…Details…

Icon

Thoughts that's escape, only details.

Lotus Domino server linux process 100% CPU usage

There was a kernel change from version 2.6.x that causes statistics to suck 100% of CPU, even though the system is lightly loaded, that cause a server crash when loading platform statistics

You can disable this feature by adding this to your notes.ini and restarting the Domino server.
PLATFORM_STATISTICS_DISABLED=1

Linux RHEL – Change hostname

3 step for change hostname to RHEL Linux:

1. edit: /etc/hosts
127.0.0.1 srv03.mil1.wide-net.org localhost.localdomain localhost

2. edit: /etc/sysconfig/network
HOSTNAME=srv03.mil11.wide-net.org

3. past into kernel new hostname
echo "srv03.mil1.wide-net.org" > /proc/sys/kernel/hostname

Or

sysctl kernel.hostname=srv03.mil1.wide-net.org

Consider a restart net services /etc/init.d/network restart but is not strictly required.

Linux – Google Earth

[[email protected] ~]$ /opt/google/earth/free/google-earth
Google Earth appears to be running already. Please kill the
existing process, or delete /home/leo/.googleearth/instance-running-lock if this is an error.
[[email protected] ~]$ rm /home/leo/.googleearth/instance-running-lock
[[email protected] ~]$ /opt/google/earth/free/google-earth

Linux – IBM LinTape driver

If you need to user ibm lto tape drive inside IBM, Adic, Dell tapelibrary, with Tivoli Storage Manager is necessary to use

Download latest driver from IBM Fixcentral:
Storage Systems => Tape Systems => Tape device drivers and software => Linux

Get two two RPMs (my system is an RHEL 5 on 32bit hardware) :
lin_tape-1.61.0-1.src.rpm <== Kernel module
lin_taped-1.61.0-rhel5.i386.rpm <== Binary services

First step, rebuild the source:

# rpmbuild --rebuild lin_tape-1.61.0-1.src.rpm

Installing lin_tape-1.61.0-1.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.625
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd /usr/src/redhat/BUILD
+ rm -rf lin_tape-1.61.0
+ /bin/gzip -dc /usr/src/redhat/SOURCES/lin_tape-1.61.0.tgz
[cut]
Wrote: /usr/src/redhat/RPMS/i386/lin_tape-1.61.0-1.i386.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.18792
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd lin_tape-1.61.0
+ rm -rf /var/tmp/lin_tape-1.61.0-1-root-root
+ exit 0
Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.18792
+ umask 022
+ cd /usr/src/redhat/BUILD
+ rm -rf lin_tape-1.61.0
+ exit 0

Second step, install all:

# rpm -Uhv /usr/src/redhat/RPMS/i386/lin_tape-1.61.0-1.i386.rpm
# rpm -Uhv lin_taped-1.61.0-rhel5.i386.rpm

Last step, start service and check for the probed devices:

# /etc/init.d/lin_tape start

# cat /proc/scsi/IBM*
lin_tape version: 1.61.0
lin_tape major number: 253
Attached Changer Devices:
Number model SN HBA SCSI FO Path
lin_tape version: 1.61.0
lin_tape major number: 253
Attached Tape Devices:
Number model SN HBA SCSI FO Path
0 ULTRIUM-TD2 1110274799 Adaptec 29160B Ultra160 SCSI 2:0:1:0 NA
1 ULTRIUM-TD2 1110275058 Adaptec 29160B Ultra160 SCSI 2:0:2:0 NA

NetworkManager modifies /etc/hosts

There is an annoying bug (or feature depends on point of view) every restart/reconnect managed by NetworkManager, restore the original /etc/hosts loaded on startup. I’ve made a 3 line script inspired by visudo to manual edit the hosts file and prevent the other unexpected modifies:

File like (with +x attribute): /usr/sbin/vihosts

#!/bin/sh
sudo chattr -i /etc/hosts
sudo vim /etc/hosts
sudo chattr +i /etc/hosts

Citrix – ICAClient issue on Linux REHL6

Another stupid Citrix ICAClient issue on Redhat linux:

[[email protected] ~]$ /usr/lib/ICAClient/wfcmgr -icaroot /usr/lib/ICAClient
Warning: Missing charsets in String to FontSet conversion
Warning: Missing charsets in String to FontSet conversion
Warning: Unable to load any usable fontset
Error: Aborting: no fontset found

Solution 1 force language C (my favourite for any lang problems):

[[email protected] ~]$ export LANG=C

Solution 2 remove charset cjkuni:

[[email protected] ~]$ sudo yum remove cjkuni*
Loaded plugins: priorities, product-id, refresh-packagekit, rhnplugin, subscription-manager
Updating Red Hat repositories.
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package cjkuni-fonts-common.noarch 0:0.2.20080216.1-34.el6 will be erased
---> Package cjkuni-fonts-ghostscript.noarch 0:0.2.20080216.1-34.el6 will be erased
---> Package cjkuni-ukai-fonts.noarch 0:0.2.20080216.1-34.el6 will be erased
---> Package cjkuni-uming-fonts.noarch 0:0.2.20080216.1-34.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================
Removing:
cjkuni-fonts-common noarch 0.2.20080216.1-34.el6 @anaconda-RedHatEnterpriseLinux-201105101829.i386/6.1 0.0
cjkuni-fonts-ghostscript noarch 0.2.20080216.1-34.el6 @rhel-i386-workstation-6 6.2 k
cjkuni-ukai-fonts noarch 0.2.20080216.1-34.el6 @rhel-i386-workstation-6 17 M
cjkuni-uming-fonts noarch 0.2.20080216.1-34.el6 @anaconda-RedHatEnterpriseLinux-201105101829.i386/6.1 21 M

Transaction Summary
=============================================================================================================================
Remove 4 Package(s)

Installed size: 37 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing : cjkuni-fonts-ghostscript-0.2.20080216.1-34.el6.noarch 1/4
Erasing : cjkuni-ukai-fonts-0.2.20080216.1-34.el6.noarch 2/4
Erasing : cjkuni-uming-fonts-0.2.20080216.1-34.el6.noarch 3/4
Erasing : cjkuni-fonts-common-0.2.20080216.1-34.el6.noarch 4/4

duration: 336(ms)
Installed products updated.

Removed:
cjkuni-fonts-common.noarch 0:0.2.20080216.1-34.el6 cjkuni-fonts-ghostscript.noarch 0:0.2.20080216.1-34.el6
cjkuni-ukai-fonts.noarch 0:0.2.20080216.1-34.el6 cjkuni-uming-fonts.noarch 0:0.2.20080216.1-34.el6

Complete!
[[email protected] ~]$

Omikey Cardman 4040 – Linux FC14

In this post I describe how to get works OMNIKEY Cardman 4040, a pcmcia smartcard reader/writer under Linux Ferdora 14 using manufacturer PC/SC driver.

1. Install the required packages:

[[email protected] ~]# yum install pcsc-lite openct opensc

2. Configure OpenSC

With PC/SC cardbus access OpenCT is useless but without that daemon, on every smartcard operational commad you get lot of this erros:

Error: can't open /var/run/openct/status: No such file or directory

Then to avoid (openct/opensc/pcscd) conflicts I prefer to disable openct framework like this:

Substitute into /etc/opensc.conf :

reader_drivers = openct, pcsc, ctapi;

With (if is not present, add this under “app default” context):

reader_drivers = pcsc, ctapi;

Stop OpenCT daemon:

[[email protected] ~]# /etc/init.d/openct stop

3. Install PC/SC driver

Download PC/SC driver for Linux form:

http://www.hidglobal.com/

Actual release is “ifdok_cm4040_lnx-2.0.0.tar.gz” this file contains a nice installer, but doesn’t work under fedora, then proceed manually:

[[email protected] ~]# tar -xvf ifdok_cm4040_lnx-2.0.0.tar.gz
[[email protected] ~]# cd ifdok_cm4040_lnx-2.0.0
[[email protected] ifdok_cm4040_lnx-2.0.0]# cp ifdok_cm4040_lnx-2.0.0.so /usr/lib/pcsc/drivers/

Create file: /etc/reader.conf.d/cardman4040.conf

With this content (adjust that if you have more that one pcmcia slot) :

#
# Configuration file for CardMan 4040 smartcard reader.
#
FRIENDLYNAME "OMNIKEY CardMan 4040 Socket 0"
DEVICENAME /dev/cmx0
LIBPATH /usr/lib/pcsc/drivers/ifdok_cm4040_lnx-2.0.0.so
CHANNELID 0

Now insert the smartcard reader into pcmcia slot and restart pcscd:

[[email protected] ~]# /etc/init.d/pcscd restart

4. Test the reader:

If all works fine you can get this output:

[[email protected] ~]# opensc-tool -l
Readers known about:
Nr. Driver Name
0 pcsc OMNIKEY CardMan 4040 Socket 0 00 00
[[email protected] ~]#

Now the reader is ready to use.

Citrix – ICAClient issue on Linux FC13

If you are using Citrix ICA Client (v.11.100) on Linux specially Fedora 13 after “java-1.6.0-openjdk” update the following dependencies will be installed:

baekmuk-ttf-batang-fonts                             2.2-29.fc13
baekmuk-ttf-dotum-fonts                              2.2-29.fc13
baekmuk-ttf-fonts-common                             2.2-29.fc13
baekmuk-ttf-gulim-fonts                              2.2-29.fc13
baekmuk-ttf-hline-fonts                              2.2-29.fc13
cjkuni-ukai-fonts                                    0.2.20080216.1-42.fc13
cjkuni-uming-fonts                                   0.2.20080216.1-42.fc13
lohit-malayalam-fonts                                2.4.4-5.fc13
sazanami-fonts-common                                0.20040629-14.fc13
sazanami-gothic-fonts                                0.20040629-14.fc13
sazanami-mincho-fonts                                0.20040629-14.fc13

After this updates ICAClient stops working with flollowing error:


Warning:
Name: FONTLIST_DEFAULT_TAG_STRING
Class: XmRendition
Conversion failed.  Cannot load font.

The problem was located under “sazanami-mincho-fonts”

I’ve no time to fix fontpath problem in this stupid application developed in motif, then my little workaround was:

Blacklist package under /etc/yum.conf

exclude=sazanami-mincho-fonts*

If you are already installed:

[[email protected] leo]# rpm -e --nodeps  sazanami-mincho-fonts

Linux – Removing all IP information from an interface

If an interface has already had IP addresses assigned to it, and all of the addresses need to be removed (along with their routes), there is one handy command to accomplish all of these tasks. ip address flush takes an interface name as an argument. Let’s look at the output of ip address show just before and just after removing all IPs.

[[email protected]]# ip address show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:f8:4a:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.99.35/24 brd 192.168.99.255 scope global eth0
inet 192.168.99.37/24 brd 192.168.99.255 scope global secondary eth0:0
[[email protected]]# ip address flush
Flush requires arguments.
[[email protected]]# ip address flush dev eth0
[[email protected]]# ip address show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:f8:4a:51 brd ff:ff:ff:ff:ff:ff

CentOS – IPv6 interface

You need to update and configure following files for IPv6 configuration:

1. Edit: /etc/sysconfig/network

And append following line, to enable in systemwide the ipv6 protocol:

NETWORKING_IPV6=yes

2. Edit: /etc/sysconfig/network-scripts/ifcfg-eth1 (or your interface number)

And append following line, to enable ipv6 on interface and the address/gateway if you use static routing:

IPV6INIT=yes
IPV6ADDR=2001:1418:0193:000B::210
IPV6_DEFAULTGW=2001:1418:0193:000B::251

Save, close and restart network service:

# service network restart

Debian – Kernel Headers

Memo: Install linux-header package

# apt-get install linux-headers-$(uname -r)

GRUB – Init Shell

Sometime in case of root password lost or file system corruption, you need to boot system with simple shell, skipping the init sequence.

1. At Grub prompt press ‘e’ to edit command before booting.

2. Select ‘kernel’ line

3. Press ‘e’ again to edit selected command

4. Type follow at end of the line: init=/bin/bash (or sh)

5. Press ‘b’ to boot system

6. Now you are at shell prompt. Enjoy

Securing “tmp” without repartition

1. First you should secure /tmp:

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:

# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:

# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:

# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:

/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:

# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get “permission denied” it is fine :)

2. Secure /var/tmp:

It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.

Rename it and create a symbolic link to /tmp:

# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp

Copy the old data back:

# cp /var/tmpold/* /tmp/

Note: you should restart and services that uses /tmp partition

Debian NetInstall – Sparc

Per prima cosa è necessario avere un host linux nel mio caso Debian, e poi ovviamente una Sparc :)

Sull’host linux è necessario avere un server rarp e tftp quindi installiamo in questo modo:

vm01:~# apt-get install rarpd tftpd-hpa

Configuriamo rarpd, editando il seguente file /etc/ethers inserendo una riga con mac address della sparc (si può vedere appena accesa da OpenBoot):

XX:XX:XX:XX:XX:XX 192.168.xx.xx


Riavviamo per applicare le modifiche:

vm01:~# /etc/init.d/rarpd restart

OpenBoot all’avvio una volta ricevuto l’ip cercherà l’immagine nel tftp on notazione decimale, ammettendo che l’ip sia 192.168.101.9 effettuiamo la conversione in questo modo:

vm01:~# printf "%.2X%.2X%.2X%.2X\n" 192 168 101 9
C0A86509

Scarichiamo quindi l’immagine di netinstall di debian, e creiamo un link simbolico con la notazione decimale:

vm01:~# cd /var/lib/tftpboot
vm01:~# wget ftp://ftp.debian.org/debian/dists/stable/main/installer-sparc/current/images/netboot/boot.img
vm01:~# ln -s boot.img C0A86509

Successivamente da Sparc all’avvio, premere Stop-A o Break per mostrare il prompt di OpenBoot (“ok “) e digitare

boot net

Securing /dev/shm

Edit your /etc/fstab:

# vi /etc/fstab

change:

none /dev/shm tmpfs defaults,rw 0 0

to

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Remount /dev/shm:

# mount -o remount /dev/shm

You can test it runnig a script on /dev/shm, if you get “permission denied” it is fine!

Iptables Flush

Full flush iptables script:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Extract files from DEB package

Some day ago, I wrote about RPM extraction, today I need content of DEB packcage, on the contrary of rpm systems debian package manager allow to extract natively by this command:

#dpkg-deb -x somepackage.i386.deb

But my problem is different, I not using Debian sytem, fortunately DEB files are “ar” archives, which contain three files:
– debian-binary
– control.tar.gz
– data.tar.gz

first, extract “ar” archive with this simple command:

# ar vx somepackage.i386.deb

then extract the contents of data.tar.gz using tar:

# tar -xzvf data.tar.gz

Or, if you want, you can made in one step:

# ar p somepackage.i386.deb data.tar.gz | tar zx

Extract files from RPM package

There is no direct RPM option available via rpm command to extract an RPM file. But there is a small utility available called rpm2cpio. It Extract cpio archive from RPM Package Manager (RPM) package.
Example extract RPM file using rpm2cpio and cpio command:

# rpm2cpio somepackage.x86_64.rpm | cpio -idmv

Output of rpm2cpio piped to cpio command with following options:
i: Restore archive
d: Create leading directories where needed
m: Retain previous file modification times when creating files
v: Verbose

Auto Check – OpenVPN

Su connessioni fastweb usando openvpn è in caso di restart dei router di destinazione spesso le sessioni restano appese e non viene ristabilito il tunnel, in teoria questo bug è stato risolto nelle ultime release, per non rischiare 4 righe di script:

#!/bin/bash
if ! ping -c 1 -w 5 "xxx.xxx.xxx.xxx" &>/dev/null ; then
/etc/init.d/openvpn restart
fi

Eseguite ogni 5 minuti come da cron:

*/5 * * * * /root/yeahup

ProFTP(D) – Ident Lookups

Visto che mi è capitato e mi dimentico sempre, proftpd nell’installazione standard (Debian per capirci) è attivo di defaultl l’ident del client, quindi colpa del reverse o colpa dei dns mal configurati la connessione risulta parecchio lenta nella fase di autenticazione.

Per risolvere:

#/etc/proftpd/proftpd.conf
IdentLookups no

Linux – Iftop

iftop command listens to network traffic on a named network interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts. iftop is a perfect tool for remote Linux server over ssh session.

iftop must be run by the root or the user who has sufficient permissions to monitor all network traffic on the network interface.
Type iftop command at tge shell prompt to display traffic:

# iftop


However, iftop works best when you use filters. For example, if you want to find out how much bandwidth users are wasting or trying to figure out why the network is slow,

# iftop -f icmp

You can display or analyses packet flowing in and out of the 192.168.1.0/24 network:

# iftop -F 192.168.1.0/24

Disable output for DNS traffic by using filter code such as:

# iftop -f 'not port domain'

iftop has many options read man page for further information.

Linux – Send mail from command line

The Linux command line can be very powerful once you know how to use it. You can parse data, monitor

Mutt:
One of major drawbacks of using the mail command is that it does not support the sending of attachments. mutt, on the other hand, does support it. I’ve found this feature particularly useful for scripts that generate non-textual reports or backups which are relatively small in size which I’d like to backup elsewhere. Of course, mutt allows you to do a lot more than just send attachments. It is a much more complete command line mail client than the “mail” command. Right now we’ll just explore the basic stuff we might need often. Here’s how you would attach a file to a mail:

# echo "Sending an attachment." | mutt -a backup.zip -s "attachment" [email protected]

This command will send a mail to [email protected] with the subject (-s) “attachment”, the body text “Sending an attachment.”, containing the attachment (-a) backup.zip. Like with the mail command you can use the “-c” option to mark a copy to another mail id.
Shell scripting:
Now, with the basics covered you can send mails from your shell scripts. Here’s a simple shell script that gives you a reading of the usage of space on your partitions and mails the data to you.

#!/bin/bash
df -h | mail -s "disk space report" [email protected]

Save these lines in a file on your Linux server and run it. You should receive a mail containing the results of the command. If, however, you need to send more data than just this you will need to write the data to a text file and enter it into the mail body while composing the mail. Here’s and example of a shell script that gets the disk usage as well as the memory usage, writes the data into a temporary file, and then enters it all into the body of the mail being sent out:

#!/bin/bash
df -h > /tmp/mail_report.log
free -m >> /tmp/mail_report.log
mail -s "disk and RAM report" [email protected] < /tmp/mail_report.log

Now here’s a more complicated problem. You have to take a backup of a few files and mail then out. First the directory to be mailed out is archived. Then it is sent as an email attachment using mutt. Here’s a script to do just that:

#!/bin/bash
tar -zcf /tmp/backup.tar.gz /home/leo/files
echo | mutt -a -s /tmp/backup.tar.gz "daily backup of data" [email protected]

The echo at the start of the last line adds a blank into the body of the mail being set out.

Debian – Service startup

Under Debian Linux startup files are stored in /etc/init.d/ directory and symbolic linked between /etc/rcX.d/ directory exists. Debian Linux uses System V initialization scripts to start services at boot time from /etc/rcX.d/ directory. Debian Linux comes with different utilities to remove unwanted startup file

Using rcconf:

This tool configures system services in connection with system runlevels. It turns on/off services using the scripts in /etc/init.d/. Rcconf works with System-V style runlevel configuration. It is a TUI(Text User Interface) frontend to the update-rc.d command.

Install rcconf in Debian:

#apt-get install rcconf

To start rconf, login as root user and type rcconf

# rcconf

Select the service you would like to enable or disable.

Using sysv-rc-conf:

sysv-rc-conf provides a terminal GUI for managing “/etc/rc{runlevel}.d/” symlinks. The interface comes in two different flavors, one that simply allows turning services on or off and another that allows for more fine tuned management of the symlinks. Unlike most runlevel config programs, you can edit startup scripts for any runlevel, not just your current one.

Install sysv-rc-conf in debian:

#apt-get install sysv-rc-conf

This will install sysv-rc-conf.Now you need to run the following command

# sysv-rc-conf

Select the service you would like to enable or disable.

Both sysv-rc-conf and rcconf are best tools to use on Remote Debian Linux or when GUI is not available

You can also use update-rc.d script as follows (update-rc.d removes any links in the /etc/rcX.d directories to the script /etc/init.d/service):

# update-rc.d -f {SERVICE-NAME} remove

For example to stop xinetd service you can type command as follows:

# update-rc.d -f xinetd remove

Debian – Change installation language

# dpkg-reconfigure locales

CentOS – Asterisk

Brevemente, come installare Asterisk su CentOS usando yum.
Partiamo dal indicare che ufficialmente CentOS nei sui repository non ha i pacchetti di asterisk, quindi è necessario utilizzarne degli altri, in particolare quelli di Trixbox che come ben sapere è basata su questa distribuzione.

Per primo, installare il plug-in che ci permette di gestire le priorità

[[email protected] ~]# yum install yum-priorities

Creare un file con il seguente contenuto e posizionarlo in /etc/yum.repos.d/ nominandolo con estensione .repo

[trixbox]
name=Trixbox – Repo
baseurl=http://yum.trixbox.org/centos/5/RPMS/
gpgcheck=0
priority=2
enabled=1

A questo punto è necessario inserire il campo “priority=1” negli altri .repo presenti nella directory e procedere con l’installazione di asterisk soddisfando le dipendenze relative ad esso con il repository di Trixbox per evitare incompatibilità.

Debian – PXE installation

Dato che ultimamente è più facile per me avere a portata di mano un portatile o dispositivo simile e non i cd che vanno innesorabilmente persi, mi sono deciso a mettere un sistema di boot PXE sul notebook per effettuare l’installazioni dei server.

Ecco quello che serve per partire, è necessario avere questi 3 pacchetti:
– Il server TFTP dove risiederanno le immagini di boot.
– Il server DHCP per distribuire gli indirizzi e i parametri PXE
– Il dnsmasq questo servirà ad installazione avviata per recuperare i pacchetti dal repository

1. Quindi prima cosa installiamo:

[email protected]:~/apt-get install tftpd-hpa dhcp3-server dnsmasq

2. Abilitiamo il server tftp con questi passaggi:

Editiamo:
/etc/default/tftpd-hpa

Modificando questo parametro:
RUN_DAEMON=”no”
in questo:
RUN_DAEMON=”yes”
Io mi sono creato per comodità un link simbolico alla root del tftp in /

[email protected]:~# ln -s /var/lib/tftpboot /tftp-root

Ora di può far partire il servizio:

[email protected]:~# /etc/init.d/tftpd-hpa start

3. Abilitiamo il server dhcp:

Editiamo questo file:
/etc/dhcp3/dhcpd.conf

Inserendo queste righe:

option domain-name-servers 192.168.10.50;
default-lease-time 86400;
max-lease-time 604800;
authoritative;

subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.10 192.168.1.20;
filename “pxelinux.0”;
next-server 192.168.10.50;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.10.50;
}

Ora di può far partire il servizio:

[email protected]:~# /etc/init.d/dhcpd-server start

4. Abilitiamo il dnsmasq

Editiamo questo file:
/etc/dnsmasq.conf

dhcp-boot=pxelinux.0,tardis,192.168.10.50

Ora di può far partire il servizio:

[email protected]:~# /etc/init.d/dnsmasq start

5. Routing:

Questa parte ci serve per fare il get dal repository usando il portatile da router.

[email protected]:~# echo 1 > /proc/sys/net/ipv4/ip_forward

6. Prepariamo il repository locale:

[email protected]:~# cd /tftp-root
[email protected]:~# wget http://ftp.nl.debian.org/debian/dists/etch/main/installer-i386/current/images/netboot/netboot.tar.gz
[email protected]:~# tar xvf netboot.tar.gz

Con questa operazione creaiamo il repository per il boot normale senza opzioni, eventuali parametri andranno specificati manualmente.

Ora collegando una macchina da installare con il pxe abilitato, prederà l’ip dal server dhcp e caricherà l’immagine di boot tramite tftp!

Debian – debian-sys-maint

Se per sbaglio durante un restore di un database mysql cancellaste l’utente di sistema debian-sys-maint
Potete ripristinarlo usando la password generata e scritta in chiaro in questo file:

/etc/mysql/debian.cnf

Questo è necessario se usate il sitema APT per gestire gli aggiornamenti dei servizi, in caso contrario non ha senso di esistere.

Tool – Make Self

Segnalo un tool per creare gli eseguibili autoestraenti sui sistemi *nix sempre utile per ogni evenienza.

http://megastep.org/makeself/

VPS Linux – TUN/TAP Device

Se aquistato una vps con Debian basata su XEN ricordatevi che nella maggio parte dei casi mancano tools per gestire i moduli quindi per utilizzare un qualsiasi modulo in questo caso particolare tun/tap occorre installarli:

# apt-get install module-init-tools

#modprobe tun

# mkdir /dev/net

# mknod /dev/net/tun c 10 200

A questo punto è tutto pronto.

Per riconoscere se è questo il vostro problema è facile incorrere in questo errore:

QM_MODULES: Function not implemented

Linux – Zabbix Build 1.6.1 (MySql)

Una breve guida sull’implementazione di questo giovane netmonitor che a mio avviso a differenza di soluzioni più conosciute e consolidate come nagios, introduce una gestione molto più web oriented semplificando moldo le operazioni in ambienti che necessitano di rapida scalabilità.

L’installazione è stata effettuato con successo usando Debian Etch 4.0r5 e CentOS 5.2 inutile dire che tutte le operazio che seguiranno dovranno essere fatte da utente ‘root’

1. Prepariamo quello che ci serve per la compilazione:

tardis:~# aptitude -y install build-essential libmysqlclient-dev libssl-dev libsnmp-dev libiksemel-dev libcurl3-dev

tardis:~# apt-get install snmp libiksemel3 libcurl3 libsnmp-base libmysqlclient15off

2. Scarichiamo i sorgenti, e procediamo con scompattazione:

tardis:~# wget http://garr.dl.sourceforge.net/sourceforge/zabbix/zabbix-1.6.1.tar.gz
tardis:~# tar zxvf zabbix-1.6.1.tar.gz
tardis:~# cd zabbix-1.6.1

3. Configurazione e compilazione, in questo caso verà compilato oltre all’agente dedicato a discovery e al monitoraggio, anche il server che ha la funzione di raccogliere di dati dai vari agent, gestire gli allarmi e le operazioni di cordinameto:

tardis:~# ./configure –prefix=/usr –with-mysql –with-net-snmp –enable-server –enable-agent –enable-ipv6 –with-jabber
tardis:~# make

Ora una piccola nota, se compilaste direttamente su macchine di produzione a questo punto basterebbe fare un ‘make install’ non avendo gli strumenti dedicati, è necessario spostare il compilato sulla macchina dedicata e procedere a mano, quindi (questa fase è da eseguire sulla macchina di produzione che dovrà avere a bordo Apache2, PHP5, Mysql5 già funzionanti):

4. Creiamo utente e gruppo dedicato:

groupadd zabbix
useradd -c ‘Zabbix’ -d /home/zabbix -g zabbix -s /bin/bash zabbix
mkdir /home/zabbix
chown zabbix:zabbix /home/zabbix

5. Creiamo database e utente dedicato in mysql server:

mysql -p -u root
create database zabbix;
grant all on zabbix.* to ‘zabbix’@’localhost’ identified by ‘changeme’;
quit;

6. Popoliamo le tabelle del database:

server:~/zabbix-1.6.1# mysql -u root -p zabbix  < create/schema/mysql.sql
server:~/zabbix-1.6.1# mysql -u root -p zabbix < create/data/data.sql
server:~/zabbix-1.6.1# mysql -u root -p zabbix < create/data/images_mysql.sql

7. Creaiamo una struttura di directory dedicata, questa soluzione potrebbe risultare noiasa, ma durante le operazioni di aggiornamento e manutenzione sarà molto più comodo e veloce:

server:~# mkdir /usr/share/zabbix
server:~# mkdir /usr/share/zabbix/sbin
server:~# mkdir /usr/share/zabbix/etc
server:~# mkdir /usr/share/zabbix/frontends

8. Con i seguenti passaggi creaiamo un link simbolico delle /etc di zabbix alla /etc di sistema, copiamo il frontend php nella directory dedicata, e infine copiamo gli esguibili compilati che ci servono:

server:~/zabbix-1.6.1# ln -s /usr/share/zabbix/etc/ /etc/zabbix
server:~/zabbix-1.6.1# cp -r frontends/php/* /usr/share/zabbix/frontends

server:~/zabbix-1.6.1# cp src/zabbix_agent/zabbix_agent /usr/share/zabbix/sbin/zabbix_agent
server:~/zabbix-1.6.1# cp src/zabbix_agent/zabbix_agentd /usr/share/zabbix/sbin/zabbix_agentd
server:~/zabbix-1.6.1# cp src/zabbix_server/zabbix_server /usr/share/zabbix/sbin/zabbix_server

9. Configuriamo i file di init.d copiandoli e aggiustando i path

server:~/zabbix-1.6.1# cp misc/init.d/debian/* /etc/init.d/

Modificate entrambi gli script aggiustando i path in particolare questa riga:

da così: DAEMON=/home/zabbix/bin/${NAME}
deve diventare così: DAEMON=/usr/share/zabbix/sbin/${NAME}

10. Aggiungiamo la definizione delle porte usate da zabbix nei /etc/services

echo ”
zabbix_agent 10050/tcp # Zabbix ports
zabbix_trap 10051/tcp” >> /etc/services

11. Copiamo le configurazioni di default e apportiamo le modifiche di base:

server:~/zabbix-1.6.1# chown -R zabbix:zabbix /usr/share/zabbix/etc
server:~/zabbix-1.6.1# cp misc/conf/zabbix_* /usr/share/zabbix/etc

Editiamo il file: zabbix_agentd.conf e assicuriamoci che ci sia la seguente riga

Server=127.0.0.1

Editiamo zabbix_server.conf

max_execution_time = 300
date.timezone = UTC
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=changeme

12. Apache e PHP

Nel file php.ini è necessario avere i seguenti parametri definiti:

max_execution_time = 300
date.timezone = UTC

La configurazione di apache è abbastanza a discrezione dell’amministratore si può fare in due modi:

Creando un vhost dedicato:

<virtualhost>
ServerName zabbix.domain.tld
DocumentRoot /usr/share/zabbix/frontends
<directory>
Options FollowSymLinks
AllowOverride None
</directory>
</virtualhost>

Oppure creando un’alias in una vhost già definito:

<IfModule mod_alias.c>
Alias /zabbix /usr/share/zabbix/frontends
</IfModule>

13. Ora se tutto è stato fatto correttamente avviando i servizi e aprendo la pagina web si potrà procedere con la rapiada configurazione del frontends e poi all’uso ma prima i seguenti comandi:

/etc/init.d/apache2 restart
/etc/init.d/zabbix-server start
/etc/init.d/zabbix-agent start

Linux – IPv6 Tunnel Broker

Come definire il link ad un tunnel broker i questo esempio HE.net da sistema operativo linux utilizzando i net tools

Prima parte crea l’interfaccia di tunneling sull’ipv4:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.42

Seconda parte genera l’endpoint del tunnel in ipv6:

ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f12:11c::2/64

Terza parte definisce la rotta sul device relativo all’endpoing del tunnel per tutto il traffico ipv6:

route -A inet6 add ::/0 dev sit1

Archives