for keeping track of my digital experiments

Working this morning, I had to get ImageMagick working on a CentOS 5.5 VM. Pretty easy with YUM right? Well there were some complications installing the associated PHP module. So after doing the usual yum update, here is what you should do.

1. yum install ImageMagick ImageMagick-devel
2. If you are lucky “pecl install imagick” will work, if so skip to last 2 steps. If not continue along. I got the $PHP_AUTOCONF error.
3. Head over to – http://pecl.php.net/package/imagick – and download the latest tarball (wget or whatever you fancy). At time of writing, I used “imagick-3.0.0RC2.tgz“.
4. tar xzvf [da archive name] and cd into said archive
5. gotta compile this thing from source: a) phpize b) ./configure c) make d) make install (as root … duh!) [check out Steven's post on webhostingtalk.com]
6. load & restart: a) echo "extension=imagick.so" > /etc/php.d/imagick.ini b) /etc/init.d/httpd restart
7. check to see if it was installed: php -m | grep imagick

Now let’s check to see if imagemagick “works”. Create a .php file on the server and access it with your web browser. Excerpted from docduke’s post on astahost.info.

<html> <head> <title>Test for ImageMagick</title> </head>
<body> <?
function alist ($array) {  //This function prints a text array as an html list.
$alist = “<ul>”;
for ($i = 0; $i < sizeof($array); $i++) {
$alist .= “<li>$array[$i]“;
}
$alist .= “</ul>”;
return $alist;
}
exec(“convert -version”, $out, $rcode); //Try to get ImageMagick “convert” program version number.
echo “Version return code is $rcode <br>”; //Print the return code: 0 if OK, nonzero if error.
echo alist($out); //Print the output of “convert -version”
//Additional code discussed below goes here.
?> </body> </html>

A bit of googling turned up a great post by on howtoforge.com called, “OpenVPN Server On CentOS 5.2“. I didn’t know quite how to add the rpmforge repo that is needed to install OpenVPN from so … google turned up another handy article how to do that called, “CentOS 5 – install rpmforge yum repo“. I checked the rpmforge RPM releases at http://dag.wieers.com/rpm/packages/rpmforge-release/ to be sure that this is the latest release … it is (as of June 2009). The following pasties are based off of the aforementioned article with some changes.

yum install openvpn
cd /etc/openvpn/
mkdir easy-rsa
cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/2.0/* easy-rsa/
chmod -R 777 easy-rsa/
cd easy-rsa/
. ./vars
./clean-all
./build-ca
–> For the common name use “OpenVPN-CA”, of anything else helpfully descriptive. <–
./build-key-server server
–> Enter various customized values if you so please, but be sure to leave the common name value as the default – “server”. Oh, and answer yes to the two questions at the end. <–
./build-key client1
–> Change the number 1 to 2, 3, and so on how ever many client certificates you want. Leave the common name as the default “clientn“. <–
./build-dh
cd keys/
openvpn --genkey --secret ta.key

For more information on transferring the necessary keys to the client, see the final part of a blog post I did on running OpenVPN on Debian.

I created two example config files utilizing the OpenVPN routed tunnel method … hope they help. [server] [client]

Just add the static routes to the VPN subnet(s) to your LAN gateway.

If you need any help I suppose you could always pay me to set this up for you, that’s what I’ve done for some other folks.

I have been searching for a way to visualize an OpenVPN setup for some time now. I need it to be virtual because of my lack of physical machines. I have had OpenVPN running before using Ethernet bridging, but without the adequate hardware, it is time to go virtual and use routing methods instead of bridging.

With a little bit of google searching I found “Adding openvpn support to openvz VPS” on biogeogen.com. The post in question gets you started, but leaves out a few pointers.

1) Don’t use the /etc/modules.conf file, just throw up modprobe tun inside of /etc/rc.d/rc.local. So the command will be executed each boot time. This is of course if after using lsmod | grep tun, you discover that tun support is not automatically loaded.
2) You need to have the virtual node off before running the following command on it: vzctl set 101 --capability net_admin:on --save. Where 101 is the VEID.
3) To execute commands on said virtual node with vzctl exec, you then need it to be started.

So the revised pastie:

lsmod | grep tun
[no output, then -->] modprobe tun
[stop the container]
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
[start the container]
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

For setting up OpenVPN inside of the virtual node see: OpenVPN on Debian linux.