Saturday 7 January 2017

Packstack installation mariadb error

Here is the error I get 
ip_mariadb.pp:                          [ ERROR ]
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run: ip_mariadb.pp
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install mariadb' returned 1: Transact
ion check error:

You will find full trace in log /var/tmp/packstack/ZCy5o5/manifests/
ip_mariadb.pp.log

Please check log file /var/tmp/packstack/ZCy5o5/openstack-setup.log
for more information
Additional information:


Remove mysql and install mariadb manually
# yum remove mysql mysql-libs mysql-devel mysql-server
# yum install mariadb mariadb-libs mariadb-devel mariadb-server

After that run packstack again

# packstack --answer-file rdo.txt

Sunday 1 January 2017

Packstack Openstack Installation

After installing CentOS 7
Instal RDO
#yum install -y https://rdoproject.org/repos/rdo-release.rpm

Because installation not compatible with openstack-packstack
#systemctl stop NetworkManager; systemctl disable NetworkManager

Install openstack
#yum install -y centos-release-openstack-mitaka

Install packstack
#yum install -y openstack-packstack

get the answer file
# packstack --gen-answer-file /root/answers.txt


change with your options
CONFIG_NTP_SERVERS=pool.ntp.org
CONFIG_KEYSTONE_ADMIN_PW=password
CONFIG_DEFAULT_PASSWORD=password
CONFIG_HORIZON_SSL=y
CONFIG_PROVISION_DEMO=n


start installation
#packstack --answer-file /root/answers.txt



You may face this error

Preparing Nova VNC Proxy entries [ ERROR ]

ERROR : [Errno 2] No such file or directory: '/etc/pki/tls/certs/selfcert.crt'
Please check log file /var/tmp/packstack/20161109-192844-cGjfCc/openstack-setup.log for more information


Solution:
# openssl req -x509 -sha256 -newkey rsa:2048 -keyout selfkey.key -out selfcert.crt -days 1024 -nodes
# cp selfkey.key /etc/pki/tls/private/
# cp selfcert.crt /etc/pki/tls/certs

change answer file
CONFIG_SSL_CERT_DIR=/root/packstackca/

and put your ip here
ln -s /etc/pki/tls/certs/ssl_vnc.crt/root/packstackca/certs/PUTYOURIPssl_vnc.crt

Tuesday 9 August 2016

Scappy vlan information

scappy vlan information 
In scappy because of implementation , capturing with scappy do not collect vlan information. Instead of this I prefer collecting pcap information via os command and tcpdump. After that I proceed with scappy

>>> a=rdpcap("/tmp/test.pcap")
>>> a[0]
<Ether  dst=xx:xx:xx:xx:xx:xx src=xx:xx:xx:xx:xx:xx type=0x8100 |<Dot1Q  prio=0L id=0L vlan=3625L type=0x8100 |<Dot1Q  prio=0L id=0L vlan=3625L type=0x800 |<IP  version=4L ihl=5L tos=0xe0 len=107 id=14873 flags= frag=0L ttl=63 proto=udp chksum=0x5a4a src=xx.xx.xx.xx dst=xx.xx.xx.xx options=[] |<UDP  sport=xx dport=xx len=87 chksum=0x0 |<Raw  xxxxxxxxx>>>>>>


Devstack installation , Ubuntu

Devstack installation on Ubuntu 14.04 server version.  I installed on Vmware Player. 

$ adduser stack

Install sudo if not installed 
$ apt-get install sudo -y 

Adding user to sudo group 
$ sudo adduser stack sudo 

Install git 
$ sudo apt-get install git -y

Devstack clone
$ git clone https://git.openstack.org/openstack-dev/devstack

$ cd devstack 

Config file copy 
$ cp ./samples/local.conf  .



Edit local.conf file
FLOATING_RANGE a range not used on the local network
FIXED_RANGE to configure the internal address space used by the instances
FLAT_INTERFACE to the Ethernet interface that connects the host to your local network 

FLOATING_RANGE=192.168.1.0/24
FIXED_RANGE=192.168.149.1/24
FLAT_INTERFACE=eth1

This is could be goog if you have multiple network card 
HOST_IP=127.0.0.1

Start installation
$./stack.sh 


You can get these kind of errors, also find solution here 

Error
[ERROR] /home/stack/devstack/functions-common:604 git call failed: [git clone https://github.com/kanaka/noVNC.git /opt/stack/noVNC

Solution 
Download noVNC from github, extract as /opt/stack/noVNC .
And run ./stack.sh again. 


Error
OfflineGenerationError at /auth/login/
You have offline compression enabled but key "71f1bb91aa1db46c691a399635d662c7" is missing from offline manifest. You may need to run "python manage.py compress".

Solution
/opt/stack/horizon/openstack_dashboard/local
COMPRESS_OFFLINE=True --> False

Tuesday 13 October 2015

scramble values in csv file

I need to do kind of scrambling, or mixing some values in certain columns if csv file. Kind of security issue. So python takes argument of column place in the file to mix. You can state more than one column. It keeps first 8 number and shuffles rest. You change this part for more.
SHELL PART
I do process controls here, for not running twice or more.

#!/bin/sh
#used for process control
probe=SMTH
if [ -e /tmp/.transferfile$probe.pid ]
then
  PID=`cat /tmp/.transferfile$probe.pid`
  PROC=`ps $PID | wc -l`
  if [ $PROC -gt 1 ]
    then
    exit 0
  fi
fi


echo $$ > /tmp/.transferfile$probe.pid


ls /folder| grep ^filename  | while read file 
do
        /usr/bin/python /pathto/xdrscramble.py -i /folder/$file -o /newfolder/ -c 7 9 16  
       

done







 PYTHON PART


import csv
import os
import sys
import getopt
import random
from random import shuffle
keep = 8


def main(argv):
        inputfile = ''
        outputfile = ''
        try:
                opts, args = getopt.getopt(argv,"hi:o:c",["ifile=","ofile="])
        except getopt.GetoptError:
                print 'xdrscamble.py -i  -o '
                sys.exit(2)
        for opt, arg in opts:
                if opt == '-h':
                        print 'xdrscamble.py -i  -o  -c column1 column2'
                        sys.exit()
                elif opt in ("-i", "--ifile"):
                        inputfile = arg
                        inputdir = os.path.dirname (inputfile)
                        inputfilename = os.path.basename (inputfile)
                elif opt in ("-o", "--ofile"):
                        outputfile = arg
                elif opt in ("-c", "--columns"):
                        mixthem  = args
        f = open(inputfile)
        xdrfile = csv.reader(f)
        print inputdir+ "/" +  "tmp_"+inputfilename
        fo = open(inputdir+ "/" +  "tmp_"+inputfilename,'wb')
        writer= csv.writer(fo)
        for row in xdrfile:
                for columns in mixthem:
                        columns=int(columns)
                        columns = columns -1
                        if row[columns] != "_":
                                x=row[columns]
                                rowx=row[columns][keep:]
                                y=mixup(rowx)
                        row[columns] = row[columns][0:keep]
                writer.writerow(row)
        fo.close
        f.close
        os.system ("mv " + inputdir+ "/" +  "tmp_" + inputfilename + " " + outputfile + "/" + inputfilename )  
        os.remove (inputfile)







def mixup(rowx):
        as_list_of_letters = list(rowx)
        random.shuffle(as_list_of_letters)
        return ''.join(as_list_of_letters)



if __name__ == "__main__":
        main(sys.argv[1:])

Wednesday 30 September 2015

Oracle cx_Oracle python nagios DB check


I used this python plugin for nagios to find delay in a database. Database is used for etl processes. You need to create a readonly user at Oracle DB.

It takes arguments ip of db, delay , table name holds delay data, and sid
#!/usr/bin/python
import sys,os


import cx_Oracle
ip = str(sys.argv[1])
port = 1521
SID = str(sys.argv[4])
maxcount = sys.argv[2]
TABLE = str(sys.argv[3])

dsn_tns = cx_Oracle.makedsn(ip, port, SID)
connection = cx_Oracle.connect('dbuser', 'dbpass', dsn_tns)
cursor = connection.cursor()
cursor.execute("SELECT max(m5_id) FROM  " + TABLE )

m5_id = cursor.fetchall()[0][0]
cursor.execute("SELECT ROUND((SYSDATE -(SELECT MAX(M5_REAL_DATE_LOCAL) FROM " + TABLE + "))*1440,2)  FROM DUAL")
delay = cursor.fetchall()[0][0]
cursor.close()
connection.close()


if int(delay) < int(maxcount):
        print "OK | "  + str(delay) 
        sys.exit(0)
else:
        print "NOK | "  + str(delay) 
        sys.exit(2)



Nagios definitions
define command{
        command_name    check_dwhtime3
        command_line    $USER1$/check_dbrecordcount2.py   $HOSTADDRESS$   $ARG1$  $ARG2$ $ARG3$
        }


define service{
        use                     generic-service
        host_name               servername
        service_description     DWH time
        check_command           check_dwhtime3!90!DWH.DWH_TIME_TB!SID
        contact_groups          admins
}

Tuesday 29 September 2015

log trace send application logs to remote syslog server

I aimed send log file (not /var/log/* all kind of application log files) from a system to remote syslog server. Nice part ; using multiple cpu, runs as a deamon , and it is configurable :) - you can specify any file,  you can search specific keywords or you can send all lines. all syslog proprieties are also configurable .



Probably you cant see all code so please select all start from to
#!/usr/bin/python to the end and then paste. You will see all codes.

Description: This threaded python script checks text files which defined in parameter file and (if you want you can specify search keywords) send lines to syslog server (with server, port, facility,priority) or any local file. It runs in daemon mode.


#!/usr/bin/python
#Name:          Logtrace
#Release:       v0.2    03.June.2007
#Description:   This threaded python script checks text files which defined in parameter file and
#               (if you want you can specify search keywords) send lines to syslog
#               server (with server, port, facility,priority) or any local file.
#               It runs in daemon mode. 
#               Threads depends on logfile count*2.
#Written by:    ANIL ERCAN SONMEZ 
#Modified by:
#Notice:        You will see many processes, if you check with ps command.
#Modules:       ConfigParser,os,re,socket,sys,threading,time
#
#
#======================================================================
#Parameter file content:
#;Log parameters for logtrace python script
#;
#;Put your parameter file (logparam.ini) and script in the same directory
#;
#;Each section [] starts with logfile_??
#;
#;logfilename:   Put your file name here search for logtext_?? and send each line to syslog server or any local file.
#;
#;logfacility:   auth,authpriv,cron,daemon,kern,lpr,mail,news,security,syslog,user,uucp
#;               local0,local1,local2,local3,local4,local5,local6,local7
#;               You can configure your syslog server which facility will be written to files.
#;               Check syslog documentation for priority and facility.
#;
#;logpriority:   alert,crit,debug,emerg,err,error,info,notice,panic,warn,warning
#;               You can configure syslog server which priority  will be written to files.
#;               Check syslog documentation for priority and facility
#;
#;logserver:     Ip adress of your syslog server.
#;               Please check syslog server has started with -r option and syslog.conf
#;               is configured to write to relative log file (messages etc.).
#;               You can find further information in syslog documentation.
#;               If you want to send logs another file in local system
#;               (except syslog controlled files messages,cron,boot etc)
#;               leave empty logport option leave empty logport option
#;
#;logport:       syslog port, default 514.
#;
#;timeout:       frequeny of log file control.
#;
#;logtext_??:    search text for you log file. Use '' for sending all of new records.You can append more search.
#
#
#
#[logfile_01]
#logfilename=/var/log/bootlog
#logfacility=kern
#logpriority=alert
#logserver=127.0.0.1
#logport=514
#logtimeout=1
#logtext_01=ara
#
#[logfile_02]
#logfilename=/var/log/cron
#logfacility=kern
#logpriority=alert
#logserver=127.0.0.1
#logport=514
#logtimeout=1
#logtext_01=anil
#logtext_02=test
#logtext_03=
#
#[logfile_03]
#logfilename=/var/log/secure
#logfacility=kern
#logpriority=alert
#logserver=/var/log/anil
#logport=
#logtimeout=1
#logtext_01=
#======================================================================

def daemonize():
        import os,sys
        if os.fork(): os._exit(0)
        os.setsid()
        sys.stdin  = sys.__stdin__  = open('/dev/null','r')
        sys.stdout = sys.__stdout__ = open('/dev/null','w')
        sys.stdout = sys.__stderr__ = os.dup(sys.stdout.fileno())

def log_watcher(logfilename,logfacility,logpriority,logserver,logport,logtimeout,search_keywords):
        import time, os, re
        file = open(logfilename, 'r')
        watcher = os.stat(logfilename)
        this_modified = last_modified = watcher[8]

        """ Go to the end of the file """
        file.seek(0,2)

        """ Main Loop """
        while 1:
                if this_modified > last_modified:
                        last_modified = this_modified
                        """ File was modified, so read new lines, look for error keywords """
                        while 1:
                                line = file.readline()
                                if not line: break
                                for keyword in search_keywords:
                                        if re.search(keyword, line):
                                                if logport=='':
                                                        lgrfile=open(logserver,"a")
                                                        lgrfile.write(logfilename+' ' +line)
                                                        lgrfile.close()
                                                else:
                                                        lgr = syslog_client((logserver,int(logport)))
                                                        lgr.log(line,facility=logfacility,priority=logpriority)
                watcher = os.stat(logfilename)
                this_modified = watcher[8]
                time.sleep(int(logtimeout))

def configread():
        config = ConfigParser.ConfigParser()
 confpath =  os.path.dirname(sys.argv[0]) + '/logparam.ini'
        """config.read(['/usr/local/tcell/bin/logparam.ini'])"""
 config.read([confpath])
        thr = []
        daemonize()
        for section in config.sections():
                if re.search('logfile',section) :
                        logfilename= config.get(section,'logfilename')
                        logfacility= config.get(section,'logfacility')
                        logpriority= config.get(section,'logpriority')
                        logserver= config.get(section,'logserver')
                        logport=  config.get(section,'logport')
                        logtimeout= config.get(section,'logtimeout')
                        search_keywords=[]
                        for option in config.options(section):
                                if re.search('logtext',option):
                                        keyword = config.get(section,option)
                                        search_keywords.append(keyword)
                        thr= threading.Thread(target=log_watcher,kwargs={"logfilename":logfilename,"logfacility":logfacility,"logpriority":logpriority,"logserver":logserver,"logport":logport,"logtimeout":logtimeout,"search_keywords":search_keywords})
                        thr.start()


#-----This part belong to Sam Rushing syslog.py
# ======================================================================
# Copyright 1997 by Sam Rushing
#
#                         All Rights Reserved
# priorities (these are ordered)

LOG_EMERG               = 0             #  system is unusable
LOG_ALERT               = 1             #  action must be taken immediately
LOG_CRIT                = 2             #  critical conditions
LOG_ERR                 = 3             #  error conditions
LOG_WARNING             = 4             #  warning conditions
LOG_NOTICE              = 5             #  normal but significant condition
LOG_INFO                = 6             #  informational
LOG_DEBUG               = 7             #  debug-level messages

#  facility codes
LOG_KERN                = 0             #  kernel messages
LOG_USER                = 1             #  random user-level messages
LOG_MAIL                = 2             #  mail system
LOG_DAEMON              = 3             #  system daemons
LOG_AUTH                = 4             #  security/authorization messages
LOG_SYSLOG              = 5             #  messages generated internally by syslogd
LOG_LPR                 = 6             #  line printer subsystem
LOG_NEWS                = 7             #  network news subsystem
LOG_UUCP                = 8             #  UUCP subsystem
LOG_CRON                = 9             #  clock daemon
LOG_AUTHPRIV    = 10    #  security/authorization messages (private)
#  other codes through 15 reserved for system use
LOG_LOCAL0              = 16            #  reserved for local use
LOG_LOCAL1              = 17            #  reserved for local use
LOG_LOCAL2              = 18            #  reserved for local use
LOG_LOCAL3              = 19            #  reserved for local use
LOG_LOCAL4              = 20            #  reserved for local use
LOG_LOCAL5              = 21            #  reserved for local use
LOG_LOCAL6              = 22            #  reserved for local use
LOG_LOCAL7              = 23            #  reserved for local use

priority_names = {
        "alert":        LOG_ALERT,
        "crit":         LOG_CRIT,
        "debug":        LOG_DEBUG,
        "emerg":        LOG_EMERG,
        "err":          LOG_ERR,
        "error":        LOG_ERR,                #  DEPRECATED
        "info":         LOG_INFO,
        "notice":       LOG_NOTICE,
        "panic":        LOG_EMERG,              #  DEPRECATED
        "warn":         LOG_WARNING,            #  DEPRECATED
        "warning":      LOG_WARNING,
        }

facility_names = {
        "auth":         LOG_AUTH,
        "authpriv":     LOG_AUTHPRIV,
        "cron":         LOG_CRON,
        "daemon":       LOG_DAEMON,
        "kern":         LOG_KERN,
        "lpr":          LOG_LPR,
        "mail":         LOG_MAIL,
        "news":         LOG_NEWS,
        "security":     LOG_AUTH,               #  DEPRECATED
        "syslog":       LOG_SYSLOG,
        "user":         LOG_USER,
        "uucp":         LOG_UUCP,
        "local0":       LOG_LOCAL0,
        "local1":       LOG_LOCAL1,
        "local2":       LOG_LOCAL2,
        "local3":       LOG_LOCAL3,
        "local4":       LOG_LOCAL4,
        "local5":       LOG_LOCAL5,
        "local6":       LOG_LOCAL6,
        "local7":       LOG_LOCAL7,
        }

import socket

class syslog_client:
        def __init__ (self, address='/dev/log'):
                self.address = address
                if type (address) == type(''):
                        self.socket = socket.socket (socket.AF_UNIX, socket.SOCK_STREAM)
                        self.socket.connect (address)
                        self.unix = 1
                else:
                        self.socket = socket.socket (socket.AF_INET, socket.SOCK_DGRAM)
                        self.unix = 0

        # curious: when talking to the unix-domain '/dev/log' socket, a
        #   zero-terminator seems to be required.  this string is placed
        #   into a class variable so that it can be overridden if
        #   necessary.

        log_format_string = '<%d>%s\000'

        def log (self, message, facility=LOG_USER, priority=LOG_INFO):
                message = self.log_format_string % (
                        self.encode_priority (facility, priority),
                        message
                        )
                if self.unix:
                        self.socket.send (message)
                else:
                        self.socket.sendto (message, self.address)

        def encode_priority (self, facility, priority):
                if type(facility) == type(''):
                        facility = facility_names[facility]
                if type(priority) == type(''):
                        priority = priority_names[priority]
                return (facility<<3 data-blogger-escaped-br="" data-blogger-escaped-priority="">
        def close (self):
                if self.unix:
                        self.socket.close()

#-----Sam Rushing syslog.py finished here.


if __name__=='__main__':
        import re
        import os
        import sys
        import ConfigParser
        import threading
        configread()


Nagios python plugin

I used below plugin for creating easy services in Nagios. Main idea behind this without adding new commands for everycheck i just use same command for many service definition
check_command_big!find /var/ | grep test  |wc -l!5   . Here you can change only OS commands and check anything you want greater than 5 or any value you state. another example of check can be check_command_big!ps -ef | grep aprocess | wc -l !5



cat check_command_big.py

#!/usr/bin/python
#import sys, os, base64, getpass, socket, traceback, termios, tty, select
import paramiko, getpass
import os,sys,re
import signal


userName="user"
userPass="pass"
server=sys.argv[1]
command=sys.argv[2] 
maxcount=int(sys.argv[3])


t = paramiko.Transport((server,22))
try:
        t.connect(username=userName,password=userPass,hostkey=None)       
except:
        print server + ": Bad password or login!"
        t.close()
else:
        ch = t.open_channel(kind = "session")
        ch.exec_command(command)
        if (ch.recv_ready):
                x=int(ch.recv(1000)) 
                if x <= maxcount:
                        print "OK " + str(x) + " command=" + re.sub(r'\|', "",sys.argv[2]) + " | " +  str(x)
                        t.close()
                        sys.exit(0)
                else:
                        print "NOK " + str(x) + " command=" + re.sub(r'\|', "",sys.argv[2]) + " | " +  str(x)
                        t.close()
                        sys.exit(1)








define command{
        command_name    check_command_big
        command_line    $USER1$/check_command_big.py  $HOSTADDRESS$ '$ARG1$' $ARG2$
        }



define service{
        hostgroup_name                  testservers
        use                             generic-service
        check_interval                  10
        service_description             TEST
        check_command                   check_command_big!find /var/ | grep test  |wc -l!5
        }

Sunday 27 September 2015

Cacti plugin installation

You need at least plugin achitecture, settings plugin. Here i used thold plugin for test.
Download plugin architecture cacti-plugin-0.8.7g-PA-v2.8.tar.gz
Download plugins settings-v0.7-1.tar.gz and thold-latest.tar.gz

# tar -zxvf settings-v0.7-1.tar.gz
# tar -zxvf cacti-plugin-0.8.7g-PA-v2.8.tar.gz
# tar -zxvf thold-latest.tar.gz
# cp -R /root/cacti-plugin-arch/files-0.8.7g/ /var/www/html/cacti/
# cp -R /root/settings /var/www/html/cacti/plugins
# cp -R /root/thold-0.41 /var/www/html/cacti/plugins


Under /root/cacti-plugin-arch
# mysql cacti -u root -p < pa.sql


edit /var/www/html/cacti/include/config.php and add lines below

/* load up old style plugins here */
$plugins = array();
//$plugins[] = 'thold';

/*
   Edit this to point to the default URL of your Cacti install
   ex: if your cacti install as at http://serverip/cacti/ this
   would be set to /cacti/
*/
$url_path = "/cacti/";


User Management enable plugin management
Plugin management enable plugins
User Management configure view and configure settings again.

Calculate timezone difference for bash epoch time



Lets find difference of time from UTC with epoh time.
tzdifference=$(($(TZ=Europe/Istanbul date +%:::z)*60*60*1000))

And add this to UTC for showing time local.
All time information was epoch time.
cat $filename | sed  's/\\,//g' |  awk -F"," '{print $1","$2","$3","$4","strftime("%F %T",($5+'$tzdifference')/1000)","$6","$7","$8","$9","$10","$11","$12","$13","$14    

Bonding linux

Cables are connected to eth2 and eth3 , check switch lacp is enabled. 

Edit file /etc/sysconfig/network-scripts/ifcfg-eth2 
and ifcfg-eth3

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=yes


Add this /etc/modprobe.conf
alias bond0 bonding

Create /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=your ip address
GATEWAY=your gatweay 
TYPE=Ethernet
IPV6INIT=no
BONDING_OPTS="miimon=1000 mode=balance-rr"

check for other options 

/etc/init.d/network restart 

Bandwith Calculation

I need to find bandwith between two server. I used iperf http://sourceforge.net/projects/iperf/ for this.
Just compile it run on one instance as server 
# iperf -s

On another server 
# /usr/local/bin/iperf -c ipaderssofinstance -f M

It generates outputs like below
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   830 MBytes  83.0 MBytes/sec



Wednesday 22 May 2013

Linux Disk performance tuning


Last weekend I had problems with heavily active server. I check and see that iostat is showing high disk activity service time was about 100. Also that caused cpu load. I try to find which process is causing disk activity. For this I turn on kernel messages about I/O. Normally for old kernels you could not directly see which process is causing heavy disk activity.

echo 1 > /proc/sys/vm/block_dump

dmesg | egrep "READ|WRITE|dirtied" | egrep -o '([a-zA-Z]*)' | sort | uniq -c | sort -rn | head

I found kjournald causing disk activity. And I know many files are created in short term for that server. So I decide to tune filesystem. Filesystem is ext3. I decide to move writeback journaling. The writeback  mode does not preserve data ordering when writing to the disk, so commits to the journal may happen before the file system is written to. This method is faster because only the meta data is journaled, but is not quite as neurotic about protecting your data as the default.
I edit fstab and add writeback option
LABEL=/                 /                       ext3    defaults,data=writeback      1 1

Before reboot run this command.If not your server won't boot.
tune2fs -o journal_data_writeback /dev/sda1

Disable banner for ssh scripts

LogLevel=Error disables ssh banner in your script.

ssh -o LogLevel=Error -n  $ip  

Friday 5 October 2012

Linux Disk performance tuning


Last weekend I had problems with heavily active server. I check and see that iostat is showing high disk activity service time was about 100. Also that caused cpu load. I try to find which process is causing disk activity. For this I turn on kernel messages about I/O. Normally for old kernels you could not directly see which process is causing heavy disk activity.

echo 1 > /proc/sys/vm/block_dump
 

dmesg | egrep "READ|WRITE|dirtied" | egrep -o '([a-zA-Z]*)' | sort | uniq -c | sort -rn | head 


I
 found kjournald causing disk activity. And I know many files are 
created in short term for that server. So I decide to tune filesystem. 
Filesystem is ext3. I decide to move writeback journaling. The writeback
 mode does not preserve data ordering when writing to the 
disk, so commits to the journal may happen before the file system is 
written to. This method is faster because only the meta data is 
journaled, but is not quite as neurotic about protecting your data as 
the default.
I edit fstab and add writeback option
LABEL=/                 /                       ext3    defaults,data=writeback      1 1

Before reboot run this command.If not your server won't boot.
tune2fs -o journal_data_writeback /dev/sda1


Friday 16 March 2012

Python Cx_oracle ImportError "libclntsh.so.11.1"

I started to use cx_oracle module for inserting data to oracle. I get error below if i put related script to cron. 
"ImportError: libclntsh.so.11.1: cannot open shared object file: No such file or directory"
 For solution you can run command like below in cron
 
* * * * * (/bin/ksh;export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib/;/usr/local/smthng.py) 

Monday 3 October 2011

move volume group to another system


move volume group to another system

servera# umount /folder
vgname datasan, move volume inactive , and export
servera# vgchange -an datasan
servera# vgexport datasan

in serverb for import
serverb# vgimport datasan
serverb# vgchange -ay datasan
serverb# mount /dev/datasan/datalvname /fodler

Friday 2 September 2011

check_by_ssh Remote command execution failed

"Remote command execution failed: *************************************************************************** "

try -E option for fixing this problem for check_by_ssh

Monday 1 August 2011

500 OOPS: cannot change directory

I got this error in Red Hat 5.5 vsftp; 500 OOPS: cannot change directory
For this just run command below
setsebool -P ftp_home_dir on

Monday 11 July 2011

find the WWN of a disk/LUN on Red Hat Enterprise Linux 5

find the WWN of a disk/LUN on Red Hat Enterprise Linux 5
# systool -c fc_host -v

Tuesday 21 September 2010

Clone and Split 2G Virtualbox disk

In Virtual Box Media Manager release and remove disk this is important.
Run command below. Give full path, if not it will create disk in your home folder .
VBoxManage clonehd /media/VirtualBox/xpDomain/xpDomain.vdi /media/VirtualBox/xpDomain/xpSplited.vdi --format VMDK --variant Split2G

Wednesday 28 July 2010

GPG error Synaptic Package Manager

For error
W: GPG error: http://download.virtualbox.org lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54422A4B98AB5139

run this command
# sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 54422A4B98AB5139

Tuesday 15 June 2010

ssh initial connection slow

Check /etc/resolv.conf file and verify dns is working for the remote server.

Thursday 20 May 2010

Citrix Client in Linux

Download and install package
http://www.citrix.com/English/ss/downloads/details.asp?downloadId=3323&productId=186&c1=sot2755&c2=ost1349860#top

Opening from web page
1. For the .mailcap file modification, in $HOME, create or modify the .mailcap file and add the line:
application/x-ica; /usr/lib/ICAClient/wfica.sh %s; x-mozilla-flags=plugin:Citrix ICA
2. For the MIME file modification, in $HOME, create or modify the .mime.types file and add the line:
application/x-ica ica


For ssl error

$ sudo cp /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt /usr/lib/ICAClient/keystore/cacerts/

Now you can use citrix client.

Wednesday 28 April 2010

User Profile Deletion Utility

User Profile Deletion Utility (Delprof.exe)
Delprof.exe is available in the Windows Server 2003 Resource Kit. It is a command-line utility that you can use to delete user profiles on a local or remote computers running Windows 2000, Windows XP, and Windows Server 2003. User profiles can grow large and may take up considerable disk space, especially if there are several users using one computer. Because of this, you may want to use Delprof.exe to free disk space by deleting profiles that are no longer required. However, because each profile on the computer is presented in order when you run the utility, you may want to use the graphical interface instead of the command-line tool whenever possible.

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=901a9b95-6063-4462-8150-360394e98e1e

Tuesday 27 April 2010

Put Close/Maximize/Minimize Buttons on the Left in Ubuntu

Ubuntu 10.04 buttons are on the right side. I move them to right
Alt+F2
Go apps \ metacity \ general
You will see button_layout
change order
close,maximize,minimize:
to
:minimize,maximize,close

Tuesday 23 February 2010

Mysql reset root password

# /etc/init.d/mysqld stop
# mysqld_safe --skip-grant-tables &
# mysql -u root

mysql> use mysql;
mysql> update user set password=PASSWORD("yournewpasswordhere") where User='root';
mysql> flush privileges;
mysql> quit

# /etc/init.d/mysqld stop
# /etc/init.d/mysqld start

Now you can login with your new password
# mysql -u root -p

Monday 22 February 2010

Ubuntu set week start to monday

locale | grep LC_TIME
LC_TIME=en_US.UTF-8
cd /usr/share/i18n/locales
sudo cp en_US en_US_custom
sudo gedit en_US_custom
first_weekday 1 --> 2
sudo gedit /etc/environment
LC_TIME="en_US_custom.UTF-8"

Thursday 18 February 2010

Linux Remove file start with special character

Delte file name --help or -help

rm ./--help
rm -- --help

Linux Remove file start with special character

Delte file name --help or -help

rm ./--help
rm -- --help

Friday 12 February 2010

Ubuntu installing same packages to another ubuntu

I want to prepare test OS for my ubuntu. Before appyling patches or new software I do testing on that machine (running on virtualbox)
MachineA $ dpkg --get-selections > mypackages.txt

MachineB $ sudo dpkg --set-selections < mypackages.txt
MachineB $ sudo apt-get dselect-upgrade

Saturday 30 January 2010

nagios create readonly user

# cd /etc/nagios/

htpasswd passowrdfile readonlyuser
# htpasswd htpasswd.users nagiosuser

Enter you password.

Then edit cgi.cfg file.There are different access you can enable.
# SYSTEM/PROCESS INFORMATION ACCESS
# CONFIGURATION INFORMATION ACCESS
# SYSTEM/PROCESS COMMAND ACCESS
# GLOBAL HOST/SERVICE VIEW ACCESS
# GLOBAL HOST/SERVICE COMMAND ACCESS

"GLOBAL HOST/SERVICE VIEW ACCESS" access is enough for read only users.
authorized_for_all_services=nagiosadmin,nagiosuser
authorized_for_all_hosts=nagiosadmin,nagiosuser

Friday 29 January 2010

Moving Ubuntu in Company

M$ Windows OS is only supported OS in my company. But I decided to move linux, because i am administrating around 180 Linux bases machine. These are tools which used before and afer .

M$ Office 2007 --> Installed Crossover Linux and M$ Office 2007
M$ Office Communicator --> Pidgin with Office communicator plug in
Windows share --> samba smb://domain;username@host/share and add "connect to a server" applet to panel.
Remote Desktop --> Terminal Server Client
Securcrt --> ssh in console itself with ssh key and clusterssh
wireless --> Also wireless is ok with dynamic wep protected eap with ca certificate and mschapv2 authentication.
internet explorer --> firefox and google chrome
babylon dictionary --> stardict
backup --> ddrescue and rsync for individual folders
gtalk --> cntlm and pidgin
vpn --> kvpnc
itunes --> gtkpod and rhythmbox

Monday 25 January 2010

Pidgin ntlmaps gtalk behind isa proxy

I need to connect gtalk. Because support team of vendor companies using gtalk.
Nntlmaps; proxy software that allows you to authenticate via an MS Proxy Server

Install ntlmaps
# sudo apt-get install ntlmaps

configure ntlmaps
# vi /etc/ntlmaps/server.cfg

PARENT_PROXY: your isa proxy ip adress
PARENT_PROXY_PORT: you isa proxy port
NT_DOMAIN: domainname
USER: nt username
PASSWORD: nt password
LISTEN_PORT:5865 (ntlmaps listen port)

Pidgin --> accounts --> manage accounts --> modify --> advanced
check force old ssl clear others
connect port: 443
connect server: talk.google.com

In proxy tab
Proxy type: http
Host: 127.0.0.1
Port: 5865 (ntlmaps port)
Username: nt username
password : nt password

Monday 18 January 2010

Ssh user config file

I got bored running command ssh -Y root@hostname everytime. So I created ssh config file my user. So my user connects remote computer with ssh command and allowed X11 forwarding.

edit ssh config file in your home directory
vi ~/.ssh/config

Add this line
User root
ForwardX11 yes


I use ssh passwordless login (ssh keygen) for remote computers. Also clusterssh for executing remote commands one time.

ClusterSSH controls a number of xterm windows via a single graphical console window to allow commands to be interactively run on multiple servers over an ssh connection.

Wednesday 23 December 2009

Flash player in Google Chrome Linux

Copy flash library from mozilla to chrome plugin directory.Then restart chrome.

# cd /opt/google/chrome
# mkdir plugins
# cp /usr/lib/mozilla/plugins/flashplugin-alternative.so /opt/google/chrome/plugins/

Install Tora on Ubuntu 9.10

Tora is client for oracle like Toad. http://torasql.com

OS: Ubuntu 9.10
Tora version: 2.2.0
Oracle client version: 11.1.0.1


Download oracle client packages for linux from http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
oracle-instantclient-basiclite-11.1.0.1-1.i386.rpm
oracle-instantclient-sqlplus-11.1.0.1-1.i386.rpm
oracle-instantclient-devel-11.1.0.1-1.i386.rpm

Install alien for rpm packages on Ubuntu
# sudo apt-get install alien

Install oracle client packages.
# sudo alien -i oracle-instantclient-basiclite-11.1.0.1-1.i386.rpm
# sudo alien -i oracle-instantclient-sqlplus-11.1.0.1-1.i386.rpm
# sudo alien -i oracle-instantclient-devel-11.1.0.1-1.i386.rpm


Edit /etc/ld.so.conf.d/oracle.conf
# sudo vi /etc/ld.so.conf.d/oracle.conf
add this line /usr/lib/oracle/11.1.0.1/client/lib
# sudo ldconfig
# sudo apt-get install libaio1


run sqlplus and see it is working.
# sqlplus
SQL*Plus: Release 11.1.0.6.0 - Production on Tue Dec 22 10:06:27 2009
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Enter user-name


Building TORA
Continue as root
# sudo -i
Get packages for compiling.
# apt-get build-dep tora
# apt-get install libqt3-mt-dev libqt3-compat-headers libqscintilla-dev build-essential g++ gcc autoconf automake flex zlib1g-dev docbook-xsl debhelper alien libaio1 dpatch fakeroot xsltproc texi2html texinfo libqt3-mt-psql libqt3-mt-odbc config-package-dev cmake qt4-dev-tools
# cd tora-2.0.0
Environment variables also add this lines to your users .bashrc file.
# export ORACLE_HOME="/usr/lib/oracle/11.1.0.1/client"
# export LD_LIBRARY_PATH="${ORACLE_HOME}/lib"
# export TNS_ADMIN="${ORACLE_HOME}"
# ln -s /usr/include/oracle/11.1.0.1/client/ ${ORACLE_HOME}/include
# debian/rules binary
# dpkg -i ../tora_2.0.0-4build2_i386.deb

Now you can run Tora. Log out and log in to be sure you set environment variables. Also put your tnsnames.ora here /usr/lib/oracle/11.1.0.1/client

Saturday 19 December 2009

How to boot from an existing Windows 7 partition under Ubuntu

This configuration could damage your Windows 7 installation, Backup you data.

Disk structure
Device Boot Start End Blocks Id System
Windows 7 /dev/sda1 * 1 46 364544 7 HPFS/NTFS
Windows 7 /dev/sda2 46 8515 68029440 7 HPFS/NTFS


# sudo apt-get install mbr
# sudo -i
# cd .Virtualbox


Create mbr
# install-mbr --force myBootRecord.mbr

Create your sda1 pointer
# VBoxManage internalcommands createrawvmdk -filename ./Win71.vmdk -rawdisk /dev/sda -partitions 1 -mbr ./myBootRecord.mbr -relative -register

Create sda2 pointer
# VBoxManage internalcommands createrawvmdk -filename ./Win72.vmdk -rawdisk /dev/sda -partitions 2 -relative -register

Now you can create your machine and add Win71.vmdk and Win72.vmdk disks.

Thursday 17 December 2009

M$ Office Communicator on Linux

Use pidgin plugin for logon to Microsoft Office Communicator. This is for ubuntu.

# sudo apt-get install pkg-config libglib2.0-dev libgtk2.0-dev pidgin-dev libpurple-dev libtool intltool comerr-dev

Get plugin from http://sourceforge.net/projects/sipe/

# tar -xjvf pidgin-sipe*.tar.gz
# cd pidgin-sipe*
# ./configure --prefix=/usr
# make
# sudo make install

Now you can find M$ Office Communicator in Pidgin.

Tuesday 10 November 2009

Can't log in after upgrade to 9.10

There is a bug in Ubuntu 9.10. Description is just like this stated in http://ubuntuforums.org/showthread.php?t=1305693

"I get as far as the gdm login screen, enter my info, get a brief flash, and am promptly returned to the login screen again. No error message; nothing."

First you have to edit .bashrc in your home directory and comment out this line
# export XAUTHORITY=$HOME/.Xauthorit

than delete monitors.xml file under $HOME/.config

Tuesday 28 July 2009

Performance Analysis of Logs (PAL) Tool

This tool helps to analyse and create report from perfomance counter of Windows systems.
Just collect performance counters and you will find everything in the gui.
Best part is you can select server types like Exchange or Sql is running on server.
http://www.codeplex.com/PAL

Thursday 16 July 2009

Configure smart host sendmail

Install sendmail
# yum install sendmail sendmail-cf
Edit sendmail.mc change the line
define(`SMART_HOST', `your.smart.host')dnl

Edit your /etc/hosts file and define your.smart.host
x.x.x.x your.smart.host

Friday 3 July 2009

ubuntu clean /var/cache/apt/archives

Clean /var/cache/apt/archives directory with command;
# sudo apt-get clean

Tuesday 2 June 2009

Process check in nagios with python

I wanto to implement nagios plugin to check process if it is running for servers. I used paramiko module for ssh in python
My restrictions:
I do not want to install any nagios agent to servers.
I do not want to use ssh autologin.
Reason I am lazy I do not want to visit all servers to generate public keys and copy to nagios server.


nagios configuration file command line
define command{
command_name check_process.py
command_line $USER1$/check_process.py $HOSTADDRESS$ $ARG1$ $ARG2$
}




Add lines below to check_process.py and make executable.

#!/usr/bin/python
# useage command ipaddress process maxcount
import paramiko, getpass
import os,sys,re
import signal


userName="user"
userPass="password"
server=sys.argv[1]
command="ps -ef | grep " + sys.argv[2] + " | grep -v grep |wc -l"
maxcount=int(sys.argv[3])


t = paramiko.Transport((server,22))
try:
t.connect(username=userName,password=userPass,hostkey=None)
except:
print server + ": Bad password or login!"
t.close()
else:
ch = t.open_channel(kind = "session")
ch.exec_command(command)
if (ch.recv_ready):
if int( ch.recv(1000) ) >= maxcount:
print "OK " + sys.argv[2]
t.close()
sys.exit(0)
else:
print "NOK " + sys.argv[2]
sys.exit(2)
t.close()

Thursday 28 May 2009

How to convert snoop output to read in Ethereal

Snoop to a file in Solaris
# snoop -o test.snoopraw

Transfer your file in binary mode to your windows machine.
under your wireshark installation folder find editcap application and convert your file to wireshark
"D:\Program Files\Wireshark\editcap.exe" "d:\testsnoopraw" "d:\testsnoopraw.snoop"

Wednesday 20 May 2009

Load balance and failover in Red Hat with qla driver

OS Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
HBA Fibre Channel: QLogic Corp. QLA2312 Fibre Channel Adapter (rev 02)

download and install driver hp_qla2x00src-8.01.03p4-20b
backup your initrd files under /boot directory.

# cat /proc/scsi/qla2xxx/0
# cat /proc/scsi/qla2xxx/1

See your LUNs there under "SCSI LUN Information:"
SCSI LUN Information:
(Id:Lun) * - indicates lun is not registered with the OS.
( 0: 0): Total reqs 3, Pending reqs 0, flags 0x0*, 1:0:81 00
( 0: 1): Total reqs 58, Pending reqs 0, flags 0x0, 1:0:81 00

cd /opt/hp/src/hp_qla2x00src/
# ./set_parm
Choice: 1
Writing new /etc/hp_qla2x00.conf...done
adding line to /etc/modprobe.conf: alias scsi_hostadapter1 qla2xxx_conf
adding line to /etc/modprobe.conf: alias scsi_hostadapter2 qla2xxx
adding line to /etc/modprobe.conf: alias scsi_hostadapter3 qla2300
adding line to /etc/modprobe.conf: alias scsi_hostadapter4 qla2400
adding line to /etc/modprobe.conf: alias scsi_hostadapter5 qla6312
adding line to /etc/modprobe.conf: options qla2xxx ql2xmaxqdepth=16 qlport_down_retry=30 ql2xloginretrycount=16 ql2xfailover=1 ql2xlbType=1 ql2xautorestore=0x80

Would you like to create a new initrd to reflect the changes in the parameters (Y/n)? Y
Creating new initrd - initrd-2.6.9-55.0.2.ELsmp.img

---Press ENTER to continue---


reboot server.

If you want to be sure disconnect fiber cables and test failover. You will see dmesg output like below


qla2300 0000:42:01.0: LOOP DOWN detected (2).
qla2x00: FAILOVER device 0 from wwn-> wwn- LUN 01, reason=0x2
qla2x00: FROM HBA 0 to HBA 1
qla2300 0000:42:01.0: LIP reset occured (f700).
qla2300 0000:42:01.0: LOOP UP detected (2 Gbps).
scsi(0) :Loop id 0x0081 is an XP device
qla2x00: FAILBACK device 0 -> wwn LUN 01
qla2x00: FROM HBA 1 to HBA 0

vmware booting USB-harddrives workaround

I have installed Ubuntu to my usb disk. And later try to open ubuntu on usb disk from vmware. Vmware could not boot from usb disk. So I attach my usb disk physically to Vmware guest.

Edit preferences
in the hardware tab, delete hard disk
click add
choose hard disk
use physical disk (for advanced user) click next
in the device tab select your usb disk, it is physicaldrive3 for me. You can identify with disconnecting and trying it again.
click next and boot your machine

HP Product Bulletin

The HP Product Bulletin application provides you with the latest QuickSpecs, photos, drawings etc.
It is good, if you are working with HP hardware
http://h18000.www1.hp.com/products/quickspecs/productbulletin.html#intro


The HP Product Bulletin website is a convenient central resource providing technical overviews and specifications for HP hardware and software. The downloadable HP Product Bulletin application is loaded with features to aid with the purchase, sale and support of HP products.

QuickSpecs
Quick Quote
Product Photos
Locate by Name
Advanced Search Capabilities
Favorites
Retired Products
Tip of the Day

Monday 18 May 2009

Repair Master Boot Record

When installing Ubuntu you may delete MBR. MBR point grub instead of Windows bootloader. If you want to move Windows bootloader again you can use fixmbr command.
Fixmbr - Repair Master Boot Record with MBRFix from Windows 2000, XP etc. instead of using fdisk /mbr. FixMbr could help you recreating original master boot record (MBR) that works with any Windows (Win2k), XP, 95, 98 when Linux LILO damaged it.
download from here http://www.ambience.sk/fdisk-master-boot-record-windows-linux-lilo-fixmbr.php
If you have one disk enter this command. If you have more than 1 physicial hard disk (hard drive), you have to use proper number for your disk
mbrfix /drive 0 fixmbr

If you could not boot your OS then use Windows Cd boot in recovery mode and in the command prompt use fdisk /mbr

Thursday 14 May 2009

Bootchart

Bootchart is a tool for performance analysis and visualization of the GNU/Linux boot process.


Get bootchart http://www.bootchart.org/download.html
# bunzip2 bootchart-0.9.tar.bz2
# tar xvf bootchart-0.9.tar
# cd bootchart-0.9
# ./install.sh
# vi /boot/grub/grub.conf
change default=0 which is "title Bootchart logging"
# bootchartd init
# reboot


For compiling image processing
wget ftp://ftp.univie.ac.at/systems/linux/fedora/releases/10/Everything/i386/os/Packages/libgcj-src-4.3.2-7.i386.rpm
rpm -ivh libgcj-src-4.3.2-7.i386.rpm
# yum --disablerepo=\* --enablerepo=alteredupdate,alteredbase,dag install ant.i386


# cd bootchart-0.9
run for java compiling
# ant

Run bootchart to get your image
# java -jar bootchart.jar
Parsing /var/log/bootchart.tgz
Wrote image: ./bootchart.png


Here is my boot process image fedora 10 running on Vmware

Comparison of SVN and CVS

Concurrent Versions System (CVS), also known as the Concurrent Versioning System, is a free software revision control system
Subversion (SVN) is a version control system , maintain current and historical versions of files such as source code, web pages, and documentation

You can find a comparison here
http://www.pushok.com/soft_svn_vscvs.php

Tuesday 12 May 2009

/var/spool/clientmqueue filling up

You can delete files in this directory.
Files are coming from script output in crontab. You can check which script causing this files with more and cat command in that directory
Edit your crontab file and add below to end of your crontab entries.
>/dev/null 2>&1

Thursday 7 May 2009

Upgrade Fedora 7 to Fedora 8 Fedora 9 and finally to Fedora 10

Ok I am very late to upgrade from Fedora 7, but I found a mirror for Fedora 8 packages.

Fedora 7 to Fedora 8
# yum clean all

Get release files for fedora 8
# wget ftp://mirror.fraunhofer.de/archives.fedoraproject.org/fedora/linux/releases/8/Fedora/i386/os/Packages/fedora-release-notes-8.0.0-3.noarch.rpm
# wget ftp://mirror.fraunhofer.de/archives.fedoraproject.org/fedora/linux/releases/8/Fedora/i386/os/Packages/fedora-release-8-3.noarch.rpm

Install release files
# rpm -Uvh fedora*


Create test.repo file /etc/yum.repos.d/test.repo
Add the lines below:
[alterede]
name=alterercore
baseurl=ftp://mirror.fraunhofer.de/archives.fedoraproject.org/fedora/linux/releases/8/Everything/i386/os/
enabled=1
gpgcheck=0


Now start upgrade process
# yum --disablerepo=\* --enablerepo=alterede upgrade



Fedora 8 to Fedora 9
# yum clean all

edit /etc/yum.repos.d/test.repo
change
baseurl=ftp://mirror.fraunhofer.de/download.fedora.redhat.com/fedora/linux/releases/9/Everything/i386/os/

# wget ftp://mirror.fraunhofer.de/download.fedora.redhat.com/fedora/linux/releases/9/Everything/i386/os/Packages/fedora-release-9-2.noarch.rpm
# wget ftp://mirror.fraunhofer.de/download.fedora.redhat.com/fedora/linux/releases/9/Everything/i386/os/Packages/fedora-release-notes-9.0.0-1.noarch.rpm
# rpm -Uvh fedora-release-*
# yum --disablerepo=\* --enablerepo=alterede upgrade





Fedora 9 to Fedora 10

edit /etc/yum.repos.d/test.repo change line below
baseurl=ftp://mirror.fraunhofer.de/download.fedora.redhat.com/fedora/linux/releases/10/Everything/i386/os/

# yum clean all
# wget ftp://mirror.fraunhofer.de/download.fedora.redhat.com/fedora/linux/releases/10/Fedora/i386/os/Packages/fedora-release-10-1.noarch.rpm #
# wget ftp://mirror.fraunhofer.de/download.fedora.redhat.com/fedora/linux/releases/10/Fedora/i386/os/Packages/fedora-release-notes-10.0.0-1.noarch.rpm
# rpm -Uvh fedora-release-*



# yum --disablerepo=\* --enablerepo=alterede upgrade

If avahi package fails Error: Missing Dependency: libcap.so.1 is needed by package avahi-0.6.17-1.fc7.i386 (installed)
do uninstall of avahi with noscripts option
# rpm -e avahi-0.6.17-1.fc7.i386 --noscripts

Receive remote machine syslog messages.

Edit /etc/sysconfig/syslog file
change SYSLOGD_OPTIONS="-m 0 "
to
SYSLOGD_OPTIONS="-m 0 -r"

Restart syslogd deamon
service syslog restart

Wednesday 29 April 2009

nagios directory update plugin

nagios plugin for checking a directory is updated. You need to give two argument first for directory and second for minutes.

PROGNAME=`basename $0`
PROGPATH=`echo $0 sed -e 's,[\\/][^\\/][^\\/]*$,,'`
. $PROGPATH/utils.sh

SEARCH=$1
MIN=$2
COUNT=$(find $1 -mmin -$2 wc -l sed -e 's/ //g' )


if [[ $COUNT -eq 0 ]]
then
echo "NOK " $SEARCH $COUNT "" $SEARCH"COUNT="$COUNT";;;; "
exit $STATE_CRITICAL
else
echo "OK " $SEARCH $COUNT "" $SEARCH"COUNT="$COUNT";;;;"
exit $STATE_OK
fi

nagios file count plugin

nagios plugin for checking a directory for count of file. You need to give two argument first for directory and second for file count.

PROGNAME=`basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
. $PROGPATH/utils.sh

SEARCH=$1
MAX=$2
COUNT=$(find $1 | wc -l| sed -e 's/ //g')


if [[ $COUNT -gt $MAX ]]
then
echo "NOK " $SEARCH $COUNT "|" $SEARCH"COUNT="$COUNT";;;;"
exit $STATE_CRITICAL
else
echo "OK " $SEARCH $COUNT "|" $SEARCH"COUNT="$COUNT";;;;"
exit $STATE_OK
fi

Friday 24 April 2009

Nagios Installation CentOS 5.2

Change your repository
http://tlepsh.blogspot.com/2009/03/yum-ftp-only-repository.html
Add dag repository to your configuration

[dag]
name=CentOS-5 - Plus
baseurl=ftp://ftp-stud.fht-esslingen.de/dag/redhat/el5/en/x86_64/dag/
enabled=0
gpgcheck=0

Install nagios
#yum --disablerepo=\* --enablerepo=dag,alteredbase install nagios

Start nagios
#/etc/init.d/nagios start

Restart web service
#/etc/init.d/httpd restart

Create a password for nagiosadmin user
#htpasswd -c /etc/nagios/htpasswd.users nagiosadmin

Install nagios plugins and perl module that you will need
#yum --disablerepo=\* --enablerepo=alteredbase,dag install nagios-plugins.x86_64
#yum --disablerepo=\* --enablerepo=alteredbase,dag install perl-DBI perl-DBD-ODBC,perl-Convert-BER.noarch

device not accepting address , error -71

I had issues with usb hd. I got error like below
usb 6-7: new high speed USB device using address 2
usb 6-7: device not accepting address 2, error -71

run the command below
modprobe -r ehci_hcd

Wednesday 1 April 2009

Move server RSA fingerprint to new server

I am using ssh auto login for transfering files between servers. I move RSA fingerprint to new server for preventing these warnings : REMOTE HOST IDENTIFICATION HAS CHANGED or confirming RSA key fingerprint Are you sure you want to continue connecting (yes/no).
Copy files under /etc/ssh directory to new server.
scp youroldserver:/etc/ssh/ssh_host_* /etc/ssh
You should move your ipadress to old server. If not you will get confirmation again.Or you can duplicate related entries in known_hosts file and change old ip adresses or hostname.

Friday 27 March 2009

Access Linux Partitions (ext2/ext3) From Windows OS

Explore2fs: http://www.chrysocome.net/explore2fs
Ext2 Installable File System For Windows: http://www.fs-driver.org/index.html
DiskInternals Linux Reader: http://www.diskinternals.com/linux-reader

Thursday 26 March 2009

Fedoa 10 linux adding encrypted partition with cryptsetup luks

Install related package
# yum -y install cryptsetup-luks

Here my disk is /dev/hdd1. Encypt partition with luksFormat option. Do not forget your passphrase
# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdd1

Create mapping for enctypted partition under /dev/mapper. Enter your passphrase here.
# cryptsetup luksOpen /dev/sdd1 /dev/mapper anynameyougive(udisk2 for me)

Now you can find your mapping in under the mapper directory
# ls /dev/mapper

Format the disk.
# /sbin/mkfs.ext3 -j -m 1 /dev/mapper/udisk2

Mount the disk
# mount /dev/mapper/udisk2 /path/to/decide

Now you can use your encrypted partition.

Wednesday 25 March 2009

Share ntfs partition with nfs

ntfs-3g module enable to read write access to ntfs partitions. Latest distributions support this module.
For exporting to read write access you have to use umask option, which enables everyone to write ntfs partition.
mount -o umask=000 /dev/sdb1 /media/disk

And entry for nfs /et/exports
/media/disk *(fsid=0,rw,sync,no_subtree_check)

Do not forget to restart nfs server.

Thursday 19 March 2009

Yum Ftp only repository

I need to update servers but do not want to permit server to access internet via http, I created repository below which requires only ftp access.
Only "mirror.fraunhofer.de" is permitting ftp access so I use this server. Probably you can find other distros under same server. I go for CentOS here.
you have to use this command to update and install packages
yum --disableplugin=fastestmirror --disablerepo=\* --enablerepo=alteredbase install yum-fastestmirror
yum --disableplugin=fastestmirror --disablerepo=\* --enablerepo=alteredupdates update


create file /etc/yum.repos.d/x.repo with content below
[alteredbase]
name=CentOS-$releasever - Base
baseurl=ftp://mirror.fraunhofer.de/centos.org/5.2/os/x86_64/
gpgcheck=1
gpgkey=ftp://mirror.fraunhofer.de/centos.org/RPM-GPG-KEY-CentOS-5

[alteredupdates]
name=CentOS-$releasever - Updates
baseurl=ftp://mirror.fraunhofer.de/centos.org/5.2/updates/x86_64/
gpgcheck=1
gpgkey=ftp://mirror.fraunhofer.de/centos.org/RPM-GPG-KEY-CentOS-5

[alteredaddons]
name=CentOS-$releasever - Addons
baseurl=ftp://mirror.fraunhofer.de/centos.org/5.2/addons/x86_64/
gpgcheck=1
gpgkey=ftp://mirror.fraunhofer.de/centos.org/RPM-GPG-KEY-CentOS-5

[alteredextras]
name=CentOS-$releasever - Extras
baseurl=ftp://mirror.fraunhofer.de/centos.org/5.2/extras/x86_64/
gpgcheck=1
gpgkey=ftp://mirror.fraunhofer.de/centos.org/RPM-GPG-KEY-CentOS-5

[alteredcentosplus]
name=CentOS-$releasever - Plus
baseurl=ftp://mirror.fraunhofer.de/centos.org/5.2/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=ftp://mirror.fraunhofer.de/centos.org/RPM-GPG-KEY-CentOS-5

Yum cdrom dvd repository

Mount dvd under /media/cdrom

use command
yum --enablerepo=c5-media install pango-devel-1.14.9-3.el5.centos.x86_64.rpm

Wednesday 4 February 2009

Motion capture linux

Motion application makes snapshots of the movement which can be converted to MPEG movies in realtime (or later for low cpu usage), making it usable as an observation or security system. It can take actions like sending out email and SMS messages when detecting motion. It also has its own build-in streaming webserver.
OS: Fedora 10
Webcam: Eyetoy Namtai (Playstation 2 camera)

Installing motion
http://motion.sourceforge.net/
# tar zxvf motion-3.2.11.tar.gz
# cd motion-3.2.11

I will not use database, disabled configuration.
# ./configure --without-mysql --without-pgsql
# yum install libjpeg
# yum install libjpeg-devel
# make
# make install
# yum install libjpeg-static

Motion option file motion-dist.conf is under /usr/local/etc
You can run option file witch -c switch
# motion -c /usr/local/etc/motion-dist.conf
change setup_mode off for getting image at http://127.0.0.1:8081
and
webcam_localhost off if you want to connect from another computer.


Eyetoy camera
gspca_main and gspca_ov519 is not working fine, I was getting corrupt image errors.
Download drivers

# rmmod gspca_main gspca_ov519
# wget http://www.rastageeks.org/downloads/ov51x-jpeg/ov51x-jpeg-1.5.9.tar.gz
# tar xzvf ov51x-jpeg-1.5.9.tar.gz
# cd ov51x-jpeg-1.5.9
# modprobe ov51x_jpeg

Thursday 15 January 2009

Storage configuration management for 3510 and 2540

OS: solaris 10 intel
Server: x4150 , x4100 M2
Storage: SAN(HITACHI,EMC), StorageTek 3510, StorageTek 2540

I need to do kind of configuration management or change management. In case of any problem I want to know what was it before. So my script collects generic information like df, ifconfig, cfgadm,vfstab,luxadm outputs,. If you have storage device 2540 then collect information sscs , if you have 3510 then collects information with sccli command. I added information related to aLom and iLom via ipmitool.
I scp info to central machine. You can find how to do it from this blog, check previous articles.


#!/usr/bin/bash
command=/opt/SUNWstkcam/bin/sscs
OUTPUT=/path/storageinfo_$(hostname)_$(date +%Y%m%d)
echo /dev/null > $OUTPUT
date >> $OUTPUT
prtdiag >> $OUTPUT
df -h >> $OUTPUT
cat /etc/vfstab >> $OUTPUT
ifconfig -a >> $OUTPUT
netstat -rn >> $OUTPUT
cfgadm -al >> $OUTPUT
luxadm display $(luxadm probe | grep "Logical Path" | awk -F: '{print $2}') >> $OUTPUT
luxadm -e port | awk '{print $1}' | while read dump_map
do
luxadm -e dump_map $dump_map >> $OUTPUT
done

# Sun StorageTek 2540 Array part
if [[ $(luxadm display $(luxadm probe | grep "Logical Path" | awk -F: '{print $2}') | grep "Product ID" | grep -v Universal | awk -F: '{print $2}' | grep LCSM100_F |wc -l) -ge 1 ]]
then
$command list array | awk '{print $2}' | while read array
do
$command list -a $array controller >> $OUTPUT
$command list -a $array date >> $OUTPUT
$command list -a $array disk >> $OUTPUT
$command list -a $array fcport >> $OUTPUT
$command list -a $array firmware >> $OUTPUT
$command list -a $array host >> $OUTPUT
$command list -a $array hostgroup >> $OUTPUT
$command list -a $array initiator >> $OUTPUT
$command list -a $array jobs >> $OUTPUT
$command list -a $array license >> $OUTPUT
$command list -a $array mapping >> $OUTPUT
$command list -a $array os-type >> $OUTPUT
$command list -a $array pool >> $OUTPUT
$command list -a $array profile >> $OUTPUT
$command list -a $array registeredarray >> $OUTPUT
$command list -a $array snapshot >> $OUTPUT
$command list -a $array tray >> $OUTPUT
$command list -a $array vdisk >> $OUTPUT
$command list -a $array volume >> $OUTPUT
$command list -a $array volume-copy >> $OUTPUT
$command list -d $array fru
done

$command list alarm >> $OUTPUT
$command list array >> $OUTPUT
$command list device >> $OUTPUT
$command list devices >> $OUTPUT
$command list event >> $OUTPUT
$command list log >> $OUTPUT
$command list mgmt-sw >> $OUTPUT
$command list notification >> $OUTPUT
$command list site >> $OUTPUT
$command list storage-system >> $OUTPUT
$command list userrole >> $OUTPUT
fi


if [[ $(luxadm display $(luxadm probe | grep "Logical Path" | awk -F: '{print $2}') | grep "Product ID" | grep -v Universal | awk -F: '{print $2}' | grep "StorEdge 3510" |wc -l) -ge 1 ]]
then
command="sccli $(sccli -l|awk '{print $1}' | head -n 1)"
$command show access-mode >> $OUTPUT
$command show auto-write-through-trigger >> $OUTPUT
$command show battery-status >> $OUTPUT
$command show bypass raid >> $OUTPUT
$command show cache-parameters >> $OUTPUT
$command show channels >> $OUTPUT
$command show clone >> $OUTPUT
$command show controller-date >> $OUTPUT
$command show controller-name >> $OUTPUT
$command show disks >> $OUTPUT
$command show disk-array >> $OUTPUT
$command show drive-parameters >> $OUTPUT
$command show enclosure-status >> $OUTPUT
$command show events >> $OUTPUT
$command show frus >> $OUTPUT
$command show host-parameters >> $OUTPUT
$command show host-wwn-names >> $OUTPUT
$command show inquiry-data >> $OUTPUT
$command show ip-address >> $OUTPUT
$command show logical-drives >> $OUTPUT
$command show logical-volumes >> $OUTPUT
$command show lun-maps >> $OUTPUT
$command show media-check >> $OUTPUT
$command show network-parameter >> $OUTPUT
$command show partitions >> $OUTPUT
$command show peripheral-device-status >> $OUTPUT
$command show port-wwns >> $OUTPUT
$command show protocol >> $OUTPUT
$command show redundancy-mode >> $OUTPUT
$command show redundant-controller-configuration >> $OUTPUT
$command show rs232-configuration >> $OUTPUT
$command show safte-devices >> $OUTPUT
$command show sata-mux >> $OUTPUT
$command show sata-router >> $OUTPUT
$command show ses-devices >> $OUTPUT
$command show shutdown-status >> $OUTPUT
$command show stripe-size-list >> $OUTPUT
$command show unique-identifier >> $OUTPUT
#actually command below includes all information above
$command show configuration >> $OUTPUT

fi


echo "###############################IPMPITOOl##################################" >> $OUTPUT
ipmitool lan print >> $OUTPUT
ipmitool chassis status >> $OUTPUT
ipmitool mc info >> $OUTPUT
ipmitool sdr >> $OUTPUT
ipmitool sensor >> $OUTPUT
ipmitool fru >> $OUTPUT
ipmitool sel >> $OUTPUT
ipmitool user list 1 >> $OUTPUT



scp $OUTPUT tbackup@machine:/path/storageinfo_$(hostname)_$(date +%Y%m%d)

Background Processes in Unix/Linux

The & is an important little character in UNIX; it means "run the command in the background"; i.e., detach it from the window it was started from, so it does not block the command line.

Should the program ever try to read from the terminal window, it will be suspended, until the user "brings it to the foreground"; i.e., brings it to the state it would have had without the & to begin with.

To bring a program to the foreground, use "fg" or "%". If you have more than one background job to choose from ("jobs" will show you), then use for example "%2" to choose the second one.
Important:

If you forget to give the & at the end of line, and the process blocks the command input to the terminal window, you can put the process in the background "after the fact", by using Ctrl-Z. The process is suspended, and you get the command prompt back. The first thing you should do then is probably to give the command "bg", that resumes the process, but now in the background.

taken from http://www.astro.ku.dk/comp-phys/tutorials/background.shtml

Thursday 18 December 2008

Fedora 10 package you need to compile kernel or build module

You have to download packages below.
# yum install yum-utils rpmdevtools
# yum install kernel-devel-$(uname -r)

Create user in Linux via vbscript

You can combine with previous script to handle creating users for AD and linux together.
I use plink to connect and execute useradd and passwd commands.
Edit sudo file to give these permissions to a user execute two command useradd and sudo. Do not forget to encrypt vbscript.


Dim strUser, strName, strContainer
strUser = InputBox (" Create user","username","")
strName = InputBox ("Name Surname","Name Surname","")
'if you want usernames in lowercase
'strUser = Lcase(StrUser)

' Check username length
If Len(strUser) = 0 Then
wscript.echo "empty username ?"
wscript.quit
End If

call Useradd(strUser)



Function Useradd(strUser)
Set WSHShell = WScript.CreateObject("WScript.Shell")
rc=WshShell.Run("c:\windows\plink.exe AUSERHAVINGSUDO@10.200.124.135 -pw password useradd -d /home/"&

strUser &" -s /bin/csh -c " & strUser & " -m " & strUser , 1, FALSE)
if err.number <> 0 Then
wscript.echo "problem creating user for linux"
wscript.quit
End if
End Function

Create user in AD, vbscript

Create and enable user in active directory environment. Set default password, and force user to change password in first logon.


Dim objRootLDAP, objContainer, objUser, objShell
Dim strUser, strName, strContainer
strUser = InputBox (" Create user","username","")
strName = InputBox ("Name Surname","Name Surname","")
'if you want usernames in lowercase
'strUser = Lcase(StrUser)

' Check username length
If Len(strUser) = 0 Then
wscript.echo "empty username ?"
wscript.quit
End If


call ADCreateUser(strUser,strName)



Function ADCreateUser(strUser,strName)
' parameters
' strName = strUser
strNewPasswd = "NA"&strUser&"99"
strContainer = "OU=YOUROU ,"

wscript.echo "username: " & strUser & " password: " & strNewPasswd

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strContainer & objRootLDAP.Get("defaultNamingContext"))

' create user.
Set objUser = objContainer.Create("User", "cn=" & strUser)
objUser.Put "sAMAccountName", strUser
objUser.Put "displayName", strName
objUser.SetInfo

'Password set
objUser.Put "userAccountControl", 512
objUser.Put "PwdLastSet", 0
objUser.SetPassword(strNewPasswd)
objUser.SetInfo


End Function

Wednesday 17 December 2008

Fedora 10 Installation from hard disk without cd/dvd or usb

I have running Fedora 6 and enough disk space to hold fedora 10 dvd iso.
Main idea is using initrd.img and vmlinuz under isolinux directory of dvd iso. Put them under /boot directory, edit grub.conf and boot from that kernel.

Downloaded Fedora-10-i386-DVD.iso to /mnt/disk2part1
Disk2part1 is /dev/hdc1 or /dev/sdc1.

# cd /mnt/disk2part1
# mkdir test
# mkdir images
# mount -o loop Fedora-10-i386-DVD.iso test
# cd test/isolinux
# cp initrd.img /boot/fedora10initrd.img
# cp vmlinuz /boot/fedora10vmlinuz
# cd ../images/
# cp install.img ../../images/

Now edit /boot/grub/grub.conf and add lines below

title Install Fedora 10
root (hd0,0)
kernel /fedora10vmlinuz
initrd /fedora10initrd.img

You should know where is your /boot directory. For me(hd0,0).
I select "install fedora 10" in boot screen and hard disk installation method.

webmin ssl_error_rx_record_too_long error

Install perl-Net-SSLeay module.
# yum inatall perl-Net-SSLeay

Now you can use ssl for webmin.

Wednesday 12 November 2008

Ftp for Windows OS error handling

I need a ftp script for uploading files but in Windows OS this is not easy to handle. Error handling is painfull.
I wrote a python script, which you can supply two argument; local directory and file name you want to upload. So you can run this ftp python from batch file or vbscript.
It has good error handling for most kind of errors, could send email to you. Please fill related parameters. You should have running smtp server for getting email.

I put two vbscript function below, which can handle calling python script and send email in case of error.
First function for calling ftp python script.
Second function for sending email in case of vbscript error.(You should put "on error resume next" in your script)


Function ftppython(ftpfile)
Set objShell = CreateObject("WScript.Shell")
objShell.Run "E:\dirofyourscript\ftp.py E:\sysadmins\log "&ftpfile, 0, False
If Err.number <> 0 Then
sendanemail()
End If
Set objShell = Nothing
end function



Function sendanemail
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "Problem mnp1 alarm script"
objMessage.From = "mail@domain.com"
objMessage.To = "youremail@domain.com;anotheremail@domain.com"
objMessage.TextBody = "Problem script"
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "IPAdressofyoursmtp"
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
objMessage.Send
end function




Python ftp script starts here

from ftplib import FTP
import sys, os, os.path, operator, shutil, smtplib

def upload(handle,filename):
f = open(filename,"rb")
(base,ext) = os.path.splitext(filename)
picext = ".bmp .jpg .jpeg .dib .tif .tiff .gif .png"
if(operator.contains(picext,ext)):
try:
handle.storbinary("STOR " + filename,f,1)
except Exception:
sendanemailo("Successful upload,but check it")
else:
print "Successful upload."
f.close()
return

try:
handle.storbinary("STOR " + filename,f)
except Exception:
sendanemail("Successful upload, but check it.")
else:
print "Successful upload."
f.close()
return


def download(handle,filename):
f2 = open(filename,"wb")
try:
handle.retrbinary("RETR " + filename,f2.write)
except Exception:
sendanemail("Error in downloadtelneting the remote file.")
return
else:
print "Successful download!"
f2.close()
return

def sendanemail(msg):
fromaddr = "from@domain.com"
toaddrs = "tome@domain.com"
subject = "ftp problem"
headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
message = headers + msg



server = smtplib.SMTP('ipadressofmailserver')
server.sendmail(fromaddr, toaddrs, message)
server.quit()
sys.exit()
return


#here are some parameters
host_name = "writeipaddress"
user = "user"
pwd = "password"
oldlocaldir = "z:\\sysadmins\log"
remotedir= "/remote/dir/"

if len(sys.argv) != 3:
sendanemail("there is no argument")
sys.exit()
uploadfile= sys.argv[2]
localdir = sys.argv[1]
os.chdir(localdir)
if not os.path.exists(uploadfile):
sendanemail("There is no file to upload")
sys.exit
if not os.path.exists(oldlocaldir):
sendanemail("There is no dir to move files")
sys.exit()
if not os.path.exists(localdir):
sendanemail("There is no local dir")
sys.exit()

try: ftph = FTP(host_name)
except:
sendanemail("Host could not be resolved.")
sys.exit()
else: pass
try:
ftph.login(user,pwd)
except Exception:
sendanemail("Invalid login combination.")
sys.exit()
else:
print "Successfully connected!\n"
try: os.chdir(localdir)
except:
sendanemail("chdir problem ")
sys.exit()
try: ftph.cwd(remotedir)
except:
sendanemail("there is problem in remotedir")
sys.exit()
try: upload(ftph,uploadfile)
except:
sendanemail("upload problem")
ftph.close()
try: shutil.move (uploadfile,oldlocaldir)
except:
sendanemail("problem move file")

Tuesday 9 September 2008

How to find LUN id? Solaris

Your disk from Format command

6. c4t60060E8004F359000000F35900000D1Ad0
/scsi_vhci/ssd@g60060e8004f359000000f35900000d1a


grep related part luxadm probe

luxadm probe | grep c4t60060E8004F359000000F35900000D1Ad0
Logical Path:/dev/rdsk/c4t60060E8004F359000000F35900000D1Ad0s2


Use logical path

luxadm display /dev/rdsk/c4t60060E8004F359000000F35900000D1Ad0s2
DEVICE PROPERTIES for disk: /dev/rdsk/c4t60060E8004F359000000F35900000D1Ad0s2
Vendor: HITACHI
Product ID: OPEN-V -SUN
Revision: 5008
Serial Num: 50 0F3590D1A
Unformatted capacity: 30720.000 MBytes
Write Cache: Enabled
Read Cache: Enabled
Minimum prefetch: 0x0
Maximum prefetch: 0x0
Device Type: Disk device
Path(s):

/dev/rdsk/c4t60060E8004F359000000F35900000D1Ad0s2
/devices/scsi_vhci/ssd@g60060e8004f359000000f35900000d1a:c,raw
Controller /devices/pci@8,700000/SUNW,jfca@5/fp@0,0
Device Address 50060e8004f35919,0 (LUN is here, hex value)
Host controller port WWN 2000000173016d35
Class primary
State ONLINE
Controller /devices/pci@9,600000/SUNW,jfca@2/fp@0,0
Device Address 50060e8004f35909,0
Host controller port WWN 20000001730151e3
Class primary
State ONLINE



MPxIO c#t#d# c4t60060E8004F359000000F35900000D1Ad0
Array WWN 50060e8004f35919 (device address part)
lun 0 (device address part array wwn,LUN address (hex value) )
HBA WWNs 2000000173016d35

Friday 5 September 2008

Solaris x86 boot GRUB bootenv.rc problem

GRUB Based Booting for Solaris x86 http://docs.sun.com/app/docs/doc/817-1985/hbx86boot-68676?a=view
I had booting problem last week. After grub screen, screen was black and later reboot. First I try rebooting verbose mode editing line in grub "kernel /platform/i86pc/multiboot kernel/unix -v"
How to Modify the Solaris Boot Behavior by Editing the GRUB Menu --> http://docs.sun.com/app/docs/doc/817-1985/fwbme?a=view
Then I got:
/boot/solaris/bootenv.rc - line 23, syntax error.

first we edit bootenv.rc

setprop console 'ttyb'
to
setprop console 'screen'

I could proceed with pressing ctrl+d two times (which stops running script at that time). So I could proceed with booting.
This is a bug related to kernel. Probably kernel do not show boot process to screeen. Also some boot scripts which gets information from eeprom (related to boot-args) hanged. In that kind of situations Ctrl+d could be good solution if you belive scripts hanged during boot.

Thursday 4 September 2008

Export data from oracle via vbscript

I need to export data from oracle so it will be possible for me to generate alert from that log file. I do this because we do not have permission to change anything in the database.
Be carefull about fields section, you must know how many columns in the table.


'Parameters
path="c:\path.txt"
strHost="servername"
strPort="1529"
strSID="oraclesid"
strUsername="user"
strPassword="password"
dquerry="select * from table"


'Filesystem Object
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Check if file exist
If objFSO.FileExists(path) Then
Set objFile = objFSO.OpenTextFile(path,8,True)
else
wscript.echo "there is no file I am creating"
set objFile = objFSO.createtextfile(path)
'set objFile = objFSO.OpenTextFile(path,8, True)
end If


'open connection to database
Dim strCon
strCon = "Driver={Microsoft ODBC for Oracle}; " & _
"CONNECTSTRING=(DESCRIPTION=" & _
"(ADDRESS=(PROTOCOL=TCP)" & _
"(HOST=" & strHost & ")(PORT=" & strPort & "))" & _
"(CONNECT_DATA=(SID = " & strSID & "))); uid=" & strUsername & ";pwd=" & strPassword & ";"
Dim oCon: Set oCon = WScript.CreateObject("ADODB.Connection")
Dim oRs: Set oRs = WScript.CreateObject("ADODB.Recordset")
oCon.Open strCon


Set oRs = oCon.Execute(querry)
While Not oRs.EOF
objFile.WriteLine(oRs.Fields(0).Value &"," & oRs.Fields(1).Value &"," & oRs.Fields(2).Value &"," & oRs.Fields(3).Value &"," & oRs.Fields(4).Value

&"," & oRs.Fields(5).Value &"," & oRs.Fields(6).Value &"," & oRs.Fields(7).Value &"," & oRs.Fields(8).Value &"," & oRs.Fields(9).Value &"," &

oRs.Fields(10).Value &"," & oRs.Fields(11).Value &"," & oRs.Fields(12).Value &"," & "Q3" &"," & "Q3" &"," & oRs.Fields(15).Value &"," & oRs.Fields(16).Value

)
oRs.MoveNext
Wend
oCon.Close
Set oRs = Nothing
Set oCon = Nothing

Wednesday 3 September 2008

Flash archive backup central server

I create flash archive backup and copy to central server. If there is any error in backup process or scp process I got mail.
Also scp works passwordless and secure.

First create transfer user at central server and give necceseery permissions.
At the main server:


# useradd transfer -d /export/home/transfer
# passwd transfer
# chown transfer /centralbackup/dir


At servers which you are going to backup, create public keys.


# ssh-keygen -t rsa
# cat ~/.ssh/id_rsa.pub


copy content to the transfer user in central server /transferuserhomedirectory/.ssh/authorized_keys . Be carefull there is no line break in the id_rsa.pub file.
now you can login without password to central server test is ssh transfer@centralserver.

This is the script that you can backup weekly.


backupname=$(hostname)_$(date '+%Y%m%d')
backupdir=/site/local/backupdir
remotebackupdir=/centralbackup/dir
remoteloc=transfer@mainserver:$remotebackupdir
mailaddress="yourmailaddress@domaim.com"
#if you want to exclude directories when you are creating flash archive use -x
flarcreate -c -S -n $backupname -x /putdirthatyouwanttoexclude -x /anotherexclude $backupdir/$backupname.flar
#check if there is problem creating flash archive
if [ $? -ne 0 ] ; then
echo flarcreate problem in $(hostname) "\n" | mailx -s "$(hostname) flarcreate problem" $mailaddress
exit 1
fi
scp $backupdir/$backupname.flar $remoteloc
#check if there is problem copying to central server.
if [ $? -ne 0 ] ; then
echo backup copy problem in $(hostname) "\n" | mailx -s "$(hostname) backup copy problem" $mailaddress
exit 1
fi
#deletes backup of previous week
rm $backdir/$(hostname)_$(TZ=GMT+167 date +%Y%m%d).flar
#check if there is problem deleting file
if [ $? -ne 0 ] ; then
echo old backup delete problem in $(hostname) "\n" | mailx -s "$(hostname) old backup delete problem" $mailaddress
exit 1
fi

Tuesday 2 September 2008

Inetadm connection_backlog

I patched Solaris 10 x86 which holding a another zone in container.
I got error booting guest zones

Sep 2 13:23:54 inetd[22765]: Unable to read debug property from config property group. scf_simple_prop_get() failed: entity not found
Sep 2 13:23:54 inetd[22765]: Property 'connection_backlog' of instance svc:/network/rpc/gss:default is missing, inconsistent or invalid
Sep 2 13:23:55 svc.startd[22540]: network/inetd:default failed repeatedly: transitioned to maintenance (see 'svcs -xv' for details)
Sep 2 13:23:55 svc.startd[22540]: failed to abandon contract 32259: Permission denied



Output of svcs -xv says gss inetd and related services are failing

svc:/network/rpc/gss:default (Generic Security Service)
State: uninitialized since Tue Sep 02 14:43:58 2008
Reason: Restarter svc:/network/inetd:default is not running.
See: http://sun.com/msg/SMF-8000-5H
See: gssd(1M)
Impact: 14 dependent services are not running. (Use -v for list.)

svc:/application/print/server:default (LP print server)
State: disabled since Tue Sep 02 14:43:57 2008
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: lpsched(1M)
Impact: 1 dependent service is not running. (Use -v for list.)

svc:/network/rpc/rstat:default (kernel statistics server)
State: uninitialized since Tue Sep 02 14:43:58 2008
Reason: Restarter svc:/network/inetd:default is not running.
See: http://sun.com/msg/SMF-8000-5H
See: rpc.rstatd(1M)
See: rstatd(1M)
Impact: 1 dependent service is not running. (Use -v for list.)

svc:/network/rpc/smserver:default (removable media management)
State: uninitialized since Tue Sep 02 14:43:58 2008
Reason: Restarter svc:/network/inetd:default is not running.
See: http://sun.com/msg/SMF-8000-5H
See: rpc.smserverd(1M)
Impact: 1 dependent service is not running. (Use -v for list.)

svc:/application/print/cleanup:default (print cleanup)
State: maintenance since Tue Sep 02 14:43:58 2008
Reason: Start method failed repeatedly, last exited with status 1.
See: http://sun.com/msg/SMF-8000-KS
See: /var/svc/log/application-print-cleanup:default.log
Impact: This service is not running.

svc:/network/inetd:default (inetd)
State: maintenance since Tue Sep 02 14:44:07 2008
Reason: Restarting too quickly.
See: http://sun.com/msg/SMF-8000-L5
See: inetd(1M)
See: /var/svc/log/network-inetd:default.log


I set the value below and restarted zone, now it is ok

inetadm -M connection_backlog=10

Thursday 28 August 2008

Booting Solaris Intel into single user mode

Press e in when grub shows at boot time.
Edit multiboot line below and add -s to the end press enter
then b for boot

root (hd0,0,a)
kernel /platform/i86pc/multiboot -s
module /platform/i86pc/boot_archive

Or you can edit /boot/grub/menu.lst and add new entries like below copy your original entries in the file and add -s to end of multiboot line.
title Solaris 10 11/06 s10x_u3wos_10 X86
root (hd0,0,a)
kernel /platform/i86pc/multiboot -s
module /platform/i86pc/boot_archive

Thursday 21 August 2008

Secure port forwarding without shell access

My aim was connection to ssh deamon on defined port (4321 for this example) different then default port and specific users (only for theusername for this example) without shell access and permiting port forwarding. Chroot for sshd is painfull.


Create custum sshd config file
cp /etc/ssh/sshd_config /etc/sshsshd_config_custom


Changed options in sshd_config_custom file
Port 4321
PermitRootLogin no
AllowUsers theusername


With this configuration file, only theusername could connect ssh deamon on port 4321.
Run sshd deamon
/usr/lib/ssh/sshd -f /data01/tcell/sshd_config_config


Change shell to /usr/bin/false in passwd file

vi /etc/passwd
theusername:x:404:808::/homefolder:/bin/sh
theusername:x:404:808::/homefolder:/usr/bin/false


If you do not have false shell create read only shell.
vi /usr/bin/dummyshell
add two lines below
#!/bin/bash
bash -r -c read

Make executable
chmod a+x  /usr/bin/dummyshell

From remote computer:
So user had to use -N option for ssh command
     -N

Does not execute a remote command. This is useful if you
just want to forward ports (protocol version 2 only).


For port forwarding from another system
ssh -N theusername@ipadressoftheserver -L 9999:127.0.0.1:9999 -p 4321


-p for changed ssh port in sshd_config_custom

Now user could not give any command on the server but could port forward 9999 from the server to computer.

Friday 15 August 2008

Shell script argument check and directory check

With this part you can check arguments are supplied and give usage information.
if [ $# -ne 2 ]
then
echo 1>&2 Usage: $0 firstdatafile lastdatafile
exit 127
fi

Create if directory does not exist
DESTDIR=dirname
if ! test -d "$DESTDIR"
then mkdir -p $DESTDIR
fi