Category: Documentation


Permalink 12:55:43 pm, by Greg, 163 words, 15 views   English (CA)
Categories: Servers, Documentation; Mins. worked: 0

TFTP service documentation

The tftp boot daemon on the apt server has its configuration file in the file /etc/default/tftpd-hpa.
The config file points to the filesystem location of the deliverables and a few options.

The deliverables we're using in the netboot setup are:
grub (a directory)
initrd.gz (the primordial OS that gets booted)
linux (the kernel)

The grub directory contains:
grub.cfg (the config file that provides the menuentries you see on-screen among other things)
grubnetx64.efi.signed (the boot app that actually boots the machine - AKA bootx64.efi)
theme (a directory containing pngs and the theme.txt file that arranges the pngs on the screen)
unicode.pf2 font (I think this is fall back font that can be removed, but I haven't tested the theory).

If you need to start/stop/restart the tftp daemon:
sudo systemctl start tftpd-hpa
sudo systemctl stop tftpd-hpa
sudo systemctl restart tftpd-hpa

To watch it at work, do:
sudo tail -f /var/log/syslog | grep tftpd


Permalink 01:25:27 pm, by Greg, 33 words, 34 views   English (CA)
Categories: Servers, Documentation; Mins. worked: 0

Reprepro notes

While fiddling with adding a new distro to reprepro I had cause to remove one...

  1. Remove reference to it from the $repodir/conf/distributions file

  2. sudo reprepro -Vb /path/to/name-of-your-repo --delete clearvanished
Permalink 01:21:13 pm, by Greg, 207 words, 34 views   English (CA)
Categories: Servers, Documentation; Mins. worked: 0

Setting up GPG v2 key on cli

SHA1 keys are no longer recommended so I went through the process of generating a new set of keys for use on the apt server. Here's how I did it (followed this).

  1. apt install gpgv2 package. Xenial installs v1 by default. Not sure if v2 is required, strictly-speaking.

  2. Generating keys requires a quantity of entropy which can be hard to generate on a CLI system. I apt installed the pkgs rng-tools and haveged, then ran 'sudo rngd -r /dev/urandom -W 4096' which generates enough entropy for a build. You can check the available entropy by running 'cat /proc/sys/kernel/random/entropy_avail'.

  3. Create key with 'sudo gpg2 --full-gen-key'. Answer questions. No need to add a comment. Do set an unlock password, though.

  4. Result is a barf of info including a line like 'gpg: key 3GD4831G marked as ultimately trusted'. You'll ref 3GD4831G in reprepro on the SignWith line.

  5. Export an armoured public key with 'sudo gpg2 --armor --output my_public_key.asc --export 3GD4831G'. Note that the command is gpg2 and that the key has an 'asc' suffix. I have reason to believe that armoured keys that do not use either a gpg or asc suffix will eventually be ignored on import.


Permalink 11:57:40 am, by Greg, 200 words, 84 views   English (CA)
Categories: Servers, Documentation; Mins. worked: 0

PHP upgrade issues

The new cluster runs PHP 5.6 by default, and PHP 7.1 with suPHP (instructions to follow). Testing old apps has revealed two specific issues:

  1. Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication.

  2. Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead

We aren't sure why, but you may get one or the other or both messages. It *appears* that if you fix problem #2 both problems go away, but if you only fix problem #1, you'll be left with problem #2. So, at a bare minimum, solve problem #2.

Here's how to address each problem:

  1. Log in to phpMyAdmin as the db user required by your PHP script and run the following SQL in the context of the app's DB:
    SET SESSION old_passwords=0;
    SET PASSWORD=PASSWORD('my_password');

    This has worked without further effort, but some say that you should also run:
    as the DB admin user

  2. You can either fix the problem by changing your MySQL Extension methods (mysql_*) to MySQL Improved Extension methods (mysqli_*), or the sub-optimal "ignore the deprecation" method of adding error_reporting(E_ALL ^ E_DEPRECATED); to the head of your scripts.


Permalink 04:58:27 pm, by mholmes, 333 words, 117 views   English (CA)
Categories: Servers, R & D, Activity log, Documentation, Documentation; Mins. worked: 90

Building a vector tile server

Now that Open Layers fully supports vector layers, we're looking at the practicality of running a vector tile server for our projects. Starting from this docker example, I created a script which I can run on a standard Debian Stretch install to create a working tile server:


#This is to be run on a standard Debian Stretch install.

#Install core stuff
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install apt-transport-https curl unzip build-essential python libcairo2-dev libprotobuf-dev xvfb 

#Temporarily use a specific source for the exact nodejs version we need.
echo "deb jessie main" >> /etc/apt/sources.list.d/nodejs.list
echo "deb-src jessie main" >> /etc/apt/sources.list.d/nodejs.list

#Install it.
apt-get -qq update && DEBIAN_FRONTEND=noninteractive apt-get -y --allow-unauthenticated install nodejs 

#Now remove the source.
rm /etc/apt/sources.list.d/nodejs.list
apt-get clean

#Added these in order to get the npm install to run properly. 
#The problem was building canvas.
apt-get -y install libjpeg62-turbo-dev libpango1.0-dev libgif-dev g++

#Create directory for tileserver application.
mkdir -p /usr/src/app

#Get the Klokantech code for the server.
cd /usr/src/app 
curl -L -o
cp -r tileserver-gl-master/* ./
rm -rf tileserver-gl-master

#Install the node stuff
npm install --production

#Set environment variable
echo NODE_ENV=\"production\" >> /etc/environment

#Create the folder for the mbtiles files (you'll need to supply these later).
mkdir /data

#In case other servers are installed and running, stop them.
systemctl stop apache2 mysql
systemctl disable apache2 mysql

echo "Now put your mbtiles files into the /data folder, and run /usr/src/app/"
#Start the tileserver on port 80.

This could form the basis for a VM-based tileserver for our projects, including the Confederation Debates; running a server for all of Canada is quite practical due to the efficiency of the vector format.


Permalink 09:05:19 am, by mholmes, 77 words, 75 views   English (CA)
Categories: Servers, R & D, Activity log, Activity log, Documentation, Documentation; Mins. worked: 30

Upgrading teiJenkins java

The upgrade for Jenkins on teiJenkins was being kept back, and it turned out this was because Ubuntu 14.04 has Java 7 by default. I added a PPA for Java 8, updated the alternatives (sudo update-alternatives --config java) to point to the new one, and was then able to install Java 8. Following that, the Jenkins update went ahead. I elected to keep my existing config for Jenkins rather than overwrite. It needed a reboot for Apache to find Jenkins again.

Permalink 08:33:12 am, by mholmes, 23 words, 66 views   English (CA)
Categories: Servers, R & D, Activity log, Activity log, Documentation, Documentation; Mins. worked: 20

Extended partition on

RE provided new space to double the available drive space; followed my own instructions here to extend the partition. No problems at all.


Permalink 05:02:07 pm, by mholmes, 132 words, 75 views   English (CA)
Categories: Servers, R & D, Activity log, Activity log, Documentation, Documentation; Mins. worked: 90

How to deploy a new XAR on Jettys

Today I blew up a couple of the apps and had to restart them, through doing this the wrong way. When you have a new XAR to deploy:

  1. Use Chrom*, not FF.
  2. Connect over the internal URL on :8080.
  3. Upload the new package.
  4. If it goes wrong and you see an error message, the chances are the db is now set to read-only.
  5. If that happens, try shutting down the db from the web interface. If that works, restart it from /etc/init.d/jetty. If it fails, you may need to kill all the relevant processes on Peach before restarting.

With these big XARs, we may need to consider testing an alternative process where we uninstall the old XAR and then put the new one in the autodeploy folder before restarting eXist.


Permalink 05:21:32 pm, by mholmes, 25 words, 119 views   English (CA)
Categories: Servers, R & D, Activity log, Activity log, Documentation, Documentation; Mins. worked: 30

eXist deployment: tested development branch

Tested a build of the dev branch with my script and deployment stuff locally; all good, and the bug with the java client is fixed.


Permalink 02:46:13 pm, by mholmes, 79 words, 109 views   English (CA)
Categories: Servers, R & D, Activity log, Documentation; Mins. worked: 45

Side-effects of the new site launch

URLs containing "editor" are all being redirected to the HCMC site, even though only the www/editor URLs were supposed to be; that borks our adaptiveDB projects, so I've written to pts to see if we can get it fixed. MS's two projects Bilibin and St Pete were also screwed up, being in a "projects" folder, but in that case, I've just moved the projects up one level to the hcmc/www, and we'll cope with the changed URLs.

:: Next Page >>


This blog is the location for all work involving software and hardware maintenance, updates, installs, etc., both routine and urgent, in the server room, the labs and the R&D rooms.


XML Feeds