Friday 15 August 2014

MariaDB on Freenas Jail


Turns out this is quite easy, theres a list of PBI available for AMD64 here:

http://pbibuild64.pcbsd.org/

I downloaded the MariaDB server:

http://ftp.pcbsd.org/pub/pbioutgoing/amd64/9/databases/mariadb-server/mariadb-5.3.12-amd64.pbi

I then upload plugin to FreeNAS, this creates a new jail. Mine was called customplugin_1.

connect to the Jail and run:
vi /etc/rc.conf
add the following:
mysql_enable="YES"mysql_limits="NO"mysql_dbdir="/var/db/mysql"
Then run:

service mysql-server start
The server is now started, you now have 2 options.

1. Set the root password manually, run:

/usr/pbi/mariadb-amd64/bin/mysqladmin -u root password 'new-password'
/usr/pbi/mariadb-amd64/bin/mysqladmin -u root -h customplugin_1 password 'new-password' 
2. Run the secure install script:
/usr/pbi/mariadb-amd64/bin/mysql_secure_installation
You can set the root password, disable root remote access and remove the test database. 
I opted for the second option.

You can now create users via the CLI, I used the guide here:

https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql

As this is storing my XBMC database only, this is relevant to that. Run:
mysql -pEnter password: *******Welcome to the MariaDB monitor.  Commands end with ; or \g.Your MariaDB connection id is 10Server version: 5.3.12-MariaDB Source distribution
Copyright (c) 2000, 2012, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> 
Then create the user, where user is the username and password is unsurprisingly the password:
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
We now need to add permissions to the database, XBMC creates databases and all the tables so I granted all privileges:

GRANT ALL PRIVILEGES ON * . * TO 'username'@'localhost';
and quit mysql:

quit






Posted by at No comments:

Thursday 14 August 2014

Enable SSH in a FreeNAS jail

Theres instructions on the Wiki but to remind myself easily heres how I did it:

Edit the rc.conf file to enable SSH:
# vi /etc/rc.conf
set sshd_enable=“YES”

Then save (:wq)

Start the SSHd:
# service sshd start
(keys etc. will be generated)

Create a user so I dont have to enable root login, make sure to add wheel as an additional group.
Also need to create the /home folder as it doesnt exist:

# mkdir /home
# adduser
Username: brendan
Full name: Brendan
Uid (Leave empty for default): 
Login group [brendan]: 
Login group is brendan. Invite brendan into other groups? []: wheel
Login class [default]: 
Shell (sh csh tcsh nologin) [sh]: 
Home directory [/home/brendan]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: 
Use an empty password? (yes/no) [no]: 
Use a random password? (yes/no) [no]: 
Enter password: 
Enter password again: 
Lock out the account after creation? [no]: 
Username   : brendan
Password   : *****
Full Name  : Brendan
Uid        : 1001
Class      : 
Groups     : brendan wheel
Home       : /home/brendan
Home Mode  : 
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (brendan) to the user database.
Add another user? (yes/no): no
Goodbye!

Done. I can now SSH direct to the jail.
Posted by at No comments:
Labels:

Fixing SSL in sabnzbd

Following from my previous post, it seems Sabnzbd isn't working quite right....to be precise SSL is not enabled. In fact it wont even let me select it in the Sabnzbd server settings, the tickbox is greyed out.

After a bit of google research I realised Sabnzbd uses pyOpenSSL for SSL support.

Knowing where the Sabnzbd log file is located from my last post (/var/db/sabnzbd/logs), i had a quick look for OpenSSL errors:

# grep -i pyopenssl /var/db/sabnzbd/logs/sabnzbd.log2014-08-13 15:19:22,865::INFO::[SABnzbd:502] pyOpenSSL... NOT found - try apt-get install python-pyopenssl (SSL is optional)


interesting, where the hell has OpenSSL gone? I'll check Python:
# python
Python 2.7.6 (default, Dec 11 2013, 21:07:05)
[GCC 4.2.1 20070831 patched [FreeBSD]] on freebsd9
Type "help", "copyright", "credits" or "license" for more information.
>>> from OpenSSl import SSL
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named OpenSSl
>>> exit()
As this is a FreeNAS boxed, and we are running in a jail based on FreeBSD we can't use apt-get, but can use pkg:

# pkg install security/py-opensslpkg: /var/db/pkg permissions (0777) too lax

More permissions errors, I fixed them with:

# chmod 755 /var/db/pkg# chmod 755 /var/db/pkg/*

*note: I'm not sure these are the right permissions but they worked for me

Lets try again to install pyOpenSSL:

# pkg install security/py-openssl
Updating repository catalogue
digests.txz                                             100% 1991KB   1.9MB/s   1.9MB/s   00:01    
packagesite.txz                                         100% 5169KB   5.1MB/s   5.1MB/s   00:01    
Incremental update completed, 23445 packages processed:
0 packages updated, 0 removed and 23445 added.
.......
FreeBSD repository is up-to-date
All repositories are up-to-date
Updating database digests format: 100%
The following 8 packages will be affected (of 0 checked):

New packages to be INSTALLED:
py27-openssl: 0.14
py27-cryptography: 0.4
indexinfo: 0.2
libffi: 3.0.13_1
py27-six: 1.5.2
py27-setuptools27: 5.4.1
py27-cffi: 0.8.6
py27-pycparser: 2.10

The process will require 6 MB more space
928 kB to be downloaded

Proceed with this action [y/N]: y
......
[Downloads] [1/8] Installing indexinfo-0.2: 100%
[Downloads] [2/8] Installing py27-setuptools27-5.4.1: 100%
[Downloads] [3/8] Installing libffi-3.0.13_1: 100%
[Downloads] [4/8] Installing py27-pycparser-2.10: 100%
[Downloads] [5/8] Installing py27-six-1.5.2: 100%
[Downloads] [6/8] Installing py27-cffi-0.8.6: 100%
[Downloads] [7/8] Installing py27-cryptography-0.4: 100%
[Downloads] [8/8] Installing py27-openssl-0.14: 100%

Eventually PyOpenSSL was installed, so I'll try to restart Sabnzbd and see if I can select SSL:

# service sabnzbd restart
Stopping sabnzbd.
Waiting for PIDS: 78667.
Starting sabnzbd.

Sure enough, I browsed to my jails IP on port 8080 and SSL was available and selected in the server settings.
Seems to have fixed it!



Posted by at No comments:
Labels:

Fixing Sabnzbd and Sickbeard etc. in FreeNAS 9.x


A friend of mine asked me for some help after they managed to break their install of Sabnzbd and Sickbeard in FreeNAS 9.2.1.5, after a power cut none of the plugins would start in the plugin jail created.

After much research it seemed they had managed to change the permissions of all the files in the jail to 777.

Theres various posts relating to this being a bug in some way, theres even a bug report: https://bugs.freenas.org/issues/3992

First thing I tried was upgrading to 9.2.1.7 that had just been released, unfortunately this didn't work.

All I could find via google was that I should remove the Jail and reinstall, but I didn't fancy doing this.

I worked out that there was an issue with Python, when trying to run it from the command line I got the message below:

# python 
Shared object "libintl.so.9" not found, required by "python"

I'm not sure that this was causing the issue but looking in /lib I saw that libintl.so.9 was missing, using locate I found it in /usr/local/lib and copied it to /lib:

cp /usr/local/lib/libintl.so.9 /lib
Trying python again and it worked!

# pythonPython 2.7.6 (default, Dec 11 2013, 21:07:05) [GCC 4.2.1 20070831 patched [FreeBSD]] on freebsd9Type "help", "copyright", "credits" or "license" for more information.>>> exit() 

Ok, lets try and start sabnzbd:

# service sabnzbd restartsabnzbd not running? (check /var/db/sabnzbd/sabnzbd.pid).Starting sabnzbd.su: pam_start: system error/usr/local/etc/rc.d/sabnzbd: WARNING: failed to start sabnzbd

Damn! doesn't work, lets check the logs:

# tail /var/log/messagesAug 13 15:03:55 Downloads su: in openpam_check_desc_owner_perms(): /etc/pam.d/su: insecure ownership or permissionsAug 13 15:03:55 Downloads su: pam_start: system error

Ok, permissions errors, after a bit of trial and error using chmod permissions I found the below worked:

# chmod 755 /etc/pam.d/*# chmod 755 /usr/lib/pam*

* Note I have no idea if this is the correct permission but it worked for me!

Ok, lets try and start sabnzbd again:

# service sabnzbd restartsabnzbd not running? (check /var/db/sabnzbd/sabnzbd.pid).Starting sabnzbd.Error:Can't write to logfile/usr/local/etc/rc.d/sabnzbd: WARNING: failed to start sabnzbd

Better but looks like permissions on the logfile this time, I worked out the logfiles were stored in /var/db/sabnzbd/logs so changed the permissions to 777:

# chmod 777 /var/db/sabnzbd/logs/*

And tried for a third time to start sabnzbd:

# service sabnzbd restartsabnzbd not running? (check /var/db/sabnzbd/sabnzbd.pid).Starting sabnzbd.

Yay! no errors, browsed to the jails IP on port 8080 and sabnzbd was running.

Now to try Sickbeard:
# service sickbeard startStarting sickbeard.Traceback (most recent call last):  File "/usr/pbi/sickbeard-amd64/share/sickbeard/Sick-Beard/SickBeard.py", line 403, in <module>    main()  File "/usr/pbi/sickbeard-amd64/share/sickbeard/Sick-Beard/SickBeard.py", line 323, in main    sickbeard.initialize(consoleLogging=consoleLogging)  File "/usr/pbi/sickbeard-amd64/share/sickbeard/Sick-Beard/sickbeard/__init__.py", line 667, in initialize    logger.sb_log_instance.initLogging(consoleLogging=consoleLogging)  File "/usr/pbi/sickbeard-amd64/share/sickbeard/Sick-Beard/sickbeard/logger.py", line 99, in initLogging    self.cur_handler = self._config_handler()  File "/usr/pbi/sickbeard-amd64/share/sickbeard/Sick-Beard/sickbeard/logger.py", line 111, in _config_handler    file_handler = logging.FileHandler(self.log_file_path, encoding='utf-8')  File "/usr/pbi/sickbeard-amd64/lib/python2.7/logging/__init__.py", line 903, in __init__    StreamHandler.__init__(self, self._open())  File "/usr/pbi/sickbeard-amd64/lib/python2.7/logging/__init__.py", line 928, in _open    stream = codecs.open(self.baseFilename, self.mode, self.encoding)  File "/usr/pbi/sickbeard-amd64/lib/python2.7/codecs.py", line 881, in open    file = __builtin__.open(filename, mode, buffering)IOError: [Errno 13] Permission denied: '/usr/pbi/sickbeard-amd64/etc/sickbeard/Logs/sickbeard.log'/usr/local/etc/rc.d/sickbeard: WARNING: failed to start sickbeard
Damn! lots of errors, however theres one about log permissions, so I'll try fixing that:
chmod 777 /usr/pbi/sickbeard-amd64/etc/sickbeard/Logs/sickbeard.log
And try again:

# service sickbeard start
Starting sickbeard.
No errors, a quick browse to the jails IP on port 8081 and Sickbeard was running too!

It's not been rebooted yet so this may not be a permanent fix but its working for now.

Posted by at 6 comments:
Labels:
Subscribe to: Posts (Atom)