Stuff I'm Up To

Technical Ramblings

DNSSEC Validation Failed — July 27, 2019

DNSSEC Validation Failed

Looking at my virtual dev system I noticed the time is off. I checked the timesyncd.conf and restarted timesyncd and saw lots of similar errors to this in my syslog:

Jul 25 23:18:59 buster systemd[1]: Started Network Time Synchronization.
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question org IN DS: signature-expired
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question org IN DNSKEY: signature-expired
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question ntp.org IN DS: signature-expired
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question ntp.org IN SOA: signature-expired

Initially I thought something is wrong with my DNS resolver. I then edited /etc/systemd/resolver.conf to change the DNSSEC setting by un-commenting it:

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=yes
#MulticastDNS=yes
DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes

Then a restart and my time is all synced.

But then I thought about it some more. The DNSSEC was probably failing because my system time was significantly wrong by several hours. So the signature probably isn’t valid. Probably all I needed to do was set the time manually before it would sync. But a reboot sorted it and I have reset my DNSSEC back to being commented out.

Advertisements
Ignore Comments in Files —

Ignore Comments in Files

A very handy grep that you can use to cat your files without the hash (#) comments:

$ grep '^[^#]' /etc/systemd/timesyncd.conf

Produces only the lines that aren’t comments, eg:

[Time]
NTP=192.168.1.55 192.168.1.108
FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org

SQL Format — July 25, 2019
Gitlab: When an Upgrade Goes Bad! —

Gitlab: When an Upgrade Goes Bad!

Today is not a lot of fun.

I’ve been seeing some issues with apt not being able to upgrade Gitlab due to a proxy error. This morning I fixed it and the upgrade from 11.11.2 to 12.1.1 began – and failed miserably!

It complained with all kinds of problems not being able to carry out migrations:

Exception: Your database is missing the 'cache_invalidation_event_id' column from the 'geo_event_log' table that is present for GitLab EE.
 Even though it looks like you're running a CE installation, it appears
 you may have installed GitLab EE at some point. To migrate to GitLab 12.0:
 Install GitLab 11.11.3 EE
 Install GitLab 12.0.x CE 

This was just the start of my problems.

Continue reading
MySQL CSV Import — July 24, 2019

MySQL CSV Import

A little while ago I wrote a php routine to import CSV files that contain a lot of data into a MySQL table. It works, but it takes it’s time doing so.

I was originally reading each line using a CSV parser and then writing each line into the table. I have 28+ files each containing 200MB of data in a million rows in each file.

Now for a change.

Continue reading
VSCode rest-client — July 15, 2019
Adding a Gnome Favourite —

Adding a Gnome Favourite

I was trying to add the Postman app to my Gnome favourite bar, but right clicking it doesn’t give me the option to add it as a favourite.

Apparently if your application is not seen as an Activity then it can’t be added. Usually I’d just create a .desktop file and use that with a launcher. But Gnome doesn’t really work like that.

I found the answer was to create my .desktop file and then copy/move it to /usr/share/applications or if it is a user specific application ~/.local/share/applications.

$ gnome-desktop-item-edit ~/Desktop/ --create-new
$ sudo mv ~/Desktop/Postman.desktop /usr/share/application 

Then I can use the “Activities” to search for the app and can now add it as a favourite.

[unixODBC][Driver Manager]Can’t open lib : file not found — July 12, 2019

[unixODBC][Driver Manager]Can’t open lib : file not found

I have no idea how we came up against this issue on one of the development images. I’d prepared it all up to the point of delivering php. After following my instructions to install the MS SQL drivers everything looked to go well, but when serving up our Laravel project in artisan PHP came up with this error message.

[unixODBC][Driver Manager]Can’t open lib ‘/opt/microsoft/msodbcsql17/lib64/libmsodbcsql-17.3.so.1.1’ : file not found

Now we have seen this before and it related to locale’s so we tried that fix and still didn’t get it to work.

Trawling the internet I came across something pointed us to use ldd to look at the .so file and check out it’s dependencies.

Continue reading
Wired 802.1X on Linux — July 10, 2019

Wired 802.1X on Linux

For a while I’ve been meaning to fix my workstation. When it comes to remote accessing it from home I find I can’t because I’ve followed the green guidance and turned it off when I went home. Even if I get someone to turn it on for me I still can’t get to it.

This is because in the office we use RADIUS for network authentication, even on wired connections. What happens is that my network interfaces don’t go online until my desktop session has logged in and then authenticates with the RADIUS server using 802.1X.

Read more
PHP 7.1 and MSSQL Compile Issue — July 8, 2019
I Want to Kill the Proxy — July 3, 2019

I Want to Kill the Proxy

Working behind a non-transparent corporate proxy and firewall is enough to make you psychotic! You’ll find enough posts on here about setting up environment variables and handling proxies, but there’s always room for one more.

When you’re working on a portable device, like a laptop, that you then remote into the office over a VPN you need to be flexible and turn on and off the proxy at will. This lead me to chain together a number of my proxy related articles into the way I currently handle the proxy on the move.

Continue reading
Headless Development Server — July 2, 2019

Headless Development Server

After building a development environment in Linux as per a previous article – https://warlord0blog.wordpress.com/2018/07/13/building-a-debian-development-server/ I decided I wanted something a bit more portable in terms of development tools.

I could go install VSCode/Atom etc. onto the local OS and point at a shared folder on the dev machine to edit files. But the problem with that is running terminals from VSCode/Atom and trying to have the IDE handle filesystem changes on the remote host without breaking my Git commits and causing mayhem.

Q. What tools do I have in my toolbox that will make me best able to handle remote development without resorting to VNC?

A. SmarTTY and a Linux X Windows server should do nicely.

Continue reading