OpenVPN Troubleshooting

Recently I tried installing and setting up OpenVPN on my home server. I ran into a problem I had had before. Both the installation of the .deb package and the init script would hang.

I found the –verbose switch to the /usr/local/openvpn_as/bin/ovpn-init command. it would always hang right after “Generating init scripts auto command”. As generating the init scripts should be instantaneous, this was frustrating. At one point in the script is calls /usr/local/openvpn_as/bin/_ovpn-init and attempts to list the iptables config with iptable –list and put it into a variable. My iptables list is LARGE and uses the hostnames of several IPs I want blocked. (Think asian and Russian sites.) That iptables command it uses does DNS on every hostname. It should use (and I changed the script) to use iptables –list -n which skips DNS.

Now the ovpn-init script runs and doesn’t hang.

rake gitlab:check complains about git version

With the 5.2 version of gitlab, the

bundle exec rake gitlab:check RAILS_ENV=production

command complains about the current distro’s version of git:

Your git bin path is “/usr/bin/git”
Git version >= 1.7.10 ? … no
Try fixing it:
Update your git to a version >= 1.7.10 from 1.7.9
Please fix the error above and rerun the checks.

Checking GitLab … Finished

Here’s how to compile from source to a local (or system wide) location.

Continue reading “rake gitlab:check complains about git version”

Fixing gitlab errors with git operations

Recenlty, I was able to install the 5.2 branch of gitlab for work.

I ran into the following error when cloning a repo:

git pull
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

yet, ssh and ssh keys were working:

ssh -T git@gitlab.lib.unc.edu
Welcome to GitLab, Anonymous!

It took a while, but I found a way to check what gitlab-shell is doing:

gitlab-shell/bin/check

Check GitLab API access: FAILED. code: 302

Check directories and files:
/home/git/repositories: OK
/home/git/.ssh/authorized_keys: OK

This does make sense because it set up SSL in the apache conf for gitlab using the example conf file. It seems that gitlab-shell isn’t smart enough to handle a redirect to the https side. So in the gitlab-shell/config.yml make sure the gitlab_url setting has https set. Also, you may need to make sure your /etc/hosts has the name of the virtual host (if you are running it that way) pointing to the right interface.

Keep in mind, gitlab-shell doesn’t play nice with self-signed certs. I had to revert some things on another gitlab install.

After fixing this, ssh-ing into the server worked right:

ssh -T git@gitlab.lib.unc.edu
Welcome to GitLab, <user>!

AirPrint to cups-pdf on Ubuntu

 

welcome_airprint2I got the 3rd generation iPad and needed to print some emails ? actually to save them as pdf. Easy enough to do on a Mac in Safari, but not an option in iOS 5.1. So, to get AirPrint working with cups-pdf on Ubuntu 10.04.4 LTS.

Avahi

Prior to this, I used airprint-generate.py to get AirPrint working with a regular printer. I manually duplicated the avahi service file for the cups-pdf printer from the regular printer created with the script. I imagine I could have used it again to create a avahi service file for cups-pdf.

/etc/avahi/services/AirPrint-PDF.service
&lt;?xml version='1.0' encoding='UTF-8'?&gt;
&lt;!DOCTYPE service-group SYSTEM "avahi-service.dtd"&gt;
&lt;service-group&gt;
 &lt;name replace-wildcards="yes"&gt;AirPrint PDF @ server.local&lt;/name&gt;
 &lt;service&gt;
 &lt;type&gt;_ipp._tcp&lt;/type&gt;
 &lt;subtype&gt;_universal._sub._ipp._tcp&lt;/subtype&gt;
 &lt;port&gt;631&lt;/port&gt;
 &lt;txt-record&gt;txtvers=1&lt;/txt-record&gt;
 &lt;txt-record&gt;qtotal=1&lt;/txt-record&gt;
 &lt;txt-record&gt;Transparent=T&lt;/txt-record&gt;
 &lt;txt-record&gt;URF=none&lt;/txt-record&gt;
 &lt;txt-record&gt;rp=printers/PDF&lt;/txt-record&gt;
 &lt;txt-record&gt;note=AirPrint&lt;/txt-record&gt;
 &lt;txt-record&gt;product=(GPL Ghostscript)&lt;/txt-record&gt;
 &lt;txt-record&gt;printer-state=3&lt;/txt-record&gt;
 &lt;txt-record&gt;printer-type=0x80901c&lt;/txt-record&gt;
 &lt;txt-record&gt;pdl=application/octet-stream,application/pdf,application/postscript,image/gif,image/jpeg,image/png,image/tiff,text/html,text/plain,application/openofficeps,application/vnd.cups-banner,application/vnd.cups-pdf,application/vnd.cups-postscript&lt;/txt-record&gt;
 &lt;/service&gt;
&lt;/service-group&gt;

Of course, the key entry here, is the cups path to to printer:
&lt;txt-record&gt;rp=printers/PDF&lt;/txt-record&gt;

I suppose it could be a path to a different cups server.

Cups-pdf

If not installed, install it on Ubuntu with:

apt-get install cups-pdf

Then, in cd /var/spool/cups-pdf/ we will have to make a link to your home directory. In this tutorial, I am using Dropbox to sync the generated pdfs. So, I created a link to a folder in my Dropbox folder for anonymous pdf files.
ls -la
total 16
drwxr-xr-x 4 root root 4096 2012-03-17 00:48 .
drwxr-xr-x 9 root root 4096 2012-03-17 00:15 ..
lrwxrwxrwx 1 root root 27 2012-03-17 00:38 ANONYMOUS -&gt; /home/&lt;user&gt;/Dropbox/Docs/PDF
drwxrwxrwt 2 root lpadmin 4096 2012-03-17 00:46 ANONYMOUS-orig
drwxr-x--x 2 root lpadmin 4096 2012-03-17 10:32 SPOOL

Also, we need to change some settings in /etc/cups/cups-pdf.conf. Since this server is only for me, I don’t really have to worry about others, so I change the user output destination.
Out ${HOME}/Dropbox/Docs/PDF

I was also forced to change the AnonUser to my own account. Obviously, I would have liked to not have done this, but I had to, to get it to work.
AnonUser &lt;youraccount&gt;

Apparmor

I also had to change apparmor a bit as it wasn’t allowing cups to write files in my user directory.

/etc/apparmor.d/usr.sbin.cupsd

Find the lines with “{HOME}” and “PDF” in them and change to match the desired destination:
@{HOME}/Dropbox/Docs/PDF/ rw,
 @{HOME}/Dropbox/Docs/PDF/* rw,

Once that is done, restart apparmor, cups, and avahi. Log files for cups-pdf are at /var/log/cups/cups-pdf_log.

If you get a error like

[ERROR] failed to set file mode for PDF file (non fatal) (&lt;path&gt;/Test_Page.pdf)

Either you have filesystems permissions or app armor is causing problems.

UPDATE: See http://sysblog.sund.org/2012/10/ios-6-and-airprint-on-ubuntu/