Today, we installed the latest openERP 7.0 on our openSuSE 12.1 server. Also, we patched the new openERP 7.0 code similar to our post http://am4computers.com/wordpress/archives/258 to enable RTL support. As of now, all is working great with full support for Arabic and Hebrew.
Google Voice and Video for SuSE Linux Enterprise Desktop 11 SP2
January 8th, 2013A HOWTO for installing Google Talk on SUSE Linux for Firefox :
32 bit Code:
mkdir goog; cd goog wget http://dl.google.com/linux/direct/google-talkplugin_current_i386.deb ar vx google-talkplugin_current_i386.deb sudo tar xvzf data.tar.gz -C /
64 bit Code:
mkdir goog; cd goog wget http://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb ar vx google-talkplugin_current_amd64.deb sudo tar xvzf data.tar.gz -C /
Then restart Firefox.
After you restart firefox, in the Tools -> Addons -> Plugins tab, you’ll see google talk. And yes, it should now work!
Error – OpenERP-Web client dies as soon as you log out
January 5th, 2013Lately, we have been getting below error from the openERP-web client as soon as we log out the console session :
Traceback (most recent call last): File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/wsgiserver/__init__.py", line 1174, in communicate req.respond() File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/wsgiserver/__init__.py", line 544, in respond self._respond() File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/wsgiserver/__init__.py", line 556, in _respond response = self.wsgi_app(self.environ, self.start_response) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cptree.py", line 239, in __call__ return app(environ, start_response) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cptree.py", line 130, in __call__ return self.wsgiapp(environ, start_response) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cpwsgi.py", line 313, in __call__ return head(environ, start_response) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cpwsgi.py", line 301, in tail return self.response_class(environ, start_response, self.cpapp) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cpwsgi.py", line 74, in __init__ self.setapp() File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cpwsgi.py", line 96, in setapp _cherrypy.log(tb, severity=40) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/__init__.py", line 385, in __call__ return log.error(*args, **kwargs) File "/usr/local/lib/python2.6/site-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cplogging.py", line 55, in error self.error_log.log(severity, ' '.join((self.time(), context, msg))) File "/usr/local/lib/python2.6/logging/__init__.py", line 1093, in log self._log(level, msg, args, **kwargs) File "/usr/local/lib/python2.6/logging/__init__.py", line 1143, in _log self.handle(record) File "/usr/local/lib/python2.6/logging/__init__.py", line 1153, in handle self.callHandlers(record) File "/usr/local/lib/python2.6/logging/__init__.py", line 1190, in callHandlers hdlr.handle(record) File "/usr/local/lib/python2.6/logging/__init__.py", line 669, in handle self.emit(record) File "/usr/local/lib/python2.6/logging/__init__.py", line 778, in emit self.handleError(record) File "/usr/local/lib/python2.6/logging/__init__.py", line 720, in handleError traceback.print_exception(ei[0], ei[1], ei[2], None, sys.stderr) File "/usr/local/lib/python2.6/traceback.py", line 124, in print_exception _print(file, 'Traceback (most recent call last):') File "/usr/local/lib/python2.6/traceback.py", line 13, in _print file.write(str+terminator) IOError: [Errno 5] Input/output error This error can be avoided using : nohup python2.6 openerp-web.py &
Installing OpenERP 5 on openSuSE 12 servers
December 29th, 2012OpenERP version 5 won’t work with python 2.7 installed be default on openSuSE 12.1 server. The trick is to download and install python 2.6 as source and install it parallel to default version.
After that, you’ll have two python executables on the system, python (for 2.7) and python2.6 for the outdated version. The 2.6 version will be used to start the openerp server as below :
python2.6 openerp-server.py -r dbuser -w dbpassword &
Also, you need to install system wide packages needed by default installation of the openERP system. And you must use python2.6 or easy_install-2.6 to install missing python modules. My system was up and running after installing below python modules :
You must choose the same python module version numbers, update versions won’t work.
Error with OpenERP web client
November 20th, 2012After transferring our openERP 5.0.16 server to a new host, we are getting this error message while trying to add an attachment through the web client :
a class that defines __slots__ without defining __getstate__ cannot be pickled
The problem was that the default version of cherrypy was 3.2.2 and the web-server seems to have needed 3.1.2.
You can use ‘easy_install cherrypy==3.1.2’ to install the required version and now the web-server works fine.
Joomla Page Not Found Error with awardspace webhosting
November 3rd, 2012Hosting Joomla on awardspace servers will probably cause your Joomla site to not direct to pages and articles correctly and you’ll be getting a lot of pages not found errors – “404 Page Not Found”.
Such issues are usually caused by the SEF functionality of Joomla. There are several things you should check in order to fix this:
- Open your configuration.php file and edit the var $live_site = ‘ ‘; line to match the actual URL of your website. If your website is http://yourdomain.com/joomla/ for example, the line should look like this:
var $live_site = ‘http://yourdomain.com/joomla/ ‘;
- Go to the administrative end of your Joomla website -> Global Configuration and make sure that Search Engine Friendly URLs is set to Yes.
- Also check that Use URL rewriting is set to No. Also in Global Configuration.
- Make sure you have renamed the htaccess.txt file in your Joomla folder to .htaccess.
- Edit .htaccess file and comment out Mod_rewrite in use.
If you follow all of the steps above you should have a fully operational Joomla website with the SEF functionality enabled.
Setting nomachine NX client and FreeNX client to start XFCE Desktop
August 18th, 2012NoMachine NX client and FreeNX will start your GUI as KDE or GNOME. But if you choose custom desktop from configuration menu, you can set the command to ‘startxfce4’. This will start the XFCE desktop instead (if installed).
Installing iFolder 3.8 on OpenSuSE 12.1 (or 11.4)
August 17th, 2012This is a copy of the original post on http://yourlinuxguy.com/?p=916.
It looks like some people are working very hard out there to try and preserve iFolder for future versions of Opensuse. To those people (the NoFolder crew, Ravi Kumar, etc.), I’m indebted; I simply would be at a loss without iFolder. Yes, I use DropBox, and a couple other things, but there’s just nothing like iFolder for complete control over the server and the sync’d content.
But the sad fact is, it has suffered a bit of neglect as of late. Okay, a LOT of neglect. And you’re probably here because you have an Opensuse 12.1 (or 11.4) server, and you tried to install iFolder 3.8.x on it, and had some trouble.
Notes: I strongly recommend you see my old post about setting up iFolder 3.8 on Opensuse 11.1 for background and additional detail, as this post will be brief and to-the-point without much supporting detail. All the work in this doc was performed on the x86_64 version of Opensuse, and was tested on both 12.1 and 11.4.
FIRST, you need a working Apache2 installation with SSL support. Find previous post if you need help with this.
We need to install below packages :
ifolder3-enterprise-3.8.4.0.11091.1-6.2.x86_64
novell-ifolder-enterprise-plugins-3.8.4.10192.1-6.3.x86_64
And run all 3 configuration scripts and please note that you must use an alternative simias datastore location of /ifolder:
simias-server-setup ifolder-admin-setup ifolder-web-setup NOTE: When asked for server address, use a fully qualified server address as below :
Change :
Public URL: https://192.168.0.79/simias10
Private URL: https://192.168.0.79/simias10
to
Public URL: https://ifolder01.MyDomainName.com:52443/simias10
Private URL: https://192.168.0.79/simias10
…and now my external clients can connect via the ifolder client, and sync seems to be working.
NOTE 2 : Don’t use default server data folder. I use /home/iFolder/
A note about the next step: If you just stopped here, you’d be able to pull up the /admin page, but not log in; you’d get a red message saying that your password doesn’t match or whatever. I see this error quite commonly out there… So let’s change the FlaimWrapper softlink pointer to an existing location:
rm /usr/lib64/simias/web/bin/FlaimWrapper.so ln -s /usr/lib64/libFlaimWrapper.so.0 /usr/lib64/simias/web/bin/FlaimWrapper.so
And lastly, restart stuff:
rcSuSEfirewall2 restart;rcapache2 stop; rcapache2 start
And that should do it! Log in at /admin, configure some users, etc., etc., etc. I’m guessing you are here because you know already how to *use* iFolder, just got stuck installing and configuring it, so I’ll not go into any usage detail.
By the way, the NoFolder.com page has some good troubleshooting tips, but if you follow these steps accurately, and you use the SAME hostname throughout the configuration, you should be fine.
See, it’s not that bad. And it’s totally worth it. Enjoy!
Configuring APACHE2 with SSL support in OpenSuSE
August 17th, 2012
Please note that this post is a copy of below two pages, and has been copied here for archiving purposes :ress>
http://www.tc.umn.edu/~brams006/selfsign.html
http://www.tc.umn.edu/~brams006/selfsign_opensuse.html.
Creating Certificate Authorities and self-signed SSL certificates
You need Apache and openssl. Compiling them from source, handling dependencies, etc. is beyond the scope of this document. You can consult their documentation, or go with a mainstream Linux distro that will do the preliminary work for you.Now you need to decide whether you’ll make a CA (Certificate Authority) and sign a server certificate with it — or just self-sign a server certificate. Both procedures are detailed below.
server.csr: Server certificate signing request.
server.key: The private server key, does not require a password when starting Apache.
server.key.secure: The private server key, it does require a password when starting Apache.
Following is a step-by-step guide to creating your own CA (Certificate Authority) — and also self-signed SSL server certificates — with openssl on Linux. Self-signing is the simpler route to take, but making one’s own CA allows the signing of multiple server certificates using the same CA and involves only a few extra steps.
After using openssl to generate the necessary files, you’ll need to integrate them into Apache. This process differs between Linux distros and versions of Apache.
Making a homemade CA or self-signed certificate will cause the client web browser to prompt with a message whether to trust the certificate signing authority (yourself) permanently (store it in the browser), temporarily for that session, or to reject it. The message “web site certified by an unknown authority… accept?” may be a business liability for general public usage, although it’s simple enough for the client to accept the certificate permanently.Whichever route you take, you’ll save the periodic expense of paying a recognized signing authority. This is purely for name recognition — they’ve paid the major browser producers to have their CA pre-loaded into them. So if you’re on a budget, have a special need or small audience, this may be useful.
Before you startYou need Apache and openssl. Compiling them from source, handling dependencies, etc. is beyond the scope of this document. You can consult their documentation, or go with a mainstream Linux distro that will do the preliminary work for you.Now you need to decide whether you’ll make a CA (Certificate Authority) and sign a server certificate with it — or just self-sign a server certificate. Both procedures are detailed below.
(1A) Create a self-signed certificate.
Complete this section if you do NOT want to make a CA (Certificate Authority). If you want to make a CA, skip 1A entirely and go to 1B instead.Some steps in this document require privileged access, and you’ll want to limit access to the cert files to all but the root user. So you should su to root and create a working directory that only root has read/write access to (for example: mkdir certwork, chmod 600 certwork). Go to that directory.
Generate a server key:
openssl genrsa -des3 -out server.key 4096 Then create a certificate signing request with it. This command will prompt for a series of things (country, state or province, etc.). Make sure that “Common Name (eg, YOUR name)” matches the registered fully qualified domain name of your box (or your IP address if you don’t have one). I also suggest not making a challenge password at this point, since it’ll just mean more typing for you. The default values for the questions ([AU], Internet Widgits Pty Ltd, etc.) are stored here: /etc/ssl/openssl.cnf. So if you’ve got a large number of certificate signing requests to process you probably want to carefully edit that file where appropriate. Otherwise, just execute the command below and type what needs to be typed:openssl req -new -key server.key -out server.csr
Now sign the certificate signing request. This example lasts 365 days:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Make a version of the server.key which doesn’t need a password:
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
These files are quite sensitive and should be guarded for permissions very carefully. Chown them to root, if you’re not already sudo’d to root. I’ve found that you can chmod 000 them. That is, root will always retain effective 600 (read) rights on everything.
Now that you’ve just completed Step 1A, skip ahead to Step 2.
mv server.key.insecure server.key
(1B) Generate your own CA (Certificate Authority).
Complete this section if you want to make a CA (Certificate Authority) and sign a server certificate with it. The steps for making a server certificate are also included here. If you’d rather one-time self-sign a server certificate, skip this step entirely and go to 1A instead.
Some steps in this document require priviledged access, and you’ll want to limit access to the cert files to all but the root user. So you should su to root and create a working directory that only root has read/write access to (for example: mkdir certwork, chmod 600 certwork). Go to that directory.
In this step you’ll take the place of VeriSign, Thawte, etc. You’ll first build the CA key, then build the certificate itself.
The Common Name (CN) of the CA and the Server certificates must NOT match or else a naming collision will occur and you’ll get errors later on. In this step, you’ll provide the CA entries. In a step below, you’ll provide the Server entries. In this example, I just added “CA” to the CA’s CN field, to distinguish it from the Server’s CN field. Use whatever schema you want, just make sure the CA and Server entries are not identical.
CA:
Common Name (CN): www.somesite.edu CA
Organization (O): Somesite
Organizational Unit (OU): Development
Server:
Common Name (CN): www.somesite.edu
Organization (O): Somesite
Organizational Unit (OU): Development
If you don’t have a fully qualified domain name, you should use the IP that you’ll be using to access your SSL site for Common Name (CN). But, again, make sure that something differentiates the entry of the CA’s CN from the Server’s CN.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Generate a server key and request for signing (csr).
This step creates a server key, and a request that you want it signed (the .csr file) by a Certificate Authority (the one you just created in Step #1B above.)Think carefully when inputting a Common Name (CN) as you generate the .csr file below. This should match the DNS name, or the IP address you specify in your Apache configuration. If they don’t match, client browsers will get a “domain mismatch” message when going to your https web server. If you’re doing this for home use, and you don’t have a static IP or DNS name, you might not even want worry about the message (but you sure will need to worry if this is a production/public server). For example, you could match it to an internal and static IP you use behind your router, so that you’ll never get the “domain mismatch” message if you’re accessing the computer on your home LAN, but will always get that message when accessing it elsewhere. Your call — is your IP stable, do you want to repeat these steps every time your IP changes, do you have a DNS name, do you mainly use it inside your home or LAN, or outside?
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -out server.csr
Sign the certificate signing request (csr) with the self-created Certificate Authority (CA) that you made earlier.
Note that 365 days is used here. After a year you’ll need to do this again.Note also that I set the serial number of the signed server certificate to “01”. Each time you do this, especially if you do this before a previously-signed certificate expires, you’ll need to change the serial key to something else — otherwise everyone who’s visited your site with a cached version of your certificate will get a browser warning message to the effect that your certificate signing authority has screwed up — they’ve signed a new key/request, but kept the old serial number. There are a couple ways to rectify that. crl’s (certificate revocation list) is one method, but beyond the scope of the document. Another method is for all clients which have stored the CA certificate to go into their settings and delete the old one manually. But for the purposes of this document, we’ll just avoid the problem. (If you’re a sysadmin of a production system and your server.key is compromised, you’ll certainly need to worry.)
The command below does a number of things. It takes your signing request (csr) and makes a one-year valid signed server certificate (crt) out of it. In doing so, we need to tell it which Certificate Authority (CA) to use, which CA key to use, and which Server key to sign. We set the serial number to 01, and output the signed key in the file named server.crt. If you do this again after people have visited your site and trusted your CA (storing it in their browser), you might want to use 02 for the next serial number, and so on. You might create some scheme to make the serial number more “official” in appearance or makeup but keep in mind that it is fully exposed to the public in their web browsers, so it offers no additional security in itself.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
To examine the components if you’re curious:
openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt
Make a server.key which doesn’t cause Apache to prompt for a password.
Here we create an insecure version of the server.key. The insecure one will be used for when Apache starts, and will not require a password with every restart of the web server. But keep in mind that while this means you don’t have to type in a password when restarting Apache (or worse — coding it somewhere in plaintext), it does mean that anyone obtaining this insecure key will be able to decrypt your transmissions. Guard it for permissions VERY carefully.
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
These files are quite sensitive and should be guarded for permissions very carefully. Chown them to root, if you’re not already sudo’d to root. I’ve found that you can chmod 000 them. That is, root will always retain effective 600 (read) rights on everything.
mv server.key server.key.secure
mv server.key.insecure server.key
(2) Copy files into position and tweak Apache.
Some professors like to pause for a moment after a long lecture, and do a little recap. It’s a good pedagogical tool, so let’s do so here. If you took route 1A above, you should have four files in a working directory:
server.crt: The self-signed server certificate.server.csr: Server certificate signing request.
server.key: The private server key, does not require a password when starting Apache.
server.key.secure: The private server key, it does require a password when starting Apache.
If you took route 1B and created a CA, you’ll have two additional files:
ca.crt: The Certificate Authority’s own certificate.
ca.key: The key which the CA uses to sign server signing requests.
The CA files are important to keep if you want to sign additional server certificates and preserve the same CA. You can reuse these so long as they remain secure, and haven’t expired.
Setting up SSL: openSuSE :
(1) Make your keys and copy them into position.
Copy the resulting files into these locations. It’s possible to put them somewhere else and change the reference in the appropriate conf file in a later step, but these are the default locations:
cp server.key /etc/apache2/ssl.key
cp server.crt /etc/apache2/ssl.crt
cp server.csr /etc/apache2/ssl.csr
cp server.crt /etc/apache2/ssl.crt
cp server.csr /etc/apache2/ssl.csr
(2) Create an SSL document root directory.
Since /srv/www/htdocs is the location for HTTP, I suggest /srv/www-ssl/htdocs for SSL delivered pages. That way you might later consider a /srv/www-ssl/cgi-bin to compliment the /srv/www/cgi-bin (to mirror the architecture and make certain relative pathing easier to deal with depending on how you write applications). But that’s your call. Create some directory to serve SSL pages. The last command creates a little dummy index.html file for testing purposes.
cd /srv
mkdir www-ssl
cd www-ssl
mkdir htdocs
cd htdocs
echo “ssl index page”>index.html
mkdir www-ssl
cd www-ssl
mkdir htdocs
cd htdocs
echo “ssl index page”>index.html
(3) Direct Apache to load the ssl module and start up with ssl capability.
Edit /etc/sysconfig/apache2. Add “ssl” to the end of the following list of apache modules to load:
APACHE_MODULES=”access actions alias auth autoindex cgi dir include log_config \
mime negotiation setenvif status userdir asis imap php4 ssl”
Add “SSL” to the Apache startup server flags:
mime negotiation setenvif status userdir asis imap php4 ssl”
APACHE_SERVER_FLAGS=”SSL”
(4) Direct Apache to listen to the right ports.
Edit /etc/apache2/listen.conf. Add your server’s IP or fully qualified domain name (if you have one) to the listen directive for port 80:
Listen xxx.xxx.xxx.xxx:80
Do the same for the SSL port, assuming you’re serving from the standard 443 (scroll down just a bit to the section inside <IfDefine SSL>):
Listen xxx.xxx.xxx.xxx:443
(5) Set up a virtual host conf file for the SSL port.
Go to /etc/apache2/vhosts.d. Copy vhost-ssl.template over to vhost-ssl.conf to use as a template:
cp vhost-ssl.template vhost-ssl.conf
Go inside vhost-ssl.conf and make sure the following are set:
<VirtualHost _default_:443>
Make sure the SSLEngine is on, and the SSLCertificateFile and SSLCertificateKeyFile point to the ssl.crt and ssl.key you created with the openssl commands. If you went with default locations in an earlier step, you shouldn’t have to make any special changes in this regard.
DocumentRoot “/srv/www-ssl/htdocs”
ServerName xxx.xxx.xxx.xxx:443
ServerAdmin youremail@yoursite.org
Just before the </VirtualHost> directive is closed, add the following, making tweaks as necessary for your environment. If you don’t make a directory directive, the SSL instance won’t know where to look for the doc root.
<Directory “/srv/www-ssl/htdocs”>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
(6) Open up the ports on your firewall.
Go to YaST -> Security & Users -> Firewall -> Allowed Services
Make sure that HTTP and HTTPS are enabled for the External Zone. Note that this mechanism assumes port 80 and port 443 respectively. If you want to set up HTTP or HTTPS on a different port (for instance, 8080 or 444) you need to go to the Advanced screen and manually type in the port number under “TCP Ports” and describe the protocol you’re adding (for example, HTTP or HTTPS) in the last line under “IP Protocols.” If you have a router, it probably carries additional firewall rules. You’ll need to open up the appropriate port(s) there as well. That’s beyond the scope of this document, but should be in the docs that pertain to your hardware.
(7) Restart apache2.
cd /etc/init.d
./apache2 restart
Done — test it out.
./apache2 restart
Creating a bootable live USB Drive in Linux
August 12th, 2012First, you need to download the LiveCD iso image of your choice. After inserting your USB stick, you can find out what device it is
~> su # grep -Ff <(hwinfo --disk --short) <(hwinfo --usb --short)
Finally, once you’ve found your block device, write the image to it. Point ‘dd’ to the full path such as ‘/home/user/Downloads/openSUSE-12.1-KDE-LiveCD-x86_64.iso’ or change directory (example: cd ./Downloads) to where the image is contained.
# umount /dev/sdX
# dd if=/path/to/downloaded.iso of=/dev/sdX