Category Archives: Ubuntu

Ubuntu related stuff

Uninstall snapd from ubuntu 20.04

In my last post I found out who was to blame for filling my complete disk. It was this new and fu**** slow snapd added to ubuntu in the last few moments before release to get into the app market business. I decided to live without this feature and uninstalled it:

snap list | awk '{print $1}' | xargs -rn1 sudo snap remove

After letting this run a few times i tried to uninstall the remaining snaps manually with

sudo snap remove <name>

Some refused to uninstall but I continued with unmounting its volume and getting rid of snapd from the system:

sudo umount /snap/core/<replace_with_number_in_your_folder>
sudo apt purge snapd

In the end i cleaned up any stuff left from snapd:

rm -rf ~/snap
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd

In the end removing all snaps freed about 20GB of data. I will reinstall everything based on apt as usual and will then be back at maybe 15GB of saved space without snapd.

Next to this space problem all the apt installed applications start seconds faster.

Thanks for the long years of great operating system but that’s a way I won’t go with you.

Remove old/disabled snaps from the system – ubuntu why…

The new snap system starts eating my system partition. Next to being slow it also holds old backups of upgraded snaps. Ubuntu itself has no option to disable that. You can only lower the number of old versions by using

sudo snap set system refresh.retain=2

which will limit the number to one live and one backup copy. But what if you also don’t need or want that backup copy? refresh.retain doesn’t allow 1:

sudo snap set system refresh.retain=1

error: cannot perform the following tasks:
- Run configure hook of "core" snap (run hook "configure": retain must be a number between 2 and 20, not "1")

I didn’t further check how to remove that but used the following one-liner to get rid of old versions:

sudo su
snap list --all | awk '$6~"disabled"{print $1" --revision "$3}' | xargs -rn3 snap remove

Next to those backups also the /var/lib/snapd/cache folder holds a massive amount of space on my machine. I considered it to be safe to delete:

sudo rm -f /var/lib/snapd/cache/*

This cleanup of snapd folder freed around 12GB of data on my root partition.

Add docker to unattended-upgrades in ubuntu 20.04

If you want your server to install docker updates automatically then you need to add the docker repository to the list of allowed origins. Otherwise docker updates will stay untouched by unattended-update which will looks similar to this when you login and check which updates need to be installed. Had that quite some times until I decided to look into this.

sudo apt dist-upgrade 
...
The following packages will be upgraded:
  containerd.io docker-ce docker-ce-cli

As you can see all docker packages (coming from https://download.docker.com/linux/ubuntu) weren’t updated. This happens because this origin isn’t in the allowed origin list of unattended-upgrade. You can see metadata of the repository by running

apt-cache policy

There you will find an entry like this

 500 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
     release o=Docker,a=focal,l=Docker CE,c=stable,b=amd64
     origin download.docker.com

The important part is the o and a in this definition. Those state the origin and the archive.

To allow the docker repo as an origin you need to open /etc/apt/apt.conf.d/50unattended-upgrades with root access and add

"Docker:${distro_codename}";

to the list in Unattended-Upgrade::Allowed-Origins. The syntax is short for “origin:archive”.

Here the allowed origins list from my file as an example:

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
        "Docker:${distro_codename}";
};

I replaced the archive name focal with the variable distro_codename like the existing examples also did. This will help in a future dist upgrade if you plan to upgrade your os for example with the next lts version.

With those changes in place unattended-upgrade should also install updates for docker from now on.

The same procedure can be followed to add other repositories to this list as well.

redis-server on ubuntu 18.04

After installing redis on my machine I received the following error message:

redis-server.service: Can’t open PID file /var/run/redis/redis-server.pid (yet?) after start: No such file or directory

This message comes because redis refuses to start with disabled ipv6. To get it running you have to remove “::1” from “bind 127.0.0.1 ::1” in /etc/redis/redis.conf. Then redis starts as expected.

Access Ubuntu 18.04 via VNC from Mac

Ubuntu

First prepare the ubuntu machine by installing vino:

sudo apt install vino

Then hit windows button and look for sharing. Configure the system to allow remote connections with given password.

You also need to disable encryption with:

gsettings set org.gnome.Vino require-encryption false

MAC

Then you can access the machine from your Mac with Screen Sharing app with the url

vnc://<IP>:5900

 

Add network bridge with ubuntu 18.04

To create a network bridge with netplan you have to create a file

network:
  version: 2
  ethernets:
     enp6s0:
        dhcp4: true
  bridges:
     br0:
       interfaces: [enp6s0]
       dhcp4: true
       optional: false
       macaddress: <some mac>

Make sure to place a mac address in and replace the interface name enp6s0 with yours.

Then run sudo netplan apply.

The machine gets a new IP from dhcp so make sure you have it configured in your dhcp before or have a local console ;-)

Openssl certificates for apache

In my former post i described a way how to create self signed SSL certificates with an own certificate authority. These certificates didn’t work in latest chrome versions so I updated my scripts to create valid certificates for chrome. This time I only create wildcard certificates because creating one for every subdomain was annoying.

#!/bin/bash
if [ -e ca.key ]; then
	echo "ca.key already exists"
	exit 1
fi

openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \
  -subj "/C=AT/ST=Vienna/L=Vienna/O=Coffeebeans/CN=Coffeebeans Domain Validation Secure Server CA/emailAddress=office@coffeebeans.at"
#!/bin/bash
NAME=star.$1
if [ "star." == $NAME ]; then
	echo "usage: $0 <domain.name>"
	exit 1
fi
if [ -e $NAME.key ]; then
	echo "$NAME.key already exists"
	exit 1
fi
if [ ! -e ca.crt ]; then
	echo "no ca certificate created"
	exit 1
fi

CONFIG=$(cat <<-EOF
[ca]
default_ca=CA_default

[CA_default]
dir=./ca
database=$dir/index.txt
new_certs_dir=$dir/newcerts
serial=$dir/serial
private_key=./ca.key
certificate=./ca.crt
default_days=3650
default_md=sha256
policy=policy_anything
copy_extensions=copyall

[policy_anything]
countryName=optional
stateOrProvinceName=optional
localityName=optional
organizationName=optional
organizationalUnitName=optional
commonName=supplied
emailAddress=optional

[req]
default_bits=4096
prompt=no
default_md=sha256
req_extensions=req_ext
distinguished_name=dn
 
[ dn ]
C=AT
ST=Vienna
L=Vienna
OU=Domain Control Validated
emailAddress=office@coffeebeans.at
CN=*.$1
 
[ req_ext ]
subjectAltName=@alt_names
 
[ alt_names ]
DNS.1=$1
DNS.2=*.$1
EOF
)

# PREPARE
echo "$CONFIG" > config.txt
if [ ! -d ./ca ]; then
	mkdir -p ./ca/newcerts
	touch ./ca/index.txt
fi

openssl genrsa -out $NAME.key 4096
openssl req -new -key $NAME.key -out $NAME.csr -config config.txt
openssl ca -create_serial -batch -in $NAME.csr -out $NAME.crt -config config.txt

# CLEANUP
rm -f *.csr config.txt
chmod 644 *.key *.crt

I also tried to use these certificates in postfix which did NOT work. To create files for postfix see my former post.

 

Robo 3T MongoDB client fails to start on ubuntu 16.04

I tried to rim robo3t-1.1.1-linux-x86_64 downloaded from https://robomongo.org/ and got the following error when trying to run it:

This application failed to start because it could not find or load the Qt platform plugin "xcb"
in "".

Available platform plugins are: xcb.

Reinstalling the application may fix this problem.
Aborted

Trying to install xcb via apt install xcb doesn’t change the behavior. Then I found a solution by removing all libstdc++* files from the lib directory in the extracted directory:

rm lib/libstdc++*

failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: “systemd” is different from docker cgroup driver: “cgroupfs”

Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

Docker version 17.06.0-ce, build 02c1d87

openshift-origin-server-v3.6.0-c4dd4cf-linux-64bit

I followed the steps under https://docs.openshift.org/latest/getting_started/administrators.html#downloading-the-binary and got the error in the title. To fix this you have to add “–exec-opt native.cgroupdriver=systemd” to ExecStart of docker. The best way to do this is to add a addin file /etc/systemd/system/docker.service.d/override.conf with following content:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// --exec-opt native.cgroupdriver=systemd

Then reload systemd and restart docker:

sudo systemctl daemon-reload
sudo systemctl restart docker

 

Ubuntu: Docker behind proxy

sudo mkdir /etc/systemd/system/docker.service.d
cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://proxy-address:8080/"
Environment="HTTPS_PROXY=http://proxy-address:8080/"
Environment="NO_PROXY=localhost,127.0.0.1,.localdomain"

sudo systemctl daemon-reload
sudo systemctl restart docker