Ubuntu Static IP

 Ubuntu Static IP KB ID 0001892

Problem

Like most OSs out of the box the system is set to get it’s IP address from a DHCP server (i.e. dynamically). On the rare occasions I’m deploying Linux its to perform a specific task, so in nearly all cases I want it to have a static IP. Here is how to achieve that.

Solution : Ubuntu Static IP

Disable Cloud-Init

Since Ubuntu version 18.04, it has shipped with this enabled, you can proceed with it enabled, but the procedure is different and your efforts can be ignored, so I simply disable it. the first command sees if its running (if it yields any output, {as shown} then it is).

Remember: This procedure changes the IP address, if you are connected remotely by SSH for example, you may lose connectivity. Perform this at the console or ensure you can reconnect to the new IP address (post change).

[box]

apt-cache pkgnames | grep cloud-init
sudo nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

ENTER YOUR PASSWORD

[/box]

Paste in the following, then save and exit (CTRL+X >  Y > Enter).

[box]

network: {config: disabled}

[/box]

Then reboot the machine.

[box]

reboot

[/box]

Ubuntu Static IP Netplan

Ubuntu will apply a set of network configuration settings that are formatted as YAML. Before we create that file let’s look to find out what our network interface is called, what the current IP address and network range is, and where the default gateway (or default route) has been pointed to.

[box]

ip addr
ip route

[/box]

From the above we can see our interface is called ens33 (yours may be called something different like eth0), it has an IP address of 192.168.100.103/24 (i.e it has a netmask of 255.255.255.0), and its default gateway is 192.168.100.1 To see the current netplan we need to look in/etc/netplan as you can see (below) mines called 50-cloud-init.yaml (yours may have a slightly different name, so change to the directory and list is contents to make sure.

[box]

cd /etc/netplan
ls
sudoedit {name-of-your-netplan-file}.yaml

[/box]

Here is an idea of what your file may currently look like.

And here is one I’ve edited to include the required IP 192.168.100.20/24 and the default route (gateway) 192.168.100.1, and my local DNS servers 192.168.100.10 and 192.168.100.3.

[box]

network:
ethernets:
  ens33:
  dhcp4: no 
  addresses: 
    - 192.168.100.20/24
  routes:
    - to: default
    via: 192.168.100.1
  nameservers:
    addresses: [192.168.100.10,192.168.100.3]
Version: 2

[/box]

Save and exit the file, then apply the netplan (Note: if you are connected via SSH you may lose connectivity).

Note: For an example of setting up a bridged network see the link below.

[box]

sudo netplan apply

AT THIS POINT CHECK CONNECTIVITY

[/box]

Related Articles, References, Credits, or External Links

KVM Bridge Network

VMware – Cannot Cut, Copy, or Paste to VM’s

KB ID 0000515

Problem

Ever since ESX 4.1 this feature has been disabled and you have been unable to paste to VM, VMware say in their own documentation:

Source (Page 215 – ESX Configuration Guide ESX 4.1 vCenter Server 4.1).

To turn this feature back ON you have a few choices.

Please be aware: We are talking about copy and pasting TEXT to and from a guest VM NOT files and folders.

Solution

ESX Option 1 (Enable Copy and Paste to VM an individual Guest machine)

Using vSphere 8 or Above

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings >  Advanced > Add the following TWO attributes and values.

Add in the following two;
Attribute: isolation.tools.copy.disable, Value: false
Attribute: isolation.tools.paste.disable, Value: false

Click OK >  Power the VM back on.

Using HML5 Web Client (Enable Copy and Paste to VM)

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VM Options > Advanced  > Scroll down.

 

Edit configuration > Add configuration params;

Add in the following two parameters then click OK

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

Using Flash Web Client.

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VMware Option Tab > Advanced > Edit configuration > Add in the following;

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

 

OK > OK > Power on VM

Using VMware Client (Enable Copy and Paste to VM)

1. Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > Option Tab > Advanced > General > Configuration Parameters.

2. Select “Add Row” and add the following two options:

[box]isolation.tools.copy.disable

isolation.tools.paste.disable [/box]

Set both these values to FALSE > OK > OK > Power the VM back on again.

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 2 (Enable Copy and Paste to VM on an individual Guest machine)

1. You can also achieve the same as above by directly editing the .vmx file for the virtual machine, Add the following two values as shown below:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 3 (Enable Copy and Paste on the ESX host for all the VM’s on that host)

Note: This procedure will be removed/reset after an ESX upgrade. (You will need to carry out this procedure again post upgrade).

1. Connect to your ESX server, either directly on the console, or via SSH. and execute the following command:

[box]vi /etc/vmware/config[/box]

 

2. Press i to insert text and paste in the following two lines:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Press Escape > then type :wq to save the changes.

Additional Steps for Linux / Ubuntu to allow Copy and Paste to VM

1. Assuming you have the VMware tools installed in your Linux guest VM, if not execute the following command:

[box]sudo apt-get install open-vm-toolbox[/box]

To enable copy paste on the guest execute the following command:

[box]vmware-toolbox &[/box]

One the VMware tools properties page pops up you will be able to copy and paste.

Enabling Copy and Paste in VMware Workstation

Out of the box, this functionality is switched on. However if you lose it then open the virtual machines settings > Options tab > Guest Isolation > Enable the Copy and paste option.

Related Articles, References, Credits, or External Links

NA

Ubuntu: Setting Up a WordPress Website with LEMP – Part 1

KB ID 0001318 

Problem

At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the better performance of nginx (I know I called it EnginX above but LNMP stack doesn’t sound so good, and nginx is ‘pronounced ‘engine x’).

So the following series of articles will be how to install nginx, MariaDB, PHP and WordPress.

Solution

Installing Linux

You have essentially two choices, do what most people do and go to a hosting company and rent a VPS, (virtual private server) for a monthly fee. Then when you set it up you can select what flavour of Linux you require, press go, and by the time you have had a coffee, they will have emailed you the IP and logon details, and Linux is already installed for you. You can of course install linux on your own server, and as long as you can make it publicly available use that.

The main difference is, if your hosting company build it for you, the root user will be enabled and you will connect with the root user and password. If you build your own server you will connect with user account and root will be disabled. If you know nothing about Linux that means to execute any system level commands you need to prefix them with ‘sudo’ (or type su and enter the root password). If you are logged in as root and use sudo it does not make any difference so I will prefix all the commands I use below with sudo to make things easier, just remember the first time you use sudo it will ask for your password again.

Why Ubuntu? Well I use CentOS presently, but while doing research there was little information on getting nginx and PHP7 running on CentOS, but there was for Ubuntu that’s the only reason I’m switching OS.

Update The Server

It might have been built from an image, but that does not mean that the image was up to date, thankfully that’s simple to do, run the following command to see if there’s any updates.

[box]sudo apt update[/box]

In my example theres two updates, I can upgrade to them with the following command, (you may be asked to answer ‘y’ for yes);

[box]sudo apt upgrade[/box]

Change the Linux SSH Port

Note: If you built the server, you may need to install openssh server.

[box]sudo apt-get install openssh-server[/box]

I’ve had servers compromised in the past so let’s start with some basic security, I always change the default SSH port, in this example I’ll use 2223 (instead of the default SSH port of 22).

Edit the SSH config file;

[box]sudo nano /etc/ssh/sshd_config[/box]

Uncomment and change the Port number to something other than 22, (make it above 1024 to be on the safe side, I’m using 2223).

Note: If you built your own server, and you are allowing root access to SSH you may want to see the following article;

Ubuntu: Allow SSH access for ‘root’ user

Don’t forget to restart the service;

[box]sudo service ssh restart[/box]

Protect Your Web Server With a Firewall

Traditionally Linux uses iptables, (or FirewallD for CentOS.) I like iptables, because like all things Linux I worked out how to set it up, and wrote it down. Ubuntu has a ‘front-end’ to iptables thats still command driven, it’s called UFW (uncomplicated firewall). Which I didn’t want to learn about because I use iptables! But in all honestly UFW is so simple it’s painfully easy.

I want to allow TCP 80 (http), TCP 443 (https), and TCP 2223 (for my SSH server). And that’s it, block everything else incoming, allow the server to speak out, and secure the server.

Run the following commands;

[box]

sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 2223/tcp

[/box]

Then enable the firewall, and set it so that it starts when the server reboots, you can also check its status for peace of mind;

[box]

sudo ufw enable
sudo ufw status

[/box]

Install and Configure MariaDB

Like most things Linux, installing MariaDB is simple, run the following command;

[box]sudo apt install mariadb-server mariadb-client[/box]

Then make sure it’s up and running;

[box]systemctl status mysql[/box]

Note: If it looks like it’s frozen, press Ctrl+C to get the cursor back

Set MariaDB to start when the server restarts;

[box]systemctl enable mariadb[/box]

Secure MariaDB: At the moment MariaDB will have a blank root password, (it has its own root user). So to secure it you simply run;

[box]sudo mysql_secure_installation[/box]

Note: It immediately asks for a password, (it will be blank so hit (Enter},) answer ‘Y’ to set a root password, set a fresh one (you will need it in a minute, so remember what it is!) Then accept all the defaults by just pressing {Enter}.

Create Your WordPress Database

WordPress needs a database, to get WordPress talking to MariaDB (or MySQL) you need three things;

  • A database name.
  • A username to access the database.
  • A password for that user.

So in the following example I will use;

  • Database Name: PETESDATABASE
  • Username: petesuser
  • Password: P@ssword12345

Execute the following commands one by one;

[box]

sudo mysql -u root -p
{Enter the root password you just set for MariaDB}
CREATE DATABASE PETESDATABASE;
CREATE USER 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
GRANT ALL ON PETESDATABASE.* TO 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
FLUSH PRIVILEGES;
exit

[/box]

 

In Part Two, we will install nginx and PHP.

Related Articles, References, Credits, or External Links

NA

VMware – Ubuntu Screen Resolution Problem

KB ID 0000411 

Problem

I have a guest VM on my vSphere test rig that’s running Ubuntu 10.10. That I use for testing, for a while I could not get the screen resolution above 854×480 (For wide screen or 16:9 format).

 

Solution

Note I’m assuming you already have the VMware tools installed!

1. Shut down your guest machine, open the VMware VI client and go to the settings of the guest machine. go the the hardware tab and select video card. By default it will be set to auto detect, change it to a nice high resolution, and click OK.

Note: For VMware workstation the setting is under “Display” see below.

2. Power the guest VM back on again and now you should have a better range of resolutions.

 

Related Articles, References, Credits, or External Links

NA

Ubuntu – Evolution Error MAPI_E_LOGON_FAILED

KB ID 0000375 

Problem

Seen when trying to connect the Evolution mail client to a Microsoft Exchange server (via evolution-mapi). As soon as you hit authenticate you will see the following error.

Authentication failed. MapiLogonProvider:MAPI_E_LOGON_FAILED

Solution

In my case it was a very quick fix, instead of using the DNS/Netbios name of the Exchange server put in the servers IP address.

If all else fails, and you cannot rectify the problem with the solution above. You can always setup domain authentication.

 

Related Articles, References, Credits, or External Links

NA

Ubuntu – Joining / Logging into Windows Domains

KB ID 0000384

Problem

You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.

Note: The domain controller is a Windows 2008 R2 Server.

Solution

Notes

1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).

[box]sudo apt-get install likewise-open5 sudo domainjoin-cli join domaina.com administrator sudo reboot[/box]

2. Then to allow users to logon from the Ubuntu welcome screen,

[box]sudo nano /etc/samba/lwiauthd.conf[/box]

3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.

[box]winbind use default domain = yes[/box]

4. Then reboot.

[box]sudo reboot[/box]

5. To allow sudo for the domain user(s),

[box]sudo nano /etc/sudoers[/box]

Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).

[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>

Problem 1

Error: Lsass Error [code 0x00080047]

9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.

 

This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.

FIX

Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,

[box]cat /etc/resolv.conf[/box]

Then get the domain syntax right, in my case the domain name.

[box]

[WORKS] sudo domainjoin-cli join domaina.com administrator

[WONT WORK] sudo domainjoin-cli join DOMAINA.COM administrator
[WONT WORK] sudo domainjoin-cli join domaina administrator
[WONT WORK] sudo domainjoin-cli join DOMAINA administrator

[/box]

And then it connected faultlessly.

Problem 2

Error: Lsass Error [code 0x00080047]

5 (0x5) ERROR_ACCESS_DENIED – Access is denied.

This turned out to be a variation on the problem above, If you put in the domain name in UPPER CASE you will see this error.

[box]

[WORKS] sudo domainjoin-cli join domaina.com administrator

[WONT WORK] sudo domainjoin-cli join DOMAINA.COM administrator

[/box]

If you would like to add your domain user(s) to the welcome screen click here.

Update 04/01/12

Attention:  PeteNetLive – Suggestion 

Message: Hi,

Thanks very much for you YouTube and description of joining Ubuntu to a domain.  There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account.  To do this I had to add the following line to /etc/lightdm/lightdm.conf

greeter-show-manual-login=true

I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.

Thanks again.

From: Roland Elferink

Related Articles, References, Credits, or External Links

Thanks to Roland Elferink for the update.

Original Article written 27/01/11

Ubuntu – Installing Java

KB ID 0000395 

Problem

Did you know you can install Java and Flash with the Ubuntu Restricted extras pack? click here

Im not a big fan of Java, In the past I’ve either had the wrong version, or it’s made something run like a dog, but I need it for the Cisco management stuff I need to do. (Guess what the next article is going to be 🙂 Like Adobe Flash, there seems to be a lot of different info out on the web about how to do this, so it took me a while to do something that was painfully easy in the end.

Solution

1. Click Applications > Ubuntu Software Centre > Type “java” in the search terms > Locate OpenJDK Java 6 Runtime.

2. Hit install.

3. You may be asked to authenticate, do so. My netbook is a little slow so at this point it appeared to hand for a while (Go and have a brew! It will be finished by the time you come back.

 

Related Articles, References, Credits, or External Links

Also See Ubuntu (Chrome) Installing Adobe Flash

Ubuntu – Managing Cisco Devices via Serial / Rollover Cable

KB ID 0000400 

Problem

A while back I ran though “Managing Cisco ASA devices via the ASDM with Ubuntu“, I prefer to work at command line, with a new firewall my only choice is via the console port, In a windows environment I can fire up Hyperterminal and I’m away. With Linux there a couple of things to do first.

Solution

Step 1 (Get the Serial / RS232 / COM Port working)

As pictured above, this is being done on my Acer Netbook so I don’t have a serial port. I need to use a USB to Serial converter, If your machine has a serial port then simply skip this section.

1. Plug in your serial converter and wait a few seconds, open a terminal window (Applications > Accessories > Terminal) and issue the following command,

[box]dmesg[/box]

2. Amazingly it looks like been installed with the correct driver, without any effort by me at all! Lets make sure, unplug the USB to serial converter then issue the following command,

[box]lusb[/box]

Then plug the device back in and run the same command, notice the serial port has popped onto the list.

Note: If you not as lucky as me follow the excellent advice here to install the drivers you need.

Step 2 Install and Configure Minicom

1. Open a terminal window and issue the following command,

[box]sudo apt-get install minicom[/box]

Tap in your password, then enter “Y” for yes when prompted.

4. We need to know the connection name for the USB to Serial converter, issue the following command (See mines called ttyUSB0).

[box]dmesg | grep tty[/box]

5. Now lets fire up Minicom with the following command,

[box]sudo minicom[/box]

Tap in your password again, then as requested press CTRL+A, then Z.

6. To configure the serial settings press O (that’s O for Oscar not zero).

7. Select “Serial Port Setup”.

8. Press A to set the device.

9. As we discovered (above) ours is called ttyUSB0, so change the device to /dev/ttyUSB0.

10. Press C to change the connection speed to 9600 baud, Press Q (to set 8 bits, no stop bit, and 1 parity bit. On mine this was set by default), press {enter} to exit.

11. Press F to turn off hardware flow control (Some posts will say leave it on, I generally turn if off and I’ve never seen anything break!). Press G to disable software flow control (if enabled).

12. Then Select “Save setup as..”, and give is a sensible name. (If you went back too far simply press O again to get back here).

13. Now the settings are saved you can launch them at anytime with,

[box]sudo minicom {filename}[/box]

Note: Sometimes your serial drive gets locked up but a reboot will solve the problem.

14. Here’s me connected to an ancient old catalyst switch.

15. And the baby PIX on my test network.

Note: If your keystrokes are not getting sent: From the main menu (CTRL+A then Z) Press E to turn on local echo.

 

Related Articles, References, Credits, or External Links

NA