Debian Jessie + PHP + OCI8

Comment installer le connecteur OCI8 pour php5 sur Debian (8.x) aka Jessie .

  • Debian 8.6 x86-64
  • Oracle Instant Client 11.2

Préparation :

apt-get install build-essential php5-dev php-pear libaio1 unzip

Télécharger l’Oracle Instant Client  (basic et sdk ) depuis le site d’Oracle :

# cp *.zip /usr/local/lib/
# cd /usr/local/lib/
# unzip instantclient-sdk-linux.x64-11.2.0.4.0.zip 
Archive:  instantclient-sdk-linux.x64-11.2.0.4.0.zip
   creating: instantclient_11_2/sdk/
   creating: instantclient_11_2/sdk/include/
  inflating: instantclient_11_2/sdk/include/occi.h  
  inflating: instantclient_11_2/sdk/include/occiCommon.h  
  inflating: instantclient_11_2/sdk/include/occiControl.h  
  inflating: instantclient_11_2/sdk/include/occiData.h  
  inflating: instantclient_11_2/sdk/include/occiObjects.h  
  inflating: instantclient_11_2/sdk/include/occiAQ.h  
  inflating: instantclient_11_2/sdk/include/oci.h  
  inflating: instantclient_11_2/sdk/include/oci1.h  
  inflating: instantclient_11_2/sdk/include/oci8dp.h  
  inflating: instantclient_11_2/sdk/include/ociap.h  
  inflating: instantclient_11_2/sdk/include/ociapr.h  
  inflating: instantclient_11_2/sdk/include/ocidef.h  
  inflating: instantclient_11_2/sdk/include/ocidem.h  
  inflating: instantclient_11_2/sdk/include/ocidfn.h  
  inflating: instantclient_11_2/sdk/include/ociextp.h  
  inflating: instantclient_11_2/sdk/include/ocikpr.h  
  inflating: instantclient_11_2/sdk/include/ocixmldb.h  
  inflating: instantclient_11_2/sdk/include/ocixstream.h  
  inflating: instantclient_11_2/sdk/include/odci.h  
  inflating: instantclient_11_2/sdk/include/oratypes.h  
  inflating: instantclient_11_2/sdk/include/ori.h  
  inflating: instantclient_11_2/sdk/include/orid.h  
  inflating: instantclient_11_2/sdk/include/orl.h  
  inflating: instantclient_11_2/sdk/include/oro.h  
  inflating: instantclient_11_2/sdk/include/ort.h  
  inflating: instantclient_11_2/sdk/include/xa.h  
  inflating: instantclient_11_2/sdk/include/nzt.h  
  inflating: instantclient_11_2/sdk/include/nzerror.h  
  inflating: instantclient_11_2/sdk/include/ldap.h  
   creating: instantclient_11_2/sdk/demo/
  inflating: instantclient_11_2/sdk/demo/demo.mk  
  inflating: instantclient_11_2/sdk/demo/cdemo81.c  
  inflating: instantclient_11_2/sdk/demo/occidemo.sql  
  inflating: instantclient_11_2/sdk/demo/occidemod.sql  
  inflating: instantclient_11_2/sdk/demo/occidml.cpp  
  inflating: instantclient_11_2/sdk/demo/occiobj.cpp  
  inflating: instantclient_11_2/sdk/demo/occiobj.typ  
  inflating: instantclient_11_2/sdk/SDK_README  
 extracting: instantclient_11_2/sdk/ottclasses.zip  
  inflating: instantclient_11_2/sdk/ott  
# unzip instantclient-basic-linux.x64-11.2.0.4.0.zip 
Archive:  instantclient-basic-linux.x64-11.2.0.4.0.zip
  inflating: instantclient_11_2/BASIC_README  
  inflating: instantclient_11_2/adrci  
  inflating: instantclient_11_2/genezi  
  inflating: instantclient_11_2/libclntsh.so.11.1  
  inflating: instantclient_11_2/libnnz11.so  
  inflating: instantclient_11_2/libocci.so.11.1  
  inflating: instantclient_11_2/libociei.so  
  inflating: instantclient_11_2/libocijdbc11.so  
  inflating: instantclient_11_2/ojdbc5.jar  
  inflating: instantclient_11_2/ojdbc6.jar  
  inflating: instantclient_11_2/uidrvci  
  inflating: instantclient_11_2/xstreams.jar  
# cd instantclient_11_2/
# ls -al
total 183536
drwxr-sr-x 3 root staff      4096 Nov 22 16:30 .
drwxrwsr-x 5 root staff      4096 Nov 22 16:30 ..
-rwxrwxr-x 1 root staff     25420 Aug 24  2013 adrci
-rw-rw-r-- 1 root staff       439 Aug 24  2013 BASIC_README
-rwxrwxr-x 1 root staff     47860 Aug 24  2013 genezi
-rwxrwxr-x 1 root staff  53865194 Aug 24  2013 libclntsh.so.11.1
-r-xr-xr-x 1 root staff   7996693 Aug 24  2013 libnnz11.so
-rwxrwxr-x 1 root staff   1973074 Aug 24  2013 libocci.so.11.1
-rwxrwxr-x 1 root staff 118738042 Aug 24  2013 libociei.so
-r-xr-xr-x 1 root staff    164942 Aug 24  2013 libocijdbc11.so
-r--r--r-- 1 root staff   2091135 Aug 24  2013 ojdbc5.jar
-r--r--r-- 1 root staff   2739616 Aug 24  2013 ojdbc6.jar
drwxrwsr-x 4 root staff      4096 Aug 24  2013 sdk
-rwxrwxr-x 1 root staff    192365 Aug 24  2013 uidrvci
-rw-rw-r-- 1 root staff     66779 Aug 24  2013 xstreams.jar
# ln -s libclntsh.so.11.1 libclntsh.so

D’apres le site de PECL, nous devons installer la version 1.4.x d’oci8 si on utilise PHP5 . Nous utiliserons le paramètre :

instantclient,/usr/local/lib/instantclient_11_2
# pecl install oci8-1.4.10
downloading oci8-1.4.10.tgz ...
Starting to download oci8-1.4.10.tgz (169,248 bytes)
.....done: 169,248 bytes
10 source files, building
running: phpize
Configuring for:
PHP Api Version:         20131106
Zend Module Api No:      20131226
Zend Extension Api No:   220131226
Please provide the path to the ORACLE_HOME directory. Use 'instantclient,/path/to/instant/client/lib' if you're compiling with Oracle Instant Client [autodetect] : instantclient,/usr/local/lib/instantclient_11_2
building in /tmp/pear/temp/pear-build-rootutoK4c/oci8-1.4.10
running: /tmp/pear/temp/oci8/configure --with-oci8=instantclient,/usr/local/lib/instantclient_11_2
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for a sed that does not truncate output... /bin/sed
[...]
Build complete.
Don't forget to run 'make test'.

running: make INSTALL_ROOT="/tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10" install
Installing shared extensions:     /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10/usr/lib/php5/20131226/
running: find "/tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10" | xargs ls -dils
262997   4 drwxr-xr-x 3 root root   4096 Nov 22 16:39 /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10
263027   4 drwxr-xr-x 3 root root   4096 Nov 22 16:39 /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10/usr
263028   4 drwxr-xr-x 3 root root   4096 Nov 22 16:39 /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10/usr/lib
263029   4 drwxr-xr-x 3 root root   4096 Nov 22 16:39 /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10/usr/lib/php5
263030   4 drwxr-xr-x 2 root root   4096 Nov 22 16:39 /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10/usr/lib/php5/20131226
263026 504 -rwxr-xr-x 1 root root 512928 Nov 22 16:39 /tmp/pear/temp/pear-build-rootutoK4c/install-oci8-1.4.10/usr/lib/php5/20131226/oci8.so

Build process completed successfully
Installing '/usr/lib/php5/20131226/oci8.so'
install ok: channel://pecl.php.net/oci8-1.4.10
configuration option "php_ini" is not set to php.ini location
You should add "extension=oci8.so" to php.ini

Nous pouvons activer l’extension dans PHP5 :

echo "extension=oci8.so"  > /etc/php5/mods-available/oci8.ini
php5enmod oci8
service apache2 restart

Verifions que c’est activé dans php5 :

# php5 -i | grep oci8
/etc/php5/cli/conf.d/20-oci8.ini,
oci8
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20

Linux, Nginx, Mysql, PHP (LEMP)

Ceci est un petit tuto pour installer un stack LEMP sur un instance Amazon t1.micro.

Mon serveur :

Ici LEMP veut dire :

On utilise Nginx car il est peu gourmand en mémoire qu’Apache et il est très rapide aussi. On a choisi PHP FPM car il est très performant aussi surtout en montée de charge.

Sur un Debian Wheezy il est préférable d’utiliser les paquets venant de dotdeb ou backport pour Nginx car la version 1.2 est un peu ancienne.

Mettre à jour et redémarrer le serveur avant toute manipulation :

apt-get update
apt-get dist-upgrade
reboot

Installer Mysql :

apt-get install mysql-server mysql-client

Si c’est la première installation du serveur Mysql, on vous demandera de saisir le mot de passe de l’utilisateur root de Mysql.

Lancer le script mysql_secure_installation pour sécuriser le serveur Mysql.

Installer PHP FPM avec les modules Mysql et APC

apt-get install php5-fpm php5-mysql php-apc

Configurer PHP-FPM en éditant le fichier /etc/php5/fpm/php.ini

Modifier la ligne « ;cgi.fix_pathinfo=1 » en « cgi.fix_pathinfo=0 »

[...]

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
cgi.fix_pathinfo=0

[...]

Redémarrer le service php-fpm

service php5-fpm restart

Il y a plusieurs type de package Ngnix dans le repository :

  • nginx
  • nginx-full
  • nginx-light
  • nginx-naxsi
  • nginx-extras

Comme j’ai un petit serveur, je vais installer la version light venant du repository backports sinon vous pouvez choisir nginx tout court

apt-get install -t wheezy-backports nginx-light

Sur mon serveur Amazon EC2, il faut ajouter le port tcp/80 ou http sur le console de management > « network & security » > « security groups ».

Ouvrir votre navigateur pour tester :

Screenshot from 2014-09-29 17:24:02

Configurer Nginx pour prendre en charge les scripts php en éditant le fichier /etc/nginx/sites-available/default

[...]

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost myipaddress;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        #location /RequestDenied {
        #       proxy_pass http://127.0.0.1:8080;
        #}

       #error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page 500 502 503 504 /50x.html;
        #location = /50x.html {
        #       root /usr/share/nginx/html;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;

		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_intercept_errors on;
	}
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

[...]

Redémarrer Nginx pour prendre en charge la modification :

service nginx restart

Tester la prise en charge de PHP dans Nginx en créant un script test.php dans /usr/share/nginx/html/ 

<?php
 phpinfo();
?>

Capture d’écran 2014-09-30 à 02.10.51

Voilà notre petit serveur Amazon t1.micro est prêt à recevoir les applications PHP!

Vita tompoko.

insserv: loop involving service oracle-xe at depth 2

When installing or upgrading some packages on my server I got:

Preconfiguring packages ...
Setting up initscripts (2.88dsf-31) ...
insserv: script nbclient.08-12-11.18:50:39: service nbclient already provided!
insserv: warning: script 'oracle-xe' missing LSB tags and overrides
insserv: There is a loop between service munin-node and oracle-xe if stopped
insserv: loop involving service oracle-xe at depth 2
insserv: loop involving service munin-node at depth 1
insserv: Stopping oracle-xe depends on munin-node and therefore on system facility `$all' which can not be true!
insserv: script nbclient.08-12-11.18:50:39: service nbclient already provided!
insserv: warning: script 'oracle-xe' missing LSB tags and overrides
insserv: There is a loop between service munin-node and oracle-xe if stopped
insserv: loop involving service oracle-xe at depth 2
insserv: loop involving service munin-node at depth 1
insserv: Stopping oracle-xe depends on munin-node and therefore on system facility `$all' which can not be true!
insserv: exiting now without changing boot order!
update-rc.d: error: insserv rejected the script header
dpkg: error processing initscripts (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
initscripts
E: Sub-process /usr/bin/dpkg returned an error code (1)

Debian uses insserv by default in Wheezy which reads the LSB fields (more info here) and to fix this add these lines in the file /etc/init.d/oracle-xe just after « #!/bin/bash »

### BEGIN INIT INFO
# Provides: scriptname
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO

Gns3 + patched qemu 0.15.0 + debian wheezy/sid

Qemu 0.15.0 is in unstable now and I have to patch it to emulate normally Cisco ASA 8.0(X) with Gns3, you have to do it also if you want emulate Juniper routers. This patch is necessary for UDP tunnels and multicast. I wrote this post to help debian users to achieve it.

Update your sources.list by adding a deb-src repository, for example here is my /etc/apt/sources.list:

deb http://mirror.malagasy.com/debian/ sid main contrib non-free  
deb http://mg.debian.net/debian/ sid main contrib non-free
deb-src ftp://mg.debian.net/debian/ sid main contrib non-free  

Run as superuser:

aptitude update

Fetch the qemu package source:

cd /tmp/
apt-get source qemu
wget http://code.gns3.net/qemu-patches/archive/8eb98a728e4f.tar.bz2
tar jxvf 8eb98a728e4f.tar.bz2
cd qemu-patches-8eb98a728e4f/
cat *.patch > ../qemu-0.15.0+dfsg/debian/patches/gns3.patch
echo "gns3.patch" >> ../qemu-0.15.0+dfsg/debian/patches/series 
cd ../qemu-0.15.0+dfsg/
apt-get install build-essential devscripts
apt-get build-dep qemu
debuild -us -uc
dpkg -i ../qemu*.deb

You can prevent an upgrade by pinning qemu:

aptitude hold qemu

UPDATE:
A copy of the patch is available here http://malagasy.debian.net/tmp/qemu-patches-8eb98a728e4f.zip

Vita tompoko!!

Some useful links for you 😉

http://code.gns3.net/qemu-patches/
http://forum.gns3.net/topic2784.html
http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/
http://blog.gns3.net/2009/10/olive-juniper/2/
http://www.mediafire.com/?p1izkcij9rkbp87

Envoyer des sms sur debian gnu/linux

Un petit tuto pour envoyer des sms en console sous linux, j’en ai besoin pour combiner avec mon serveur de monitoring Nagios. Le logiciel utilisé est Gammu, c’est très simple!
J’utilise un nokia e71, vous pouvez voir ici si le votre est supporté http://wammu.eu/phones/

aptitude install gammu

Connecter le téléphone sur votre ordinateur, ici j’utilise un cable usb type CA-101D .
Choisir « PC Suite » lors de la connexion.
dmesg donne :

...
[22811.664979] usb 4-1.3: USB disconnect, device number 4
[22814.163152] usb 4-1.3: new full speed USB device number 5 using ehci_hcd
[22814.257804] usb 4-1.3: New USB device found, idVendor=0421, idProduct=00ab
[22814.257810] usb 4-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[22814.257815] usb 4-1.3: Product: Nokia E71
[22814.257819] usb 4-1.3: Manufacturer: Nokia
[22814.355752] cdc_acm 4-1.3:1.10: ttyACM0: USB ACM device
[22814.356452] cdc_acm 4-1.3:1.12: ttyACM1: USB ACM device
[22814.356997] usbcore: registered new interface driver cdc_acm
[22814.356999] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[22814.366980] NET: Registered protocol family 35
[22814.410200] usbcore: registered new interface driver cdc_phonet
[22814.418027] usbcore: registered new interface driver cdc_ether
[22814.419599] usbcore: registered new interface driver rndis_host
[22814.457592] usbcore: registered new interface driver rndis_wlan

lsusb donne :

root@tux:/etc# lsusb
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 004 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 003: ID 138a:0007 Validity Sensors, Inc. VFS451 Fingeprint Reader
Bus 003 Device 004: ID 04f2:b15e Chicony Electronics Co., Ltd
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 046d:c018 Logitech, Inc. Optical Wheel Mouse
Bus 004 Device 003: ID 05ac:1292 Apple, Inc. iPhone 3G
Bus 004 Device 005: ID 0421:00ab Nokia Mobile Phones E71 (PC Suite mode)

Créer le fichier de conf /etc/gammurc :

[gammu]
port = /dev/ttyACM0
connection = at115200

Tester :

# gammu identify
Device               : /dev/ttyACM0
Manufacturer         : Nokia
Model                : unknown (Nokia E71)
Firmware             : V ICPR71_09w47.10,20-01-11
IMEI                 : 352710043176476
SIM IMSI             : 646020100145051

Envoyer le sms :

# echo "hello world" | /usr/bin/gammu --sendsms TEXT 0320533254
If you want break, press Ctrl+C...
Sending SMS 1/1....waiting for network answer..OK, message reference=193

Si vous voulez une interface graphique, vous pouvez installer wammu .

squid + active directory + dansguardian + sarg

Ceci est l’intégration rapide d’un serveur mandataire Squid 3 avec un environnement Active Directory. Le but de l’intégration est d’utiliser l’annuaire pour gérer les utilisateurs et les droits. Je ne me tarderai pas sur la partie AD.

La démarche est la suivante:

  • intégrer le serveur proxy sous debian gnu/linux au domaine M$
  • authentifier les utilisateurs contre les serveurs de domaine avec NTLM
  • installer Squid
  • configurer le serveur mandataire selon votre politique
  • filtrer avec Dansguardian et Clamav
  • générer les statistiques et suivre avec Sarg
  • configuration automatique des navigateurs

Lire la suite