Recent Posts

mysql describe all tables from database

posted on 2017-01-23 12:51

This can be used directly in bash:

DB=your_database_name_here; for i in $(mysql $DB -Ne 'show tables' | cat); do echo; echo $i; mysql $DB -te "describe $i"; done

Just adjust your database.

proxmox: what is an EFI disk?

posted on 2017-01-07 21:22

Proxmox lets you create an EFI disk in the most recent versions. But what exactly is it?

cat'ing or strings'ing the file which represents it on disk is a first try, but sadly does not help much. Besides that the output looks a little like firmware stuff.

According to the proxmox wiki:

BIOS and UEFI In order to properly emulate a computer, QEMU needs to use a firmware. By default QEMU uses SeaBIOS for this, which is an open-source, x86 BIOS implementation. SeaBIOS is a good choice for most standard setups.

There are, however, some scenarios in which a BIOS is not a good firmware to boot from, e.g. if you want to do VGA passthrough. [5] In such cases, you should rather use OVMF, which is an open-source UEFI implemenation. [6]

If you want to use OVMF, there are several things to consider:

In order to save things like the boot order, there needs to be an EFI Disk. This disk will be included in backups and snapshots, and there can only be one.

You can create such a disk ...

A long story short:

UEFI, like BIOS, is the onboard firmware on your motherboard that let's you boot anything at all. Both happen to use a non-volatile storage on the motherboard to store settings. BIOS its settings, UEFI probably does just the same, but also the locations of start files it uses to boot the operating systems.

ovmf (the UEFI implementation that proxmox uses to emulate an UEFI) cannot use any kind of NVRAM by itself, it just seems to lack any at all. By default, it uses /boot/efi/EFI/BOOT/BOOTX64.EFI to search for the default start file.

If, however, like, after a default debian install, there is no startfile to be found there (debian uses /boot/efi/EFI/debian/grubx64.efi), then it cannot boot.

Two solutions are possible: Copy the grubx64.efi (or whatever it is called) to BOOTX64.EFI path, if you use only default settings besides.

Or use the EFI disk, which should not be so mysterious anymore now, and qemu will simply store the information there. This also has the added benefit that it's possible to store several startfiles for booting, in case you have several installations within the same VM. But its easier to create several vms for that anyway.

stop proxmox nagware

posted on 2017-01-05 05:07

This is said to fix proxmox 'no valid license' dialog box which appears when you login to the web interface and do not have a valid subscription:

find /usr/share/pve-manager -name *.js -exec sed -i 's/PVE.Utils.checked_command(function\s*()\s*{\s*\(.*\)\s*}\s*)\s*;\s*/\1/g' {} \;

TODD: I haven't tested it so far, the post will be updated once I can tell more.

debian add another loopback address

posted on 2017-01-04 15:40

Add to /etc/network/interfaces:

auto lo:1
iface lo:1 inet static


ifup lo:1

and an ip a should show you the new ip being live.

gitolite install

posted on 2017-01-02 22:37

A fast setup of a proper gitolite server setup, since the current debian package is either borked, or I just need sleep. Keep in mind this was written on the fly and may have errors.


  • this will use the user git (hope its not used already)
  • put the files in `/var/lib/gitolite
  • use the latest gitolite.
  • GITSERVER: ip or domain name or /etc/hosts alias of your git server
  • debian was used, adopt accordingly if you use redhat derivates or (god help) suse

setup and install

On the server: (as root)

apt install git -y
mkdir -p /var/lib/gitolite/bin
useradd -d /var/lib/gitolite/ -U -s /bin/bash git
passwd git
ssh-keygen -trsa -b4096
cp /root/.ssh/ /var/lib/gitolite/
chown -R git:git /var/lib/gitolite

su - git

cat << EOF > .bash_profile
alias l='ls -alh --color'
export PATH=/var/lib/gitolite/bin:\$PATH
echo $PATH  ## gitolite path missing
su - git
echo $PATH  ## gitolite path not missing anymore, and 'l' works, too

git clone git://
gitolite/install -ln /var/lib/gitolite/bin
gitolite setup -pk

git clone git@localhost:gitolite-admin
cd gitolite-admin/conf

Now we're mostly set, but no 'testing.git' repo is needed, so let's just delete it. This is also a showcase how to use the admin repo on the server, in case you manage to fuck up your workstation or ssh key, which we will setup later:

vim conf/gitolite.conf  ## remove 'repo testing' line and the one following it
git add -A .
git commit -m '-testing repo'
git push

In case the rhabarber of 'git config' stuff is annoying:

git config --global root
git config --global root@GITSERVER
git config --global push.default simple  ## adopting default behaviour is usually the way to go

So far, so good.

on deleting repositories

Repositories that existed but were deleted later on will still exist under `/var/lib/gitolite/repositories after deletion:

git@git-1:/var/lib/gitolite/$ gitolite list-repos
git@git-1:/var/lib/gitolite/$ gitolite list-phy-repos

If you want it to be gone, simple delete the repo folder on disk.

adding your workstation key to gitolite, too?

Likely you want ssh access to root via key (you disable key logins for root in ssh, don't you?), so lets set this up and put the key into gitolite, too. I'll provide an example, my user is called 'sjas', of course.

On my workstation:

ssh-copy-id root@GITSERVER  ## in case you didn't do that already
scp ~/.ssh/ root@GITSERVER:/root/gitolite-admin/keydir/
ssh root@GITSERVER
cd gitolite-admin

# ... now edit gitolite config... 
# ... see next section how I prefer doing things ...

git add -A .
git commit -m '+workstation key'
git push

splitting the gitolite.conf and groups

I prefer having two files, one for the group definitions, one for repositories. Here are how that these files would look like:

root@git-1:~/gitolite-admin/conf# tail -n +1 *
==> gitolite.conf <==
include "groups.conf"
include "repos.conf"

==> groups.conf <==
@sjas   = sjas
@admins = @sjas admin

==> repos.conf <==
repo    gitolite-admin
    RW+ = @admins admin
repo    ansible
    RW+ = @sjas

The @'s depict groups. Actually you can group users to usergroups and repositories to repository-groups, in case you'd ever need that.

Comments also do work, via #.

Only remember to first define a group prior to ever using it, and first cite the groupnames and then the users in group definitions. That is, on the right side after the equals sign, in case you have no idea what the last sentence meant.

On more about this, go here and here. There's way more you can do, but this should be everything as a bare minimum to do most work you'd ever need to do.

The official documentation looks rather sketchy at first, but is pretty good and all you need is covered there.

apache proxy ssl directives

posted on 2016-12-29 18:01

Likely you'd need these:

SSLEngine on
SSLProxyEngine on
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile      CERTFILE
SSLCertificateKeyFile   PRIVKEY
SSLCACertificateFile    CACERTFILE


posted on 2016-12-29 13:26

When needing to run commands on several servers over ssh, there's always that for-loop for you.

But you could also try running clustershell:

sjas@ws:~$ clush -w server-[01,02,05,11,12] -b hostname -f

-b to use it non-interactively and to get the shown aggregated results (the hosts are colored), -w to specify the hosts. Use [ ] instead of { } like you would in bash.

-B also includes STDERR.

A problem you may run into, is when you try to run commands with pipes.

Further you can also predefine hostgroups and copy files from/to remote hosts. This is a rather nice tool.

notes on using vimdiff

posted on 2016-12-29 11:55

Bare minimum to do some work with it:

do - Get changes from other window into the current window.
dp - Put the changes from current window into the other window.

]c - Jump to the next change.
[c - Jump to the previous change.

Ctrl W + Ctrl W - Switch to the other split window.

If you load up two files in splits (:vs or :sp), you can do :diffthis on each window and achieve a diff of files that were already loaded in buffers. :diffoff can be used to turn off the diff mode.

Also helpful: :help copy-diffs, and this link here.

apache webdav configuration

posted on 2016-12-29 10:27

notes up front

  • don't use suexec. just don't.
  • you should be able to configure a vhost on your own, else the apache config will not be of use to you
  • we'll use ssl certifcates, too


Load the apache modules:

a2enmod dav
a2enmod dav_fs

Create certificate:

cd /etc/apache2/ssl
openssl genrsa -out 1024  ## create private key
openssl req -new -key -out  ## create certificate signing request
openssl x509 -in  -out -req -signkey -days 3650  ## create certificate

Create a vhost config for your apache, and enable it:

<VirtualHost *:80>


        DocumentRoot /var/www/

        <Directory /var/www/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

                DAV on

                AuthType Basic
                AuthName DAV
                AuthUserFile /var/www/
                Require valid-user

        ErrorLog /var/www/
        LogLevel warn
        CustomLog /var/www/ combined


<VirtualHost *:443>


        DocumentRoot /var/www/

        <Directory /var/www/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

                DAV on

                AuthType Basic
                AuthName DAV
                AuthUserFile /var/www/
                Require valid-user

        ErrorLog /var/www/
        LogLevel warn
        CustomLog /var/www/ combined

        sslengine on
        sslcertificatefile      /etc/apache2/ssl/
        sslcertificatekeyfile   /etc/apache2/ssl/


Create a htpasswd file:

htpasswd -c /var/www/ USERNAME

USERNAME and the password you'll enter will be your access credentials.

testing (on linux)

apt install -y cadaver

Then your are promted for entering the user credentials. ls and help should help you onwards then.

using it with windows

Since this is a setup with SSL (doensn't make much sense to use plain http from my POV), you'll need to import the certifate ( in windows.

Else you will get an error along the lines of Mutual Authentication Failed. The Server's Password Is Out Of Date At The Domain Controller.

It needs to go there: (in windows)

  • win + r
  • certmgr.msc
  • enter
  • trusted root certificates
  • certificates

ubuntu 10.04 change ulimit

posted on 2016-12-27 16:31

When trying to change the ulimit setting for open files this did not work system-wide by changing the /etc/security/limits.conf:

root@server:~# grep -v ^# /etc/security/limits.conf 

* soft nofile 4096
* hard nofile 10240

The only solution was to change the init script of the service needing more open files.

In my case it was a tomcat:


case "$1" in
        ulimit -n 10240


That way both the hard and the soft limit gets set to 10240, instead of setting them separately via -Hn and -Sn.

Of course (haha) you need to have enough capability to allow that many files systemwide, either put it into /etc/sysctl.conf and do sysctl -p or just do:

sysctl -w fs.file-max=1000000

Related bug report here.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas