Linux Questions Answered

[Ototero]

Correct Vaughan.

[Bok]

vaughan, of course you could always just ssh in and check anything out from a shell. download putty on the windows box and use that to ssh to the linux machine. Simple and quick. Bok

[vaughan]

Thanks Bok, I'll try that.

I couldn't find a Linux version of RealVNC. There's one for TightVNC but it said something about compiling it which scared me off.

[Bender10]

Hi Vaughan,

I'm not sure of the version they are talking about. But It seems some version of Ubuntu has RealVNC already installed?

Here is the thread....

http://ubuntuforums.org/showthread.php?t=314697

I hope this helps.

[jay.perez]

AMDave,

Was researching info for building an application server and came across this old post from you.

Wondered if you ever got around to the application server project you talked about in your reply below.

If you did and documented it, would love to see what you came up with.

I'm a relative Newbie type but have some hardware and some time so playing around trying different things for the fun and education. Trying to come up with a design for how I should layout a system (using 2 or 3 computers if that's what makes sense) for the following:
Application server
sFTP
Firewall
Gateway
VPN
Remote Desktop
Mail server
Web server
Mixed O/S environment
Shared printers and files on M$ PC

I have successfully installed various distros and gotten the basic desktop setups to work and been able to use SAMBA to connect with my other computers. Heck, I even occasionally get the sound to work and once got my wireless laptop to connect !!!

Just loaded the Feisty Fawn release of Edubuntu which is preconfigured for sharing apps via thin-clients and pretty much works 'out-of-the-box'. Had to figure out how to get the clients to boot off PXE which was a pain on a couple of computers but it seems to be working well for the most part now.

My problem,

I suspect the server is not running some things it should be, such as a firewall program or the VPN software I'd like to mess around with. However, it probably IS running other software that I think could be moved to a different machine which might allow the app server to work better and faster. For example, it's set up as the DHCP server with 2 NICs, etc.

I imagine a future where 1 PC is doing the DHCP serving (or I set up my Linksys router to provide this again), sFTP, and other related network functions, another might be managing user authentication, VPN, Web hosting, mail hosting, etc. The better PC would be dedicated to doing primarily the application serving.

Not sure I have that right or that it's even necessary.

Looking for advice on what hardware to put in place and what functions should be assigned to each piece to optimize the system.

I have the following stuff to work with:
1.6 GHz PC w/ decent graphics card and 750 MEGs of RAM
400 GHz PC with low-end graphics card and 256 MEGs of RAM
Other low-end systems if necessary
16 Port Netgear switch
Cable modem and ISP provider
Wireless-G router with DHCP capability
Time (Work full time but stay up late tinkering)
Limited Linux knowledge
A reasonable amount of patience and determination
An understanding wife
Limited budget for new stuff (She ain't THAT understanding !)

I have not been able to find too much of this high-level design type discussion on the Web and especially have not found any images that shows these configurations in a graphical format. (What I can understand ...)

Thanks in advance for any advice you can offer or point me to.

Jay Perez
Rochester, NY

[QUOTE=AMDave;41468]Vaughan advises that the networking question is surpassed by a useage change for that box. But if anyone else has a repeat of this issue, it would be interesting to go through the above article to see if it is solved.

For the old-hats, I intend to start a new thread shortly on building a Linux application server using the kind of software you would find in a corporate data-centre.

[AMDave]

Hi Jay.

Thanks for the post.

Wondered if you ever got around to the application server project you talked about in your reply below.
If you did and documented it, would love to see what you came up with.

As a matter of fact I did get it done, several times on several distros.
It was a great learning experience and lent knowledge to my own job at the time.

As a result of that exercise I found that RHEL4/CentOS 4.4 to be the best.
The reson for this is simple, RHEL is designed for the server with oodles of well supported server-side apps.
I have not yet had the time to download RHEL5/CentOS5 but I will do at some point soon.

Although I completed my intended excercise I did decommision that server 6 months ago.
I now have a much less powerful machine running a PHP site on MySQL, just for giggles.

The purpose was to simulate something like a midrange Unix/Linux server that you maight find in a corporate environment.
However, I can tell you that I kept it simple.

I restricted access to be SSH only - nothing else.
(some FTP clients also support SFTP via SSH)
I created a local-only application user barred from remote login.
So you have to connect to the server as yourself via SSH (try a client called PuTTY) & "su" to that user.
This enables you to chop and change login users without risking affects on the application.
I set the default shell to be Korn Shell. ('cuz I like it! Flames will be summarily ignored)
I installed Sun Java in a sub folder in the application user folder set and added some useful Java libraries.
I configured Java Home for my app user to point to that Java install (for that user ID)
You can have separate application users running different Java versions and I like to keep it separate from the OS version so there's no impact from OS patches or upgrades.
Installed Tomcat 5 to run as the web application service. (Use the Apache projects web site)
Enable Apache to cache for Tomcat.
I used Dizwell's instructions to install Oracle as the RDBMS. (Google "Dizwell+Oracle" for his blog in Australia)
(NB - to do this you have to use a UID on the local screen (or via VNC) due to the Java generated dialog boxes.)
I then enhanced my DBA skills and went through the business of setting up a secure Oracle DB.
Gave the application user ID access to the database and added scripts to handle data fetch and load.
Knocked up a JSP page to run in the Tomcat Server that will display a basic report from the database.
Add scripts to archive your scripts, the database and the web-site and send the backup files to another machine.
Add things like email notification of errors and warnings and apply some monitoring scripts.
Make sure all of your services and your app user's start up scripts run on restart.
Hey presto - the basic workings of a midrange *nix Database Application server.

Ok, that's the really brief version, but you get the idea.
The layers are generally interchangeable with other offerings.
You might have some other shell instead of Korn.
You might script in python or perl.
You might have IBM Websphere instead of Tomcat.
You might have IBM DB2 or ingres or postgres etc. instead of Oracle.
You would likely have proprietary backup software for torage to a backup tape server.
etc.
But the point of this exercise was to show what the main components are and get a feel of how they fit together.
PS - IBM make available a community version of websphere and DB2 if you are that way inclined.

Just loaded the Feisty Fawn release of Edubuntu which is preconfigured for sharing apps via thin-clients and pretty much works 'out-of-the-box'. Had to figure out how to get the clients to boot off PXE which was a pain on a couple of computers but it seems to be working well for the most part now.

That's cool. I wish I had done that when I had my cpu-pharm. Long may it rest in peace. LTSP is very very cool.
One thing, I would try not to mess around with the LTSP machine too much unless you actually use that machine to put all these services on.
If you do you will have to be very carefull with your DHCP/DNS settings and your firewall or you may lock out the clients.
It can be quite difficult to debug or rollback those issues.

My problem,

I suspect the server is not running some things it should be, such as a firewall program or the VPN software I'd like to mess around with. However, it probably IS running other software that I think could be moved to a different machine which might allow the app server to work better and faster. For example, it's set up as the DHCP server with 2 NICs, etc.

I imagine a future where 1 PC is doing the DHCP serving (or I set up my Linksys router to provide this again), sFTP, and other related network functions, another might be managing user authentication, VPN, Web hosting, mail hosting, etc. The better PC would be dedicated to doing primarily the application serving.

Not sure I have that right or that it's even necessary.

Looking for advice on what hardware to put in place and what functions should be assigned to each piece to optimize the system.

I have the following stuff to work with:
1.6 GHz PC w/ decent graphics card and 750 MEGs of RAM
400 GHz PC with low-end graphics card and 256 MEGs of RAM
Other low-end systems if necessary
16 Port Netgear switch
Cable modem and ISP provider
Wireless-G router with DHCP capability
Time (Work full time but stay up late tinkering)
Limited Linux knowledge
A reasonable amount of patience and determination
An understanding wife
Limited budget for new stuff (She ain't THAT understanding !)

I have not been able to find too much of this high-level design type discussion on the Web and especially have not found any images that shows these configurations in a graphical format. (What I can understand ...)

Thanks in advance for any advice you can offer or point me to.

Jay Perez
Rochester, NY

Ahh. the good stuff. A 400 GHz PC. We should all have one of those. :D
I will take it that you meant an old 400 MHz machine
Actually that old clunker is probably the best machine to load your linux services onto, except your LTSP environments (because you want extra ram and disk and speed for that).
I little old pc is perfect for running all the home environment daemons including making it your local email server.
such as

sFTP
Firewall
Gateway
VPN
Remote Desktop
Mail server
Web server

I admit that I have set up a Nortel Networks VPN service during a project design, but I have not tinkered with the OSS equivalents yet.
None the less you will be surprise how little processing power these services require for handling your network.
Perhaps you may not have space on that old box for your mail server

As you likely have more disk space on another newer machine, which you indicate you do, and it probably has a CD Burner for making backups.
That is a good arrangement under the circumstances.
You could point your linux sFTP service to a file share on your Win machine.
This helps reduce vulnerability as the sFTP service is not running on the same machine as your main file server.
You can keep all of your other machines hidden inside your network and just have one secure linux box that presents to the external network.

Shared printers and files on M$ PC

Yeah. Printer drivers are like that.
Printer manufacturers other than Epson, HP and a couple of others are really holding the linux desktop conversion back.
Printing is one of the main things we must be able to do at home.

So how to set all these things up. Well I am a great believer in helping people to learn and the best way to learn is to read the manual.
There are plenty of sites that say "do it this way" but fail to explain why, so if it fails you don't know why or how to fix it.
There are some that tell you why but most likely don't cover all the services you are looking to add.
You should be able to garner enough from several of them to put together what you want.

It is a shame that I cannot find an online community version of the APC Linux Pocket book.
It is out of print and a bit out of date now but gave a real boost to all of us "down" here a few years ago.

In the absence of any of these walk-through sites, I recommend a plan of attack to use http://www.linux.org/apps/ as a reference library.
Click through and find the application you are using, from there click on "More.." on the right hand side.
From there you can jump to the orginating site where you should be able to access the latest manuals, forums, updates etc.
It is a great index. Be mindful of whether you are thinking of a Daemon or an application or a client. That should help you drill into the right page.
(eg: you will find sendmail under Daemon > Mail not under Networking > email)

However, after some concerted web-mining I think you will be very well armed with this online reference
http://www.faqs.org/docs/securing/index.html

[AMDave]

Currently the first section of the documents page at www.faqs.org lists a set of Linux references. Many of them are very useful.

I think your Edubuntu (LTSP) clients are probably running off the second NIC via the 16 port switch.
Personally I'd keep it that way as a sub-net as it is purpose specific.
So, the router sends inbound sFTP and http requests to your 400 Ghz machine (sic. lol If only it were true.)
It serves permitted sFTP requests via a windows share on your main workstation where you can keep keen control on the files and make backups to CD/DVD.
It filters all the inbound traffic through the firewall so you need to block everything and then open the ports that you want.
(Note that there are new articles on how to block idle-port scanning; find them and use them)
It also serves IP addresses to your workstation and Edubuntu server and any other machines that are not Edubuntu clients.
DHCP is great for starters but I recon you would benefit from dedicated IP addresses that you can add tou your windows and linux hosts files.
(There are good articles on how to secure your hosts files)
It can serve up your web site(s) or forward the requests to another machine on a port of your choice or the default.
I didn't mention this above, but you can also set up the squid - a linux web cache and point all your browsers to that.
It can save a mountain of internet traffic and you might even be able to patch it into your ISP's squid cache if they have one.
I achieved this once a long time ago for the excercise, but I didn't have sufficient local clients for it to be worthwhile.
If you have many clients being used by people (ie not DC robots) then this can save you a lot.
If you have enough space you can set up your sendmail or some other MTA service and point your workstation email clients at your own email service. But make sure that you include your mail store in your backup plan.

It is possible to set up all of your computers into the switch so your Edubuntu server uses only 1 card and the clients still get their environments from it, but I didn't figure that one out when I was learning about LTSP. I got as far as getting 1 PC to boot via bootp on a second NIC, like yours and that was it. I tried the other way got into a terrible mess, had a good laugh at myself and moved on.

As mentioned above if your Edubuntu server is fairly recent with plenty of grunt, memory and disk then you could apply all this to that machine, but I'd probably experiment with the oldest machine first as a working LTSP server is a complicated beast to brea and you really want to avoid that. But if it is fairly top notch and there are people infront of those clients then in reallity it's probably the right place to serve your files and ftp and mail from and then your workstation just becomes the backup station for storing the latest backup set and burning the older ones off to CD/DVD.

I think I have done a terrible job of explaining, by mostly typing as I think, but I find it is a good way to put ideas across rather than outlining a solution specification.

Anyhow, what are your thoughts?

[AMDave]

Hit the motherload. I once used a document called the Perfect CentOS setup.
I see now they have one for the latest release version 5.
Seven pages of CentOS Bliss

Even better they have other distros there too, which I didn't know (because I didn't look)
This may be the bliss that you are seeking.
Seven pages of Ubuntu Bliss

[AMDave]

Geeeeeezzzzz.!!! I do go on.

[AMDave]

On my Windows XP and 2000 systems I use LogMeIn so that I can check their status remotely - either from the other side of my office or the world (it worked perfectly when I was in Florida last year).

I've checked out the LogMeIn web site and they don't have a Linux version of LogMeIn yet. What can I use or run on my Ubuntu 7.04 box so I can check on it from my Win XP Pro SP2 boxen?

Following up from a chatroom conversation, I recommended to Vaughan that he continue to use LogMeIn to get onto his windows desktop and VNC from the windows desktop using a VNC client to access his linux desktops. This entails installing the VNC client of your choice (there are many) on your windows machine and enabling remote desktop access on your linux machine.
Actually, once you have done that you can basically unplug the monitor from your linux box and stow it in the cupboard. At one point I had just 2 monitors for 12 machines in my study - 1 monitor for the workstation and 1 to plug in to which ever cpu-node that I happened to stuff up that day LOLOL.

CRT Monitors use a lot of power, but these days there are some plasmas that use even more. LCD is the way to go unless you are a game-freak and you simply have to have the fastest non-interlaced display scan there is.

Just expanding on the resonse to jay above, you can use a monitor to set up your LTSP clients and enable VNC, unplug it to use to set up the next one. That's often referred to as "headless" operation. Even better you can set up LTSP diskless clients so they all use the disk on the server. With 100BaseT and above these days it's not much of a network issue on a home network. For a CPU farm this can save you real $$s as you just buy the psu, mobo, cpu, ram and a lan cable. Disks, monitors, keyboards, mice, speakers, cases etc not required. It's a challenge though and not one that I'm going to go into the details of. It has been well documented by others in the past elsewhere.