TurnKey Linux Virtual Appliance Library

turnkey lamp, adding cacti via tklpatch

mgd's picture
I built turnkey lamp and then added cacti via the tklpatch method. However, I am a little unclear on how to proceed to get cacti up and running or for that matter any patched-in application. Do I now have to install cacti using apt-get and follow the installation guide on cacti's web site? Does the tklpatch method just ensure that the turnkey appliance updates add in security updates for any patched-in application?
mgd's picture

tentatively answering my own question

I was just reading through previous posts and checking through my system. I see that, after tklpatch-apply, that I have a file called: turnkey-lamp-11.1-lucid-x86-patched.iso in my /root directory. I assume that I must now build a new turnkey LAMP system using this ISO and then do a TKLBAM restore from the LAMP Turnkey hub backup. Does this make sense?

Jeremy Davis's picture

Sounds like you have patched an ISO

Which is the ideal way to go, and then install from the patched ISO. Sometimes the process doesn't work properly when patching though (eg Apache in LAMP running on your machine can interfere with the patching process). It is recommended that you use TKL Core as the basis for patching ISOs.

But seeing as you have already installed TKL LAMP then you could try applying the patch to your current system. Be warned though, unexpected results can occur.

To patch your current system try:

tklpatch-apply / /path/name-of-patch.tar.gz

mgd's picture

applying the patch

I applied the patch yesterday and here is what I received back.

root@lamp ~# tklpatch turnkey-lamp-11.1-lucid-x86.iso cacti-0.8.7g.tar.gz
# extracting root filesystem and isolinux from ISO
Parallel unsquashfs: Using 1 processor
31593 inodes (32973 blocks) to write

[=================================================================================================================|] 32973/32973 100%
created 29056 files
created 3115 directories
created 1940 symlinks
created 86 devices
created 0 fifos
# extracting patch cacti-0.8.7g.tar.gz to /tmp/tmp.BhltzTgDXS
# applying patch /tmp/tmp.BhltzTgDXS/cacti-0.8.7g
# preparing cdroot
Parallel mksquashfs: Using 1 processor
Creating 4.0 filesystem on turnkey-lamp-11.1-lucid-x86.cdroot/casper/10root.squashfs, block size 131072.
[=================================================================================================================-] 30947/30947 100%
Exportable Squashfs 4.0 filesystem, data block size 131072
        compressed data, compressed metadata, compressed fragments
        duplicates are removed
Filesystem size 190235.79 Kbytes (185.78 Mbytes)
        38.04% of uncompressed filesystem size (500094.82 Kbytes)
Inode table size 341038 bytes (333.04 Kbytes)
        29.81% of uncompressed inode table size (1144144 bytes)
Directory table size 340660 bytes (332.68 Kbytes)
        45.89% of uncompressed directory table size (742327 bytes)
Number of duplicate files found 1880
Number of inodes 34197
Number of files 29056
Number of fragments 1853
Number of symbolic links  1940
Number of device nodes 86
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 3115
Number of ids (unique uids + gids) 25
Number of uids 8
        root (0)
        man (6)
        www-data (33)
        ntp (103)
        shellinabox (105)
        libuuid (100)
        mysql (101)
        postfix (106)
Number of gids 24
        root (0)
        video (44)
        audio (29)
        tty (5)
        kmem (15)
        disk (6)
        shadow (42)
        www-data (33)
        certssl (1000)
        ssl-cert (108)
        bin (2)
        crontab (103)
        utmp (43)
        ssh (105)
        staff (50)
        postdrop (110)
        libuuid (101)
        src (40)
        mysql (102)
        ntp (106)
        postfix (109)
        shellinabox (107)
        adm (4)
        mail (8)
# generating turnkey-lamp-11.1-lucid-x86-patched.iso
Size of boot image is 4 sectors -> No emulation
  4.89% done, estimate finish Wed Feb 16 20:37:29 2011
  9.79% done, estimate finish Wed Feb 16 20:37:29 2011
 14.67% done, estimate finish Wed Feb 16 20:37:35 2011
 19.57% done, estimate finish Wed Feb 16 20:37:34 2011
 24.45% done, estimate finish Wed Feb 16 20:37:33 2011
 29.35% done, estimate finish Wed Feb 16 20:37:32 2011
 34.23% done, estimate finish Wed Feb 16 20:37:31 2011
 39.13% done, estimate finish Wed Feb 16 20:37:31 2011
 44.01% done, estimate finish Wed Feb 16 20:37:31 2011
 48.90% done, estimate finish Wed Feb 16 20:37:31 2011
 53.79% done, estimate finish Wed Feb 16 20:37:32 2011
 58.68% done, estimate finish Wed Feb 16 20:37:32 2011
 63.56% done, estimate finish Wed Feb 16 20:37:32 2011
 68.46% done, estimate finish Wed Feb 16 20:37:31 2011
 73.34% done, estimate finish Wed Feb 16 20:37:31 2011
 78.24% done, estimate finish Wed Feb 16 20:37:31 2011
 83.12% done, estimate finish Wed Feb 16 20:37:32 2011
 88.02% done, estimate finish Wed Feb 16 20:37:32 2011
 92.90% done, estimate finish Wed Feb 16 20:37:32 2011
 97.79% done, estimate finish Wed Feb 16 20:37:32 2011
Total translation table size: 2048
Total rockridge attributes bytes: 1810
Total directory bytes: 4096
Path table size(bytes): 40
Max brk space used 0
102268 extents written (199 MB)
root@lamp ~#

root@lamp ~# tklpatch-apply / cacti-0.8.7g.tar.gz
# extracting patch cacti-0.8.7g.tar.gz to /tmp/tmp.pd5QuReyeP
# applying patch /tmp/tmp.pd5QuReyeP/cacti-0.8.7g
root@lamp ~#

It does not appear that the apply worked. I note that the comment statement shows the path as: /tmp/tmp.pd5QuReyeP where as the path after the command: tklpatch turnkey-lamp-11.1-lucid-x86.iso cacti-0.8.7g.tar.gz shows the path as: /tmp/tmp.BhltzTgDXS.

Does my output actually mean that the patch was not applied to my system?

Jeremy Davis's picture

You can ignore the different temp paths

That is normal as each time you run TKLPatch it will decompress the patch to a randomly named temp folder.

From the output you provided it looks to me like it worked fine, the proof is in the pudding though so to speak. In other words, does it work? Try rebooting your LAMP appliance and see what happens and/or installing from the created ISO (You can do a test install to a VM using something like VirtualBox or similar.

mgd's picture

reboot worked, but now I am lost, can't find cacti

Ok, so I rebooted and LAMP is functional. I can SSH to the box and I can access Webmin and PHPMyAdmin, so everything looks normal. BTW, my TKL LAMP is running on ESX Server 3.5.

So, I then went: http://IPAddress/cacti and received a 404 message. I checked /usr/share, /usr/sbin, /usr/bin, and even looked in /usr/share/mysql. I ran "find / -name cacti" and nothing was found.

This is kind of a fundamental issue. I will continue to use TKL appliances, so knowing how to patch an appliances and then make use of that patched app will be most usefull.

Also, I began playing with Joomla on VirtualBox and backed it up to the Turnkey Hub. I built a new instance of Joomla on Vmware and then restored my Turnkey Hub backup to this new isntance and voila, my Joomla working with all my changes and modifications. TKL and Turnkey Hub rock!

Jeremy Davis's picture

Perhaps it has a bug?

Unfortunately I haven't got time to test this myself but I would try checking that the conf file (in the patch) has execute permissions. You will need to manually extact the patch in your appliance and check the conf file. Once you are finished you don't need to re tar the folder, just use the untarred folder location rather than the patch file itself.

I've just had a quick look over the patch and I can't see any issues but I'm at work at the moment (on Windows) and haven't got time to fire up a VM and test it for you. Hopefully over the weekend I will get a chance. OTOH you could check permissions yourself. If you are unfamilar with Linux then you can do this via Webmin. You could also just run the commands from the conf file individually (ie copy-paste). The only one you will want to substitue is the install line (and the 2 lines preceeding), just use "apt-get install cacti".

mgd's picture

cacti not tklpatched because I used wrong source

I originally downloaded "cacti-0.8.7g.tar.gz" from: http://www.cacti.net/downloads/spine/cacti-spine-0.8.7g.tar.gz. I just re-read:" http://www.turnkeylinux.org/blog/contest-summary" and realized that Basil Kurian had created a tklpatch version of cacti available on the turnkey linux website at: http://cdn.turnkeylinux.org/files/attachments/cacti.tar.gz. I untarred this file and saw the "conf" file needed for the patching. I then untarred "cacti-0.8.7g.tar.gz" (from the cacti website) and noticed that there was no "conf" file, just the sources to build cacti. I was VERY mistaken in how this process worked. Obviously, when I ran the command: tklpatch-apply / cacti-0.8.7g.tar.gz nothing happened since there were no instructions in my tar.gz. My apologies for wasteing your time. I need to go back and RTFM&Ds.

Jeremy Davis's picture

No worries

Glad you worked it out.

Problem tklpatching a core iso

Hi guys.

I am trying to patch an Turnkey core lucid, but I receive an error message about apt-get. I am working behind a proxy, and I have export the http_proxy parameters, and from comand line I can install application (I have install tklpatch and wget lucid lamp and cacti), but when I start patching process don't work. I suppose that I have to put it in some another place, but I have not found it. Can you tell me where, please?. Thanks a lot.

# extracting patch Lucid_LAMP.tar.gz to /tmp/tmp.J8NFry2UYr
# applying patch /tmp/tmp.J8NFry2UYr/Lucid_LAMP
# applying overlay /tmp/tmp.J8NFry2UYr/Lucid_LAMP/overlay
# executing config script /tmp/tmp.J8NFry2UYr/Lucid_LAMP/conf
Adding `local diversion of /sbin/initctl to /sbin/initctl.distrib'
# chroot execute: /tmp/tklpatch/conf
+ apt-get update
Ign http://archive.turnkeylinux.org lucid-security Release.gpg
Ign http://archive.ubuntu.com lucid-security Release.gpg
Ign http://archive.turnkeylinux.org lucid Release.gpg
Ign http://archive.ubuntu.com lucid Release.gpg
Ign http://archive.ubuntu.com lucid-updates Release.gpg
Ign http://archive.turnkeylinux.org lucid-security Release
Ign http://archive.turnkeylinux.org lucid Release
Ign http://archive.ubuntu.com lucid-security Release
Ign http://archive.ubuntu.com lucid Release
Ign http://archive.turnkeylinux.org lucid-security/main Packages
Ign http://archive.turnkeylinux.org lucid/main Packages
Ign http://archive.ubuntu.com lucid-updates Release
Err http://archive.turnkeylinux.org lucid-security/main Packages
  401  Unauthorized
Ign http://archive.ubuntu.com lucid-security/main Packages
Ign http://archive.ubuntu.com lucid-security/universe Packages
Err http://archive.turnkeylinux.org lucid/main Packages
  401  Unauthorized
Ign http://archive.ubuntu.com lucid/main Packages
Ign http://archive.ubuntu.com lucid/universe Packages
Ign http://archive.ubuntu.com lucid-updates/main Packages
Ign http://archive.ubuntu.com lucid-updates/universe Packages
Err http://archive.ubuntu.com lucid-security/main Packages
  401  Unauthorized [IP: 80]
Err http://archive.ubuntu.com lucid-security/universe Packages
  401  Unauthorized [IP: 80]
Err http://archive.ubuntu.com lucid/main Packages
  401  Unauthorized [IP: 80]
Err http://archive.ubuntu.com lucid/universe Packages
  401  Unauthorized [IP: 80]
Err http://archive.ubuntu.com lucid-updates/main Packages
  401  Unauthorized [IP: 80]
Err http://archive.ubuntu.com lucid-updates/universe Packages
  401  Unauthorized [IP: 80]
W: Failed to fetch http://archive.turnkeylinux.org/ubuntu/dists/lucid-security/main/binary-... 401  Unauthorized

W: Failed to fetch http://archive.turnkeylinux.org/ubuntu/dists/lucid/main/binary-i386/Pack... 401  Unauthorized

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-security/main/binary-i386/P... 401  Unauthorized [IP: 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-security/universe/binary-i3... 401  Unauthorized [IP: 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/main/binary-i386/Packages.gz  401  Unauthorized [IP: 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/universe/binary-i386/Packag... 401  Unauthorized [IP: 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/main/binary-i386/Pa... 401  Unauthorized [IP: 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/universe/binary-i38... 401  Unauthorized [IP: 80]

E: Some index files failed to download, they have been ignored, or old ones used instead.
Removing `local diversion of /sbin/initctl to /sbin/initctl.distrib'

Jeremy Davis's picture

Now that official TKL LAMP is available use that as base

So apply the Cacti patch to the LAMP ISO rather than creating LAMP from Core then Cacti from LAMP (you get to miss a step). The other thing to consider is that the patches are getting quite old so perhaps it will need a little tweak?

Although obviously none of that will actually fix the problem that you currently have re accessing the repo behind your proxy. I have little (read: no) experience working behind a proxy so I can't really help you there. It seems strange though that you can use apt ok from the commandline but that it doesn't work in TKLPatch. TKLPatch creates a chroot but I wouldn't have thought that would cause any problem.

Guest's picture

export your http_proxy

I had the same problem. As cacti.tar.gz have the parameter for the chroot environement. You should edit the cacti/conf file on the cati.tar.tgz and add the export http_proxy=http://yourproxy:yourport/etc...


for me it worked

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)