Author Archives: Jochen Kirstaetter

Installing SQL Server 2019 and tools on Ubuntu 20.04

Installing SQL Server 2019 and tools on Ubuntu 20.04

Why writing a blog article about the installation of Microsoft SQL Server 2019, related command-line tools, and UI-based management solution despite the official documentation by Microsoft?

There are two main reasons:

  • For own purpose and reference with some additional hints
  • The official documentation seems to be "out-of-sync"

Perhaps reading the official articles Quickstart: Install SQL Server and create a database on Ubuntu and Install the SQL Server command-line tools sqlcmd and bcp on Linux in the Microsoft documentation might be a pre-requisite to the following content.

And the article Installation guidance for SQL Server on Linux provides guidance for installing, updating, and uninstalling SQL Server 2019 on Linux.

However, as mentioned, some information feels out of picture or eventually outdated given existence of newer versions of the referenced applications.

Prepare your system

Before we shall start with the installation of SQL Server 2019, command-line tools and related management software let's be sure that our local system is up-to-date and has the needed packages already installed.

Open a terminal to run the following commands. First one is going to update your local package cache. The second one installs the curl package which we are going to need for future commands.

sudo apt-get update
sudo apt install curl libxss1 libgconf-2-4 libunwind8

Next, import the public repository GPG keys.

curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

Don't ignore the trailing dash (-) in the command above. It is essential and therefore necessary. Alternatively this could have been done using wget like so.

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

Same handling for the trailing dash (-) applies.

Get the packages

Now that the local system has been prepared it is time to get the actual software packages for SQL Server 2019 and command-line tools.

To be able to install SQL Server 2019 use one of the following commands in order to add the package repository.

sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/20.04/mssql-server-2019.list)"

curl https://packages.microsoft.com/config/ubuntu/20.04/mssql-server-2019.list | sudo tee /etc/apt/sources.list.d/mssql-server-2019.list

Then add the package repository for the command-line tools provided by Microsoft accordingly.

curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list

Alternatively the information of each package repository could be used directly. Here are the corresponding entries for the sources and some more.

# SQL Server 2019
deb [arch=amd64,armhf,arm64] https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal main
# SQL command-line tools as part of the "productivity collection"
deb [arch=amd64,armhf,arm64] https://packages.microsoft.com/ubuntu/20.04/prod focal main

# A few additional Microsoft repos for reference...
# Edge
deb [arch=amd64] http://packages.microsoft.com/repos/edge/ stable main
# Azure CLI
deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ focal main
# Visual Studio Code
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main

Maybe you prefer to store all Microsoft package sources in one single microsoft.list file rather than having multiple ones.

I highly recommend to read Configure repositories for installing and upgrading SQL Server on Linux for more details on available product options and upgrade channels of SQL Server.

With the newly added repositories for apt it is time again to update the local package cache and to fill it with details about the new packages available.

sudo apt update

After successful update of the package cache you are able to search it for SQL Server related packages, like so.

apt search mssql

Or if you prefer less details, like this.

apt list mssql*
Installing SQL Server 2019 and tools on Ubuntu 20.04

The output of the command above is going to give a list of available packages for SQL Server 2019. Your choice might be different but I'm going to install the actual database engine, with full-text search, the latest command-line tools, and additionally ODBC driver support for Unix/Linux systems.

sudo apt install -y mssql-server mssql-server-fts mssql-tools18 unixodbc-dev

All necessary dependencies will be resolved and installed by apt.

After the installation SQL Server 2019 is not yet running on your system. Run mssql-conf setup command and follow the prompts to choose your edition and set the password of the super-administrator (sa) account.

sudo /opt/mssql/bin/mssql-conf setup accept-eula

After completing the setup, verify that the service is running as expected.

systemctl status mssql-server --no-pager
Installing SQL Server 2019 and tools on Ubuntu 20.04

Finally, add the SQL Server tools to the path by default.

echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bash_profile
echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bashrc
source ~/.bashrc

Is it running?

Good question. Let's try and find out. The command-line tools of SQL Server 2019 comes with sqlcmd. The SQL Server command line tool which allows you to connect to local and remote instances of SQL Server including Azure SQL. Run the following to query the product version and edition of your installation.

sqlcmd -S localhost -C -U SA -Q "SELECT @@VERSION"

You will be prompted to enter the password of SA. If you are not familiar with the various command line switches, run sqlcmd -? to get a quick overview.

The resulting output should look similar to this.

Installing SQL Server 2019 and tools on Ubuntu 20.04

Congratulations!

All those steps could be merged into one script to simplify and eventually automate the installation of SQL Server 2019 and its command-line tools. Interestingly the Microsoft documentation has an article on that matter.

Unattended install for SQL Server on Ubuntu - SQL Server
Learn to use a sample Bash script to install SQL Server 2017 on Ubuntu 16.04 without interactive input.
VanMSFTMicrosoft Docs
Installing SQL Server 2019 and tools on Ubuntu 20.04

However the presented bash script needs some serious TLC and updates. I suggest that you have look and take it as a starting point only, if needed.

Missing SQL Server Management Studio?

While working with SQL Server on a Windows system the common choice would be SQL Server Management Studio (SSMS) in order to connect to the database server / instance and the database itself. Unfortunately, SQL Server Management Studio is not available on Linux. And probably won't be in the near (and far) future.

There are at least two possibilities to replace SQL Server Management Studio which offer sufficient and similar comfort on Linux.

  • Visual Studio Code with SQL Server (mssql) extension
  • Azure Data Studio
Installing SQL Server 2019 and tools on Ubuntu 20.04
Azure Data Studio and Visual Studio Code shown in the application menu

Both applications have their pros and cons. If you are already developing and writing code in Visual Studio Code you might probably prefer to use the extension and to stay within the same window. In case that you are more into SQL Server handling and Azure you might opt-in for Data Studio.

Download and install Azure Data Studio following this article.

Download and install Azure Data Studio - Azure Data Studio
Download and install Azure Data Studio for Windows, macOS, or Linux. This article provides release dates, version numbers, system requirements, and download links.
tdoshinMicrosoft Docs
Installing SQL Server 2019 and tools on Ubuntu 20.04

Then launch the application via Application menu or run azuredatastudio in a terminal.

Installing SQL Server 2019 and tools on Ubuntu 20.04
Add a connection to a local instance of SQL Server in Azure Data Studio
Installing SQL Server 2019 and tools on Ubuntu 20.04
Azure Data Studio connected to local instance of SQL Server 2019

Install Visual Studio Code using apt.

sudo apt install -y code

Then launch the application via menu or run code in a terminal.

Installing SQL Server 2019 and tools on Ubuntu 20.04
SQL Server (mssql) extension in Visual Studio Code

More details on SQL Server tools can be found here.

SQL tools overview - SQL Server
SQL query and management tools for SQL Server, Azure SQL (Azure SQL database, Azure SQL managed instance, SQL virtual machines), and Azure Synapse Analytics.
markingmynameMicrosoft Docs
Installing SQL Server 2019 and tools on Ubuntu 20.04
Image credit: Leif Christoph Gottwald

Using Apache HTTP as reverse proxy

Leave a reply
Using Apache HTTP as reverse proxy

The Apache HTTP Server, colloquially called Apache, is a free and open-source cross-platform web server. This article explains briefly how to set up Apache as a reverse proxy to a web site in an internal network.

To set the expectations in this article. I'm not going to explain you how to install Apache web server or how to get it operational on your system. There are thousands of tutorials including my own Accessing your web server via IPv6 on the Internet that already cover that step.

In case more information about the configuration directives used below is needed, I recommend to consult the official documentation of a particular keyword.

The scenario

I have a web site running on a system in an internal network. This could be either a full-fledged Windows/Linux server or an IoT device running on a single board computer (SBC), like i.e. a Raspberry Pi, an Arduino, ESP8266 chipset.

Using Apache HTTP as reverse proxy
A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Source: Wikipedia

Now, I want to enable access from the Internet to that internal server using Apache.

Configuring Apache as reverse proxy

In order to complete our task we need to look into the features of the mod_proxy module for Apache. Here, we get a directive called ProxyPass which does the job as expected. According to Apache's Reverse Proxy Guide the simplest example proxies all requests ("/") to a single backend:

ProxyPass "/"  "http://www.example.com/"

Additionally, to hide any reference to the system on the internal network it is required to specify the directive ProxyPassReverse to modify certain HTTP header values in the response, and use the proxy data instead.

Following is a working example of how to set up a virtual host in Apache that provides reverse proxy capabilities. 

<VirtualHost *:80>
        ServerName mediacentre.kirstaetter.name

        ProxyRequests On
        ProxyPreserveHost On
        ProxyVia full

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass               /       http://10.0.240.4:8080/
        ProxyPassReverse        /       http://10.0.240.4:8080/
</VirtualHost>

The host system on IP address 10.0.240.4 is part of an OpenVPN infrastructure and therefore accessible from the proxy system.

Multiple proxies possible

No problem with Apache. You can configure and run as many reverse proxies as would like to. One has to pay attention to avoid overlaps either via ServerName directive or by using different port numbers to bind to. Although I have only one reverse proxy running on Apache I configured multiple scenarios using nginx. More details are described in Using nginx as reverse proxy.

Do you have any interesting use cases or active configurations of Apache as reverse proxy? If yes, please use the comment section below give me and other readers more details. Thanks!

Image credit: Nick Fewing

Using nginx as reverse proxy

Leave a reply
Using nginx as reverse proxy

Nginx (read: engine-x) has versatile options to set up web sites and more advanced configurations. This article explains briefly how to set up nginx as a reverse proxy to a web site in an internal network.

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Source: https://www.nginx.com/resources/wiki/

The scenario

I have a web site running on a system in an internal network. This could be either a full-fledged Windows/Linux server or an IoT device running on a single board computer (SBC), like i.e. a Raspberry Pi, an Arduino, ESP8266 chipset.

Using nginx as reverse proxy
A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Source: Wikipedia

Now, I want to enable access from the Internet to that internal server using nginx.

Setting up nginx

In order to set up the solution you need to have a public facing web server on the Internet. Most probably it already runs nginx to serve your web site or blogging software.

I'm running a root server on Debian/GNU Linux and nginx is already installed. You can check your own system quickly like so for any running process:

$ ps fax | grep nginx

Or if you prefer a bit more details like so:

$ sudo service nginx status
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: active (running) since Do 2019-01-03 03:28:11 CET; 4 days ago
     Docs: man:nginx(8)
  Process: 29505 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 29537 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 29535 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 29539 (nginx)
   CGroup: /system.slice/nginx.service
           ├─29539 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─29540 nginx: worker process
           ├─29541 nginx: worker process
           ├─29542 nginx: worker process
           └─29543 nginx: worker process

In case that nginx is not even installed on your system you could look up the package information like so:

$ apt search ^nginx

And install the web server using apt-get like so:

$ sudo apt-get install nginx-full

Which will then install nginx web/proxy server and all its dependencies on your server.

Configuring nginx as reverse proxy

Now, we have an operational installation of nginx on our Internet-facing system. We are going to create a new configuration file that defines the necessary proxy information to access our service on the internal network.

First create a new file below nginx configuration folder using your preferred text editor.

$ cd /etc/nginx/sites-available/
$ sudo nano raspberry

The file name should be relevant to either the kind of services or the system that you are going to shield using nginx as proxy.

Next, write the following server definition into your configuration file. Of course, you would adjust the server name and the IP address according to your environment:

server {
    listen 80;
    listen [::]:80;
    
    server_name raspberry.kirstaetter.name;
    server_tokens off;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass 10.0.240.3;
    }
}

That is the minimal configuration you would have to specify in order to run nginx as a reverse proxy to a system on your internal network. The given IP address needs to be accessible from your public web server, i.e. using a VPN infrastructure based on OpenVPN.

After saving and closing the new nginx configuration it is time to enable and check the syntax for any errors. To enable an available configuration you need to either place it or link it into the folder sites-enabled of nginx.

$ cd ../sites-enabled
$ sudo ln -s /etc/nginx/sites-available/raspberry raspberry

Now, to avoid any unexpected shutdowns or better said launching issues you should always run a configuration test before restarting the nginx service. This can be done quickly using the following command:

$ sudo service nginx configtest
[ ok ] Testing nginx configuration:.

Should your configuration file have any unknown directives and errors the output of configtest looks like this:

$ sudo service nginx configtest
[FAIL] Testing nginx configuration: failed!

You will find more details about the nature of the problem and the line number in the error log file below /var/log, i.e. here:

$ sudo cat /var/log/nginx/error.log
2019/01/07 13:50:07 [emerg] 21662#21662: unknown directive "server_?name" in /etc/nginx/sites-enabled/raspberry:5

Only when all problems have been resolved and you have a positive response from the configtest you should restart the nginx service.

$ sudo service nginx restart

Resolve a domain name

The above described sample is very basic, and sometimes it might be necessary to avoid using an IP address for internal service. Luckily, this can configured using the resolver directive in an nginx configuration file like so:

server {
    listen 80;
    listen [::]:80;
    
    server_name raspberry.kirstaetter.name;
    server_tokens off;

    resolver 127.0.0.1;
    
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass rasp01.local;
    }
}

The change in our configuration file now assumes that I have a DNS server running on the local machine which knows how to handle and resolve the specified domain name rasp01.local.

Again, this article covers the basics of reverse proxying using nginx only. There are more interesting scenario like setting your own DNS server on the internal network to provide public access to an internal resource.

Perhaps, you might want to proxy an existing service with your own custom domain, in case that the service provide does not offer this option. Using a public DNS server like Cloudflare's 1.1.1.1, Google Public DNS (8.8.8.8), or OpenDNS as resolver should give you some ideas.

Provide secure access using SSL

Let's take the following scenario into consideration. Your internal resource might not be configurable with an SSL certificate but you would like to enable HTTPS protocol communication from the Internet. Setting up nginx with an SSL certificate is well-documented and to combine this with the above described proxy features is a breeze to achieve.

Following you will get a more complete configuration file based on the previous example, now SSL-enabled using a Let's Encrypt certificate.

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name raspberry.kirstaetter.name;
    server_tokens off;
    server_name_in_redirect off;

    client_max_body_size 50m;

    ssl on;
    ssl_certificate         /etc/letsencrypt/live/raspberry.kirstaetter.name/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/raspberry.kirstaetter.name/privkey.pem;

    # modern configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # HTTP headers
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy no-referrer-when-downgrade;

    root /var/www/raspberry;
    access_log /var/log/nginx/raspberry.kirstaetter.name.access_log gzip;
    error_log /var/log/nginx/raspberry.kirstaetter.name.error_log info;

    resolver 127.0.0.1;
    
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass rasp01.local;
    }

    location ~ /.well-known {
        allow all;
    }
}

The specified SSL options in regards to protocols and ciphers are an arbitrary choice of mine. If you have suggestions on how to improve the SSL setup, please leave a comment below.

Eventually the http2 directive might be an issue. Either check that you are using a recent version of nginx that has HTTP/2 support backed in or remove the value from the listen directive in the configuration file.

Multiple proxies

No problem with nginx. You can configure and run as many reverse proxies as would like to. Right now, I think I have three or four proxies running. Interestingly, one of them is an older set up based on Apache HTTPd which I'm going to write about in a separate article.

Do you have any interesting use cases or active configurations of nginx as reverse proxy? If yes, please use the comment section below give me and other readers more details. Thanks!

Image credit: Otto Norin

Upgrade to Xubuntu 15.04 – Vivid Vervet

Leave a reply
Upgrade to Xubuntu 15.04 - Vivid Vervet

Running an operating system like Ubuntu or any of its derivates, like ie. Xubuntu, comes with some nice treats (and threats?). One of the nice things is that you'll get a scheduled upgrade approximately every six months. Usually, around April and October of each year. Meaning there are two releases per year resulting in those version numbers [Year].04 and [Year].10. Also, ever two years the April edition of Ubuntu is classified as a Long-Term Support (LTS) version which keeps an extended period of time. A nice touch and surely interesting for professional installations of Ubuntu but eventually not too practical for the daily use at home or when you're interested in latest versions.

Preparing the system

These steps are the same every time you decide to upgrade to the latest release. Eventually, you might be interested to update older installation and have a read here: 

In general, you should have a look at the official upgrade documentation of Ubuntu. Next, get your recent system up-to-date before you consider to upgrade. Also, take care that there are no pending partial upgrades or packages on hold. This might have a negative impact on the installation process of the newer packages. So, before you think about upgrading you have to ensure that your current system is running on the latest packages. This can be done easily via a terminal like so:

$ sudo apt-get update && sudo apt-get -y dist-upgrade --fix-missing

Upgrade to Xubuntu 15.04 - Vivid Vervet

Next, we are going to initiate the upgrade itself:

$ sudo update-manager

As a result the graphical Software Updater should inform you that a newer version of Ubuntu is available for installation.

Upgrade to Xubuntu 15.04 - Vivid Vervet

Ubuntu's Software Updater informs you whether an upgrade is available

Running the upgrade

After clicking 'Upgrade...' or 'Yes, Upgrade Now' you will be presented with information about the new version.

Upgrade to Xubuntu 15.04 - Vivid Vervet

Details about Ubuntu 15.04 (Vivid Vervet)

Simply continue with the procedure and your system will be analysed for the next steps.

Upgrade to Xubuntu 15.04 - Vivid Vervet

Analysing the existing system and preparing the actual upgrade to 15.04

Upgrade to Xubuntu 15.04 - Vivid Vervet

Next, we are at the point of no return. Last confirmation dialog before having a coffee break while your machine is occupied to download the necessary packages. Not the best bandwidth at hand after all... yours might be faster.

Upgrade to Xubuntu 15.04 - Vivid Vervet

Are you really sure that you want to start the upgrade? Let's go and have fun!

Anyway, bye bye Unique Unicorn and Welcome Vivid Vervet!

In case that you added any additional repositories like Medibuntu or PPAs you will be informed that they are going to be disabled during the upgrade and they might require some manual intervention after completion.

Upgrade to Xubuntu 15.04 - Vivid Vervet

Ubuntu is playing safe and third party repositories are disabled during the upgrade

Well, depending on your internet bandwidth this might take something between a couple of minutes and some hours to download all the packages and then trigger the actual installation process. In my case I left my PC unattended during the night.

Upgrade to Xubuntu 15.04 - Vivid Vervet

At the end Xubuntu will ask you whether you would like to remove old and obsolete packages of the previous version.

Upgrade to Xubuntu 15.04 - Vivid Vervet

Time to reboot

Upgrade to Xubuntu 15.04 - Vivid Vervet

Finally, it's time to restart your system and see what's going to happen... In my case absolutely nothing unexpected. The system booted the new kernel 3.19.0 as usual and I was greeted by a new login screen.

Honestly, 'same' system as before - which is good and I love that fact of consistency - and I can continue to work productively. And also Software Updater confirms that we just had a painless upgrade:

Upgrade to Xubuntu 15.04 - Vivid Vervet

System is running Ubuntu 15.04 - Vivid Vervet - and up to date

See you in six months again... ;-)

Post-scriptum

In case that you would to upgrade to the latest development version of Ubuntu, run the following command in a console:

$ sudo update-manager -d

And repeat all steps as described above.

Lets rock with MySQL and MariaDB

Leave a reply

Logo of MariaDB Sealion mascotSome weeks months ago...

What happens on Facebook

I saw an announcement made by Ronny on Facebook that he's about to organise a meeting about MySQL and MariaDB. Well, I have to admit that I didn't have that much contact with Ronny but I knew that he was involved in the initiation of the Linux User Group of Mauritius (LUGM), and that Ish already mentioned his name a couple of times, mostly because of the inspirational approach and other funny things. Well, long story short. Ronny mentioned that one of his friends will be around on the island for some vacation and that said person agreed to do a session on the history, the (eventual) future and some technical aspects of MySQL and MariaDB. Sounds great and having an expert from abroad doesn't happen too often...

Okay, next Ronny was looking for a decent location and I suggested to him that he might his luck at The Flying Dodo Brewery in Bagatelle. In general not a problem but those guys over there speak money and in order to get their side room with some conference aspirations they wouldn't agree on the usual deal for user groups. Meaning: Room for attendees consuming food & drinks. As I had personal interest in this session to happen, I backed Ronny's intentions to go forward with it and to let me know in case that there financial constraints to be expected. Running your business provides you with some benefits and allowances. Anyway, there was a little fee for the evening to be paid, and I was glad to cover those expenses through my business: IOS Indian Ocean Software Ltd.

Lets rock with MySQL and MariaDB

The "event" was scheduled for the evening hours, and after the official part it was commonly agreed that we are going to leverage the location and have a decent after-meeting session at the brewery. It's always nice to combine work with pleasure - particularly in that specific order.

Our presenter, an international consultant for MySQL and MariaDB working at SkySQL AB at that time, named Joffrey Michaie did a great job during the evening. First, he gave us a brief history lesson about the origins of MySQL, then elaborated on the recent purchase event during the last couple of years and went over the actual reasons why MariaDB has been created. Well, Sun and Oracle did a great job to get quite a number of good developers on MySQL as well as the community on their feet. The fork of MySQL into MariaDB is reasonable given that Oracle doesn't need to support two opposing RDBMS within the same company - astounishingly that's a very familiar constellation seeing Microsoft SQL Server and Microsoft Visual FoxPro (VFP) in the past. Anyway, approximately 90% (and more) of the original MySQL developers quit their job and went over to a company called SkySQL AB - which is solely temporarily and there had been a press release recently, that it's now officially MariaDB AB. Monty Widenius had his coup and the core development team is back to its roots.

And... best of all: MariaDB is an inplace-replacement for MySQL. In case that you're operating your website or blog on MySQL you can simply install and use MariaDB instead of. It works flawlessly.

Next, Jojo gave us some corner data about the wide-spread use of MySQL/MariaDB. Actually some big internet companies or better said their websites (like Facebook, SAP, Xing, etc.) are driven by MySQL installations spread over hundreds or even over thousands of machines. Of course, this requires some interesting architecture not only regarding the physical setup of machines and networks but also in terms of storage and replication features. High-availability (HA) is the magical keyword in this case. At a certain size you have to switch towards DB clusters and Joffrey gave us good information about one could setup such clusters using Galera. He also gave us a brief overview of some specialised storage engines available in MySQL/MariaDB which definitely go far beyond the capabilities of the standard types like MyISAM or InnoDB.

Full screen entertainment for geeks

The full presentation of a whooping 107 slides is available on SlideShare - Thanks to Joffrey and the LUGM!

On my side, I have to admit that I was a bit interruptive as I had a good number of questions regarding certain features I'm used to using either VFP or SQL Server. Especially given the fact that I was involved in the software architecture and development of client-server applications that run on roughly 100 instances of SQL Server including different types of data replication. Yes, we did partitioning and the database has a variety of replication scenarios for different tables; including typical master-slave replication but also enhanced 2-way replication. Also dealing with data volumes in 2-digit and even 3-digit regions is not unusual with my clients. And there is quite a difference between writing and running queries against a low amount of records compared to tables with 15+ million records. Not to forget about write and update operations. Patiently, Joffrey took note of my questions and he had very good answers how certain setups and requirements could be solved and handled with MariaDB. One of the interesting topics was the discussion about data types of "uniqueidentifier" versus "UUID" versus "Global Transaction ID (GTID)". Well, basically they are the same... Whereas SQL Server handles replication based on that specific data type, MySQL or MariaDB remains on dealing with integer-based column data types (comparable to Auto-Increment in SQL Server) - which I find problematic. 

MariaDB Enterprise Architecture v3.1
MariaDB is not just the database anymore; it's a platform for application developers and database administrators

Anyway, the evening had some interesting chunks of information for me and I enjoyed the whole presentation. Joffrey knows how to keep the audience focused and engaged into the topic. And shamelessly we extending the scheduled 1-hour session by at least 30 minutes or so. Until all questions have been asked and answered. And after all this talking and listening it was time to move over to the social aspects of the evening and to get some refreshments.

Networking session and future activities

Later on I managed to have a little smalltalk with Jojo and even though the meeting was under the aegis of the LUGM, I informed him about the existence, goals and intentions of the Mauritius Software Craftsmanship Community (MSCC). Dunno, how he took it but since then we are still in touch on social media networks, and have a chat from time to time. On my part I'm looking forward to the next opportunity to hear about MariaDB from Joffrey - and of course I won't hesitate to act as a sponsor again.

Oh, and thanks for the goodies - I really like that black MariaDB 10 T-Shirt.

Disclaimer: Images are courtesy of MariaDB Corporation Ab. MariaDB is a trademark or registered trademarks of MariaDB Corporation Ab in the European Union and United States of America and/or other countries. MySQL is a trademark of Oracle Corporation Inc.

Accessing your web server via IPv6

Leave a reply

Being able to run your systems on IPv6, have automatic address assignment and the ability to resolve host names are the necessary building blocks in your IPv6 network infrastructure. Now, that everything is in place it is about time that we are going to enable another service to respond to IPv6 requests. The following article will guide through the steps on how to enable Apache2 httpd to listen and respond to incoming IPv6 requests.

This is the fourth article in a series on IPv6 configuration:

Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.

Surfing the web - IPv6 style

Enabling IPv6 connections in Apache 2 is fairly simply. But first let's check whether your system has a running instance of Apache2 or not. You can check this like so:

$ service apache2 status
Apache2 is running (pid 2680).

In case that you got a 'service unknown' you have to install Apache to proceed with the following steps:

$ sudo apt-get install apache2

Out of the box, Apache binds to all your available network interfaces and listens to TCP port 80. To check this, run the following command:

$ sudo netstat -lnptu | grep "apache2\W*$"
tcp6       0      0 :::80                   :::*                    LISTEN      28306/apache2

In this case Apache2 is already binding to IPv6 (and implicitly to IPv4). If you only got a tcp output, then your HTTPd is not yet IPv6 enabled.

Check your Listen directive, depending on your system this might be in a different location than the default in Ubuntu.

$ sudo nano /etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Just in case that you don't have a ports.conf file, look for it like so:

$ cd /etc/apache2/
$ fgrep -r -i 'listen' ./*

And modify the related file instead of the ports.conf. Which most probably might be either apache2.conf or httpd.conf anyways.

Okay, please bear in mind that Apache can only bind once on the same interface and port. So, eventually, you might be interested to add another port which explicitly listens to IPv6 only. In that case, you would add the following in your configuration file:

Listen 80
Listen [2001:db8:bad:a55::2]:8080

But this is completely optional... Anyways, just to complete all steps, you save the file, and then check the syntax like so:

$ sudo apache2ctl configtest
Syntax OK

Ok, now let's apply the modifications to our running Apache2 instances:

$ sudo service apache2 reload
 * Reloading web server config apache2
   ...done.

$ sudo netstat -lnptu | grep "apache2\W*$"                                                                                              
tcp6       0      0 2001:db8:bad:a55:::8080 :::*                    LISTEN      5922/apache2   
tcp6       0      0 :::80                   :::*                    LISTEN      5922/apache2

There we have two daemons running and listening to different TCP ports.

Now, that the basics are in place, it's time to prepare any website to respond to incoming requests on the IPv6 address. Open up any configuration file you have below your sites-enabled folder.

$ ls -al /etc/apache2/sites-enabled/
...

$ sudo nano /etc/apache2/sites-enabled/000-default

<VirtualHost *:80 [2001:db8:bad:a55::2]:8080>
        ServerAdmin [email protected]
        ServerName server.ios.mu
        ServerAlias server

Here, we have to check and modify the VirtualHost directive and enable it to respond to the IPv6 address and port our web server is listening to. Save your changes, run the configuration test and reload Apache2 in order to apply your modifications. After successful steps you can launch your favourite browser and navigate to your IPv6 enabled web server.

Accessing an IPv6 address in the browser
Accessing an IPv6 address in the browser

That looks like a successful surgery to me...

Note: In case that you received a timeout, check whether your client is operating on IPv6, too.

Enabling DNS for IPv6 infrastructure

Leave a reply

After successful automatic distribution of IPv6 address information via DHCPv6 in your local network it might be time to start offering some more services. Usually, we would use host names in order to communicate with other machines instead of their bare IPv6 addresses. During the following paragraphs we are going to enable our own DNS name server with IPv6 address resolving.

This is the third article in a series on IPv6 configuration:

Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.

What's your name and your IPv6 address?

$ sudo service bind9 status
 * bind9 is running

If the service is not recognised, you have to install it first on your system. This is done very easy and quickly like so:

$ sudo apt-get install bind9

Once again, there is no specialised package for IPv6. Just the regular application is good to go.

But of course, it is necessary to enable IPv6 binding in the options. Let's fire up a text editor and modify the configuration file.

$ sudo nano /etc/bind/named.conf.options

acl iosnet {
        127.0.0.1;
        192.168.1.0/24;
        ::1/128;
        2001:db8:bad:a55::/64;
};

listen-on { iosnet; };
listen-on-v6 { any; };

allow-query { iosnet; };
allow-transfer { iosnet; };

Most important directive is the listen-on-v6. This will enable your named to bind to your IPv6 addresses specified on your system. Easiest is to specify any as value, and named will bind to all available IPv6 addresses during start. More details and explanations are found in the man-pages of named.conf.

Save the file and restart the named service. As usual, check your log files and correct your configuration in case of any logged error messages. Using the netstat command you can validate whether the service is running and to which IP and IPv6 addresses it is bound to, like so:

$ sudo service bind9 restart

$ sudo netstat -lnptu | grep "named\W*$"
tcp        0      0 192.168.1.2:53        0.0.0.0:*               LISTEN      1734/named     
tcp        0      0 127.0.0.1:53          0.0.0.0:*               LISTEN      1734/named     
tcp6       0      0 :::53                 :::*                    LISTEN      1734/named     
udp        0      0 192.168.1.2:53        0.0.0.0:*                           1734/named     
udp        0      0 127.0.0.1:53          0.0.0.0:*                           1734/named     
udp6       0      0 :::53                 :::*                                1734/named 

 Sweet! Okay, now it's about time to resolve host names and their assigned IPv6 addresses using our own DNS name server.

$ host -t aaaa www.6bone.net 2001:db8:bad:a55::2
Using domain server:
Name: 2001:db8:bad:a55::2
Address: 2001:db8:bad:a55::2#53
Aliases:

www.6bone.net is an alias for 6bone.net.
6bone.net has IPv6 address 2001:5c0:1000:10::2

Alright, our newly configured BIND named is fully operational.

Eventually, you might be more familiar with the dig command. Here is the same kind of IPv6 host name resolve but it will provide more details about that particular host as well as the domain in general.

$ dig @2001:db8:bad:a55::2 www.6bone.net. AAAA

More details on the Berkeley Internet Name Domain (bind) daemon and IPv6 are available in Chapter 22.1 of Peter Bieringer's HOWTO on IPv6.

Setting up your own DNS zone

Now, that we have an operational named in place, it's about time to implement and configure our own host names and IPv6 address resolving. The general approach is to create your own zone database below the bind folder and to add AAAA records for your hosts. In order to achieve this, we have to define the zone first in the configuration file named.conf.local.

$ sudo nano /etc/bind/named.conf.local

//
// Do any local configuration here
//
zone "ios.mu" {
        type master;
        file "/etc/bind/zones/db.ios.mu";
};

Here we specify the location of our zone database file. Next, we are going to create it and add our host names, our IP and our IPv6 addresses.

$ sudo nano /etc/bind/zones/db.ios.mu

$ORIGIN .
$TTL 259200     ; 3 days
ios.mu                  IN SOA  ios.mu. hostmaster.ios.mu. (
                                2014031101 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      server.ios.mu.
$ORIGIN ios.mu.
server                  A       192.168.1.2
server                  AAAA    2001:db8:bad:a55::2
client1                 A       192.168.1.3
client1                 AAAA    2001:db8:bad:a55::3
client2                 A       192.168.1.4
client2                 AAAA    2001:db8:bad:a55::4

With a couple of machines in place, it's time to reload that new configuration.

Note: Each time you are going to change your zone databases you have to modify the serial information, too. Named loads the plain text zone definitions and converts them into an internal, indexed binary format to improve lookup performance. If you forget to change your serial then named will not use the new records from the text file but the indexed ones. Or you have to flush the index and force a reload of the zone.

This can be done easily by either restarting the named:

$ sudo service bind9 restart

or by reloading the configuration file using the name server control utility - rndc:

$ sudo rndc reconfig

Check your log files for any error messages and whether the new zone database has been accepted. Next, we are going to resolve a host name trying to get its IPv6 address like so:

$ host -t aaaa server.ios.mu. 2001:db8:bad:a55::2
Using domain server:
Name: 2001:db8:bad:a55::2
Address: 2001:db8:bad:a55::2#53
Aliases:

server.ios.mu has IPv6 address 2001:db8:bad:a55::2

Looks good.

Alternatively, you could have just ping'd the system as well using the ping6 command instead of the regular ping:

$ ping6 server
PING server(2001:db8:bad:a55::2) 56 data bytes
64 bytes from 2001:db8:bad:a55::2: icmp_seq=1 ttl=64 time=0.615 ms
64 bytes from 2001:db8:bad:a55::2: icmp_seq=2 ttl=64 time=0.407 ms
^C
--- ios1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.407/0.511/0.615/0.104 ms

That also looks promising to me. How about your configuration?

Next, it might be interesting to extend the range of available services on the network. One essential service would be to have web sites at hand.

DHCPv6: Provide IPv6 information in your local network

Leave a reply

Even though IPv6 might not be that important within your local network it might be good to get yourself into shape, and be able to provide some details of your infrastructure automatically to your network clients.

This is the second article in a series on IPv6 configuration:

Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.

IPv6 addresses for everyone (in your network)

Okay, after setting up the configuration of your local system, it might be interesting to enable all your machines in your network to use IPv6. There are two options to solve this kind of requirement... Either you're busy like a bee and you go around to configure each and every system manually, or you're more the lazy and effective type of network administrator and you prefer to work with Dynamic Host Configuration Protocol (DHCP). Obviously, I'm of the second type.

Enabling dynamic IPv6 address assignments can be done with a new or an existing instance of a DHCPd. In case of Ubuntu-based installation this might be isc-dhcp-server. The isc-dhcp-server allows address pooling for IP and IPv6 within the same package, you just have to run to independent daemons for each protocol version. First, check whether isc-dhcp-server is already installed and maybe running your machine like so:

$ service isc-dhcp-server6 status

In case, that the service is unknown, you have to install it like so:

$ sudo apt-get install isc-dhcp-server

Please bear in mind that there is no designated installation package for IPv6.

Okay, next you have to create a separate configuration file for IPv6 address pooling and network parameters called /etc/dhcp/dhcpd6.conf. This file is not automatically provided by the package, compared to IPv4. Again, use your favourite editor and put the following lines:

$ sudo nano /etc/dhcp/dhcpd6.conf

authoritative;
default-lease-time 14400; 
max-lease-time 86400;
log-facility local7;
subnet6 2001:db8:bad:a55::/64 {
    option dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
    option dhcp6.domain-search "ios.mu";
    range6 2001:db8:bad:a55::100 2001:db8:bad:a55::199;
    range6 2001:db8:bad:a55::/64 temporary;
}

Next, save the file and start the daemon as a foreground process to see whether it is going to listen to requests or not, like so:

$ sudo /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth0

The parameters are explained quickly as -6 we want to run as a DHCPv6 server, -d we are sending log messages to the standard error descriptor (so you should monitor your /var/log/syslog file, too), and we explicitely want to use our newly created configuration file (-cf). You might also use the command switch -t to test the configuration file prior to running the server.

In my case, I ended up with a couple of complaints by the server, especially reporting that the necessary lease file wouldn't exist. So, ensure that the lease file for your IPv6 address assignments is present:

$ sudo touch /var/lib/dhcp/dhcpd6.leases
$ sudo chown dhcpd:dhcpd /var/lib/dhcp/dhcpd6.leases

Now, you should be good to go. Stop your foreground process and try to run the DHCPv6 server as a service on your system:

$ sudo service isc-dhcp-server6 start
isc-dhcp-server6 start/running, process 15883

Check your log file /var/log/syslog for any kind of problems. Refer to the man-pages of isc-dhcp-server and you might check out Chapter 22.6 of Peter Bieringer's IPv6 Howto. The instructions regarding DHCPv6 on the Ubuntu Wiki are not as complete as expected and it might not be as helpful as this article or Peter's HOWTO. But see for yourself.

Does the client get an IPv6 address?

Running a DHCPv6 server on your local network surely comes in handy but it has to work properly. The following paragraphs describe briefly how to check the IPv6 configuration of your clients,

Linux - ifconfig or ip command

First, you have enable IPv6 on your Linux by specifying the necessary directives in the /etc/network/interfaces file, like so:

$ sudo nano /etc/network/interfaces

iface eth1 inet6 dhcp

Note: Your network device might be eth0 - please don't just copy my configuration lines.

Then, either restart your network subsystem, or enable the device manually using the dhclient command with IPv6 switch, like so:

$ sudo dhclient -6

You would either use the ifconfig or (if installed) the ip command to check the configuration of your network device like so:

$ sudo ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:1d:09:5d:8d:98 
          inet addr:192.168.160.147  Bcast:192.168.160.255  Mask:255.255.255.0
          inet6 addr: 2001:db8:bad:a55::193/64 Scope:Global
          inet6 addr: fe80::21d:9ff:fe5d:8d98/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

Looks good, the client has an IPv6 assignment. Now, let's see whether DNS information has been provided, too.

$ less /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
nameserver 192.168.1.2
nameserver 127.0.1.1
search ios.mu

Nicely done.

Windows - netsh

Per description on TechNet the netsh is defined as following:

"Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers."

And even though TechNet states that it applies to Windows Server (only), it is also available on Windows client operating systems, like Vista, Windows 7 and Windows 8.

In order to get or even set information related to IPv6 protocol, we have to switch the netsh interface context prior to our queries. Open a command prompt in Windows and run the following statements:

C:\Users\joki>netsh
netsh>interface ipv6
netsh interface ipv6>show interfaces

Show IPv6 network interfaces using netsh command on Windows

Select the device index from the Idx column to get more details about the IPv6 address and DNS server information (here: I'm going to use my WiFi device with device index 11), like so:

netsh interface ipv6>show address 11

Show IPv6 address information using netsh command on Windows

Okay, address information has been provided. Now, let's check the details about DNS and resolving host names:

netsh interface ipv6>show dnsservers 11

Show IPv6 DNS server configuration using netsh command on Windows

Okay, that looks good already. Our Windows client has a valid IPv6 address lease with lifetime information and details about the configured DNS servers.

Talking about DNS server...
Your clients should be able to connect to your network servers via IPv6 using hostnames instead of IPv6 addresses. Please read on about how to enable a local named with IPv6.