Ubuntu apt-get install, error with org.freedesktop.systemd1.service

Had an issue trying to recover from a failed upgrade.  Apt would complain about dependencies, suggested running apt-get install -f.

Running apt-get install -f would still fail.  It showed a conflict with the systemd1.service, ended up renaming the file with the following command

sudo mv /usr/share/dbus-1/system-service/org.freedesktop.systemd1.service{,bak}

and reran

sudo apt-get install -f

after that I was able to rerun the upgrade and finish

sudo apt-get upgrade

Connect to WiFi network via command line

Easiest way is to use the Network Manager nmtui tool

nmtui

It gives you a “command line GUI” to search and select your preferred WiFi network.

Alternate way is to use the iw tools.

Scan for available WiFi networks

iwlist scan

Connect with iwconfig, replace WiFiName with your WiFi name.  Note this only works with open networks.

iwconfig wlan0 essid WiFiName

You’ll need to get an address now, so run

dhclient

Check if your DNS is working.  If not, as a “hack” manually add it to /etc/resolv.conf and restart the networking service.

sudo echo "nameserver 8.8.8.8" >> /etc/resolv.conf
sudo service networking restart

Your not supposed to manually put the nameservers in resolv.conf.  But it works in a pinch.

Errors Renewing Lets Encrypt Certificate for UniFi-Video

Had an issue with the Lets Encrypt cert for a UniFi-Video server.  When renewing the cert and reimporting it into the UniFi-Video keystore, the certification was showing out of date.

Issue ended up being something with certbot.

When certbot runs it generates a new cert.pem, chain.pem, fullchain.pem and privkey.pem and puts them in the “/etc/letsencrypt/live/unifi.domain.com/” directory.

The privkey.pem and cert.pem are used to create the keys.p12 file which gets imported into the UniFi-Video keystore.

Apparently the .pem files in “/etc/letsencrypt/live/unifi.domain.com/” are symbolic links to files in “/etc/letsencrypt/archive/unifi.domain.com/”

Upon inspection of the archive directory, multiple cert.pem and privkey.pem files were found with the names cert1.pem, cert2.pem, cert3.pem etc.  Looking at the creation date of the file revealed the symbolic link was referring to an old “cert1.pem” file.

Work around was to stop the unifi-video service and reimport the cert using the latest .pem files in the archive directory.

echo ubiquiti | openssl pkcs12 -export -inkey /etc/letsencrypt/archive/unifi.yourdomain.com/privkey2.pem -in /etc/letsencrypt/archive/unifi.yourdomain.com/cert2.pem -name airvision -out /usr/lib/unifi-video/data/keys.p12 -password stdin
echo y | keytool -importkeystore -srckeystore /etc/letsencrypt/archive/unifi.yourdomain.com/keys.p12 -srcstoretype pkcs12 -destkeystore /usr/lib/unifi-video/data/keystore -storepass ubiquiti -srcstorepass ubiquiti

Remove the old ufv-truststore and start the service.

mv /usr/lib/unifi-video/data/ufv-truststore{,.old}
systemctl start unifi-video

Worked like a charm.

LibreNMS bulk delete

There is a php script in /opt/librenms/ that lets you delete a host from the command line.

sudo /opt/librenms/delhost.php 192.168.1.20

Replace 192.168.1.20 with the hostname/ip address of the host you want to delete.

Delete Multiple Hosts

First you’ll need to get a list of devices you want to remove.  You can do this by viewing the devices in the LibreNMS MySQL database;

Example:

$ mysql -u librenms -p librenms
MariaDB [librenms]> select hostname from devices;
+----------------------------------------+
| hostname |
+----------------------------------------+
| 192.168.88.1 |
| 192.168.1.20 |
| 192.168.1.12 |
| 192.168.88.5 |
4 rows in set (0.00 sec)
MariaDB [librenms]> exit

Put all the IP addresses you want to remove into a file and run the following for loop.  Replace “remove_ip.lst” with the name of your ip list file.

for i in `cat ~/remove_ip.lst`; do sudo /opt/librenms/delhost.php $i; done

Can’t restart auditd with systemctl

The following command

systemctl restart auditd

Returns the following error on CentOS

Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.

Work around is to use service for the restart

service auditd restart

 

VMware esxtop, looking for CPU performance issues

http://www.yellow-bricks.com/esxtop/#esxtop-thresholds has some guidance on thresholds for different metrics.

Run esxtop, hit the “c” key to view CPU info and compare the usage with the thresholds.

Here are few from the above link.

Metric Threshold
%RDY 10
%CSTP 3
%MLMTD 0

Note: if your in esxtop you can hit the “f” key and it’ll give you a menu to specify more fields to display.

esxtop not displaying properly and is not interactive

Ran into an issue where esxtop was basically displaying a bunch of CSV data that was hard to make sense of in a terminal.

From reading here https://kb.vmware.com/s/article/2001448

It appears that the issue is that the environment TERM variable is not specified.

echo $TERM

returns nothing.

To fix, specify the terminal to use

TERM=xterm

To get a list of terminals available, run the following

find /usr/share/terminfo -type f

Troubleshoot MySQL Performance

Login to MySQL

mysql -u root -p

Show Active processes

SHOW PROCESSLIST;

or to list all the processes use “FULL”

SHOW FULL PROCESSLIST;

Run MySQL optimizer

wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl
perl ./mysqltuner.pl

MySQL tuner should give some recommendations on settings to tweak.