=$((`free -m | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//'` * 2)) ; chown root:root /swap ; chmod 600 /swap ; mkswap /swap ; echo "/swap none swap sw 0 0" >> /etc/fstab
    • In a terminal change back to LiveCD: exit
    • In a terminal unmount new installation: sudo umount /mnt/proc ; sudo umount /mnt/sys ; sudo umount /mnt/dev ; sudo umount /mnt/boot && sudo umount /mnt
  • Reboot into your new, encrypted installation.

A few notes:

  • If you already have an installation you want to encrypt without a fresh install the steps should be very similar. You will need to setup GRUB 2 yourself as, per this article, the Linux Mint 14 installer does it for you. I have not experimented with it but it should not be too hard to figure out.
  • These instructions may very well work with other distros, too, but I have not tested that.
  • This can all probably be stuck into a script. Maybe I will some time down the road (hell, I do enough of these a month).
Compile Allegro 5.0.x on Linux Mint and Ubuntu

Compile Allegro 5.0.x on Linux Mint and Ubuntu

As a sister article to my Cross Compile Allegro 5 Programs in Linux for Windows post, here are the steps I took to get Allegro 5 installed on Linux Mint 13, Linux Mint 14, and Ubuntu 12.10:

  1. Download and extract the latest .tar.gz-compressed source.
  2. Install the required packages: sudo apt-get install -y cmake g++ freeglut3-dev libxcursor-dev libpng12-dev libjpeg-dev libfreetype6-dev libgtk2.0-dev libasound2-dev libpulse-dev libopenal-dev libflac-dev libdumb1-dev libvorbis-dev libphysfs-dev
    • [Note] Would be a good idea to do a sudo apt-get update first.
  3. Create a workspace: mkdir "build" && cd "build/"
  4. Create make files: cmake "../"
    • [Note] By default cmake will want to configure make for a release shared build. If you want a debug build you will need -DCMAKE_BUILD_TYPE=Debug or -DCMAKE_BUILD_TYPE=Profile for a profiling build.
  5. Compile: make
    • [Optional] By default make will not eat up all the processing power it can. Add -j# to change this behavior, where # is the number of job you would like to have running in parallel. If you machine is more or less idle the number of processors available should not hurt anything. If you are using your machine you might want to some half that number instead.
  6. Install to respective paths: sudo make install && sudo ldconfig
    • [Optional] Recommended if you are unsure as to why this step is optional.

If you want to compile an Allegro 5 C++ application– assuming you completed all the steps above and have g++ installed– you can run g++ [source file(s)] -o [output] `pkg-config --libs allegro-5.0`. There are, of course, many more Allegro 5 add-ons (check out pkg-config --list-all | grep allegro) but I will leave using those up to you to discover on your own.

As of this writing Allegro 5 v5.0.8 was the latest version.

Update 2012.11.28
Seems I already had some things installed from some other projects so I did not notice some missing dependencies. Thanks to weapon_S and sorry about that.

Encrypted Linux Mint 13 Install

Encrypted Linux Mint 13 Install

Check out my other article instead of this one.

Unity is a nice interface which is becoming increasingly polished. As a matter of fact I have switched a number of family members over and they are loving it. It, however, is seriously flawed for “power users” like myself. For example, I often have many text editors open at once and Unity slows me way down (yes, I lived in it for at least one month to give it a fair chance, no this is not an article about why I dislike Unity for my own use).

I have since moved over to Linux Mint 13 with Mate. Since I hate the idea of having any of my data unencrypted, and Linux Mint 13 does not support it in the installer, I needed a solution. I even held off installing it on all my machines until I could ensure my useless collection of funny pictures were protected from… some… scary, funny picture-related threat.

Any way, we should get started before I start looking at those pictures for the rest of the day. I am going to assume sda here but if you want to use another disk simply substitute for that.

Here we go:

  • Boot into any Linux Mint 13 installation disc.
  • Setup our storage:
    • In a terminal install and load the required tools: sudo apt-get install -y cryptsetup lvm2 && sudo modprobe dm-crypt
    • In a terminal partition sda: ( echo "o" ; echo "n" ; echo "p" ; echo "1" ; echo "" ; echo "+256M" ; echo "n" ; echo "p" ; echo "2" ; echo ""; echo ""; echo "w" ) | sudo fdisk /dev/sda
      • Some might call a 256MB /boot partition a bit excessive. Storage is cheap so it does not bother me too much but you could down down to ~64MB or so. Resizing an encrypted partition is not as easy as resizing an unencrypted one so if you are unsure ~128MB might be a better minimum.
      • This will wipe all of sda.
    • [Optional] In a terminal, if you are very paranoid, fill your encrypted partition with random garbage using one of these:
      • Much faster: sudo dd if=/dev/urandom of=/dev/sda2 bs=1M
      • More secure: sudo shred /dev/sda2
    • In a terminal create an encrypted LUKS device: sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/sda2
    • In a terminal open the encrypted device: sudo cryptsetup luksOpen /dev/sda2 system
      If you would like to do multiple installations you can replace system with virtually any name you like so long as you replace it with the same name throughout this article.
    • In a terminal format the partitions: sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system
      • I always like to specify -m 0 for both filesystems (turns off the reserved blocks percentage). If everything explodes, for some reason, and I can not boot I can always get in with a LiveCD.
  • Install Linux Mint 13:
    • Open the Install Linux Mint shortcut on the desktop.
    • When asked about the the automatic partitioning select Something else.
    • Select /dev/sda1 and click the Change… button.
      • Under Use as select Ext2 file system.
      • Under Mount point select /boot.
    • Select /dev/mapper/system and click the Change… button.
      • Under Use as select Ext4 journaling file system.
      • Under Mount point select /.
    • Make sure /dev/sda is selected for Device for boot loader installation.
    • Click Install Now.
      • When it complains about the swap space just continue as we will do this later.
      • When it complains about the the existing partitions not being formatted just continue. We formatted them in a previous step but if you like you can do it again here to get the Linux Mint 13 filesystem defaults.
    • [Optional] When you get to the Who are you screen check Log in automatically. Since you will need to enter a passphrase to unencrypt the disk there is no threat if the machine falls into the wrong hands (there are a lot of ninjas in my apartment). I recommend setting the user password to match the encrypted passphrase for simplicities sake.
    • When the installation is completed and you are prompted to restart select Continue Testing.
  • Ready new Linux Mint 13 installation:
    • In a terminal mount new installation: sudo mount /dev/mapper/system /mnt && sudo mount /dev/sda1 /mnt/boot && sudo mount -o bind /dev /mnt/dev ; sudo mount -t proc proc /mnt/proc ; sudo mount -t sysfs sys /mnt/sys
    • In a terminal change into new installation: sudo chroot /mnt /bin/bash
    • [Optional] In a terminal update out-dated pakcages: apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove && apt-get clean
    • In a terminal install and load the required tools: apt-get install -y cryptsetup lvm2 && echo "system UUID=$(ls -l /dev/disk/by-uuid | grep $(basename /dev/sda2) | cut -d ' ' -f 10) none luks" >> /etc/crypttab && update-initramfs -u -k all
    • [Optional] In a terminal add swap: apt-get install zram-config ; dd if=/dev/zero of=/swap bs=1M count=$((`free -m | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//'` * 2)) ; chown root:root /swap ; chmod 600 /swap ; mkswap /swap ; echo "/swap none swap sw 0 0" >> /etc/fstab
      • I often only run with zRam but it is rarely a bad idea to also have a disk-backed swap.
    • In a terminal change back to LiveCD: exit
    • In a terminal unmount new installation: sudo umount /mnt/sys ; sudo umount /mnt/proc ; sudo umount /mnt/dev ; sudo umount /mnt/boot && sudo umount /mnt && sudo cryptsetup luksClose system
  • Reboot into your new, encrypted Linux Mint 13 installation.

A few notes:

  • If you already have an installation you want to encrypt without a fresh install the steps should be very similar. You will need to setup GRUB 2 yourself as, per this article, the Linux Mint 13 installer does it for you. I have not experimented with it but it should not be too hard to figure out.
  • These instructions may very well work with other distros, too, but I have not tested that.
  • This can all probably be stuck into a script. Maybe I will some time down the road (hell, I do enough of these a month).

Update 2012.09.25
I should proof read more gooder. Sorry about that.

Slow Wi-Fi Speed with Linux While on Battery Power

Slow Wi-Fi Speed with Linux While on Battery Power

I recently installed a new distro on my netbook. After using it for a few seconds I knew something was wrong with the wireless connection as it was hell’a slow. Could not figure it out at first but then I saw what I was missing: It was only slow while running on battery.

Turns out it was the power management. Whenever I went over to battery it kicked in and my ~3MB/s speeds went to ~32KB/s. Big, big drop so something must be done, right? Right.

Just create /etc/pm/power.d/wireless with:

#!/bin/sh

iwconfig wlan0 power off

Then make it executable with chmod +x /etc/pm/power.d/wireless.

This will disable wireless power management whenever the machine goes to battery power. Problem solved.

Recursively Remove .cvs/.svn/.git Directories

Recursively Remove .cvs/.svn/.git Directories

I tend to keep backups using several methods depending on the situation. Some times I run a script that invokes rsync with rolling, date-based backup. Lately I have been experimenting with compressed/dedup archives/filesystems.

One nearly constant annoyance, though, are those pesky .svn, .cvs, and .git directories. They serve a purpose, but not within my backup that already versions its data.

In order to be rid of them I just run rm -rf `find ./ -type d -name [directory to remove]`. If you wanted to, you could stick this into a script within your path:

#!/bin/bash

if [ $# == 1 ]; then
rm -rf `find ./ -type d -name $1`
else
echo "Script requires one argument."
fi

This would allow you to pass the directory you want to recursively be rid of in whatever directory you call it from. Note this script will not handle spaces in the argument but for this we do not need it.

Minimal Ubuntu 12.04 Install with Only MATE

Minimal Ubuntu 12.04 Install with Only MATE

In a previous article I talked about replacing Unity with MATE on Ubuntu 12.04. It is working out very well for me but I still feel like there is more that can be done. Too many resources are being spent for things that got left over from Unity and it is bugging me.

Minimal Ubuntu Install

First things first, we need to do a minimal install of Ubuntu. You have two options here:

  • You can use the netboot disc. When prompted later in the installation do not install any of the pre-configured setups as we will install the packages we need later.
  • You can use the alternative disc. When the disc first boots just press F4 Mode and select “Install a command-line system“.

I like the netboot option best because it downloads all the latest packages during install so there is less mess. I have also had random problems with it not being able to find some packages since Ubutnu 12.04 was released. If that happens the alternative disc works just as well and will be faster since it has all its packages on the disc. It really does not matter which you choose for our purposes.

Both support encryption and both support RAID so feel free to use those if you like. I will not be covering them or the rest of the installation in this article.

Install MATE

Since everything here requires root just do an sudo -i first. Remember to log out of root (Ctrl-D) before starting MATE. Would be a good idea to do an apt-get update && apt-get upgrade before, too.

First we need to add the MATE repositories. Using nano add the following to /etc/apt/sources.list:

deb http://packages.mate-desktop.org/repo/ubuntu precise main
deb-src http://packages.mate-desktop.org/repo/ubuntu precise main

Next we need to install the packages (you can answer the hddtemp question however you like when it comes up):

apt-get update
apt-get install -y --force-yes mate-archive-keyring mate-desktop-environment xinit
apt-get update
reboot

Now all you need to do is login, type startx, and you are done! … sort of… if you are happy with the way things are you may now go away.

Results

You now have an fast and low-resource traditional desktop at your finger tips with the stability of Linux and all the packages Ubuntu has to offer. I am so proud of you.

On my dinky little Atom-based netbook, with MATE running, this setup eats virtually 0% CPU and ~150MB of memory. Disk usage sits at ~1.7GB which is a little higher than I would like but storage is cheap so I am not too worried about it (probably all the xinit dependencies). Boot time is in the mid-single digits and that is on a 5,400 RPM disk. I imagine a decent USB stick will be very similar but I have yet to test that.

I am very happy with all this. Of course you, dear reader, are not so you will continue reading… blood from a stone, Internet Person…

MATE Extras

As of right now your menus are looking pretty bare and your audio might not work. By virtue of what I set out to accomplish there is very little installed. Here are some packages that may prove very helpful:

apt-get install zram-config preload synaptic gparted brasero mate-media-pulse mate-settings-daemon-pulse mate-bluetooth bluez-cups cups cups-pdf system-config-printer-gnome mate-conf-editor wine libreoffice libreoffice-pdfimport firefox pidgin thunderbird xul-ext-lightning vlc gimp gimp-data-extras jockey-gtk usb-creator-gtk network-manager-gnome

I am sure you will want to install a hell of a lot more but I will leave that up to you. You may want to install less, in which case do an aptitude show [package] to see what a package does before installing.

For some reason there is no supplied way to do “nothing” when the laptop lid is closed. If you want this functionality back start up mateconf-editor, set /apps/mate-power-manager/buttons/lid_ac and /apps/mate-power-manager/buttons/lid_battery to nothing.

Auto Boot into MATE

Maybe you want to automatically boot into MATE. Maybe you are just that lazy. Maybe a white-on-black terminal killed your father and now, as a result, you are too afraid to face one… fear not, citizen! We did not install a display manager since MATE does not currently come with one but we can easily fix all that with a single command:

apt-get install slim

slim is very light weight which is why I chose it. The trade off is it does not support much besides logging you in. After installed just open /etc/slim.conf and set default_user to your username and auto_login to yes (make sure you uncomment both, of course). The MATE Wiki also recommends that you stick exec ck-launch-session mate-session in .xinitrc but everything works fine without it for me so experiment with it.

If you really, really do not want to install a display manager (like me) you could just stick startx at the bottom of .bash_profile (if it does not exist create it). This file sits in your home directory and is executed every time you log in.

Known Issues/Notes

There are a few things that are not show-stoppers for me but I want to spend some time fixing later.

  • Want to get Compiz and all those snazzy effects working. I have been experimenting with varying success. Have not gotten it to work just right yet.
  • I miss my Open With Archive Mounter from nautilus. Just either need to figure out the right package or Caja configuration (not sure which yet).
  • VLC does not inhibit screen blanking when running in full screen. This is really, really annoying to me as I use my netbook for entertainment while on long trips.
  • For some odd reason nm-applet (part of network-manager-gnome) will not start up until you comment out all references to your primary network adapter in /etc/network/interfaces and reboot. I only noticed it after I tried to connect to my wireless network so if you only have a wired connection you may not care about this.
  • Putting startx in .bash_profile may cause an issue if you log in from anywhere other than the terminal. For example, an SSH connection. Also if you need a terminal after breaking X, MATE, or something this might make it harder to fix. I am sure there is a better place to put startx but I have to look up where. For now it is probably better to just go with the display manager method above if you do not want to be bothered.

I am sure I will come across some things as I play with this some more. When I do I will update this article. Please feel free to leave any comments with any issues you find and we will see what we can do about them.

Of course, if you are not insane like me, you could have just installed Linux Mint with MATE in the first place.

Update 2012.09.06
I am not playing with this any longer since I got Linux Mint 13 encrypted up and running. It is not likely I will update this article further. The two are not exactly the same but I have little free time so something has to give.

Replacing Ubuntu 12.04 Unity with MATE

Replacing Ubuntu 12.04 Unity with MATE

I am a stubborn man. But part of that stubbornness was the result of a personal kind of evolution, not an unwillingness to change.

For example, my desktop. Microsoft, with Windows 95, gave us something great: the desktop we know and love. Trying my best to ignore Metro— for the sake of this post, at least– some of my habits have changed to fit this model but, more importantly, I have figured out how to change it best to fit my needs. There is room for improvement but I can only imagine those improvements adding new functionality, not removing old, show-stopping hurdles.

Ubuntu, in their awesome, massive growth and other-wise fantastic direction from their leadership, have decided to make a major change. They have decided to abandon our old friend for something pretty radical with Unity. Unity is, for the most part in its latest incarnation, a pretty great thing. It leaves some old hardware behind (always takes balls but some times is needed) in order to innovate and move us all forward and I have grown to like it for some tasks. For example, my parents and grandparents have flourished using it. They all love different things about it but it works for them and I am happy to use the right tool for the job.

However, although my family finds it easier with is bigger buttons and everything-merged-into-one-place design, I find it much harder to use for what I do. I would call myself a power user and, as such, I have certain requirements. Instead of going into those requirements here I will quote Linus Torvalds because I feel he summed up the meat of it pretty well:

I used to be upset when gnome developers decided it was “too complicated” for the user to remap some mouse buttons. In gnome3, the developers have apparently decided that it’s “too complicated” to actually do real work on your desktop, and have decided to make it really annoying to do.

Here’s an example of “the crazy”: you want a new terminal window. So you go to “activities” and press the “terminal” thing that you’ve made part of your normal desktop thing (but why can’t I just have it on the desktop, instead of in that insane “activities” mode?). What happens? Nothing. It brings your existing terminal to the forefront.

That’s just crazy crap. Now I need to use Shift-Control-N in an old terminal to bring up a new one. Yeah, that’s a real user experience improvement. Sure.

I’m sure there are other ways, but that’s just an example of the kind of “head up the arse” behavior of gnome3. Seriously. I have been asking other developers about gnome3, they all think it’s crazy.

I’m using Xfce. I think it’s a step down from gnome2, but it’s a huge step up from gnome3. Really.

As such I had, for a while, switched to Linux Mint like so much of my cohort. I still love Mint but there is a smaller community there and less Mint-oriented information around the web. Sure, majority of the stuff I have come across for Ubuntu also works for Mint, but I only left Ubuntu because of Unity. If I can remove that annoyance I have no reason not to move back as there is safety in numbers. After all, is that not the whole idea behind the open-source philosophy?

Let us rip that mother-loving (see, I made a funny) interface out and replace it with what was not broken in the first place, shall we?

Remember to backup anything you touch before doing this because who knows if I am secretly working for Microsoft and spreading false information to make people think Linux sucks? It could happen, people!

Open up a terminal and run these commands as root:

add-apt-repository "deb http://packages.mate-desktop.org/repo/ubuntu $(lsb_release -cs) main"
apt-get update
apt-get install -y --force-yes mate-archive-keyring
apt-get update
apt-get install mate-core
apt-get install mate-desktop-environment

These will install the necessary packages. Note that you must install mate-core and mate-desktop-environment in separates command for– what I assume is– a race-condition situation. If you do not it may work, or it may break your UI. I never really looked into why as the solution is plenty easy to implement and does not harm anything.

Next you have to change a few configuration files so Ubuntu knows where to find some things. Edit /etc/xdg/autostart/gnome-settings-daemon.desktop as root and replace the contents with

[Desktop Entry]
Type=Application
Name=Mate Settings Daemon
Exec=/usr/bin/mate-settings-daemon
OnlyShowIn=MATE;
NoDisplay=true
X-GNOME-Autostart-Phase=Initialization
X-GNOME-Autostart-Notify=true
X-GNOME-AutoRestart=true

Next edit /etc/xdg/autostart/mate-settings-daemon.desktop as root and find the line that starts with Exec=. Replace it with

Exec=/usr/bin/mate-settings-daemon --no-daemon &

Next edit /etc/X11/Xsession.d/80overlayscrollbars (you may have to create it) as root and add the line

export LIBOVERLAY_SCROLLBAR=0

If this is a well-traveled installation of Ubuntu you may also want to change the default text editor to pluma (MATE’s version of gedit) and the default file manager to caja (MATE’s version of nautilus). pluma is not such a big deal– I just hate the latest replaces for the find and find and replace functionally in gedit— but caja added some wwwaaayyy-overdo functionality like undo/redo.

I am not sure if Unity will work after this and I never tried despite it only being a few clicks away. Honestly I do not care one tiny bit. I did notice that a significant amount of memory is no longer being used so my netbook is much happier when I am pushing it a little too hard. Once I get Ubuntu running on my Slate 2 I am also betting it will appreciate the spare CPU cycles, as well.

That crack about sabotaging Linux hurt to write. I owe me an apology. :'(