Check if a Package is Installed

One of the most common requests and inquirys is “Do I have the …xyz package or program installed?” Here is how to check.

Ubuntu/Debian

List all packages

# dpkg -l | less

# dpkg -s apache-perl

To check whether a package is installed or not:


dpkg -l | grep vlc

Use file /var/lib/dpkg/available to find out all package names available to you. Or use following command (list all packages in /var/lib/dpkg/status):


# dpkg-query -l

You can also try to match package name using wild cards:


# dpkg-query -l 'libc6*'

Use the following command to get exact status (whether it is installed or not):

# dpkg-query -W -f='${Status} ${Version}\n' apache-perl

CentOS and RPM based Distros

Under Red Hat/Fedora/CentOS/Suse Linux use the rpm command:

# rpm -qa | grep {package-name}

For example find out package mutt installed or not:

# rpm -qa | grep mutt

On a CentOS/RHEL use the following yum command to tell whether a package named htop is installed:


# yum list installed {PACKAGE_NAME_HERE}

# yum list installed htop

			

Enable TLS version 1.2 on Plesk

Enabling TLS 1.2 and disabling other versions on Plesk.

In order to use the steps outlined below, you will need to upgrade Plesk to it’s most recent version. You can do so within the System Overview section of the Home screen in Plesk Panel or by running

# /usr/local/psa/admin/bin/autoinstaller

Once you have completed the upgrade you can run the command in the link below to enable TLS1.2 and disable older versions of TLS.

https://support.plesk.com/hc/en-us/articles/115000422229-How-to-enable-disable-particular-TLS-version-in-Plesk-on-Linux-

Nginx fails to start when Centos/Plesk migrated to Azure

There is a small issue where a Plesk/CentOS 7 system is migrated to Azure and nginx fails to start.
This is the error in the nginx log


# cat /var/log/nginx/error.log
2018/06/14 22:11:41 [emerg] 9341#0: bind() to 10.144.114.11:443 failed (99: Cannot assign requested address)

If so then to edit:


# /etc/sysctl.conf

And add:


# net.ipv4.ip_nonlocal_bind = 1 

Then Run:


# sysctl -p /etc/sysctl.conf

start Nginx:


#service nginx start

Installation for Proxmox

Install 3 nodes. Each node specs:

Since our host acts as a router we have to make sure it’s kernel has all IP packet forwarding features activated. Take a look at ‘/etc/sysctl.conf’ and make sure that the following two lines aren’t commented out:


net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Lastly make sure your host won’t send ICPM “redirect” messages to guests, telling them to find the gateway by themselves. This won’t work with our particular network setup. Add the following to ‘/etc/sysctl.conf’:


net.ipv4.conf.all.send_redirects=0

Reboot

Networking for nodes Incomplete – this is not currently working):
Set up 3 NIC’s

ens192 – primary for Public IP. This is the public IP for the installation.
ens224 – proxmox VE Cluster Network
ens256 – Ceph Install

Once installed, edit /etc/network/interfaces on all 3 nodes. Change the IP addresses accordingly. Remeber to backup the files before editing.
Example /etc/network/interfaces for px1 node 1.

auto lo
iface lo inet loopback

auto ens192
iface ens192 inet static
        address  216.55.xxx.xxx
        netmask  255.255.255.0
        gateway  216.xx.xxx.1
        post-up echo 1 > /proc/sys/net/ipv4/conf/ens192/proxy_arp
#Public IP

auto vmbr0
iface vmbr0 inet static
        address  192.168.1.151
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o ens192 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o ens192 -j MASQUERADE
#Private Network fro VM Creation

auto ens224
iface ens224 inet static
        address  10.0.0.151
        netmask  255.255.255.0
#Proxmox VE Cluster Network

auto ens256
iface ens256 inet static
  address  10.10.10.151
  netmask  255.255.255.0
#ceph network

Setting up the cluster

Hosts file edits. Backup hosts file and change to this on all nodes. This is not the hostname but an identifier.

# corosync network hosts
10.0.0.151 one-corosync.geekdecoder.com one-corosync
10.0.0.152 two-corosync.geekdecoder.com two-corosync
10.0.0.153 three-corosync.geekdecoder.com three-corosync

Adding Nodes With Separated Cluster Network
When adding a node to a cluster with a separated cluster network you need to use the ringX_addr parameters to set the nodes address on those networks:

pvecm add IP-ADDRESS-CLUSTER -ring0_addr IP-ADDRESS-RING0
If you want to use the Redundant Ring Protocol you will also want to pass the ring1_addr parameter.

Creating the cluster after network and host file setup. Log into node 1.

node1# pvecm create clustername -bindnet0_addr 10.0.0.151 -ring0_addr one-corosync

Output

Corosync Cluster Engine Authentication key generator.
Gathering 1024 bits for key from /dev/urandom.
Writing corosync key to /etc/corosync/authkey.
Writing corosync config to /etc/pve/corosync.conf
Restart corosync and cluster filesystem

Reboot

# reboot

Adding nodes.

From man corosync.conf

ringnumber – This specifies the ring number for the interface. When using the redundant ring protocol, each interface should specify separate ring numbers to uniquely identify to the membership protocol which interface to use for which redundant ring. The ringnumber must start at 0.

Adding nodes. Login to a node you want to add, node2, node3, node4, etc. In this example, login to node 2 (10.0.0.152)and the IP for node1 is 10.0.0.151.
Run the following where”

node2# pvecm add 10.0.0.151 -ring0_addr 10.0.0.152

Status

 pvecm status
Quorum information
------------------
Date:             Tue Jun 12 15:17:10 2018
Quorum provider:  corosync_votequorum
Nodes:            2
Node ID:          0x00000001
Ring ID:          1/12
Quorate:          Yes

Votequorum information
----------------------
Expected votes:   2
Highest expected: 2
Total votes:      2
Quorum:           2
Flags:            Quorate

Membership information
----------------------
    Nodeid      Votes Name
0x00000001          1 10.0.0.151 (local)
0x00000002          1 10.0.0.152

Nodes

 pvecm nodes

Membership information
----------------------
    Nodeid      Votes Name
         1          1 one-corosync (local)
         2          1 10.0.0.152
         3          1 10.0.0.153

log into the node 1 web GUI.

Installation of Ceph packages

Login to each node and run:

~# pveceph install --version luminous
update available package list
Reading package lists... Done
Building dependency tree
Reading state information... Done
gdisk is already the newest version (1.0.1-1).
The following additional packages will be installed:
  binutils ceph-base ceph-mgr ceph-mon ceph-osd cryptsetup-bin libcephfs2 libcurl3 libgoogle-perftools4 libjs-jquery
  libjs-sphinxdoc libjs-underscore libleveldb1v5 liblttng-ust-ctl2 liblttng-ust0 libparted2 librados2 libradosstriper1
  librbd1 librgw2 libtcmalloc-minimal4 libunwind8 parted python-bs4 python-cephfs python-cffi-backend python-cherrypy3
  python-click python-colorama python-cryptography python-dnspython python-enum34 python-flask python-formencode
  python-idna python-ipaddress python-itsdangerous python-jinja2 python-logutils python-mako python-markupsafe
  python-openssl python-paste python-pastedeploy python-pastedeploy-tpl python-pecan python-prettytable python-pyasn1
  python-rados python-rbd python-repoze.lru python-rgw python-routes python-setuptools python-simplegeneric
  python-singledispatch python-tempita python-waitress python-webob python-webtest python-werkzeug
Suggested packages:
  binutils-doc ceph-mds libparted-dev libparted-i18n parted-doc python-cryptography-doc python-cryptography-vectors
  python-enum34-doc python-flask-doc python-egenix-mxdatetime python-jinja2-doc python-beaker python-mako-doc
  python-openssl-doc python-openssl-dbg httpd-wsgi libapache2-mod-python libapache2-mod-scgi python-pastescript
  python-pastewebkit doc-base python-setuptools-doc python-waitress-doc python-webob-doc python-webtest-doc ipython
  python-genshi python-lxml python-greenlet python-redis python-pylibmc | python-memcache python-werkzeug-doc
Recommended packages:
  ceph-mds ntp | time-daemon javascript-common python-lxml | python-html5lib python-blinker python-simplejson
  libjs-mochikit python-openid python-scgi python-pastescript python-lxml python-pyquery python-pyinotify
The following NEW packages will be installed:
  binutils ceph ceph-base ceph-mgr ceph-mon ceph-osd cryptsetup-bin libcephfs2 libcurl3 libgoogle-perftools4 libjs-jquery
  libjs-sphinxdoc libjs-underscore libleveldb1v5 liblttng-ust-ctl2 liblttng-ust0 libparted2 libtcmalloc-minimal4
  libunwind8 parted python-bs4 python-cffi-backend python-cherrypy3 python-click python-colorama python-cryptography
  python-dnspython python-enum34 python-flask python-formencode python-idna python-ipaddress python-itsdangerous
  python-jinja2 python-logutils python-mako python-markupsafe python-openssl python-paste python-pastedeploy
  python-pastedeploy-tpl python-pecan python-prettytable python-pyasn1 python-repoze.lru python-rgw python-routes
  python-setuptools python-simplegeneric python-singledispatch python-tempita python-waitress python-webob python-webtest
  python-werkzeug
The following packages will be upgraded:
  ceph-common librados2 libradosstriper1 librbd1 librgw2 python-cephfs python-rados python-rbd
8 upgraded, 55 newly installed, 0 to remove and 27 not upgraded.
Need to get 54.5 MB of archives.
After this operation, 179 MB of additional disk space will be used.

Create initial Ceph configuration

node1# pveceph init --network 10.10.10.0/24

After that you can create the first Ceph monitor service using:

node1# pveceph createmon

Go to video or site to create other items.

Keyring

cd /etc/pve/priv
mkdir ceph
root@px1:/etc/pve/priv# cp /etc/ceph/ceph.client.admin.keyring ceph/ceph-vm.keyring
root@px1:/etc/pve/priv# cp /etc/ceph/ceph.client.admin.keyring ceph/ceph-lxc.keyring

Now visable.

Do some benchmark testing.
write performance

rados -p test3 bench 10 write --no-cleanup

read

rados -p test3 bench 10 seq

Add virtualization

Login to ESXi ssh.

go to your node vm directory with the .vmx file. In this case

/vmfs/volumes/5a70c7aa-560fd204-49b1-6805ca0a3085/px3

Add the following to the bottom of the file

 # vhv.enable = "TRUE"

Restart the VM.

Log into the node 1 and run the following

#egrep -c '(vmx|svm)' /proc/cpuinfo
1

1= ok
0 = no change

How To Install Proxmox Nested on VMware ESXi (Full Support OpenVZ & KVM)

Another option is to disable KVM virtualization on the VM

upload iso to local storage

scp to /var/lib/vz/template/iso

HA video – https://www.youtube.com/watch?v=JfLJO-IF0Eo

Windows Admin Prompt Greyed Out or Missing

If the Admin prompt has a greyed out or missing Yes button but no password entry box, use the Built-In Admin account in Safe mode to create two new Admin accounts.

https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/if-the-admin-prompt-has-a-greyed-out-or-missing/21053df9-39fb-4395-be3c-7f1797dc145b

Mine was missing so I did this:
Boot into Safe mode by following this procedure. There is also an illustrated and well-explained procedure in Safe mode that you might prefer but it does not have all the steps and explanations that I have provided.

3.1 Prepare – Do you normally boot up to a logon screen

or have you bypassed that using netplwiz so that you boot up straight to your desktop without having to sign in every time

or {for local accounts only} you boot up straight to your desktop without having to sign in every time because you have never set a password for your day-to-day user account?

3.1.1 If you boot up to a logon screen, it eases getting into Safe mode

3.1.2 If you have bypassed the logon screen then attempt to reset it by entering netplwiz in a command prompt then, in the netplwiz window, selecting your Admin-level user account and setting the checkbox for Users must enter a username and password to use this computer. If you get an Admin challenge when running netplwiz [which would happen if you had set your UAC protection to its highest level] you will not be able to get around it and will need to take the additional step described in para 3.4 below.

3.1.3 If you have bypassed the logon screen because {for local accounts only} you have never set a password for that account you will need to take the additional step described in para 3.4 below.

3.2 Go to Settings, Update & security, Recovery then click on Advanced start-up – Restart now.

3.3 You’ll be taken to a blue menu. Select Troubleshoot, Advanced options, Startup settings, Restart.

3.4 You’ll be rebooted to another blue menu. Press the 4 key* to select Enable Safe mode. You will be taken to the Safe mode login screen.

* If you were unable [paras 3.1.2, 3.1.3 above] to turn off the attempt to boot straight into your day-to-day user account with no login screen appearing then, immediately after pressing the 4 key, press and hold down the Shift key until the login screen appears. If you are too slow then you will have to reboot normally [i.e. not into Safe mode] then repeat steps 3.2-4. I have tried this Shift key procedure repeatedly on a new Windows 10 computer & on a six year old Windows 10 computer upgraded from Windows 7 and it works every time but I have also tried in on an eleven year old Windows 10 computer that is almost-but-not-quite-fully Windows 10 compatible and cannot get it to work. If I was to lose of all my Admin-level accounts on this particular computer I would therefore have to reinstall Windows 10 or restore it from a recent system image.

3.5 Starting Safe mode in Windows 10 does not look like the Safe mode startup you might have seen in previous Windows versions. There is no long list of drivers & other Windows components whizzing up the screen.

3.6 The Safe mode login screen ought to have entries for your existing user accounts, entries for a couple of accounts created by Windows [DefaultAccount, Guest], possibly an entry for an account created by the computer OEM when setting the computer up before sale [such as defaultuser0] and an entry for an account with the username Administrator. Administrator is the username of the Built-In Administrator account**. If the username Administrator is not shown on the Safe mode login screen then you will probably have no choice but to reinstall Windows 10 because it would mean that, although you know that you have no functioning Admin-level accounts, Windows thinks you do. In this forum, we are not allowed to advise any course of action other than reinstallation in these circumstances.

** In the hope of avoiding too much confusion, I will use the term Administrator in full whenever I refer to the Built-In Administrator account and I will use the term Admin when referring to any Admin-level user accounts that you create.

3.7 Select the Administrator account and log in by clicking the login button or pressing the Enter/Return key – Administrator has no password so there is nothing to type in.

4 Use the Administrator account to fix the problem

4.1 When you log in to Administrator in Safe mode you’ll be taken to a fairly normal-looking, albeit black, desktop. There is Windows version info at the top and the words Safe mode are shown in each corner. You’ll get a false warning [that you can simply dismiss out of hand or ignore] that the Get started app cannot be opened or that you’ll need to get a new app to open ms-get-started. This false warning** seems to be a bug that Microsoft have not addressed.

** Note that if you ever log in to Safe mode using any other user account, you will get a false warning [that you can simply dismiss out of hand or ignore] that the Tips app or another app cannot be opened “using the Built-In Admin” even though you are not using it.

Image

4.2 Create a new Admin account with a password. You can change the password later so you can just keep it simple for now as long as you do not go online until you have finished. You can call the new user account almost whatever you like as long as no existing account uses the same name so do not call it Administrator, DefaultAccount or Guest and do not use the name of any of your own user accounts. Avoid spaces in the name & password just to keep things simple, only use characters you can type on the keyboard and don’t use any symbols in either of them that File explorer would reject if you tried using them in a filename [so, for example, do not use these * : < > / \ | ” ?]. I use the username NewAdminPrimary with a password 12345 here by way of example.

Open a Command prompt – click on the Start button, scroll down & click on Windows system then select Command prompt.

Enter net user if you need to check the names used for your existing user accounts.

Enter net user /add NewAdminPrimary 12345

Enter net localgroup Administrators NewAdminPrimary /add

4.3 Repeat this to create another account NewAdminReserve so you have both a new Admin-level account to use and a spare one to rescue the situation if NewAdminPrimary is ever afflicted with user profile corruption.

4.4 The user accounts created this way are “local” user accounts. They exist only on this computer. They are not linked to any online accounts such as MSAccounts.

4.5 Log into at least one of the new accounts without rebooting [Start button, user icon] just to give you confidence that all is now well. This takes a while as Windows has to go through its We’re just setting things up for you & It’s taking a bit longer than usual, but it should be ready soon routines. Then reboot and log in to one of the new accounts.

4.6 Do something that you know generates an Admin challenge so that you can see that the account is working correctly. You could, for example, use File explorer to go to C:\Program files then right-click, hover over New and click on Folder because that always generates the Admin challenge.

See IP’s Accessing Website

Here is a way to see what IP’s are accessing the website domain.com. Find the location of the access logs.

In a cpanel account:


# cd /home/domain.com/access-logs

Now run the following on the access logs…

# cat domain.com | awk '{print $1}' | sort | uniq -c | sort -rn | head

Here is the readout:

 24 72.178.xxx.xx
 18 216.xx.xxx.161
 1 216.55.xxx.xx

If you do see excessive bots, try adding in a crawl rate/delay for the site with Bing Webmaster tools, Google Webmaster tools as well as setting that up in robots.txt ). Webcrawlers can carelessly crawl the site and hit it hard, just to index pages.

Set Up RDNS in Azure for a public IP

When setting up an Azure VM that will have mail functions, you may need to set up a rDNS record. The Azure portal at this time does not have that capability but you can set this up in with the Azure CLI or PowerShell.

Guide for creating Reverse DNS records: https://docs.microsoft.com/en-us/azure/dns/dns-reverse-dns-for-azure-services

Here’s a PowerShell script that can set PTR records:
Set the variables appropriately.

$TenantID = "insert_tenant_id" # Customer Tenant ID
$SubscriptionID = "insert_subscripton_id" # Customer's CSP Subscription ID
$UniqueName = "exampleIP" # A Unique Name to associate with the IP, doesn't really matter
$RealFQDN = "mail.example.com." # The actual PTR/rDNS record to set on the IP Address
$IpAddress = "insert_ip" # Insett he IP you are settingthe rDNS for. 

$ProvisioningCredentials = Get-Credential -Message "Enter Your @CoderoHosting or @Coderosandbox Azure Account Credentials"
    try {
    Write-Host "Checking Credentials" -ForegroundColor Green
    Login-AzureRmAccount -Credential $ProvisioningCredentials | Out-Null
    
    $context = Get-AzureRmContext
    if ($context.Account -eq $null) {throw "Error"}
    Write-Host "Credentials are valid.  Continuing..." -ForegroundColor Green
    $validcredentials = $true
    $context = $null
    }
    
    catch {
    Write-Host "Invalid Azure login credentials.  Please try to enter your credentials again." -ForegroundColor Red
    $validcredentials = $false
    $context = $null
    }

Try {
    Write-Host "Logging in to Customer Azure Subscription..." -ForegroundColor Green
    Login-AzureRmAccount -TenantId $TenantID -Credential $ProvisioningCredentials
    Select-AzureRmSubscription -SubscriptionId $SubscriptionID
}
Catch {
    Write-Host "Not able to log in to Customer Azure Subscription.  Check that your Azure credentials are in the AdminUsers AAD Group in the coderohosting or coderosandbox tenant. Exiting script. Error message is:"
    Write-Host $PSItem.tostring() -ForegroundColor Red
    Break
}

$pip = Get-AzureRmPublicIpAddress | Where-Object {$_.IpAddress -like $IpAddress}

$pip.DnsSettings = New-Object -TypeName "Microsoft.Azure.Commands.Network.Models.PSPublicIpAddressDnsSettings"

$pip.DnsSettings.DomainNameLabel = $UniqueName

$pip.DnsSettings.ReverseFqdn = $RealFQDN

Set-AzureRmPublicIpAddress -PublicIpAddress $pip

Find Plesk users and Remove them

Plesk uses system users to handle logins. As such removing the user effectively removes their access to the entire server.
If you want to delete the user without deleting any of their files, type this command as root:

#userdel username

If you want to delete the user’s home directory along with the user account itself, type this command as root:

# userdel -r username

Check for user


# grep username /etc/passwd
#

Just to be sure check the logins for Plesk on the server and the list of users is below.

# plesk db “select login from domains inner join sys_users on domains.id = sys_users.id”
+————–+
| login |
+————–+
| artist |
| test |
| user1|
| testuser1|
| rod|
| james|
| lisa|
+————–+

			

Azure/AWS Mail blocked on Port 25

This issue revolves around Azure and AWS outbound SMTP from their virtual machines / EC2 instances.

AZURE

Azure: https://blogs.msdn.microsoft.com/mast/2017/11/15/enhanced-azure-security-for-sending-emails-november-2017-update/

For Pay-As-You-Go or Microsoft Partner Network subscriptions created after November 15, 2017, there will be technical restrictions blocking e-mail sent directly from VMs in these subscriptions. Customers that need the ability to send e-mail from Azure VMs directly to external e-mail providers (not using an authenticated SMTP relay) can make a request to remove the restriction.

Requests will be reviewed and approved at Microsoft’s discretion and will be only granted after additional anti-fraud checks are performed. To make a request, open a support case with the issue type Technical –> Virtual Network –> Connectivity –> Cannot send e-mail (SMTP/Port 25).

Be sure to add details about why your deployment needs to send mail directly to mail providers instead of going through an authenticated relay.

AWS

AWS: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/
Note: If you want AWS to create a reverse DNS record for you, you must first create a corresponding DNS A record before submitting this form.
1. Sign in and open the Request to Remove Email Sending Limitations form.
2. In the Use Case Description field, provide a description of your use case.
3. (Optional) Provide the AWS-owned Elastic IP addresses that you use to send outbound email, as well as any reverse DNS records AWS needs to associate with the Elastic IP addresses. AWS will use this information to help reduce the chance that email sent from the Elastic IP addresses is marked as spam.
4. Choose Submit.

You can replicate a sending error by attempting to connect to an external email server. E.g. smtp.gmail.com on 25/tcp.

For plesk, you can use port 587. See: https://support.plesk.com/hc/en-us/articles/213372829