newspaint

Documenting Problems That Were Difficult To Find The Answer To

Category Archives: SysAdmin

USB Disk Geometry Problems

After plugging in my external hard disk attached to a SATA-to-USB interface I got the following messages in my /var/log/syslog:

Nov  4 11:52:48 myserver kernel: [5764041.788001] Buffer I/O error on dev sdg, logical block 1953498352, async page read

At first I had no idea what this meant, so I performed a smartctl -H -a /dev/sdg check which came back clean (no issues with the disk).

So I proceeded to try and import this into ZFS but the single-disk pool displayed as faulted:

me@myserver:~$ sudo zpool import
   pool: mypool
     id: 12345678912345678912
  state: FAULTED
 status: One or more devices contains corrupted data.
 action: The pool cannot be imported due to damaged devices or data.
   see: http://zfsonlinux.org/msg/ZFS-8000-5E
 config:

        mypool      FAULTED  corrupted data
          sdg       FAULTED  corrupted data

Then I proceed to check the ZFS labels on the disk:

me@myserver:~$ sudo zdb -l /dev/sdg
--------------------------------------------
LABEL 0
--------------------------------------------
    version: 5000
...
--------------------------------------------
LABEL 2
--------------------------------------------
failed to read label 2
--------------------------------------------
LABEL 3
--------------------------------------------
failed to read label 3

Ah, I’d come across this before. The cause? Trying to read my hard drive with a different SATA-to-USB adaptor than the one I originally formatted the disk with. It seems that sometimes different brands of SATA-to-USB adaptors can see different sizes of disk.

Specifically: I was using the SATA-to-USB circuit that I had pulled out of an external Western Digital disk drive. It seems that this interface doesn’t bother to check the actual size of the hard disk that is plugged in, it seems to be hard coded.

From dmesg:

me@myserver:~$ dmesg |grep "logical blocks:"
[5764041.758336] sd 11:0:0:0: [sdg] 15627986944 512-byte logical blocks: (8.00 TB/7.28 TiB)

But I’d actually plugged in a 4TB drive, not 8TB. When I tried with a separate SATA-to-USB adaptor it gave the correct number:

me@myserver:~$ dmesg |grep "logical blocks:"
[5764385.029248] sd 12:0:0:0: [sdg] 7814037168 512-byte logical blocks: (4.00 TB/3.64 TiB)

So maybe you have a drive with problems. But maybe you are just using an interface that isn’t correctly recognising the actual size of the drive you’ve plugged in.

Ubuntu Xenial Booting and Seeing Cryptsetup: LVM Is Not Available

I was in the process of replacing a hard drive on my root pool (rpool) ZFS zpool. I had taken out one of the hard drives my system relied upon when booting, it was a drive for which cryptsetup expected me to type a password when booting.

For several minutes I saw the following messages during boot (and finally a BusyBox shell):

cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
cryptsetup: lvm is not available
done.
  ALERT! /dev/disk/by-uuid/... does not exist,
        Check cryptopts=source= bootarg: cat /proc/cmdline
        or missing modules, devices: cat /proc/modules; ls /dev
-r Dropping to a shell. Will skip /dev/disk/by-uuid/... if you can't fix.
/scripts/panic/plymouth: line 18: /bin/plymouth: not found

BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1.4) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs)

To boot into my rpool I did the following:

(initramfs) # figure out the existing device to decrypt
(initramfs) cat /conf/conf.d/cryptroot
target=crypt1,source=UUID=...,key=none,rootdev
target=crypt2,source=UUID=...,key=none,rootdev

(initramfs) # find out what device has the UUID I'm looking for
(initramfs) blkid
/dev/sda: UUID="..." TYPE="crypto_LUKS"
/dev/sdb: UUID="..." TYPE="crypto_LUKS"

(initramfs) # open the encrypted disk that should still be working
(initramfs) cryptsetup luksOpen /dev/sdb crypt2
Enter passphrase for /dev/sdb: ********

(initramfs) # enable ZFS, and import the root rpool
(initramfs) /sbin/modprobe zfs
(initramfs) zpool import
  pool: rpool
    id: ...
 state: UNAVAIL
status: One or more devices are missing from the system.
action: The pool cannot be imported. Attach the missing
       devices and try again.
  see: http://zfsonlinux.org/msg/ZFS-8000-6X
config:
       rpool      UNAVAIL  missing device
         mirror-0 DEGRADED
           ...    UNAVAIL
           crypt2 ONLINE

(initramfs) zpool import -f -R / -m -N rpool
(initramfs) exit

At this point I was offered to unlock my other disks as per the usual boot sequence and the system booted into a degraded root zpool successfully.

Using Dnsmasq as Caching Nameserver on Ubuntu Xenial

Setting up dnsmasq as a caching nameserver locally on Ubuntu Xenial (16.04.6 LTS) can speed up the Internet experience as, by default, Linux queries a nameserver every time a domain name is connected to – and this usually involves the round-trip time to the configured nameserver. It is so much quicker to have a response locally if it is cached.

First, install dnsmasq:

$ sudo apt-get install dnsmasq
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  dns-root-data dnsmasq-base libnetfilter-conntrack3
The following NEW packages will be installed:
  dns-root-data dnsmasq dnsmasq-base libnetfilter-conntrack3
0 upgraded, 4 newly installed, 0 to remove and 7 not upgraded.
Need to get 353 kB of archives.
After this operation, 972 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

You may also want the lookup tool “dig” to test the dnsmasq install:

$ sudo apt-get install dnsutils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  bind9-host libbind9-140 libdns162 libisc160 libisccc140 libisccfg140
  liblwres141
Suggested packages:
  rblcheck
The following NEW packages will be installed:
  bind9-host dnsutils libbind9-140 libdns162 libisc160 libisccc140
  libisccfg140 liblwres141
0 upgraded, 8 newly installed, 0 to remove and 7 not upgraded.
Need to get 1,338 kB of archives.
After this operation, 6,059 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

Once dnsmasq has been installed create a custom cache configuration in the /etc/dnsmasq.d/ subdirectory:

# http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

# Listen on the given IP address(es).
listen-address=127.0.0.1,::1

# Listen on <port> instead of the standard DNS port (53).
port=53

# Force dnsmasq to really bind only the interfaces it is listening on.
bind-interfaces

# Log the results of DNS queries handled by dnsmasq.
# Enable a full cache dump on receipt of SIGUSR1.
# If the argument "extra" is supplied, ie --log-queries=extra then the
# log has extra information at the start of each line. This consists of
# a serial number which ties together the log lines associated with an
# individual query, and the IP address of the requestor.
log-queries

# If the facility given contains at least one '/' character, it is
# taken to be a filename, and dnsmasq logs to the given file, instead
# of syslog. If the facility is '-' then dnsmasq logs to stderr.
log-facility=/var/log/dnsmasq.log

# Tells dnsmasq to never forward A or AAAA queries for plain names,
# without dots or domain parts, to upstream nameservers. If the name is
# not known from /etc/hosts or DHCP then a "not found" answer is
# returned.
domain-needed

# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which
# are not found in /etc/hosts or the DHCP leases file are answered with
# "no such domain" rather than being forwarded upstream.
bogus-priv

# Don't read the hostnames in /etc/hosts.
#no-hosts

# Set the maximum number of concurrent DNS queries.
dns-forward-max=150

# Set the size of dnsmasq's cache.
# Setting the cache size to zero disables caching.
cache-size=250

# Disable negative caching.
#no-negcache

# This option gives a default value for time-to-live (in seconds) which
# dnsmasq uses to cache negative replies even in the absence of an SOA
# record.
neg-ttl=120

# Read the IP addresses of the upstream nameservers from <file>,
# instead of /etc/resolv.conf.
resolv-file=/etc/resolv.dnsmasq

# Don't poll /etc/resolv.conf for changes.
#no-poll

# Specify time-to-live for information from /etc/hosts.
local-ttl=15

# Set a maximum TTL value for entries in the cache.
max-cache-ttl=300

# Setting this flag forces dnsmasq to try each query with each server
# strictly in the order they appear in /etc/resolv.conf
#strict-order

Next, create a custom resolv.conf file for dnsmasq to use:

# Google secondary DNS
nameserver 8.8.4.4

# Cloudflare secondary DNS
nameserver 1.0.0.1

We’re not finished! If we want to use our own resolv.conf file then we have to modify the defaults file for dnsmasq:

IGNORE_RESOLVCONF=yes

Alright, now we’re ready to start dnsmasq. Well it might already be running:

$ sudo systemctl status dnsmasq
* dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/dnsmasq.service.d
           `-50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
   Active: active (running) since Mon 2019-08-26 06:13:09 UTC; 1h 4min ago
  Process: 7170 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 7224 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 7212 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 7209 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 7223 (dnsmasq)
   CGroup: /system.slice/dnsmasq.service
           `-7223 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

Aug 26 06:13:08 myhost systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Aug 26 06:13:08 myhost dnsmasq[7209]: dnsmasq: syntax check OK.
Aug 26 06:13:09 myhost systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

Either way, start or restart the dnsmasq daemon:

$ sudo systemctl stop dnsmasq
$ sudo systemctl start dnsmasq

We can view the dnsmasq log:

$ cat /var/log/dnsmasq.log
Aug 26 07:21:10 dnsmasq[8118]: started, version 2.75 cachesize 250
Aug 26 07:21:10 dnsmasq[8118]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Aug 26 07:21:10 dnsmasq[8118]: reading /etc/resolv.dnsmasq
Aug 26 07:21:10 dnsmasq[8118]: using nameserver 8.8.4.4#53
Aug 26 07:21:10 dnsmasq[8118]: using nameserver 1.0.0.1#53
Aug 26 07:21:10 dnsmasq[8118]: read /etc/hosts - 4 addresses

How about testing with a looking?

$ dig @localhost -p 53 www.wikipedia.org
; <> DiG 9.10.3-P4-Ubuntu <> @localhost -p 53 www.wikipedia.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29520
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.wikipedia.org.             IN      A

;; ANSWER SECTION:
www.wikipedia.org.      9864    IN      CNAME   dyna.wikimedia.org.
dyna.wikimedia.org.     266     IN      A       91.198.174.192

;; Query time: 7 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Aug 26 07:24:27 UTC 2019
;; MSG SIZE  rcvd: 91

$ tail /var/log/dnsmasq.log
Aug 26 07:24:27 dnsmasq[8118]: query[A] www.wikipedia.org from ::1
Aug 26 07:24:27 dnsmasq[8118]: forwarded www.wikipedia.org to 8.8.4.4
Aug 26 07:24:27 dnsmasq[8118]: forwarded www.wikipedia.org to 1.0.0.1
Aug 26 07:24:27 dnsmasq[8118]: reply www.wikipedia.org is 
Aug 26 07:24:27 dnsmasq[8118]: reply dyna.wikimedia.org is 91.198.174.192

Looks to be working. Interestingly, by default, dnsmasq queries all name servers simultaneously, at first, to determine which is responding the quickest, and will then tend to just query that one for a while, until it tries all the name servers again.

A few more things to finish up. Let’s tell Linux to use localhost to do DNS lookups in future:

# The primary network interface
auto ens5
iface ens5 inet static
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 127.0.0.1

And to make the change by hand until the next reboot you can edit /etc/resolv.conf directly to use 127.0.0.1 as the only nameserver.

You may want to also add a logrotate configuration:

/var/log/dnsmasq.log {
        size 20M
        rotate 50
        compress
        missingok
        notifempty
        create 644 dnsmasq root
        prerotate
                if systemctl status dnsmasq >/dev/null; then
                        systemctl stop dnsmasq >/dev/null;
                        touch /tmp/logrotate-dnsmasq-stopped.tmp;
                fi
        endscript
        postrotate
                if [ -e /tmp/logrotate-dnsmasq-stopped.tmp ]; then
                        rm /tmp/logrotate-dnsmasq-stopped.tmp;
                        systemctl start dnsmasq >/dev/null;
                fi
        endscript
}

Panasonic KX-UT113 VoIP Phone Displays Auto Ans

If you see the display showing “AUTO ANS” on your Panasonic KX-UT113 VoIP phone then it means that incoming calls will be picked up after a number of rings with the speakerphone enabled.

Panasonic KX-UT113 Displaying AUTO ANS

 

To disable (or enable) this function while the phone is on-the-hook (hung-up) press the button that doubles as the mute as well as auto-answer button.

Panasonic KX-UT113 Auto Answer Button

Panasonic KX-UT113 Auto Answer Button

Stop Hangup Executing Default Dialplan in Asterisk

I had an incoming trunk configured from a VoIP provider to my Asterisk server. When somebody called in but hung-up before I answered I’d get the following debug message:

me@host:~$ sudo asterisk -rvvvv

  == Spawn extension (mycontext, myvoip, 5) exited non-zero on 'SIP/myvoip-0000009a'
    -- Executing [h@mycontext:1] ...
    -- Executing [h@mycontext:2] ...
    -- Executing [h@mycontext:3] ...
    -- Executing [h@mycontext:4] ...
    -- Executing [h@mycontext:5] Dial("...")

For whatever reason a call that isn’t picked up and terminated appears to re-run through the entire dialplan but with “h” as the dialled extension.

So how to exclude?

My dialplan was pretty simple:

[mycontext]
exten => _.,1,NoOp()
  same => n,NoOp()
  same => n,NoOp()
  same => n,NoOp()
  same => n,Dial(SIP/123)
  same => n,HangUp()

At first I tried to create a hangup-specific extension:

[mycontext]
exten => h,1,NoOp()
exten => _.,1,NoOp()
  same => n,NoOp()
  same => n,NoOp()
  same => n,NoOp()
  same => n,Dial(SIP/123)
  same => n,HangUp()

But this still also matched my generic catch-all dialplan. This was evident by asking asterisk what would happen if the hangup extension was called:

me@host:~$ sudo asterisk -rvvvv
asterisk*CLI> dialplan reload
asterisk*CLI> dialplan show h@mycontext
[ Context 'mycontext' created by 'pbx_config' ]
  'h' =>            1. NoOp()                                     [pbx_config]
  '_.' =>           1. NoOp()                                     [pbx_config]
                    2. NoOp()                                     [pbx_config]
                    3. NoOp()                                     [pbx_config]
                    4. NoOp()                                     [pbx_config]
                    5. Dial(SIP/123)                              [pbx_config]
                    6. HangUp()                                   [pbx_config]

-= 2 extensions (7 priorities) in 1 context. =-

So what I did was add a test for the “h” extension and if it matched then skip to the end of the dialplan:

[mycontext]
exten => _.,1,NoOp()
  same => n,GotoIf($["${EXTEN}" = "h"]?theend)
  same => n,NoOp()
  same => n,NoOp()
  same => n,NoOp()
  same => n,Dial(SIP/123)
  same => n,HangUp()
  same => n(theend),NoOp()

Getting NVidia Working with LXC Container and Steam Game Client

I’ve written before about creating an LXC container with X11 and sound support.

The process is much the same for the Steam game client (which requires GLX). But I’ll go through the entire process along with the Steam-specific actions requires.

This is written specifically for Ubuntu Linux 16.04 Xenial. The LXC container created, including libraries and Steam client, consumes around 2.3GB of storage. Download the game Cities Skylines with Mass Transit and that blows out to 9.4GB.

It is assumed that you installed your NVIDIA drivers on your host (not in a LXC container) by running NVIDIA-Linux-x86_64-418.56.run (or similar) as root outside of any X session which you downloaded from the NVidia Unix driver archive.

Firstly create a LXC container with the name “steam”.

$ sudo lxc-create -n mysteam -t ubuntu -- -r xenial
##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##
$ sudo lxc-start -d -n mysteam
$ sudo lxc-ls -f
NAME          STATE   AUTOSTART GROUPS IPV4       IPV6 
mysteam       RUNNING 0         -      10.0.1.101 -

Then we need to install a variety of packages. So enter a console session (remember that you will need to press ctrl-A, Q to exit the console when finished):

$ sudo lxc-console -n mysteam
mysteam login: ubuntu
Password: ubuntu

# required for X11 forwarding over SSH
ubuntu@mysteam:~$ sudo apt-get install xauth

# optional install for xclock application (for testing)
ubuntu@mysteam:~$ sudo apt-get install x11-apps

# exit console
ctrl-A, then q

Next to install audio. First confirm you have pulseaudio running on your (non-LXC) host:

$ xprop -root PULSE_SERVER
PULSE_SERVER(STRING) = "{0e1da16b3f5b8cc7f23766efa2f30673}unix:/run/user/1000/pulse/native tcp:localhost:4713 tcp6:localhost:4713"

Also, on your host, run paprefs, select the “Network Server” (2nd) tab, and make sure the first option “Enable network access to local sound devices” is ticked (you will have to do this every time you log into your X Windows). This will allow your container to send audio over a SSH session (more on that later).

Now – we pick a random port number that isn’t being used, say, 54321. In future when we SSH to the container we will have to tell the container that a connection to 54321 in the container should result in a connection to whatever the output of the xprop command was earlier (e.g. “localhost:4713”). That’s in addition to supporting X protocol over SSH. So you would use a SSH command like:

$ ssh -X -R 54321:localhost:4713 ubuntu@10.0.1.101
ubuntu@10.0.1.101's password: ubuntu
ubuntu@mysteam:~$

# add the following line to /home/ubuntu/.bashrc
export PULSE_SERVER="tcp:localhost:54321"

# required for audio from container
ubuntu@mysteam:~$ sudo apt-get install pulseaudio

# logout from SSH session to container
ubuntu@mysteam:~$ exit

We should have working X11 forwarding and audio.

Now for the tricky part – NVidia and GLX support!

Edit the LXC container configuration, /var/lib/lxc/mysteam/config, to pass through the various devices used by the NVidia driver from the host to the container (thanks to this article for the information). Add the following (to the bottom of the configuration file, or anywhere):

# GPU Passthrough config
lxc.cgroup.devices.allow = c 195:* rwm
lxc.cgroup.devices.allow = c 243:* rwm
lxc.mount.entry = /dev/nvidia0 dev/nvidia0 none bind,optional,create=file
lxc.mount.entry = /dev/nvidiactl dev/nvidiactl none bind,optional,create=file
lxc.mount.entry = /dev/nvidia-uvm dev/nvidia-uvm none bind,optional,create=file
lxc.mount.entry = /dev/nvidia-modeset dev/nvidia-modeset none bind,optional,create=file
lxc.mount.entry = /dev/nvidia-uvm-tools dev/nvidia-uvm-tools none bind,optional,create=file

Copy in your NVidia driver file into the container, and restart the container (to pick up the configuration changes):

$ sudo cp ~/Downloads/NVIDIA-Linux-x86_64-418.56.run /var/lib/lxc/mysteam/rootfs/home/ubuntu/
$ sudo lxc-stop -n mysteam
$ sudo lxc-start -d -n mysteam

SSH back into the container and we will install the driver and GLX support:

$ ssh -X -R 54321:localhost:4713 ubuntu@10.0.1.101
ubuntu@10.0.1.101's password: ubuntu
ubuntu@mysteam:~$

# Add 386 support, we'll need this when installing NVidia driver, or else Steam will complain with "glXChooseVisual failed" error
ubuntu@mysteam:~$ sudo dpkg --add-architecture i386
ubuntu@mysteam:~$ sudo apt-get update
ubuntu@mysteam:~$ sudo apt-get install libc6:i386

# Add pkg-config to minimise warnings during NVidia driver installation
ubuntu@mysteam:~$ sudo apt-get install pkg-config

# Set executable permissions for NVidia driver and execute
# - ignore warning about not installing a kernel module (we don't want it anyway)
# - ignore warning about being forced to guess X library path (we don't care)
# - select YES to install 32-bit compatibility libraries, if this option isn't presented then go back and install libc6:i386 package (Steam client will throw "glXChooseVisual" error if this step is missed)
# - ignore request to get your X config automatically updated (container is not running X client)
ubuntu@mysteam:~$ sudo chmod 755 /home/ubuntu/NVIDIA-Linux-x86_64-418.56.run
ubuntu@mysteam:~$ sudo /home/ubuntu/NVIDIA-Linux-x86_64-418.56.run --no-kernel-module

# Test to see if NVidia card is found (only works if NVidia driver on host and container are absolutely identical)
ubuntu@mysteam:~$ nvidia-smi
Sun May 26 08:06:54 2019       
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 418.56       Driver Version: 418.56       CUDA Version: 10.1     |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
|===============================+======================+======================|
|   0  GeForce GTX 750 Ti  Off  | 00000000:01:00.0  On |                  N/A |
| 30%   38C    P8     1W /  38W |    173MiB /  1993MiB |      0%      Default |
+-------------------------------+----------------------+----------------------+
                                                                               
+-----------------------------------------------------------------------------+
| Processes:                                                       GPU Memory |
|  GPU       PID   Type   Process name                             Usage      |
|=============================================================================|
+-----------------------------------------------------------------------------+

# install GLX support
ubuntu@mysteam:~$ sudo apt-get install mesa-utils

# test whether GLX support is working
ubuntu@mysteam:~$ glxinfo
name of display: localhost:10.0
display: localhost:10  screen: 0
direct rendering: Yes
server glx vendor string: NVIDIA Corporation
server glx version string: 1.4
  ...

# if the following works you will have a moving image of gears on your display
ubuntu@mysteam:~$ glxgears

Honestly, that’s the hardest part done! Now all that is left is to install the Steam client.

Either download the Debian install package from https://store.steampowered.com/about/ or:

ubuntu@mysteam:~$ sudo apt-get install wget

# get the Debian steam client package, the URL comes from https://store.steampowered.com/about/
ubuntu@mysteam:~$ wget https://steamcdn-a.akamaihd.net/client/installer/steam.deb

# install dependencies FIRST
# - if you forget this and run the steam install first and get dependency errors then run "apt-get remove steam-launcher" and then retry this command
ubuntu@mysteam:~$ sudo apt-get install python curl python-apt xterm zenity

# install package
ubuntu@mysteam:~$ sudo dpkg -i steam.deb

# run the Steam client! (ignore warnings)
ubuntu@mysteam:~$ steam &
Setting up Steam content in /home/ubuntu/.local/share/Steam
Steam needs to install these additional packages:
        libgl1-mesa-dri:i386, libgl1-mesa-glx:i386
[sudo] password for ubuntu: ubuntu
......
Updating Steam...
Downloading update (132,000 of 284,881 KB)...

And that’s it! You should have a running Steam client in Ubuntu Linux.

I haven’t figured out to get rid of all running processes when I’m finished with Steam – so I just shut down my container.

Remember, if you get the following from the Steam client, then you’ll need to reinstall NVidia driver with 32-bit compatibility libraries:

[2019-05-24 10:45:16] Verifying installation...
[2019-05-24 10:45:16] Performing checksum verification of executable files
[2019-05-24 10:45:18] Verification complete
glXChooseVisual failed
glXChooseVisual failedMain.cpp (332) : Assertion Failed: Fatal Error: glXChooseVisual failed
Main.cpp (332) : Assertion Failed: Fatal Error: glXChooseVisual failed

Listing Drives Opened with CryptSetup

So I’ve opened a drive using cryptsetup, e.g.:

$ sudo cryptsetup luksOpen /dev/sdf mycrypt
Enter passphrase for /dev/sdf: hunter2
$

Now I want to know what encrypted drives I have mounted so I can unmount them. Do to this run the following command:

$ sudo dmsetup ls
mycrypt (252:0)

I can then use this information to close my mount:

$ sudo cryptsetup luksClose mycrypt

Unknown USB Bridge for WD Elements Disk in Smartmon

I was getting the following message when attempting to use the smartctl command (as part of smartmontools) to get information about the Western Digital Elements external USB disk drive I had plugged into my Ubuntu Linux system:

$ sudo /opt/smartmontools/sbin/smartctl -i /dev/sdf
smartctl 6.5 2016-05-07 r4318 [x86_64-linux-4.4.0-142-generic] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

/dev/sdf: Unknown USB bridge [0x1058:0x25a3 (0x1021)]
Please specify device type with the -d option.

One way around this “Unknown USB bridge” message was to re-run the command with the “-d sat” option:

$ sudo /opt/smartmontools/sbin/smartctl -i /dev/sdf -d sat
smartctl 6.5 2016-05-07 r4318 [x86_64-linux-4.4.0-142-generic] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Firmware Version: 83.H0A83
User Capacity:    8,001,563,222,016 bytes [8.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Rotation Rate:    5400 rpm
Form Factor:      3.5 inches
...

Another was to run the command update-smart-drivedb:

$ sudo /opt/smartmontools/sbin/update-smart-drivedb
/opt/smartmontools/share/smartmontools/drivedb.h updated from branches/RELEASE_6_5_DRIVEDB

Now I did not need the “-d sat” option.

How to DNAT a Port on Localhost in Linux

Let’s say you want to take all traffic destined for http://localhost/ and send it to another IP address, e.g. 10.0.9.4 through your eth0 to another host on your LAN.

The obvious thing to do is to set up a DNAT rule in your NAT iptables, e.g.:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# set all traffic sent towards localhost interface destined for port 80
#   to have a new destination address of 10.0.9.4
-A OUTPUT -o lo+ -p tcp --dport 80 -j DNAT --to-destination 10.0.9.4:80

# masquerade such traffic so that it appears to come from the eth0 interface
#   when leaving the host
-A POSTROUTING -o eth0 -p tcp -s 127.0.0.0/8 -j MASQUERADE

Right, that takes care of changing the destination address (DNAT) and the source address while in transit to the new destination (MASQUERADE).

But we still have a problem. Linux won’t route this traffic. Why? The answer was found in this forum post:

$ sysctl -w net.ipv4.conf.eth0.route_localnet=1

This value is documented as:

Do not consider loopback addresses as martian source or destination while routing. This enables the use of 127/8 for local routing purposes.

default FALSE

You have to set this sysctl value for every interface for which you want to be able to DNAT packets out of from localhost.

Systemd Listening on Port

You perform a netstat and discover that systemd is listening on a port that it shouldn’t be occupying:

me@server:~$ sudo netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
tcp        0      0 0.0.0.0:993    0.0.0.0:*        LISTEN  1/systemd
tcp        0      0 0.0.0.0:143    0.0.0.0:*        LISTEN  1/systemd

What can be done about this? You can discover which sockets have been configured by running:

me@server:~$ sudo systemctl list-sockets
LISTEN       UNIT            ACTIVATES
...
0.0.0.0:143  dovecot.socket  dovecot.service
0.0.0.0:993  dovecot.socket  dovecot.service
[::]:143     dovecot.socket  dovecot.service
[::]:993     dovecot.socket  dovecot.service
...

In this case we see that “dovecot.socket” is the unit responsible for the binding of these ports.

In the short term you may want to kill the socket to release the port:

me@server:~$ sudo systemctl kill dovecot.socket

… but long term you may want to delete the unit and prevent the ports from being bound in the first place:

me@server:~$ sudo mv /lib/systemd/system/dovecot.socket