mgd's picture
I built turnkey lamp and then added cacti via the tklpatch method. However, I am a little unclear on how to proceed to get cacti up and running or for that matter any patched-in application. Do I now have to install cacti using apt-get and follow the installation guide on cacti's web site? Does the tklpatch method just ensure that the turnkey appliance updates add in security updates for any patched-in application?
Forum: 
mgd's picture

I was just reading through previous posts and checking through my system. I see that, after tklpatch-apply, that I have a file called: turnkey-lamp-11.1-lucid-x86-patched.iso in my /root directory. I assume that I must now build a new turnkey LAMP system using this ISO and then do a TKLBAM restore from the LAMP Turnkey hub backup. Does this make sense?


Jeremy Davis's picture

Which is the ideal way to go, and then install from the patched ISO. Sometimes the process doesn't work properly when patching though (eg Apache in LAMP running on your machine can interfere with the patching process). It is recommended that you use TKL Core as the basis for patching ISOs.

But seeing as you have already installed TKL LAMP then you could try applying the patch to your current system. Be warned though, unexpected results can occur.

To patch your current system try:

tklpatch-apply / /path/name-of-patch.tar.gz

mgd's picture

I applied the patch yesterday and here is what I received back.

root@lamp ~# tklpatch turnkey-lamp-11.1-lucid-x86.iso cacti-0.8.7g.tar.gz
# extracting root filesystem and isolinux from ISO
Parallel unsquashfs: Using 1 processor
31593 inodes (32973 blocks) to write

[=================================================================================================================|] 32973/32973 100%
created 29056 files
created 3115 directories
created 1940 symlinks
created 86 devices
created 0 fifos
TKLPATCH_ISOLABEL: cacti-0.8.7g
# extracting patch cacti-0.8.7g.tar.gz to /tmp/tmp.BhltzTgDXS
# applying patch /tmp/tmp.BhltzTgDXS/cacti-0.8.7g
# preparing cdroot
Parallel mksquashfs: Using 1 processor
Creating 4.0 filesystem on turnkey-lamp-11.1-lucid-x86.cdroot/casper/10root.squashfs, block size 131072.
[=================================================================================================================-] 30947/30947 100%
Exportable Squashfs 4.0 filesystem, data block size 131072
        compressed data, compressed metadata, compressed fragments
        duplicates are removed
Filesystem size 190235.79 Kbytes (185.78 Mbytes)
        38.04% of uncompressed filesystem size (500094.82 Kbytes)
Inode table size 341038 bytes (333.04 Kbytes)
        29.81% of uncompressed inode table size (1144144 bytes)
Directory table size 340660 bytes (332.68 Kbytes)
        45.89% of uncompressed directory table size (742327 bytes)
Number of duplicate files found 1880
Number of inodes 34197
Number of files 29056
Number of fragments 1853
Number of symbolic links  1940
Number of device nodes 86
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 3115
Number of ids (unique uids + gids) 25
Number of uids 8
        root (0)
        man (6)
        www-data (33)
        ntp (103)
        shellinabox (105)
        libuuid (100)
        mysql (101)
        postfix (106)
Number of gids 24
        root (0)
        video (44)
        audio (29)
        tty (5)
        kmem (15)
        disk (6)
        shadow (42)
        www-data (33)
        certssl (1000)
        ssl-cert (108)
        bin (2)
        crontab (103)
        utmp (43)
        ssh (105)
        staff (50)
        postdrop (110)
        libuuid (101)
        src (40)
        mysql (102)
        ntp (106)
        postfix (109)
        shellinabox (107)
        adm (4)
        mail (8)
# generating turnkey-lamp-11.1-lucid-x86-patched.iso
Size of boot image is 4 sectors -> No emulation
  4.89% done, estimate finish Wed Feb 16 20:37:29 2011
  9.79% done, estimate finish Wed Feb 16 20:37:29 2011
 14.67% done, estimate finish Wed Feb 16 20:37:35 2011
 19.57% done, estimate finish Wed Feb 16 20:37:34 2011
 24.45% done, estimate finish Wed Feb 16 20:37:33 2011
 29.35% done, estimate finish Wed Feb 16 20:37:32 2011
 34.23% done, estimate finish Wed Feb 16 20:37:31 2011
 39.13% done, estimate finish Wed Feb 16 20:37:31 2011
 44.01% done, estimate finish Wed Feb 16 20:37:31 2011
 48.90% done, estimate finish Wed Feb 16 20:37:31 2011
 53.79% done, estimate finish Wed Feb 16 20:37:32 2011
 58.68% done, estimate finish Wed Feb 16 20:37:32 2011
 63.56% done, estimate finish Wed Feb 16 20:37:32 2011
 68.46% done, estimate finish Wed Feb 16 20:37:31 2011
 73.34% done, estimate finish Wed Feb 16 20:37:31 2011
 78.24% done, estimate finish Wed Feb 16 20:37:31 2011
 83.12% done, estimate finish Wed Feb 16 20:37:32 2011
 88.02% done, estimate finish Wed Feb 16 20:37:32 2011
 92.90% done, estimate finish Wed Feb 16 20:37:32 2011
 97.79% done, estimate finish Wed Feb 16 20:37:32 2011
Total translation table size: 2048
Total rockridge attributes bytes: 1810
Total directory bytes: 4096
Path table size(bytes): 40
Max brk space used 0
102268 extents written (199 MB)
root@lamp ~#
 

root@lamp ~# tklpatch-apply / cacti-0.8.7g.tar.gz
TKLPATCH_ISOLABEL: cacti-0.8.7g
# extracting patch cacti-0.8.7g.tar.gz to /tmp/tmp.pd5QuReyeP
# applying patch /tmp/tmp.pd5QuReyeP/cacti-0.8.7g
root@lamp ~#

It does not appear that the apply worked. I note that the comment statement shows the path as: /tmp/tmp.pd5QuReyeP where as the path after the command: tklpatch turnkey-lamp-11.1-lucid-x86.iso cacti-0.8.7g.tar.gz shows the path as: /tmp/tmp.BhltzTgDXS.

Does my output actually mean that the patch was not applied to my system?


Jeremy Davis's picture

That is normal as each time you run TKLPatch it will decompress the patch to a randomly named temp folder.

From the output you provided it looks to me like it worked fine, the proof is in the pudding though so to speak. In other words, does it work? Try rebooting your LAMP appliance and see what happens and/or installing from the created ISO (You can do a test install to a VM using something like VirtualBox or similar.

mgd's picture

Ok, so I rebooted and LAMP is functional. I can SSH to the box and I can access Webmin and PHPMyAdmin, so everything looks normal. BTW, my TKL LAMP is running on ESX Server 3.5.

So, I then went: http://IPAddress/cacti and received a 404 message. I checked /usr/share, /usr/sbin, /usr/bin, and even looked in /usr/share/mysql. I ran "find / -name cacti" and nothing was found.

This is kind of a fundamental issue. I will continue to use TKL appliances, so knowing how to patch an appliances and then make use of that patched app will be most usefull.

Also, I began playing with Joomla on VirtualBox and backed it up to the Turnkey Hub. I built a new instance of Joomla on Vmware and then restored my Turnkey Hub backup to this new isntance and voila, my Joomla working with all my changes and modifications. TKL and Turnkey Hub rock!


Jeremy Davis's picture

Unfortunately I haven't got time to test this myself but I would try checking that the conf file (in the patch) has execute permissions. You will need to manually extact the patch in your appliance and check the conf file. Once you are finished you don't need to re tar the folder, just use the untarred folder location rather than the patch file itself.

I've just had a quick look over the patch and I can't see any issues but I'm at work at the moment (on Windows) and haven't got time to fire up a VM and test it for you. Hopefully over the weekend I will get a chance. OTOH you could check permissions yourself. If you are unfamilar with Linux then you can do this via Webmin. You could also just run the commands from the conf file individually (ie copy-paste). The only one you will want to substitue is the install line (and the 2 lines preceeding), just use "apt-get install cacti".

mgd's picture

I originally downloaded "cacti-0.8.7g.tar.gz" from: http://www.cacti.net/downloads/spine/cacti-spine-0.8.7g.tar.gz. I just re-read:" http://www.turnkeylinux.org/blog/contest-summary" and realized that Basil Kurian had created a tklpatch version of cacti available on the turnkey linux website at: http://cdn.turnkeylinux.org/files/attachments/cacti.tar.gz. I untarred this file and saw the "conf" file needed for the patching. I then untarred "cacti-0.8.7g.tar.gz" (from the cacti website) and noticed that there was no "conf" file, just the sources to build cacti. I was VERY mistaken in how this process worked. Obviously, when I ran the command: tklpatch-apply / cacti-0.8.7g.tar.gz nothing happened since there were no instructions in my tar.gz. My apologies for wasteing your time. I need to go back and RTFM&Ds.


Jeremy Davis's picture

Glad you worked it out.

Hi guys.

I am trying to patch an Turnkey core lucid, but I receive an error message about apt-get. I am working behind a proxy, and I have export the http_proxy parameters, and from comand line I can install application (I have install tklpatch and wget lucid lamp and cacti), but when I start patching process don't work. I suppose that I have to put it in some another place, but I have not found it. Can you tell me where, please?. Thanks a lot.

TKLPATCH_ISOLABEL: Lucid_LAMP
# extracting patch Lucid_LAMP.tar.gz to /tmp/tmp.J8NFry2UYr
# applying patch /tmp/tmp.J8NFry2UYr/Lucid_LAMP
# applying overlay /tmp/tmp.J8NFry2UYr/Lucid_LAMP/overlay
# executing config script /tmp/tmp.J8NFry2UYr/Lucid_LAMP/conf
Adding `local diversion of /sbin/initctl to /sbin/initctl.distrib'
# chroot execute: /tmp/tklpatch/conf
+ apt-get update
Ign http://archive.turnkeylinux.org lucid-security Release.gpg
Ign http://archive.ubuntu.com lucid-security Release.gpg
Ign http://archive.turnkeylinux.org lucid Release.gpg
Ign http://archive.ubuntu.com lucid Release.gpg
Ign http://archive.ubuntu.com lucid-updates Release.gpg
Ign http://archive.turnkeylinux.org lucid-security Release
Ign http://archive.turnkeylinux.org lucid Release
Ign http://archive.ubuntu.com lucid-security Release
Ign http://archive.ubuntu.com lucid Release
Ign http://archive.turnkeylinux.org lucid-security/main Packages
Ign http://archive.turnkeylinux.org lucid/main Packages
Ign http://archive.ubuntu.com lucid-updates Release
Err http://archive.turnkeylinux.org lucid-security/main Packages
  401  Unauthorized
Ign http://archive.ubuntu.com lucid-security/main Packages
Ign http://archive.ubuntu.com lucid-security/universe Packages
Err http://archive.turnkeylinux.org lucid/main Packages
  401  Unauthorized
Ign http://archive.ubuntu.com lucid/main Packages
Ign http://archive.ubuntu.com lucid/universe Packages
Ign http://archive.ubuntu.com lucid-updates/main Packages
Ign http://archive.ubuntu.com lucid-updates/universe Packages
Err http://archive.ubuntu.com lucid-security/main Packages
  401  Unauthorized [IP: 91.189.92.162 80]
Err http://archive.ubuntu.com lucid-security/universe Packages
  401  Unauthorized [IP: 91.189.92.161 80]
Err http://archive.ubuntu.com lucid/main Packages
  401  Unauthorized [IP: 91.189.92.161 80]
Err http://archive.ubuntu.com lucid/universe Packages
  401  Unauthorized [IP: 91.189.92.161 80]
Err http://archive.ubuntu.com lucid-updates/main Packages
  401  Unauthorized [IP: 91.189.92.161 80]
Err http://archive.ubuntu.com lucid-updates/universe Packages
  401  Unauthorized [IP: 91.189.92.161 80]
W: Failed to fetch http://archive.turnkeylinux.org/ubuntu/dists/lucid-security/main/binary-... 401  Unauthorized

W: Failed to fetch http://archive.turnkeylinux.org/ubuntu/dists/lucid/main/binary-i386/Pack... 401  Unauthorized

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-security/main/binary-i386/P... 401  Unauthorized [IP: 91.189.92.162 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-security/universe/binary-i3... 401  Unauthorized [IP: 91.189.92.161 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/main/binary-i386/Packages.gz  401  Unauthorized [IP: 91.189.92.161 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/universe/binary-i386/Packag... 401  Unauthorized [IP: 91.189.92.161 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/main/binary-i386/Pa... 401  Unauthorized [IP: 91.189.92.161 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/universe/binary-i38... 401  Unauthorized [IP: 91.189.92.161 80]

E: Some index files failed to download, they have been ignored, or old ones used instead.
Removing `local diversion of /sbin/initctl to /sbin/initctl.distrib'
 

Jeremy Davis's picture

So apply the Cacti patch to the LAMP ISO rather than creating LAMP from Core then Cacti from LAMP (you get to miss a step). The other thing to consider is that the patches are getting quite old so perhaps it will need a little tweak?

Although obviously none of that will actually fix the problem that you currently have re accessing the repo behind your proxy. I have little (read: no) experience working behind a proxy so I can't really help you there. It seems strange though that you can use apt ok from the commandline but that it doesn't work in TKLPatch. TKLPatch creates a chroot but I wouldn't have thought that would cause any problem.

Add new comment