Using ubuntu stock kernels on OVH

One of my clients wanted to host his vm’s on OVH. So we ordered a dedicated server and i began to setup XEN on it.

As they depend on a recent ixgbe module i had some problems with the networking, after booting the server with a 3.x stock kernel the ipmi wasn’t working.

This is how it worked for me

* Install latest 4.xx kernel (mine was 4.2.0-34-generic )
* cd /usr/src/
* Download latest ixgbe package: wget

Now go into the webmanager tool and open a ipmi kvm session.

ovh control panel

* Reboot the server once you are connected to the ipmi

Time to build the new driver
* cd /usr/src/ixgbe-4.xx
* make
* make install

Time to test it
* rmmod ixgbe
* modinfo ixgbe | grep version
You should see something like “version: 4.3.13”

Where the version should match the version of the file you downloaded

If this looks oke, load the module using modprobe

* modprobe ixgbe

you should now have a working internet connection.

Now it’s time to rebuild the initramfs package so the new module is loaded when we reboot the server.

* uname -r
should give you the kernel name, something like “4.2.0-34-generic”

* update-initramfs -k 4.2.0-34-generic -u

reboot and your internet should work.

preferring ipv4 instead of some ipv6 connections

One of my clients had a problem when he tried to connect to the google maps api using ipv6, there where no problems when i curl the url over ipv4.

As i can’t control the connection the routing to google, i was looking for a alternative solution and found out you can manipulate which address your server prefers.

Something exists called gai.conf, this hooks into the getaddress function.

So i had to block ipv6 requests to 2a00:1450:4013:c01::5f , the easy way is to disable all ipv6 requests.

If you are looking for this, just uncomment this line, and restart the program that is opening a connection.

#precedence ::ffff:0:0/96 100

This is the easy way, and i don’t want to disable all ipv6 connections, so i went ahead and played a bit more.

This was the solution i ended up with.

precedence ::1/128 50
precedence ::/0 40
precedence 2002::/16 30
precedence ::/96 20
precedence ::ffff:0:0/96 10
precedence 2a00:1450::/32 0

You want to uncomment these lines, if you don’t do this, you will block all ipv6 requests again.

Harvest export invoices.

If you use Harvest and need to export your invoices every time you need to file your taxes, you know the time it takes to select only the invoices you need.

To speed things up a little i looked at some cli scripts to help me.

First you need to install xquartx and pdfgrep. I install these packages with brew.

If these packages are installed go to the folder where all your invoices al stored.

  1. Move all invoices made from 01-03 into the folder 2015-Q1, make sure you created the folder first.
  2.  mkdir 2015-Q1

    for i in `pdfgrep -H  "Factuurdatum[ ]*[0-9]{2}/(01|02|03)/2015" *.pdf  | cut -d: -f1`; do mv $i 2015-Q1/; done

  3. Now we will change the default harvest name into $invoice-number.pdf
  4.  IFS=":"

    pdfgrep -H "Factuurnummer" *.pdf | sed -E "s/Factuurnummer[ ]{0,}//g" | while read pdf id ; do mv $pdf $id.pdf; done

  5.  Merge all pdfs’s
  6.  pdfunite 2015-*.pdf Q1.pdf

tugboat gem

Recently i was writing tests for all my chef cookbooks and it became time for testing them.

There are a lot of options to test everything, i chose  to use digitalocean to test everything.

I found a nice little gem called tugboat which gives you all the regions and images that are available.

To install the gem just run “gem install tugboat” and then run “tugboat authorize”

The authorize steps will ask you some api questions, like what is your client key and your api key.

To find both keys you’ll need to go to

Click on the generate key button to get your api key. Don’t mix this with the apps & api link in the default menu, as these keys won’t work.

Security ubuntu feisty package: Bash

Because i have this one server which is still running ubuntu feisty, I had to build my own bash packages to prevent the system from becoming to be abused using the shellshock bug.


The package can be download here.

The tar with the source can be downloaded here.

Libreoffice label templates

I’m runing LibreOffice on my mac and i’m the sucker at the office to always print the new labels.

I recently reinstalled my laptop and lost my label settings, it took me a while to find where LibreOffice saves the templates but i finally found it.

Turn of your LibreOffice, and on your old disk go to

cd /backup_pad/Users/<username>/Library/Application\ Support/LibreOffice/3/user

Copy the file to your new disk.

cp registrymodifications.xcu ~/Library/Application\ Support/LibreOffice/3/user

Restart LibreOffice and you should find the labels you made again.

Retrieving your private SSL key with IIS 7

Open the MMC window ( start -> run -> mmc) and go to file -> add/remove snap-in, choose certificates from this list. Click on Add and choose Computer account in the list.

Click Next and select Local computer, and click Finish and then Ok.

Go to Certificates (local computer) -> personal -> certificates.

On the existing SSL certificate, right mouse click -> all tasks -> export. Enable Export the private key and follow the next steps. (to check, is dit niet voor import?)

So now we have an encrypted pfx file, to retrieve our private SSL key use these commands.

openssl pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

This outputs the private key, but this still has a password.

openssl rsa -in privateKey.pem -out private.pem

Now we have our private key in a clear text file.

Renewed your SSL certificate and importing it into IIS 7

Copy your certificate you receive and save it on your windows machine.

Now open the MMC window ( start -> run -> mmc) and go to file -> add/remove snap-in, choose certificates from this list. Click on Add and choose Computer account in the list.

Click Next and select Local computer, and click Finish and then Ok.

Go to Certificates (local computer) -> personal -> certificates.

In the certificates box, right mouse click -> all tasks -> import.

Choose your certificate file and finish the import process.

Now you’ll see that the certificate misses its private key.

Double click on your certificate, go to the details tab and choose thumbprint.

Copy this and open a command prompt:

certutils –repairstory my “thumbprint” (of iets gelijk dat)

When you refresh your certificates you should see that the key has an extra symbol attached, and your certificate should be valid again.

Exim blacklist on directadmin

One of the interesting things in exim is blacklisting, unfortunately this is not enabled by default.

To enable blacklisting you need to execute these 3 commands as root on your server:

cd /etc/virtual
rm use_rbl_domains
ln -s domains use_rbl_domains

Using a huawei E1750 as a sms gateway

First we need to install some debian packages we need:

apt-get install build-essential libhid-dev bzip2 tcl8.5-dev

Because the huawei E1750 has a card reader integrated we need to disable this to use the modem, to do this we need to download Usb-modeswitch.

cd /usr/src
tar xvjf usb-modeswitch-1.1.4.tar.bz2
tar xvjf usb-modeswitch-data-20100826.tar.bz2
cd usb-modeswitch-1.1.4

make install

cd usb-modeswitch-data-20100826
make install
cp 40-usb_modeswitch.rules /etc/udev/rules.d/
udevadm control –reload_rules

Edit the file /etc/usb_modeswitch.conf en paste this below the other options.

# Configuration for the usb_modeswitch package, a mode switching tool for
# USB devices providing multiple states or modes
# This file is evaluated by the wrapper script “usb_modeswitch_dispatcher”
# in /usr/sbin
# To enable an option, set it to “1”, “yes” or “true” (case doesn’t matter)
# Everything else counts as “disable”

# Disable automatic mode switching globally (e.g. to access the original
# install storage)


# Enable logging (results in a extensive report file in /var/log, named
# “usb_modeswitch_


;DefaultVendor= 0x12d1
;DefaultProduct= 0x1446

MessageEndpoint = 0x01
MessageContent = “55534243000000000000000000000011060000000000000000000000000000”

Lets execute usb_modeswitch to disable the card reader

usb_modeswitch -v 0x12d1 -p 0x1446 -H -s 5 -c /etc/usb_modeswitch.conf

You should get some output like this:

Looking for target devices …
No devices in target mode or class found
Looking for default devices …
Found devices in default mode or class (1)
Accessing device 003 on bus 005 …
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached …
Looking for active driver …
No driver found. Either detached before or never attached

SCSI inquiry data (for identification)
Vendor String: HUAWEI
Model String: Mass Storage
Revision String: 2.31

USB description data (for identification)
Manufacturer: HUAWEI Technology
Product: HUAWEI Mobile
Serial No.: not provided
Setting up communication with interface 0 …
Using endpoint 0x01 for message sending …
Trying to send message 1 to endpoint 0x01 …
OK, message successfully sent
Resetting response endpoint 0x81
Error resetting endpoint: -71
Resetting message endpoint 0x01
Error resetting endpoint: -19
Device is gone, skipping any further commands

Checking for mode switch (max. 20 times, once per second) …
Original device is gone already, not checking
Searching for target devices …
Searching for target devices …
Searching for target devices …
Searching for target devices …
Searching for target devices …
Searching for target devices …
Found correct target device

Mode switch succeeded. Bye.

The part where it says: “Mode switch succeeded. Bye.” is important, if it doesn’t say succeeded you’ll have to look for the right vendor and product id. You can find this by using lsusb.

I’ll assume it said succeeded and we are going to install everything we need to use gnokii, as i’m a great fan of MySQL i want to put all my data in mysql so we need a mysql server and the mysql version of gnokii.

apt-get install gnokii-smsd-mysql mysql-server-5.0 gnokii-cli

Setup the mysql database, create a database + user.

echo “create database smsd” | mysql -u root -p

echo “grant all on smsd.* to gnokii@’localhost’ identified by ‘password'” | mysql -u root -p

Import the gnokii sql file

mysql smsd < /usr/share/doc/gnokii-smsd-mysql/sms.tables.mysql.sql

Now our database is ready for use, the next thing we need to do is configure our gnokii.

edit /etc/gnokiirc

(this is what mine looks like)

# This is a sample ~/.gnokiirc file. Copy it into your
# home directory and name it .gnokiirc.
# See for working examples.

port = /dev/ttyUSB0
model = AT-HW
initlength = default
connection = serial
use_locking = yes
serial_baudrate = 9600
handshake = hardware
smsc_timeout = 30

allow_breakage = 0

bindir = /usr/sbin/

TELEPHONE = 12345678

debug = off
rlpdebug = off
xdebug = off

We should be able to see some data of our modem, lets see if gnokii can identify our huawei:

gnokii –identify

GNOKII Version 0.6.26
Couldn’t read /root/.gnokiirc config file.
Couldn’t read /root/.gnokiirc config file.
IMEI : 351910046446428
Manufacturer : huawei
Model : E1750
Product name : E1750
Revision :

If you see this everything should work fine.

Now we can test if we can send a sms manually.

echo “testing if we can send sms” | gnokii –sendsms +32477……

A couple of seconds later you should receive the sms on your phone.

Now lets start the smsd daemon.

/usr/sbin/smsd -u gnokii -p password -d smsd -m mysql -f /var/log/smsd/smsd.log &

And fill in some data in our outbox.

mysql smsd
insert into outbox(number,text,dreport) values (‘+32477……’,’testing if we can send from gnokii-smsd’,1);

You should receive a text message shortly