Tbow's Log
This is a log of everything Josh (Systems Administrator) has done over the years.
Projects, Scripts, and Daemons
This section includes things like:
- Scripts I have written
- Daemons I have setup
- Projects I have attempted or completed
Upgrades and Survival Guides
This a list of my notes on the sysems upgrades I have performed in the past.
System Upgrade 2013-12-30
The order we will be updating is: jalapeno, pumpkin, gourd, einstein, taro, roentgen, and endeavour. The reason I picked this order is because we need a physical machine to test this update on and Pumpkin is the lowest priority physical machine to do tthis with. Taro needs to stay after gourd and einstein because I will want to be able to recover the VMs on a working virtualized server (the backup will come from the pulled drive on Gourd, described below). If pumpkin goes well, then it should follow that gourd will go smoothly. Jalapeno goes first because it is the lowest priority VM and it will help us get our feet wet with the updating of CentOS 5 to 6, which will also help in pumpkin's update from RHEL 5 to 6.
This will require (for the physical machines) us to get in touch with UNH IT and make sure we can get the proper keys to update with official RHEL 6 repos. Gourd could be problematic, that is why we will update her and make sure she runs properly (including the VMs) then we will detach one of the software RAID drives (for backup) and rebuild the RAID with a new drive, and then we will proceed to upgrading to RHEL 6.
There are a few problems I foresee, that is: upgrading from 5 to 6, endeavour's yum and cluster software, making sure that latest version GCC (and anyother crucial software to the physicists projects) is backwards compatible with older version (in other words, how many problems will they have), the video cards in pumpkin and taro, and finally einstein's mail and LDAP (will it be compatible with CentOS 6).
Startup Procedure 2012-11-01
How to start Gourd and the virtual machines
- Start Gourd.
- NOTE: Make sure you boot gourd with the correct kernel with the correct kernel modules (like kvm-intel) use this command to check for the kvm module:
- modprobe kvm-intel
- Login as root
- To start the virtual machines use these commands:
- virsh domid vm
- Example: virsh start einstein.unh.edu
- Once einstein (LDAP and Mail) and jalapeno (DNS) has been started, start the netgroups2iptables script
- service iptables-netgroups start or
- /etc/init.d/iptables-netgroups start
- NOTE: Gourd's netgroup iptables needs LDAP, so you need to start einstein for LDAP. If you do not start iptables-netgroups, clients will not be able to properly automount their home folders.
- Once you have finished the above, you can proceed to start all the servers (Virtual and Physical).
General administration of virtual machines
Once you’ve got your virtual machine installed, you’ll need to know the various commands for everyday administration of KVM virtual machines. In these examples, change the name of the VM from ‘vm’ to whatever yours is called.
To show general info about virtual machines, including names and current state:
virsh list --all
To see a top-style monitor window for all VMs:
virt-top
To show info about a specific virtual machine:
virsh dominfo vm
To start a virtual machine:
virsh start vm
To pause a virtual machine:
virsh suspend vm
To resume a virtual machine:
virsh resume vm
To shut down a virtual machine (the ‘acpid’ service must be running on the guest for this to work):
virsh shutdown vm
To force a hard shutdown of a virtual machine:
virsh destroy vm
To remove a domain (don’t do this unless you’re sure you really don’t want this virtual machine any more):
virsh undefine vm
Initial host setup
Firstly it’s necessary to make sure you have all the necessary software installed:
yum -y groupinstall Virtualization "Virtualization Client" "Virtualization Platform" "Virtualization Tools" ; yum -y install libguestfs-tools
Next check that libvirtd is running:
service libvirtd status
If not, make sure that messagebus and avahi-daemon are running, then start libvirtd:
service messagebus start service avahi-daemon start service libvirtd start
Use chkconfig to ensure that all three of these services start automatically on system boot.
Next it’s necessary to set up the network bridge so that the virtual machines can function on the network in the same way as physical servers. To do this, copy /etc/sysconfig/network-scripts/ifcfg-eth0 (or whichever is the file for the active network interface) to /etc/sysconfig/network-scripts/ifcfg-br0.
In /etc/sysconfig/network-scripts/ifcfg-eth0, comment out all the lines for ‘BOOTPROTO’, ‘DNS1', ‘GATEWAY’, ‘IPADDR’ and ‘NETMASK’, then add this line:
BRIDGE="br0"
Then edit /etc/sysconfig/network-scripts/ifcfg-br0, comment out the ‘HWADDR’ line, change the ‘DEVICE’ to “br0", and change the ‘TYPE’ to “Bridge”.
Then restart the network:
service network restart
The bridge should now be up and running. You can check its status with:
ifconfig brctl show
Creating the disk volumes for a new virtual machine
We need to create new LVM volumes for the root and swap partitions in the new virtual machine. I’m assuming LVM is already being used, that the volume group is called ‘sysvg’, and that there is sufficient free space available in the sysvg group for the new volumes. If your volume group has a different name then just modify the instructions below accordingly. Change the volume sizes to suit your requirements:
lvcreate -L 20G -n vm-root sysvg lvcreate -L 4096M -n vm-swap sysvg
Installing the operating system on the new virtual machine
Here I’m installing CentOS 6 on the guest machine using Kickstart, although I will also explain how to perform a normal non-automated installation. You’ll need to modify the instructions accordingly to install different operating systems. To make CentOS easily available for the installation, firstly make sure you have Apache installed and running. If necessary, install it with:
yum -y install httpd
Then start it with:
service httpd start
Then create the directory /var/www/html/CentOS and copy the contents of the CentOS DVDs into it.
If you’re using Kickstart then you’ll need these lines in your Kickstart config file to make sure that it can find the files from the CentOS DVDs. The IP address of the host in this example is 192.168.1.1, so change that as needed:
install url --url http://192.168.1.1/CentOS
These lines are also required to make sure that Kickstart can find and use the LVM volumes created earlier:
zerombr clearpart --all --initlabel bootloader --location=mbr part / --fstype ext4 --size 1 --grow --ondrive=vda part swap --size 1 --grow --ondrive=vdb
Once the Kickstart file is ready, call it ks.cfg and copy it to /var/www/html
This command installs CentOS on the guest using a Kickstart automated installation. The guest is called ‘vm’, it has a dedicated physical CPU core (core number 2) and 1 GB of RAM allocated to it. Again, the IP address of the host is 192.168.1.1, so change that as needed:
virt-install --name=vm --cpuset=2 --ram=1024 --network bridge=br0 --disk=/dev/mapper/sysvg-vm--root --disk=/dev/mapper/sysvg-vm--swap --vnc --vnclisten=0.0.0.0 --noautoconsole --location /var/www/html/CentOS --extra-args "ks=http://192.168.1.1/ks.cfg"
The installation screen can be seen by connecting to the host via VNC. This isn’t necessary for a Kickstart installation (unless something goes wrong). If you want to do a normal install rather than a Kickstart install then you will need to use VNC to get to the installation screen, and in that case you’ll want to use the virt-install command above but just leave off everything from ‘–extra-args’ onwards.
Also, you may want to install directly from a CDROM image, in which case replace the ‘–location’ bit with ‘–cdrom=’ and the path to the CD image, e.g. to install Ubuntu in your VM you might put ‘–cdrom=/tmp/ubuntu-12.04.1-server-i386.iso’. (If virtual servers are already using VNC on the host then you will need to add the appropriate number to the VNC port number to connect to, e.g. the standard VNC port is 5900, and if there are already two virtual servers using VNC on the host then you will need to connect VNC to port 5902 for this install.).
General administration of virtual machines
Once you’ve got your virtual machine installed, you’ll need to know the various commands for everyday administration of KVM virtual machines. In these examples, change the name of the VM from ‘vm’ to whatever yours is called.
To show general info about virtual machines, including names and current state:
virsh list --all
To see a top-style monitor window for all VMs:
virt-top
To show info about a specific virtual machine:
virsh dominfo vm
To start a virtual machine:
virsh start vm
To pause a virtual machine:
virsh suspend vm
To resume a virtual machine:
virsh resume vm
To shut down a virtual machine (the ‘acpid’ service must be running on the guest for this to work):
virsh shutdown vm
To force a hard shutdown of a virtual machine:
virsh destroy vm
To remove a domain (don’t do this unless you’re sure you really don’t want this virtual machine any more):
virsh undefine vm
Cloning virtual machines
To clone a guest VM, firstly it’s necessary to create new disk volumes for the clone, then we use the virt-clone command to clone the existing VM:
lvcreate -L 20G -n newvm-root sysvg lvcreate -L 4096M -n newvm-swap sysvg virt-clone -o vm -n newvm -f /dev/mapper/sysvg-newvm--root -f /dev/mapper/sysvg-newvm--swap
Then dump the XML for the new VM:
virsh dumpxml newvm > /tmp/newvm.xml
Edit /tmp/newvm.xml. Look for the ‘vcpu’ line and change the ‘cpuset’ number to the CPU core you want to dedicate to this VM. Then make this change effective:
virsh define /tmp/newvm.xml
You’ll also need to grab the MAC address from the XML. Keep this available as we’ll need it in a minute:
grep "mac address" /tmp/newvm.xml | awk -F ' '{print $2}'
Start up the new VM and connect to it via VNC as per the instructions in the Installation section above. Edit /etc/sysconfig/network and change the hostname to whatever you want to use for this new machine. Then edit /etc/sysconfig/network-scripts/ifcfg-eth0 and change the ‘HOSTNAME’ and ‘IPADDR’ to the settings you want for this new machine. Change the ‘HWADDR’ to the MAC address you obtained a moment ago, making sure that the letters are capitalised.
Then reboot and the new VM should be ready.
Backing up and migrating virtual machines
In order to take backups and to be able to move disk volumes from virtual machines to other hosts, we basically need to create disk image files from the LVM volumes. We’ll first snapshot the LVM volume and take the disk image from the snapshot, as this significantly reduces the amount of time that the VM needs to remain paused (i.e. effectively offline) for. We remove the snapshot at the end of the process so that the VM’s IO is not negatively affected.
This disk image, once created, can then be stored in a separate location as a backup, and/or transferred to another host server in order to copy or move the VM there.
So, make sure that the VM is paused or shut down, then create a LVM snapshot, then resume the VM, then create the image from the snapshot, then remove the snapshot:
virsh suspend vm lvcreate -L 100M -n vm-root-snapshot -s /dev/sysvg/vm-root virsh resume vm dd if=/dev/mapper/sysvg-vm--root--snapshot of=/tmp/vm-root.img bs=1M lvremove /dev/mapper/sysvg-vm--root--snapshot
You can then do what you like with /tmp/vm-root.img – store it as a backup, move it to another server, and so forth.
In order to restore from it or create a VM from it on a new server, firstly use ‘lvcreate’ to create the LVM volume for restore if it isn’t already there, then copy the disk image to the LVM volume:
dd if=/tmp/vm-root.img of=/dev/mapper/sysvg-vm--root bs=1M
You may also need to perform this procedure for the swap partition depending on what you are trying to achieve.
You’ll also want to back up the current domain configuration for the virtual machine:
virsh dumpxml vm > /tmp/vm.xml
Then just store the XML file alongside the disk image(s) you’ve taken.
If you’re moving the virtual machine to a new server then once you’ve got the root and swap LVM volumes in place, you’ll need to create the domain for the virtual machine on the new server. Firstly edit the XML file and change the locations of disk volumes to the layout on the new server if it’s different to the old server, then define the new domain:
virsh define /tmp/vm.xml
You should then be able to start up the ‘vm’ virtual machine on the new server.
Resizing partitions on a guest
Let’s say we want to expand the root partition on our VM from 20G to 25G. Firstly make sure the VM is shut down, then use virt-filesystems to get the information we need for the resize procedure:
virsh shutdown vm virt-filesystems -lh -a /dev/mapper/sysvg-vm--root
This will probably tell you that the available filesystem on that volume is /dev/sda1, which is how these tools see the virtual machine’s /dev/vda1 partition. We’ll proceed on the basis that this is the case, but if the filesystem device name is different then alter the command below accordingly.
Next we create a new volume, then we perform the virt-resize command from the old volume to the new volume, then we set the new volume as the active root partition for our domain:
lvcreate -L 25G -n vm-rootnew sysvg virt-resize --expand /dev/sda1 /dev/mapper/sysvg-vm--root /dev/mapper/sysvg-vm--rootnew lvrename /dev/sysvg/vm-root /dev/sysvg/vm-rootold lvrename /dev/sysvg/vm-rootnew /dev/sysvg/vm-root virsh start vm
Then, when you’re sure the guest is running OK with the new resized partition, remove the old root partition volume:
lvremove /dev/mapper/sysvg-vm--rootold
RAID and Areca
Drive Life 2012-06-24
This is a list of expected drive life from manufacturer. All of these drives are in are RAIDs.
Pumpkin
ST3750640NS (p.23) 8,760 power-on-hours per year. 250 average motor start/stop cycles per year. ST3750640AS (p.37) 2400 power-on-hours per year. 10,000 average motor start/stop cycles per year. WDC WD7500AAKS-00RBA0 Start/stop cycles 50,000
Endeavour
ST31000340NS ST31000524AS ST31000526SV MTBF 1,000,000 hours Start / Stop Cycles 50,000 Non-Recoverable Errors 1 per 10^14
Areca 1680 2010-01-10
4.3 Driver Installation for Linux
This chapter describes how to install the SAS RAID controller driver to Red Hat Linux, SuSE and other versions of Linux. Before installing the SAS RAID driver to the Linux, complete the following actions:
- Install and configure the controller and hard disk drives according to the instructions in Chapter 2 Hardware Installation.
- Start the system and then press Tab+F6 to enter the McBIOS RAID manager configuration utility. Using the McBIOS RAID manager to create the RAID set and volume set. For details, see Chapter 3, McBIOS RAID Manager.
If you are using a Linux distribution for which there is not a compiled driver available from Areca, you can copy the source from the SAS software CD or download the source from the Areca website and compile a new driver.
Compiled and tested drivers for Red Hat and SuSE Linux are included on the shipped CD. You can download updated versions of com- piled and tested drivers for RedHat or SuSE Linux from the Areca web site at http://www.areca.com.tw. Included in these downloads is the Linux driver source, which can be used to compile the updat- ed version driver for RedHat, SuSE and other versions of Linux. Please refer to the “readme.txt” file on the included Areca CD or website to make driver diskette and to install driver to the system.
Areca Scripts
This is a collection of the Areca Scripts I have attempted to build.
grep_areca_info.sh 2012-10-09
#!/bin/bash cat /net/data/taro/areca/areca_info | grep -A 52 $1 | grep \#$3 | grep $2
areca_info.sh 2014-01-14
#!/bin/bash info=areca_info echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" >> $info echo "`date +%Y-%m-%d_%T`_`echo $HOSTNAME`" >> $info echo "------------------------------------------------------------------" >> $info echo -e "Drv#\t`areca_cli64 disk smart info drv=1 | grep Attribute`" >> $info echo "======================================================================================" >> $info for i in `seq 1 $1` do areca_cli64 disk smart info drv=$i > .areca_temp echo -e "`echo \#$i`\t`cat .areca_temp | grep Start`" >> $info done for i in `seq 1 $1` do areca_cli64 disk smart info drv=$i > .areca_temp echo -e "`echo \#$i`\t`cat .areca_temp | grep Power-on`" >> $info done for i in `seq 1 $1` do areca_cli64 disk info drv=$i > .areca_temp echo -e "`echo \#$i`\t`cat .areca_temp | grep Temperature`" >> $info done rm .areca_temp echo "------------------------------------------------------------------" >> $info areca_cli64 hw info | grep Temp >> $info
mydata.py 2012-06-19
#!/usr/bin/python
import sqlite3
import re
data = open("mydata","r")
all_data = data.read()
all_data_split = all_data.split("+++")
for i in all_data_split:
print i
#Make connection to database mydata.db,
# which is in the current directory.
conn = sqlite3.connect('mydata.db')
c = conn.cursor()
# Insert a row of data
c.execute("INSERT INTO stocks VALUES ('2006-01-05','BUY','RHAT',100,35.14)")
# Save (commit) the changes
conn.commit()
# We can also close the cursor if we are done with it
c.close()
# Create table
#c.execute(CREATE TABLE stocks
# (date text, trans text, symbol text, qty real, price real))
LDAP and Email
LDAP setup 2009-05-20
Setting up through command line
sudo -s (to be root)
env HOME=/root /usr/local/bin/adduser-npg make sure that in adduser-npg (script) that the location for luseradd is set to /usr/sbin/ add user to farm, npg, and domain-admins
Something is still wrong with the lgroupmod
LDAP_output.py
#!/usr/bin/env python # # Copyright (C) 2011 Adam Duston # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # import os,sys,getopt,random,ldif,ldap,subprocess import ldap.modlist as modlist from string import letters,digits from getpass import getpass from crypt import crypt from grp import getgrnam from time import sleep from shutil import copytree # ldap_server = "ldaps://einstein.farm.physics.unh.edu:636" basedn = "dc=physics,dc=unh,dc=edu" domain = "physics.unh.edu" homedir = "/home" maildir = "/mail" admin_dn = "cn=root,dc=physics,dc=unh,dc=edu" users_ou = "ou=People" skel_dir = "/etc/skel/" # def usage(): """ Print usage information """ print "Usage: usergen.py [options] USERNAME" print "Creates a new NPG user account and adds to the LDAP database." print "Will prompt for necessary values if not provided." print "The--ldif and --disable options effect existing accounts," print "and will not attempt to add new users to the LDAP database." print " " print "Options:" print "-d, --create-dirs" print " Create home and mail directories for the new account. " print "-f, --firstname NAME" print " The user's first name." print "-l, --lastname NAME" print " The user's last name." print "-m, --mail ADDRESS" print " The user's e-mail address." print "-u, --uid UID" print " The user's numerical UID value." print "-g, --gid GID" print " The numerical value of the user's primary group." print "-s, --shell SHELL" print " The user's login shell." print "-h, --help" print " Display this help message and exit." print "--disable" print " Disables logins by changing user's login shell to /bin/false." print "--ldif" print " Save user details to an LDIF file, but do not add the user to LDAP." # def makeuser( login, firstname, lastname, mail, \ uidnum, gidnum, shell, password ): """ Returns a tuple containing full dn and a dictionary of attributes for the user information given. Output intended to be used for adding new user to LDAP database or generating an LDIF file for that user. """ # dn = "uid=%s,%s,%s" % (login,users_ou,basedn) attrs = {} attrs['uid'] = [login] attrs['objectClass'] = ['top', 'posixAccount', 'shadowAccount', 'inetOrgPerson', 'organizationalPerson', 'person'] attrs['loginShell'] = [shell] attrs['uidNumber'] = [uidnum] attrs['gidNumber'] = [gidnum] attrs['mail'] = [mail] attrs['homeDirectory'] = ['%s/%s' % (homedir, login)] attrs['cn'] = ['%s %s' % (firstname, lastname)] attrs['sn'] = [lastname] attrs['gecos'] = ['%s %s' % (firstname, lastname)] attrs['userPassword'] = [password] # return (dn, attrs) # def getsalt(): """ Return a two-character salt to use for hashing passwords. """ chars = letters + digits return random.choice(chars) + random.choice(chars) # def user_exists(username): """ Search LDAP database to verify whether username already exists. Return a boolean value. """ # search_base = "%s,%s" % (users_ou,basedn) search_string = "(&(uid=%s)(objectClass=posixAccount))" % username # try: # Open LDAP Connection ld = ldap.initialize(ldap_server) # # Bind anonymously to the server ld.simple_bind_s("","") # # Search for username result = ld.search_s(search_base, ldap.SCOPE_SUBTREE, search_string, \ ['distinguisedName']) # # Close connection ld.unbind_s() # except ldap.LDAPError, err: print "Error searching LDAP database: %s" % err sys.exit(1) # # If user is not found, result should be an empty list. if len(result) != 0: return True else: return False # def get_uids(): """ Return a list of UID numbers currently in use in the LDAP database. """ # search_base = "%s,%s" % (users_ou, basedn) search_string = "(objectClass=posixAccount)" # try: # Bind anonymously ld = ldap.initialize(ldap_server) ld.simple_bind_s("","") # Get UIDS from all posixAccount objects. result = ld.search_s(search_base, ldap.SCOPE_SUBTREE, search_string, \ ['uidNumber']) # ld.unbind_s() # except ldap.LDAPError, err: print "Error connecting to LDAP server: %s" % err sys.exit(1) # # Pull the list of UIDs out of the results. uids = [result[i][1]['uidNumber'][0] for i in range(len(result))] # # Sort UIDS and return return sorted(uids) # def create_ldif(dn, attrs): """ Output an LDIF file to the current directory. """ # try: file = open(str(attrs['uid'][0]) + ".ldif", "w") # writer = ldif.LDIFWriter(file) writer.unparse(dn, attrs) # file.close() # except EnvironmentError, err: print "Unable to open file: %s" % err sys.exit(1) # def ldap_add(dn, attrs): """ Add a user account with the given dn and attributes to the LDAP database. Requires authentication as LDAP admin. If user added successfully return true, else return False. """ # try: # Open a connection to the ldap server ld = ldap.initialize(ldap_server) # print "\nAdding new user record. Authentication required." # # Bind to the server as administrator ld.simple_bind_s(admin_dn,getpass("LDAP Admin Password: ")) # # Convert attrs to correct syntax for ldap add_s function ldif = modlist.addModlist(attrs) # # Add the entry to the LDAP server ld.add_s(dn, ldif) # # Close connection to the server ld.unbind_s() # print "User account added successfully." return True # except ldap.LDAPError, err: print "Error adding new user: %s" % err return False # def ldap_disable(username): """ Disable login on a user a count by setting the login shell to /bin/false. """ try: # Open a connection to the ldap server ld = ldap.initialize(ldap_server) # print "\nModifying user record. Authentication required." # ld.simple_bind_s(admin_dn,getpass("LDAP Admin Password: ")) # # Set the dn to modify and the search parameters mod_dn = "uid=%s,%s,%s" % (username,users_ou,basedn) search_base = "%s,%s" % (users_ou,basedn) search_string = "(&(uid=%s)(objectClass=posixAccount))" % username # # Get the current value of loginShell from the user LDAP entry. result = ld.search_s(search_base, ldap.SCOPE_SUBTREE, search_string, \ ['loginShell']) # oldshell = result[0][1] newshell = {'loginShell':['/bin/false']} # # Use modlist to configure changes diff = modlist.modifyModlist(oldshell,newshell) # # Modify the LDAP entry. ld.modify_s(mod_dn,diff) # # Unbind from the LDAP server ld.unbind_s() # # Return True if successful return True # except ldap.LDAPError, err: print "Error connecting to LDAP server: %s" % err return False # def chown_recursive(path, uid, gid): """ Recursively set ownership for the files in the given directory to the given uid and gid. """ command = "chown -R %i:%i %s" % (uid,gid,path) # subprocess.Popen(command, shell=True) # def create_directories(username, uid, gid): """ Create user home and mail directories. """ # Create home directory try: # user_homedir = "%s/%s" % (homedir,username) # # Copying skel dir to user's home dir makes the directory and # adds the skeleton files. copytree(skel_dir,user_homedir) # chown_recursive(user_homedir,uid,gid) # except OSError, err: print "Unable to create home directory: %s" % err sys.exit(1) # # Create mail directory try: # Get GID for the mail group mailgid = getgrnam('mail')[2] # user_maildir = "%s/%s" % (maildir,username) # os.mkdir(user_maildir) # There also needs to be a "cur" subdirectory or IMAP will cry. os.mkdir(user_maildir + "/cur") # chown_recursive(user_maildir, uid, mailgid) # except OSError, err: print "Unable to create mail directory: %s" % err sys.exit(1) # def main(argv): """ Parse command line arguments, prompt the user for any missing values that might be needed to create a new user. """ # Parse command line args using getopt try: opts, args = getopt.getopt(argv, "hf:l:m:u:g:s:d", \ ["help", "ldif", "create-dirs","disable", "firstname=", \ "lastname=", "mail=", "uid=", "gid=", \ "shell="]) except getopt.GetoptError: # An exception should mean misuse of command line options, so print # help and quit. usage() sys.exit(2) # # Defining variables ahead of time should help later on when I want to # check whether they were set by command line arguments or not. firstname = "" lastname = "" mail = "" uid = "" gid = "" shell = "" # # Booleans for run options run_add = True run_ldif = False run_disable = False create_dirs = False # # Parse command line options for opt, arg in opts: # if opt in ("-h", "--help"): usage() sys.exit() elif opt in "--ldif": # If creating LDIF don't add a new user. run_ldif = True run_add = False elif opt in "--disable": # If disabling a user, turn off adding new user run_disable = True run_add = False elif opt in ("-d","--create-dirs"): create_dirs = True elif opt in ("-f", "--firstname"): firstname = arg elif opt in ("-l", "--lastname"): lastname = arg elif opt in ("-m", "--mail"): mail = arg elif opt in ("-u", "--uid"): uid = arg elif opt in ("-g", "--gid"): gid = arg elif opt in ("-s", "--shell"): shell = arg # # Whatever was left over after parsing arguments should be the login name username = "".join(args) # # Make sure the user entered a username. while not username: username = raw_input("Enter a username: ") # if run_disable: # Make sure the user exists before trying to delete it. if user_exists(username): print "Warning: This will disable logins for user %s. Proceed?" \ % username answer = raw_input("y/N: ") # if answer in ("y","yes","Y"): # If user is disabled print success message and quit. # If an error occurs here quit anyway. if ldap_disable(username): print "Logins for user %s disabled." % username sys.exit(1) else: print "An error occurred. Exiting." sys.exit(1) else: print "User account not modified." sys.exit(1) else: print "User %s does not exist in LDAP database. Exiting." % username sys.exit(1) # # Don't continue if this account already exists. if run_add and user_exists(username): print "Error: account with username %s already exists." % username sys.exit(1) # # # Prompt user for any values that were not defined as a command line option while not firstname: firstname = raw_input("First Name: ") while not lastname: lastname = raw_input("Last Name: ") while not mail: addr_default = "%s@%s" % (username,domain) mail = raw_input("E-mail address [%s]: " % addr_default) if not mail: mail = addr_default # # Get the uid. Make sure it's not already in use. while not uid: # Get a list of in-use UID numbers existing_uids = get_uids() # # Get one plus the highest used uid next_uid = int(existing_uids[-1]) + 1 # uid = raw_input("UID [%i]: " % next_uid) # if not uid: uid = str(next_uid) elif uid in existing_uids: print "UID " + uid + " is already in use." uid = "" # # Get the user's default group. Use 5012 (npg) if none other specified. while not gid: gid = raw_input("GID [5012]: ") # if not gid: gid = "5012" # # Prompt for a shell, if user doesn't enter anything just use the default # Make sure the shell exists before accepting it. while not shell: shell = raw_input("Shell [/bin/bash]: ") if not shell: shell = "/bin/bash" elif not os.path.exists(shell): print shell + " is not a valid shell." shell = "" # # Get the password from the user. Make sure it's correct. pwCorrect = False while not pwCorrect: salt = getsalt() password1 = crypt(getpass(),salt) password2 = crypt(getpass('Retype password: '),salt) if password1 == password2: ldap_password = "{CRYPT}" + password1 pwCorrect = True else: print "Passwords do not match. Try again." # # Build the account info account = makeuser(username, firstname, lastname, mail, \ uid, gid, shell, ldap_password) # # Decide what to do with it. Only one of these should run at a time. if run_add: if ldap_add(account[0],account[1]): if create_dirs: create_directories(username, int(uid), int(gid)) print "User directories created successfully." else: print "Create home and mail directories for %s?" % username answer = raw_input("y/N") # if answer in ("y","Y","yes"): create_directories(username, int(uid), int(gid)) else: print "Create user failed." sys.exit(1) # if run_ldif: create_ldif(account[0],account[1]) # if __name__ == "__main__": if os.geteuid() != 0: print "This program must be run as an administrator." else: main(sys.argv[1:])
Mailman Notes 2009-05-20
In /etc/mailman/ there is a python script pointing to the /usr/lib/mailman/ with a sym link
SSSD Setup Files 2013-07-16
SSSD Notes
- yum install sssd libsss_sudo
- authconfig --enablesssd --enablesssdauth --enablelocauthorize --update
- /etc/sssd/sssd.conf:
[sssd] config_file_version = 2 services = nss, pam domains = default [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd [domain/default] ldap_tls_reqcert = never auth_provider = ldap ldap_schema = rfc2307bis krb5_realm = EXAMPLE.COM ldap_search_base = dc=physics,dc=unh,dc=edu id_provider = ldap ldap_id_use_start_tls = False chpass_provider = ldap ldap_uri = ldaps://einstein.unh.edu krb5_kdcip = kerberos.example.com cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts entry_cache_timeout = 600 ldap_network_timeout = 3 ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))
- /etc/nsswitch.conf:
passwd files sss shadow files sss group files sss sudoers files sss
- service sssd restart
- Test settings: id (username)
Note: If you are not able to get back proper information with the 'id' command try removing the ca certs from the /etc/openldap/cacerts/ directory. Always back that directory up before removing the contents of it.
sssd.conf
[sssd] config_file_version = 2 # # Number of times services should attempt to reconnect in the # event of a crash or restart before they give up reconnection_retries = 3 # # If a back end is particularly slow you can raise this timeout here sbus_timeout = 30 services = nss, pam, sudo # # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. # domains = LOCAL,LDAP # domains = default [nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root #filter_users = root filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd reconnection_retries = 3 # # The entry_cache_timeout indicates the number of seconds to retain an # entry in cache before it is considered stale and must block to refresh. # The entry_cache_nowait_timeout indicates the number of seconds to # wait before updating the cache out-of-band. (NSS requests will still # be returned from cache until the full entry_cache_timeout). Setting this # value to 0 turns this feature off (default). # entry_cache_timeout = 600 # entry_cache_nowait_timeout = 300 # [pam] reconnection_retries = 3 # [sudo] # # Example domain configurations # Note that enabling enumeration in the following configurations will have a # moderate performance impact while enumerations are actually running, and # may increase the time necessary to detect network disconnection. # Consequently, the default value for enumeration is FALSE. # Refer to the sssd.conf man page for full details. # # Example LOCAL domain that stores all users natively in the SSSD internal # directory. These local users and groups are not visible in /etc/passwd; it # now contains only root and system accounts. # [domain/LOCAL] # description = LOCAL Users domain # id_provider = local # enumerate = true # min_id = 500 # max_id = 999 # # Example native LDAP domain # ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute # for group membership, or to "rfc2307bis", which uses the "member" attribute # to denote group membership. Changes to this setting affect only how we # determine the groups a user belongs to and will have no negative effect on # data about the user itself. If you do not know this value, ask an # administrator. # [domain/LDAP] # id_provider = ldap # auth_provider = ldap # ldap_schema = rfc2307 # ldap_uri = ldap://ldap.mydomain.org # ldap_search_base = dc=mydomain,dc=org # ldap_tls_reqcert = demand # cache_credentials = true # enumerate = False # # Example LDAP domain where the LDAP server is an Active Directory server. # # [domain/AD] # description = LDAP domain with AD server # enumerate = false # min_id = 1000 # # id_provider = ldap # auth_provider = ldap # ldap_uri = ldap://your.ad.server.com # ldap_schema = rfc2307bis # ldap_user_search_base = cn=users,dc=example,dc=com # ldap_group_search_base = cn=users,dc=example,dc=com # ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com # ldap_default_authtok_type = password # ldap_default_authtok = YOUR_PASSWORD # ldap_user_object_class = person # ldap_user_name = msSFU30Name # ldap_user_uid_number = msSFU30UidNumber # ldap_user_gid_number = msSFU30GidNumber # ldap_user_home_directory = msSFU30HomeDirectory # ldap_user_shell = msSFU30LoginShell # ldap_user_principal = userPrincipalName # ldap_group_object_class = group # ldap_group_name = msSFU30Name # ldap_group_gid_number = msSFU30GidNumber # ldap_force_upper_case_realm = True # [domain/default] enumerate = True # ldap_tls_reqcert = never auth_provider = ldap krb5_realm = EXAMPLE.COM ldap_search_base = dc=physics,dc=unh,dc=edu id_provider = ldap ldap_id_use_start_tls = False chpass_provider = ldap ldap_uri = ldaps://einstein.unh.edu chpass_provider = ldap krb5_kdcip = kerberos.example.com cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts entry_cache_timeout = 600 ldap_network_timeout = 3 ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount)) # #ldap_schema = rfc2307bis ldap_schema = rfc2307 #ldap_group_member = memberUid #ldap_group_search_base = ou=groups,dc=physics,dc=unh,dc=edu ldap_rfc2307_fallback_to_local_users = True # sudo_provider = ldap ldap_sudo_search_base = ou=groups,dc=physics,dc=unh,dc=edu ldap_sudo_full_refresh_interval=86400 ldap_sudo_smart_refresh_interval=3600
Elog
Elog notes 2009-05-20
Info from the site https://midas.psi.ch/elog/adminguide.html
Download: http://midas.psi.ch/elog/download/
RPM Install Notes
Since version 2.0, ELOG contains a RPM file which eases the installation. Get the file elog-x.x.x-x.i386.rpm from the download section and execute as root "rpm -i elog-x.x.x-x.i386.rpm". This will install the elogd daemon in /usr/local/sbin and the elog and elconv programs in /usr/local/bin. The sample configuration file elogd.cfg together with the sample logbook will be installed under /usr/local/elog and the documentation goes to /usr/share/doc. The elogd startup script will be installed at /etc/rc.d/init.d/elogd. To start the daemon, enter
/etc/rc.d/init.d/elogd start
It will listen under the port specified in /usr/local/elog/elogd.cfg which is 8080 by default. So one can connect using any browser with the URL:
http://localhost:8080
To start the daemon automatically, enter:
chkconfig --add elogd chkconfig --level 345 elogd on
which will start the daemon on run levels 3,4 and 5 after the next reboot.
Note that the RPM installation creates a user and group elog, under which the daemon runs.
Notes on running elog under apache
For cases where elogd should run under port 80 in parallel to an Apache server, Apache can be configured to run Elog in a subdirectory of Apache. Start elogd normally under port 8080 (or similarly) as noted above and make sure it's working there. Then put following redirection into the Apache configuration file:
Redirect permanent /elog http://your.host.domain/elog/ ProxyPass /elog/ http://your.host.domain:8080/
Make sure that the Apache modules mod_proxy.c and mod_alias.c are activated. Justin Dieters <enderak@yahoo.com> reports that mod_proxy_http.c is also required. The Redirect statement is necessary to automatically append a "/" to a request like http://your.host.domain/elog. Apache then works as a proxy and forwards all requests staring with /elog to the elogd daemon.
Note: Do not put "ProxyRequests On" into your configuration file. This option is not necessary and can be misused for spamming and proxy forwarding of otherwise blocked sites.
Because elogd uses links to itself (for example in the email notification and the redirection after a submit), it has to know under which URL it is running. If you run it under a proxy, you have to add the line:
URL = http://your.proxy.host/subdir/
into elogd.cfg.
Notes on Apache:
Another possibility is to use the Apache web server as a proxy server allowing secure connections. To do so, Apache has to be configured accordingly and a certificate has to be generated. See some instructions on how to create a certificate, and see Running elogd under Apache before on this page on how to run elogd under Apache. Once configured correctly, elogd can be accessed via http://your.host and via https://your.host simultaneously.
The redirection statement has to be changed to
Redirect permanent /elog https://your.host.domain/elog/ ProxyPass /elog/ http://your.host.domain:8080/ and following has to be added to the section "VirtualHOst ...:443 in /etc/httpd/conf.d/ssl.conf: # Proxy setup for Elog <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /elog/ http://host.where.elogd.is.running:8080/ ProxyPassReverse /elog/ http://host.where.elogd.is.running:8080/ Then, following URL statement has to be written to elogd.cfg: URL = https://your.host.domain/elog
There is a more detailed step-by-step instructions at the contributions section.
Using ssh: elogd can be accessed through a a SSH tunnel. To do so, open an SSH tunnel like:
ssh -L 1234:your.server.name:8080 your.server.name
This opens a secure tunnel from your local host, port 1234, to the server host where the elogd daemon is running on port 8080. Now you can access http://localhost:1234 from your browser and reach elogd in a secure way.
Notes on Server Configuration
The ELOG daemon elogd can be executed with the following options :
elogd [-p port] [-h hostname/IP] [-C] [-m] [-M] [-D] [-c file] [-s dir] [-d dir] [-v] [-k] [-f file] [-x]
with :
* -p <port> TCP port number to use for the http server (if other than 80) * -h <hostname or IP address> in the case of a "multihomed" server, host name or IP address of the interface ELOG should run on * -C <url> clone remote elogd configuration * -m synchronize logbook(s) with remote server * -M synchronize with removing deleted entries * -l <logbook> optionally specify logbook for -m and -M commands * -D become a daemon (Unix only) * -c <file> specify the configuration file (full path mandatory if -D is used) * -s <dir> specify resource directory (themes, icons, ...) * -d <dir> specify logbook root directory * -v verbose output for debugging * -k do not use TCP keep-alive * -f <file> specify PID file where elogd process ID is written when server is started * -x enables execution of shell commands
It may also be used to generate passwords :
elogd [-r pwd] [-w pwd] [-a pwd] [-l logbook]
with :
* -r <pwd> create/overwrite read password in config file * -w <pwd> create/overwrite write password in config file * -a <pwd> create/overwrite administrative password in config file * -l <logbook> specify logbook for -r and -w commands
The appearance, functionality and behaviour of the various logbooks on an ELOG server are determined by the single elogd.cfg file in the ELOG installation directory.
This file may be edited directly from the file system, or from a form in the ELOG Web interface (when the Config menu item is available). In this case, changes are applied dynamically without having to restart the server. Instead of restarting the server, under Unix one can send a HUP signal like "killall -HUP elogd" to tell the server to re-read its configuration.
The many options of this unique but very important file are documented on the separate elogd.cfg syntax page.
To better control appearance and layout of the logbooks, elogd.cfg may optionally specify the use of additional files containing HTML code, and/or custom "themes" configurations. These need to be edited directly from the file system right now.
The meaning of the directory flags -s and -d is explained in the section covering the configuration options Resource dir and Logbook dir in the elogd.cfg description.
Notes on tarball install Make sure you have the libssl-dev package installed. Consult your distribution for details.
Expand the compressed TAR file with tar -xzvf elog-x.x.x.tar.gz. This creates a subdirectory elog-x.x.x where x.x.x is the version number. In that directory execute make, which creates the executables elogd, elog and elconv. These executables can then be copied to a convenient place like /usr/local/bin or ~/bin. Alternatively, a "make install" will copy the daemon elogd to SDESTDIR (by default /usr/local/sbin) and the other files to DESTDIR (by default /usr/local/bin). These directories can be changed in the Makefile. The elogd executable can be started manually for testing with :
elogd -p 8080
where the -p flag specifies the port. Without the -p flag, the server uses the standard WWW port 80. Note that ports below 1024 can only be used if elogd is started under root, or the "sticky bit" is set on the executable.
When elogd is started under root, it attaches to the specified port and tries to fall-back to a non-root account. This is necessary to avoid security problems. It looks in the configuration file for the statements Usr and Grp.. If found, elogd uses that user and goupe name to run under. The names must of course be present on the system (usually /etc/passwd and /etc/group). If the statements Usr and Grp. are not present, elogd tries user and group elog, then the default user and group (normally nogroup and nobody). Care has to be taken that elogd, when running under the specific user and group account, has read and write access to the configuration file and logbook directories. Note that the RPM installation automatically creates a user and group elog.
If the program complains with something like "cannot bind to port...", it could be that the network is not started on the Linux box. This can be checked with the /sbin/ifconfig program, which must show that eth0 is up and running.
The distribution contains a sample configuration file elogd.cfg and a demo logbook in the demo subdirectory. If the elogd server is started in the elogd-x.x.x directory, the demo logbook can be directly accessed with a browser by specifying the URL http://localhost:8080 (or whatever port you started the elog daemon on). If the elogd server is started in some other directory, you must specify the full path of the elogd file with the "-c" flag and change the Data dir = option in the configuration file to a full path like /usr/local/elog.
Once testing is complete, elogd will typically be started with the -D flag to run as a daemon in the background, like this :
elogd -p 8080 -c /usr/local/elog/elogd.cfg -D
Note that it is mandatory to specify the full path for the elogd file when started as a daemon. To test the daemon, connect to your host via :
http://your.host:8080/
If port 80 is used, the port can be omitted in the URL. If several logbooks are defined on a host, they can be specified in the URL :
http://your.host/<logbook>
where <logbook> is the name of the logbook.
The contents of the all-important configuration file elogd.cfg are described below:
[Tbow@gluon documentation-notes]$ ll elog* -rw-r--r-- 1 Tbow npg 9.4K May 20 2009 elog -rw-r--r-- 1 Tbow npg 623 Jan 26 2010 elog.roentgen.messages.problem -rw-r--r-- 1 Tbow npg 1.2K Feb 11 19:12 elog_users_setup [Tbow@gluon documentation-notes]$ text text2pcap text2wave textools
elog_users_setup 2010-02-11
You can find some instructions/information here:
http://pbpl.physics.ucla.edu/old_stuff/elogold/current/doc/config.html#access
The thing you have to remember is that you want the new users to end up being users of just the logbook they will be using, not a global user. So, if you look at where my name is in the elogd.cfg file, I am designated as an admin user, and am a global user that can log into any logbook to fix things. If you look through the file for a user like Daniel, he can only log into the nuclear group logbooks, not my private one, or Karl's, or Maurik's. So, if you want to add someone to the nuclear group's logbooks, for example, add that new person's user name to where you find people like Daniel and Ethan, and set the thing to allow self-registering at the top. Restart, and then go ahead and use the self-register to register the new person's password and account. Then go back into the elogd.cfg file and comment out the self register, so other people cannot do that, and restart. That should be the easiest way to do it, but you can read the info and decide about that. How does that sound? Does this make sense?
elog_roentgen_messages_problems 2010-01-26
Jan 26 09:48:00 roentgen elogd[15215]: elogd 2.7.8 built Dec 2 2009, 11:54:27 Jan 26 09:48:00 roentgen elogd[15215]: revision 2278 Jan 26 09:48:00 roentgen elogd[15215]: Falling back to default group "elog" Jan 26 09:48:01 roentgen elogd[15215]: Falling back to default user "elog" Jan 26 09:48:01 roentgen elogd[15215]: FCKedit detected Jan 26 09:48:01 roentgen elogd[15217]: Falling back to default group "elog" Jan 26 09:48:01 roentgen elogd[15217]: Falling back to default user "elog" Jan 26 09:48:01 roentgen elogd[15215]: ImageMagick detected Jan 26 09:48:02 roentgen elogd[15215]: SSLServer listening on port 8080
CUPS
CUPS quota accounting 2009-06-10
3. 3. Print quotas and accounting
CUPS has also basic page accounting and quota capabilities.
Every printed page is logged in the file /var/log/cups/page_log So one can everytime read out this file and determine who printed how many pages. The system is based on the CUPS filters. They simply analyse the PostScript data stream to determine the number of pages. And there fore it depends on the quality of the PostScript generated by the applications whether the pages get correctly counted. And if there is a paper jam, pages are already counted and do not get printed. Also Jobs which get rendered printer-ready on the client (Windows) will not get accounted correctly, as CUPS does not understand the proprietary language of the printer.
In addition, one can restrict the amount of pages (or kBytes) which a user is allowed to print in a certain time frame. Such restrictions can be applied to the print queues with the "lpadmin" command.
lpadmin -p printer1 -o job-quota-period=604800 -o job-k-limit=1024 lpadmin -p printer2 -o job-quota-period=604800 -o job-page-limit=100
The first command means that within the "job-quota-period" (time always given in seconds, in this example we have one week) users can only print a maximum of 1024 kBytes (= 1 MByte) of data on the printer "printer1". The second command restricts printing on "printer2" to 100 pages per week. One can also give both "job-k-limit" and "job-page-limit" to one queue. Then both limits apply so the printer rejects jobs when the user already reaches one of the limits, either the 1 MByte or the 100 pages.
This is a very simple quota system: Quotas cannot be given per-user, so a certain user's quota cannot be raised independent of the other users, for example if the user pays his pages or gets a more printing-intensive job. Also counting of the pages is not very sophisticated as it was already shown above.
So for more sophisticated accounting it is recommended to use add-on software which is specialized for this job. This software can limit printing per-user, can create bills for the users, use hardware page counting methods of laser printers, and even estimate the actual amount of toner or ink needed for a page sent to the printer by counting the pixels.
The most well-known and complete free software package for print accounting and quotas id PyKota:
http://www.librelogiciel.com/software/PyKota/
A simple system based on reading out the hardware counter of network printers via SNMP is accsnmp:
http://fritz.potsdam.edu/projects/cupsapps/
CUPS Basic Info 2009-06-11
This file contains some basic cups commands and info:
The device can be a parallel port, a network interface, and so forth. Devices within CUPS use Uniform Resource Identifiers ("URIs") which are a more general form of Uniform Resource Locators ("URLs") that are used in your web browser. For example, the first parallel port in Linux usually uses a device URI of parallel:/dev/lp1
Lookup printer info:
lpinfo -v ENTER network socket network http network ipp network lpd direct parallel:/dev/lp1 serial serial:/dev/ttyS1?baud=115200 serial serial:/dev/ttyS2?baud=115200 direct usb:/dev/usb/lp0 network smb
File devices have device URIs of the form file:/directory/filename while network devices use the more familiar method://server or method://server/path format. Printer queues usually have a PostScript Printer Description ("PPD") file associated with them. PPD files describe the capabilities of each printer, the page sizes supported, etc.
Adding a printer:
/usr/sbin/lpadmin -p printer -E -v device -m ppd
Managing printers:
/usr/sbin/lpadmin -p printer options
Starting and Stopping printer queues:
/usr/bin/enable printer ENTER /usr/bin/disable printer ENTER
Accepting and Rejecting Print jobs:
/usr/sbin/accept printer ENTER /usr/sbin/reject printer ENTER
Restrict Access:
/usr/sbin/lpadmin -p printer -u allow:all
Virtualization
Xen Basic Commands 2009-06-04
Basic management options
The following are basic and commonly used xm commands:
xm help [--long]: view available options and help text. use the xm list command to list active domains: $ xm list Name ID Mem(MiB) VCPUs State Time(s) Domain-0 0 520 2 r----- 1275.5 r5b2-mySQL01 13 500 1 -b---- 16.1
xm create [-c] DomainName/ID: start a virtual machine. If the -c option is used, the start up process will attach to the guest's console.
xm console DomainName/ID: attach to a virtual machine's console. xm destroy DomainName/ID: terminate a virtual machine , similar to a power off. xm reboot DomainName/ID: reboot a virtual machine, runs through the normal system shut down and start up process. xm shutdown DomainName/ID: shut down a virtual machine, runs a normal system shut down procedure. xm pause xm unpause xm save xm restore xm migrate
Research 2011-08-24
This is a collection of notes I took on virtualization over the summer.
KVM Commands
- Installing KVM
yum groupinstall KVM
Adding storage pools
virsh pool-dumpxml default > pool.xml
edit pool.xml # with new name and path
virsh pool-create pool.xml virsh pool-refresh name
XCP XE Commands
- SR Creation
xe sr-create content-type=user type=nfs name-label=yendi shared=true device-config:server=10.0.0.237 device-config:serverpath=/data1/Xen/VMs/ xe pool-list xe pool-param-set uuid=<pool-uuid> default-SR=<newly_created_SR_uuid> xe sr-list
- VM Creation from CD
xe vm-install template="Other install media" new-name-label=<vm-name> xe vbd-list vm-uuid=<vm_uuid> userdevice=0 params=uuid --minimal
- Using the UUID returned from vbd-list, set the root disk to not be bootable:
xe vbd-param-set uuid=<root_disk_uuid> bootable=false
- CD Creation
xe cd-list xe vm-cd-add vm=<vm-uuid> cd-name="<cd-name>" device=3 xe vbd-param-set uuid=<cd_uuid> bootable=true xe vm-param-set uuid=<vm_uuid> other-config:install-repository=cdrom
- Network Installation
xe sr-list xe vm-install template="Other install media" new-name-label=<name_for_vm> sr-uuid=<storage_repository_uuid> xe network-list bridge=xenbr0 --minimal xe vif-create vm-uuid=<vm-uuid> network-uuid=<network-uuid> mac=random device=0 xe vm-param-set uuid=<vm_uuid> other-config:install-repository=<http://server/redhat/5.0>
- Lookup dom-id for VNC connections
xe vm-list uuid=<vm-uuid> params=dom-id
- Use this command to port forward to the local system
ssh -l root -L 5901:127.0.0.1:5901 <xcp_server>
- Or by adding this line to iptables file on XCP host server
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
- you can use this ssh command
ssh -l root -L 5901:tomato:5901 gourd.unh.edu
- or you can ssh to gourd locally then to tomato using
ssh -l root -L 5901:127.0.0.1:5901 gourd.unh.edu
- then on gourd run
ssh -l root -L 5901:127.0.0.1:5901 tomato
- Virtual Disk Creation
xe vm-disk-add disk-size=10000000 device=4 xe vm-disk-lisst
VMware ESXi Notes
VMWare ESXi
Key areas of interest for us:
- vMotion
- SAN
- hypervisor
- Pricing for gourd would be $2600
Xen Removal on Pumpkin 2009-08-26
When removing kernel-xen use these commands:
yum groupremove Virtualization yum remove kernel-xenU yum update
Yum
RHEL to CentOS 2010-01-12
Display priority scores for all repositories
You can list all repositories set up on your system by a yum repolist all. However, this does not show priority scores. Here's a one liner for that. If no number is defined, the default is the lowest priority (99).
cat /etc/yum.repos.d/*.repo | sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" | sort -k3n
Installing yum
Okay, okay -- I get it -- it is not CentOS. But, I still want yum, or to try to remove and repair a crippled set of yum configurations.
<!> First, take full backups and make sure they may be read. This may not work.
Then, you need the following package to get a working yum - all of which can be downloaded from any CentOS mirror:
- centos-release
You should already have this package installed. You can check that with
rpm -q centos-release centos-release-4-4.3.i386
If it is already on your system, please check that the yum configuration hasn't been pulled and is available on your system:
ls -l /etc/yum.repos.d/
This directory should contain only the files: CentOS-Base.repo and CentOS-Media.repo. If those aren't there, you should make a directory: 'attic' there, and 'mv' a backup of the current content into that attic, to prepare for the reinstall of the centos-release package:
rpm -Uvh --replacepkgs centos-release.*.rpm
If centos-release isn't installed on your machine, you can drop the --replacepkgs from the command above. Make a backup directory ./attic/ and move any other files present into it, so that you can back out of this proccess later, if you decide you are in 'over your head'.
Then you need the following packages:
CentOS 4
(available from where you also got the centos-release package):
* yum * sqlite * python-sqlite * python-elementtree * python-urlgrabber
CentOS 5
(available from where you also got the centos-release package):
* m2crypto * python-elementtree * python-sqlite * python-urlgrabber * rpm-python * yum
Download those into a separate directory and install them with
rpm -Uvh *.rpm
from that directory. As before, take a backup of /etc/yum.conf so that you might back out any changes.
Transana
This is for Dawn's research and graduate students. It is transcription software for videos.
Notes 2010-03-16
So far this is all the info I have form Bo The Transana should work now. The following information is maybe what you need during the client setup.
Username: dawn password: dawnpass (This is your mysql username and password)
MySQL Host: roentgen.unh.edu or 132.177.88.61
port 3306 Database: test or in the mysql server you can create your own database
Transana Message Server: pumpkin.unh.edu
port 17595
Setup Instructions for Client Computers
Once you've got the network server up and running, you need the following information to run Transana 2.3-MU and connect to the servers:
- A username and password
- The DSN or IP address of the computer running MySQL
- The name(s) of the database(s) for your project(s).
- The DSN or IP address of the computer running the Transana Message Server.
- The path to the common Video Storage folder.
Please note that all computers accessing the same database must enter the MySQL computer information in the same way, and must use the same Transana Message Server. They do NOT need to connect to the same common video storage folder, but subfolders within each separate video storage folder must be named and arranged identically.
- Install Transana 2.3-MU.
- Start Transana 2.3-MU. You will see the following screen:
- Enter your Username, password, the DSN or IP address of your MySQL Server, and the name of your project database.
- If this is the first time you've used Transana 2.3-MU, you will see this message next:
- Click the "Yes" button to specify your Transana Message Server. You will see this screen:
- Enter the DSN or IP address of your Transana Message Server.
- You need to configure your Video Root Directory before you will be able to connect to the project videos. If you haven't yet closed the Transana Settings dialog box, click the "Directories" tab. If you alreadly closed it, go to the "Options" menu and select "Program Settings". You will see the following screen:
Under "Video Root Directory", browse to the common Video Storage folder.
We recommend also setting the "Waveform Directory" to a common waveforms folder so that each video only needs to go through waveform extraction once for everyone on the team to share.
Also, on Windows we recommend mapping a network drive to the common Video folder if it is on another server, rather than using machine-qualified path names. We find that mapping drive V: to "\\VideoServer\ProjectDirectory" produces faster connections to videos than specifying "\\VideoServer\ProjectDirectory" in the Video Root directory. If you have any questions about this, please feel free to tell me.
Transana Survival Guide 2013-08-24
Setup Instructions for Mac OS X Network Servers
The first step is to install MySQL. Transana 2.4-MU requires MySQL 4.1.x or later. We have tested Transana 2.4-MU with a variety of MySQL versions on a variety of operating systems without difficulty, but we are unable to test all possible combinations. Please note that MySQL 4.0.x does not support the UTF-8 character set, so should not be used with Transana 2.4-MU.
Install MySQL
Follow these directions to set up MySQL.
- Download the "Max" version of MySQL for Mac OS X, not the "Standard" version. It is available at http://www.mysql.com. NOTE: The extensive MySQL documentation available on the MySQL Web Site can help you make sense of the rest of these instructions. We strongly recommend you familiarize yourself with the MySQL Manual, as it can answer many of your questions.
- You probably want to download and install the MySQL GUI Tools as well. The MySQL Administrator is the easiest way to create and manage user accounts, in my opinion.
- Install MySQL from the Disk Image file. Follow the on screen instructions. Be sure to assign a password to the root user account. (This prevents unauthorized access to your MySQL database by anyone who knows about this potential security hole.)
- You need to set the value of the "max_allowed_packet" variable to at least 8,388,608.
On OS X 10.5.8, using MySQL 4.1.22 on one computer and MySQL 5.0.83 on another, I edited the file /etc/my.conf so that it included the following lines:
[mysqld] lower_case_table_names=1 max_allowed_packet=8500000
This should work for MySQL 5.1 as well.
Using MySQL 4.1.14-max on OS X 10.3, I edited the "my.cnf" file in /etc, adding the following line to the [mysqld] section:
set-variable=max_allowed_packet=8500000
Exactly what you do may differ, of course.
Setup MySQL User Accounts
Here's what I do. It's the easiest way I've found to manage databases and accounts while maintaining database security. You are, of course, free to manage MySQL however you choose.
I have downloaded and installed the MySQL GUI Tools from the MySQL Web Site. These tools work nicely to manage databases and user accounts, as well as to manipulate data in MySQL tables. The tools have minor differences on different platforms, so the following directions are necessarily a bit vague on the details.
First I use the MySQL Administrator tool to create databases (called "catalogs" and "schemas" in the tool.) Go to the "Catalogs" page and choose to create a new "schema."
Second, still within the MySQL Administrator tool, I go to the Accounts page. I create a new user account, filling in (at least) the User Name and Password fields on the General tab. I then go to the Schema Privileges tab, select a user account (in some versions, you select a host, usually "%" under the user account, in others you select the user account itself,) and a specific database (schema), then assign specific privileges. I generally assign all privileges except "Grant" but you may choose to try a smaller subset if you wish. The "Select," "Insert," "Update," "Delete," "Create," and "Alter" privileges are all required. You may assign privileges to multiple databases for a single user account if you wish. Once I'm done setting privileges, I save or apply the settings and move on to the next user account.
I have chosen to give my own user account "God-like" privileges within MySQL so that I can look at and manipulate all data in all database without having to assign myself specific privileges. This also allows me to create new Transana databases from within Transana-MU rather than having to run the MySQL Administrator. To accomplish this, I used the MySQL Query tool to go into MySQL's "mysql" database and edit my user account's entry in the "users" table to give my account global privileges. Please note that this is NOT a "best practice" or a recommendation, and is not even a good idea for most users. I mention it here, however, as I know some users will want to do this.
These instructions are not meant to be detailed or comprehensive. They are intended only to help people get started with Transana-MU. Please see the documentation on the MySQL site for more information on manipulating databases, user accounts, and privileges.
Set up the Transana Message Server
Once you've set up MySQL user accounts, you should set up version 2.40 of the Transana Message Server. It does not need to be on the same server as MySQL, though it may be.
Follow these directions to set up the Message Server.
- If your server is running an earlier version of the Transana Message Server, you need to remove the old Message Server before installing the new one. See the Transana Message Server 2.40 Upgrade guide.
- Download TransanaMessageServer240Mac.dmg from the Transana web site. The link to the download page is in your Transana-MU Purchase Receipt e-mail.
- Install it on the server.
- If you want the Transana Message Server to start automatically when the server starts up, follow these instructions:
- Open a Terminal Window. Type su to work as a superuser with the necessary privileges.
- In your /Library/StartupItems folder, (NOT your /HOME/Library, but the root /Library folder,) create a subfolder called TransanaMessageServer.
- Enter the following (single line) command:
- cp /Applications/TransanaMessageServer/StartupItems/* /Library/StartupItems/TransanaMessageServer
- This will copy the files necessary for the TransanaMessage Server to auto-start.
- Reboot your computer now so that the Transana Message Server will start. Alternately, you can start the Transana Message Server manually, just this once, to avoid rebooting.
- If you want to start the Message Server manually for testing purposes, you will need to type the following (single line) command into a Terminal window:
- sudo python /Applications/TransanaMessageServer/MessageServer.py
Configure the Firewall
If you will have Transana-MU users connecting to the MySQL and Transana Message Server instances you just set up from outside the network, you need to make sure port 3306 for MySQL and port 17595 for the Transana Message Server are accessible from outside the network. This will probably require explicitly configuring your firewall software to allow traffic through to these ports. Consult your firewall software's documentation to learn how to do this.
Finally, you must create a shared network volume where users can store any video that will be shared with all Transana-MU users. Be sure to allocate sufficient disk space for all necessary video files. This volume may be on your Mac Server or on another computer, but it must be accessible to all Transana-MU users on your network.
If you will have Transana-MU users connecting to the MySQL and Transana Message Server instances you just set up from outside the network, they will need to set up their own parallel Video Storage volumes.
Now configure the client computers
Each user will need the following information to connect to the server programs you have just set up:
Username and password. (Don't create a single user account for users to share. The analytic process flows more smoothly when users can tell who else is interacting with the data, who has locked a record, and so on.)
The DSN or IP address of the MySQL Server computer.
The name of the database set up for the project.
The DSN or IP address of the Transana Message Server computer, if different from the MySQL Server computer. Instructions on how to connect to the local network's common video storage folder.
Once you have this information, you are ready to start setting up client computers for the members of the project. Wait, you lost me. Take me back to the overview.
Setup with MySQL Workbench
Here's what I do. I don't know if it's the optimum way, but it works for me. You are, of course, free to manage MySQL however you choose.
I have downloaded and installed the MySQL Workbench Tool from the MySQL Web Site. This tool works nicely to manage databases (called schemas in Workbench) and user accounts, as well as to manipulate data in MySQL tables. The tools have minor differences on different platforms, so the following directions are necessarily a bit vague on the details. These directions assume you have alread defined your Server Instance in the MySQL Workbench.
If I need to create a new database for Transana, I start at the MySQL Workbench Home screen. On the left side, under "Open Connection to Start Querying", I double-click the connection for the server I want to use and enter my password. This takes me to the SQL Editor. In the top toolbar, I select the "Create a new schema in the connected server" icon, which for me is the 3rd one. I give my schema (my Transana database) a name (avoiding spaces in the name), and press the Apply button. The "Apply SQL Script to Database" window pops up, and I again press the Apply button, followed by pressing the "Finish" button when the script is done executing. My Transana Database now exists, so I close teh SQL Editor tab and move on to adding or authorizing user accounts.
Each person using Transana-MU needs a unique user account with permission to access the Transana database. To create user accounts for an existing database, I start at the MySQL Workbench Home screen. On the right side, under "Server Administration", I double-click the server instance I want to work with and enter my password. Under "Security", I select "Users and Privileges". At the bottom of the screen, I press the "Add Account" button, then provide a Login Name and password. I then press the Apply button to create the user account. After that, I go to the Schema Privileges tab, select the user account I just created, and click the "Add Entry..." button on the right-hand side of the screen. This pops up the New Schema Privilege Definion window. I select Any Host under hosts, and Selected Schema, followed by the name of the database I want to provide access to. Once this is done, the bottom section of the screen, where privileges are managed, will be enabled. Click the "Select ALL" button. Make sure that the "GRANT" or "GRANT OPTION" right is NOT checked, then press the "Save Changes" button.
These instructions are not meant to be detailed or comprehensive. They are intended only to help people get started with Transana-MU. Please see the documentation on the MySQL site for more information on manipulating databases, user accounts, and privileges.
Appendix A: Resetting MySQL Root Password
http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html
On Unix, use the following procedure to reset the password for all MySQL root accounts. The instructions assume that you will start the server so that it runs using the Unix login account that you normally use for running the server. For example, if you run the server using the mysql login account, you should log in as mysql before using the instructions. Alternatively, you can log in as root, but in this case you must start mysqld with the --user=mysql option. If you start the server as root without using --user=mysql, the server may create root-owned files in the data directory, such as log files, and these may cause permission-related problems for future server startups. If that happens, you will need to either change the ownership of the files to mysql or remove them.
- Log on to your system as the Unix user that the mysqld server runs as (for example, mysql).
- Locate the .pid file that contains the server's process ID. The exact location and name of this file depend on your distribution, host name, and configuration. Common locations are /var/lib/mysql/, /var/run/mysqld/, and /usr/local/mysql/data/. Generally, the file name has an extension of .pid and begins with either mysqld or your system's host name. You can stop the MySQL server by sending a normal kill (not kill -9) to the mysqld process, using the path name of the .pid file in the following command: shell> kill `cat /mysql-data-directory/host_name.pid`
- Use backticks (not forward quotation marks) with the cat command. These cause the output of cat to be substituted into the kill command.
- Create a text file containing the following statements. Replace the password with the password that you want to use. UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
- FLUSH PRIVILEGES; Write the UPDATE and FLUSH statements each on a single line. The UPDATE statement resets the password for all root accounts, and the FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.
- Save the file. For this example, the file will be named /home/me/mysql-init. The file contains the password, so it should not be saved where it can be read by other users. If you are not logged in as mysql (the user the server runs as), make sure that the file has permissions that permit mysql to read it.
- Start the MySQL server with the special --init-file option: shell> mysqld_safe --init-file=/home/me/mysql-init &
- The server executes the contents of the file named by the --init-file option at startup, changing each root account password.
- After the server has started successfully, delete /home/me/mysql-init.
You should now be able to connect to the MySQL server as root using the new password. Stop the server and restart it normally.
Network
Network Manager: Fedora 17 Static IP 2013-03-12
First disable the gnome network manager from starting up
systemctl stop NetworkManager.service systemctl disable NetworkManager.service
Now start the network service and set to run on boot
systemctl restart network.service systemctl enable network.service
Check which interface(s) you want to set to static
[root@server ~]# ifconfig em1: flags=4163 mtu 1500 inet 192.168.1.148 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::dad3:85ff:feae:dd4c prefixlen 64 scopeid 0x20 ether d8:d3:85:ae:dd:4c txqueuelen 1000 (Ethernet) RX packets 929 bytes 90374 (88.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1010 bytes 130252 (127.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 19 lo: flags=73mtu 16436 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 32 bytes 3210 (3.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 32 bytes 3210 (3.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Now you will need to edit the config file for that interface
vi /etc/sysconfig/network-scripts/ifcfg-em1
Edit the config to look like so. You will need to change BOOTPROTO from dhcp to static and add IPADDR, NETMASK, BROADCAST and NETWORK variables. Also make sure ONBOOT is set to yes.
UUID="e88f1292-1f87-4576-97aa-bb8b2be34bd3" NM_CONTROLLED="yes" HWADDR="D8:D3:85:AE:DD:4C" BOOTPROTO="static" DEVICE="em1" ONBOOT="yes" IPADDR=192.168.1.2 NETMASK=255.255.255.0 BROADCAST=192.168.1.255 NETWORK=192.168.1.0 GATEWAY=192.168.1.1
Now to apply the settings restart the network service
systemctl restart network.service
Network Monitoring Tools 2009-05-29
The tools best used for Traffic monitoring (these are in the centos repo)
wireshark iptraf ntop tcpdump
Other products found
vnStat bwm-ng
Misc
denyhosts-undeny.py 2013-05-31
#!/usr/bin/env python
import os
import sys
import subprocess
#The only argument should be the host to undeny
try:
goodhost = sys.argv[1]
except:
print "Please specify a host to undeny!"
sys.exit(1)
#These commands start/stop denyhosts. Set these as appropriate for your system.
stopcommand = '/etc/init.d/denyhosts stop'
startcommand = '/etc/init.d/denyhosts start'
#Check to see what distribution we're using.
distrocheckcommand = "awk '// {print $1}' /etc/redhat-release"
d = os.popen(distrocheckcommand)
distro = d.read()
distro = distro.rstrip('\n')
#Check to see what user we're being run as.
usercheckcommand = "whoami"
u = os.popen(usercheckcommand)
user = u.read()
user = user.rstrip('\n')
if user == 'root':
pass
else:
print "Sorry, this script requires root privileges."
sys.exit(1)
#The files we should be purging faulty denials from.
if distro == 'Red':
filestoclean = ['/etc/hosts.deny','/var/lib/denyhosts/hosts-restricted','/var/lib/denyhosts/sync-hosts','/var/lib/denyhosts/suspicious-logins']
elif distro == 'CentOS':
filestoclean = ['/etc/hosts.deny','/usr/share/denyhosts/data/hosts-restricted','/usr/share/denyhosts/data/sync- hosts','/usr/share/denyhosts/data/suspicious-logins']
elif distro == 'Fedora':
print "This script not yet supported on Fedora systems!"
sys.exit(1)
else:
print "This script is not yet supported on your distribution, or I can't properly detect it."
sys.exit(1)
#Stop denyhosts so that we don't get any confusion.
os.system(stopcommand)
#Let's now remove the faulty denials.
for targetfile in filestoclean:
purgecommand = "sed -i '/" + goodhost + "/ d' " + targetfile
os.system(purgecommand)
#Now that the faulty denials have been removed, it's safe to restart denyhosts.
os.system(startcommand)
sys.exit(0)
Temperature Shutdown Procedure 2009-06-06
Room temp greater than 25C
- If the outdoor temp is lower than indoor, open the windows.
- Shut down any unused workstations.
- Shut down any workstations being built or configured.
Room temp greater than 28C
- Follow procedure for >25C.
- Write an email to npg-users@physics.unh.edu:
Subject: Systems being shut down due to temperature
Body: Due to high temperatures in the server room, we will be performing an emergency shutdown on the following servers: gourd, pepper, and tomato. These systems will be going offline in the next 10 minutes, so please save your work immediately. We apologize for any inconvenience. Thank you, (Your name)
- Wait 10 minutes. If the temperature is still too high, shut down gourd, pepper, and tomato.
Room temp greater than 30C
- Follow procedure for >25C, then >27C.
- Wait 10 minutes after shutting down gourd, pepper, and tomato.
- If temperatures are still greater than 30C, write an email to npg-users@physics.unh.edu:
Subject: Systems being shut down due to temperature
Body: Due to high temperatures in the server room, we will be performing an emergency shutdown on the following servers: endeavour. These systems will be going offline in the next 10 minutes, so please save your work immediately. We apologize for any inconvenience.
- Wait 10 minutes. If the temperature is still too high, shut down endeavour.
- Wait 5 minutes. If the temperature is still too high, write an email to npg-users@physics.unh.edu:
Subject: Systems being shut down due to temperature
Body: Due to high temperatures in the server room, we will be performing an emergency shutdown on the following servers: taro and pumpkin. These systems will be going offline in the next 10 minutes, so please save your work immediately. We apologize for any inconvenience.
- Wait 10 minutes. If the temperature is still too high, shut down taro and pumpkin.
- Wait 5 minutes. If the temperature is still too high, shut down lentil.
Room temp greater than 35C
- Immediately shut down all workstations, gourd, pepper, tomato, lentil, endeavour, taro, and pumpkin, in that order. If the temperature drops to another category, follow the instructions for that category.
- Wait 5 minutes. If the temperature is still too high, send an email to npg-users@physics.unh.edu:
Subject: Critical temperatures in server room
Body: The server room temperatures are now critical. In order to avoid hardware damage, we have performed an emergency shutdown of all servers, and the mail server will be shut down shortly. We apologize for any inconvenience.
- Wait 15 minutes so that people can get your notification.
- If the temperature has not dropped below 35C, shut down einstein.
NUT UPS 2009-05-22
I am trying to get nut (network ups tool) working on gourd.
Initial install
create group nut user ups /configure --with-user=ups --with-group=nut --with-usb make sudo -s make install If you want to know the build path info use these commands make DESTDIR=/tmp/package install make DESTDIR=/tmp/package install-conf
Create dir to be used by user
mkdir -p /var/state/ups chmod 0770 /var/state/ups chown root:nut /var/state/ups
To set up the correct permissions for the USB device, you may need to set up (operating system dependent) hotplugging scripts. Sample scripts and information are provided in the scripts/hotplug and scripts/udev directories. For most users, the hotplugging scripts will be installed automatically by "make install".
Go to /usr/local/ups/etc/ups.conf and add the following lines
[myupsname] driver = mydriver port = /dev/ttyS1 desc = "Workstation" with the usbhid-ups the port field is ignored
Start drivers for hardware
/usr/local/ups/bin/upsdrvctl -u root start
or you can use
/usr/local/ups/bin/upsdrvctl -u ups start
Fedora 11 Root Login 2009-08-11
This is how to login as root in fedora 11 as this is disabled only allowing terminal access and no gui.
First:
cd /etc/pam.d/
Then find the
gdm gdm-password gdm-fingerprint
files and uncomment or remove the line that says this:
auth required pam_succeed_if.so user != root quiet
hardinfo.sh 2009-09-15
#!/bin/bash # hardinfo -r -m devices.so -m network.so -m computer.so -f text > hardinfo.`echo $HOSTNAME` mail -s "$HOSTNAME hardinfo file" Tbow@physics.unh.edu < hardinfo.`echo $HOSTNAME`
DNS Setup 2009-10-15
Things to think about when setting up DNS in a small VM
- IP address and changing our FQDN address on root server
- change all resolv.conf on all clients to point to new DNS address
- Give VM a domain name (probably compton)
Automounting for Macs 2013-06-02
I have attached the relevant files for automounting the NFS directories on a Mac. Drop these in /etc/ and then reload the automount maps with:
automount -vc
Please note that with these automount maps we break some of the (unused) automatic mounting functionality that Mac tries to have, since we overwrite the /net entry.
OLD WAY OF DOING THIS UNDER 10.4
For the 10.4 folks, here are the brief instructions on doing automount on 10.4. This also works with 10.5 and 10.6 but is cumbersome. Please note that a laptop does not have a static IP and will thus never be allowed past the firewall!
The Mac OS X automounter is configured with NetInfo
Create a new entry under the "mounts" subdirectory.
Name the entry "servername:/dir"
Add properties:
"dir" "/mnt/einstein" ( Directory where to mount) "opts" "resvport" (Mount options) "vfstype" "nfs" (Type of mount)
Notfy the automounter: kill -1 `cat /var/run/automount.pid` Note: The new directory is a special link to /automount/static/mnt/einstein
auto_data
pumpkin1 pumpkin.unh.edu:/data1 pumpkin2 pumpkin.unh.edu:/data2 pumpkin pumpkin.unh.edu:/data1 gourd gourd.unh.edu:/data pepper pepper.unh.edu:/data taro taro.unh.edu:/data tomato tomato.unh.edu:/data endeavour endeavour.unh.edu:/data1 endeavour1 endeavour.unh.edu:/data1 endeavour2 endeavour.unh.edu:/data2 einsteinVM einstein.unh.edu:/dataVM VM einstein.unh.edu:/dataVM
auto_home
# # Automounter map for /home # +auto_home # Use directory service
auto_home_nfs
# # Automatic NFS home directories from Einstein. # * einstein.unh.edu:/home/&
auto_master
# # Automounter master map # +auto_master # Use directory service #/net -hosts -nobrowse,hidefromfinder,nosuid #/home auto_home -nobrowse,hidefromfinder /Network/Servers -fstab /- -static # # UNH: # /net/home auto_home_nfs -nobrowse,resvport,intr,soft #/net/data auto_data -nobrowse,resvport,intr,soft,locallocks,rsize=32768,wsize=32768 /net/data auto_data -nobrowse,resvport,intr,soft,rsize=32768,wsize=32768 /net/www auto_www -nobrowse,resvport,intr,soft
auto_www
nuclear roentgen.unh.edu:/var/www/nuclear physics roentgen.unh.edu:/var/www/physics theory roentgen.unh.edu:/var/www/theory einstein einstein.unh.edu:/var/www/einstein personal_pages roentgen.unh.edu:/var/www/personal_pages
Hosts
These are hosts that I have worked on. The services I have worked on may not carry the same services, but this is a log not a reflection of what is.
Gourd
Network Config 2012-11-05
ifcfg-farm
DEVICE=eth0 ONBOOT=yes HWADDR=00:30:48:ce:e2:38 BRIDGE=farmbr
ifcfg-farmbr
ONBOOT=yes TYPE=bridge DEVICE=farmbr BOOTPROTO=static IPADDR=10.0.0.252 NETMASK=255.255.0.0 GATEWAY=10.0.0.1 NM_CONTROLLED=no DELAY=0
ifcfg-farmbr:1
ONBOOT=yes TYPE=Ethernet DEVICE=farmbr:1 BOOTPROTO=static IPADDR=10.0.0.240 NETMADK=255.255.0.0 GATEWAY=10.0.0.1 NM_CONTROLLED=no ONPARENT=yes
ifcfg-unh
DEVICE=eth1 ONBOOT=yes HWADDR=00:30:48:ce:e2:39 BRIDGE=unhbr
ifcfg-unhbr
ONBOOT=yes TYPE=bridge DEVICE=unhbr BOOTPROTO=static IPADDR=132.177.88.75 NETMASK=255.255.252.0 GATEWAY=132.177.88.1 NM_CONTROLLED=no DELAY=0
ifcfg-unhbr:1
ONBOOT=yes TYPE=Ethernet DEVICE=unhbr:1 BOOTPROTO=static IPADDR=132.177.91.210 NETMASK=255.255.252.0 GATEWAY=132.177.88.1 NM_CONTROLLED=no ONPARENT=yes
rc.local 2009-05-20
#!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local #This will send an email to the npg-admins at startup with the hostname and the boot.log file mail -s "$HOSTNAME Started, Here is the boot.log" npg-admins@physics.unh.edu < /var/log/boot.log
Yum 2009-05-21
Fixing yum on gourd
In order to get RHN support (repo files) you must download and install off the rhn network
yum-rhn-plugin
and then these errors
[Tbow@gourd ~]$ sudo rpm -i Desktop/documentation-notes/downloads/yum-rhn-plugin-0.5.3-30.el5.noarch.rpm Password: warning: Desktop/documentation-notes/downloads/yum-rhn-plugin-0.5.3-30.el5.noarch.rpm: V3 DSA signature: NOKEY, key ID 37017186 error: Failed dependencies: rhn-client-tools >= 0.4.19-9 is needed by yum-rhn-plugin-0.5.3-30.el5.noarch rhn-setup is needed by yum-rhn-plugin-0.5.3-30.el5.noarch yum >= 3.2.19-15 is needed by yum-rhn-plugin-0.5.3-30.el5.noarch [Tbow@gourd nut-2.4.1]$ less /proc/version|grep Linux Linux version 2.6.9-67.0.15.EL (brewbuilder@hs20-bc2-2.build.redhat.com) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-9)) #1 Tue Apr 22 13:42:17 EDT 2008
When I tried installing the package for el3 this came up
[Tbow@gourd nut-2.4.1]$ sudo rpm -Uvh /yum-2.0.8-0.1.el3.rf.noarch.rpm Preparing... ########################################### [100%] package yum-2.4.2-0.4.el4.rf (which is newer than yum-2.0.8-0.1.el3.rf) is already installed
Tried using the --replacefiles, but didn't work with this command, look into it
[Tbow@gourd nut-2.4.1]$ sudo rpm -U --replacefiles /yum-2.4.2-0.4.el4.rf.noarch.rpm package yum-2.4.2-0.4.el4.rf is already installed
Tried updating then go this
[Tbow@gourd nut-2.4.1]$ sudo yum update Setting up Update Process Setting up repositories No Repositories Available to Set Up Reading repository metadata in from local files No Packages marked for Update/Obsoletion
Either go to the red hat network website to find the repos.d/ files or run rhn_check
/usr/sbin/rhn_check /usr/sbin/rhn_register Upgrade yum for rhel 3
Old repository files are still on this system so I will reinstall yum on the is system
smartd.conf 2009-05-20
# Home page is: http://smartmontools.sourceforge.net # $Id: smartd.conf,v 1.38 2004/09/07 12:46:33 ballen4705 Exp $ # smartd will re-read the configuration file if it receives a HUP # signal # The file gives a list of devices to monitor using smartd, with one # device per line. Text after a hash (#) is ignored, and you may use # spaces and tabs for white space. You may use '\' to continue lines. # You can usually identify which hard disks are on your system by # looking in /proc/ide and in /proc/scsi. # The word DEVICESCAN will cause any remaining lines in this # configuration file to be ignored: it tells smartd to scan for all # ATA and SCSI devices. DEVICESCAN may be followed by any of the # Directives listed below, which will be applied to all devices that # are found. Most users should comment out DEVICESCAN and explicitly # list the devices that they wish to monitor. #DEVICESCAN # First (primary) ATA/IDE hard disk. Monitor all attributes, enable # automatic online data collection, automatic Attribute autosave, and # start a short self-test every day between 2-3am, and a long self test # Saturdays between 3-4am. #/dev/hda -a -o on -S on -s (S/../.././02|L/../../6/03) # Monitor SMART status, ATA Error Log, Self-test log, and track # changes in all attributes except for attribute 194 #/dev/hda -H -l error -l selftest -t -I 194 # A very silent check. Only report SMART health status if it fails # But send an email in this case #/dev/hda -H -m npg-admins@physics.unh.edu # First two SCSI disks. This will monitor everything that smartd can # monitor. Start extended self-tests Wednesdays between 6-7pm and # Sundays between 1-2 am #/dev/sda -d scsi -s L/../../3/18 #/dev/sdb -d scsi -s L/../../7/01 # Monitor 4 ATA disks connected to a 3ware 6/7/8000 controller which uses # the 3w-xxxx driver. Start long self-tests Sundays between 1-2, 2-3, 3-4, # and 4-5 am. # Note: one can also use the /dev/twe0 character device interface. #/dev/sdc -d 3ware,0 -a -s L/../../7/01 #/dev/sdc -d 3ware,1 -a -s L/../../7/02 #/dev/sdc -d 3ware,2 -a -s L/../../7/03 #/dev/sdc -d 3ware,3 -a -s L/../../7/04 # Monitor 2 ATA disks connected to a 3ware 9000 controller which uses # the 3w-9xxx driver. Start long self-tests Tuesdays between 1-2 and 3-4 am #/dev/sda -d 3ware,0 -a -s L/../../2/01 #/dev/sda -d 3ware,1 -a -s L/../../2/03 #Send quick test email at smartd startud #/dev/sda -d 3ware,0 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,1 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,2 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,3 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,4 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,5 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,6 -a -m npg-admins@physics.unh.edu -M test #/dev/sda -d 3ware,7 -a -m npg-admins@physics.unh.edu -M test #Email all (-a) the information gathered for each drive /dev/sda -d 3ware,0 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,1 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,2 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,3 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,4 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,5 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,6 -a -m npg-admins@physics.unh.edu /dev/sda -d 3ware,7 -a -m npg-admins@physics.unh.edu #Does a Long test on all 12 drives on the 3ware card #and is scheduled on saturday to run at specified (Military) time. /dev/sda -d 3ware,0 -a -s L/../../7/01 /dev/sda -d 3ware,1 -a -s L/../../7/03 /dev/sda -d 3ware,2 -a -s L/../../7/05 /dev/sda -d 3ware,3 -a -s L/../../7/07 /dev/sda -d 3ware,4 -a -s L/../../7/09 /dev/sda -d 3ware,5 -a -s L/../../7/11 /dev/sda -d 3ware,6 -a -s L/../../7/13 /dev/sda -d 3ware,7 -a -s L/../../7/15 # HERE IS A LIST OF DIRECTIVES FOR THIS CONFIGURATION FILE. # PLEASE SEE THE smartd.conf MAN PAGE FOR DETAILS # # -d TYPE Set the device type: ata, scsi, removable, 3ware,N # -T TYPE set the tolerance to one of: normal, permissive # -o VAL Enable/disable automatic offline tests (on/off) # -S VAL Enable/disable attribute autosave (on/off) # -n MODE No check. MODE is one of: never, sleep, standby, idle # -H Monitor SMART Health Status, report if failed # -l TYPE Monitor SMART log. Type is one of: error, selftest # -f Monitor for failure of any 'Usage' Attributes # -m ADD Send warning email to ADD for -H, -l error, -l selftest, and -f # -M TYPE Modify email warning behavior (see man page) # -s REGE Start self-test when type/date matches regular expression (see man page) # -p Report changes in 'Prefailure' Normalized Attributes # -u Report changes in 'Usage' Normalized Attributes # -t Equivalent to -p and -u Directives # -r ID Also report Raw values of Attribute ID with -p, -u or -t # -R ID Track changes in Attribute ID Raw value with -p, -u or -t # -i ID Ignore Attribute ID for -f Directive # -I ID Ignore Attribute ID for -p, -u or -t Directive # -C ID Report if Current Pending Sector count non-zero # -U ID Report if Offline Uncorrectable count non-zero # -v N,ST Modifies labeling of Attribute N (see man page) # -a Default: equivalent to -H -f -t -l error -l selftest -C 197 -U 198 # -F TYPE Use firmware bug workaround. Type is one of: none, samsung # -P TYPE Drive-specific presets: use, ignore, show, showall # # Comment: text after a hash sign is ignored # \ Line continuation character # Attribute ID is a decimal integer 1 <= ID <= 255 # except for -C and -U, where ID = 0 turns them off. # All but -d, -m and -M Directives are only implemented for ATA devices # # If the test string DEVICESCAN is the first uncommented text # then smartd will scan for devices /dev/hd[a-l] and /dev/sd[a-z] # DEVICESCAN may be followed by any desired Directives.
rc3.d 2010-01-16
K00ipmievd K01dnsmasq K02avahi-dnsconfd K02NetworkManager K05conman K05saslauthd K05wdaemon K10dc_server K10psacct K12dc_client K15httpd K24irda K25squid K30spamassassin K34yppasswdd K35dhcpd K35dhcrelay K35dovecot K35vncserver K35winbind K36lisa K50netconsole K50tux K69rpcsvcgssd K73ypbind K74ipmi K74nscd K74ntpd K74ypserv K74ypxfrd K80kdump K85mdmpd K87multipathd K88wpa_supplicant K89dund K89hidd K89netplugd K89pand K89rdisc K90bluetooth K91capi K91isdn K99readahead_later S00microcode_ctl S02lvm2-monitor S04readahead_early S05kudzu S06cpuspeed S08ip6tables S08iptables S08mcstrans S10network S11auditd S12restorecond S12syslog S13irqbalance S13portmap S14nfslock S15mdmonitor S18rpcidmapd S19nfs S19rpcgssd S20vmware S22messagebus S23setroubleshoot S25netfs S25pcscd S26acpid S26lm_sensors S28autofs S29iptables-netgroups S50hplip S55sshd S56cups S56rawdevices S56xinetd S60apcupsd S80sendmail S85arecaweb S85gpm S90crond S90splunk S90xfs S95anacron S95atd S97rhnsd S97yum-updatesd S98avahi-daemon S98haldaemon S99denyhosts S99firstboot S99local S99smartd
Taro
Lentil
Pumpkin
Endeavour
Yum Problems 2012-10-11
libsdp.x86_64 libsdp-devel.x86_64
Journal of Process
Install both libsdp (i386 and x86_64) and libxml2 from rpm
There is still a seg fault when yum tries to read the primary.xml, this is seen when I run strace yum check-update.
Wake-On LAN 2013-08-20
First run this command on the node
ethtool -s eth0 wol g
Then add this line to the /etc/sysconfig/network-scripts/ifcfg-eth0
ETHTOOL_OPTS="wol g"
List of the nodes and their MACs:
Node2 (10.0.0.2) at 00:30:48:C6:F6:80 node3 (10.0.0.3) at 00:30:48:C7:03:FE node4 (10.0.0.4) at 00:30:48:C7:2A:0E node5 (10.0.0.5) at 00:30:48:C7:2A:0C node6 (10.0.0.6) at 00:30:48:C7:04:54 node7 (10.0.0.7) at 00:30:48:C7:04:A8 node8 (10.0.0.8) at 00:30:48:C7:04:98 node9 (10.0.0.9) at 00:30:48:C7:04:F4 node16 (10.0.0.16) at 00:30:48:C7:04:A4 node17 (10.0.0.17) at 00:30:48:C7:04:A6 node18 (10.0.0.18) at 00:30:48:C7:04:4A node19 (10.0.0.19) at 00:30:48:C7:04:62 node20 (10.0.0.20) at 00:30:48:C6:F6:14 node21 (10.0.0.21) at 00:30:48:C6:F6:12 node22 (10.0.0.22) at 00:30:48:C6:EF:A6 node23 (10.0.0.23) at 00:30:48:C6:EB:CC node24 (10.0.0.24) at 00:30:48:C7:04:5A node25 (10.0.0.25) at 00:30:48:C7:04:5C node26 (10.0.0.26) at 00:30:48:C7:04:4C node27 (10.0.0.27) at 00:30:48:C7:04:40
Einstein
rc3.d 2010-01-16
K01dnsmasq K02avahi-dnsconfd K02dhcdbd K02NetworkManager K05conman K05saslauthd K05wdaemon K10dc_server K10psacct K12dc_client K12mailman K15httpd K19ntop K20nfs K24irda K25squid K30spamassassin K35dovecot K35smb K35vncserver K35winbind K50netconsole K50snmptrapd K50tux K69rpcsvcgssd K73ldap K73ypbind K74ipmi K74nscd K74ntpd K80kdump K85mdmpd K87multipathd K87named K88wpa_supplicant K89dund K89netplugd K89pand K89rdisc K91capi K92ip6tables K99readahead_later S02lvm2-monitor S04readahead_early S05kudzu S06cpuspeed S07iscsid S08ip6tables S08iptables S08mcstrans S09isdn S10network S11auditd S12restorecond S12syslog S13irqbalance S13iscsi S13mcstrans S13named S13portmap S14nfslock S15mdmonitor S18rpcidmapd S19rpcgssd S22messagebus S23setroubleshoot S25bluetooth S25netfs S25pcscd S26acpid S26hidd S26lm_sensors S27ldap S28autofs S29iptables-npg S50denyhosts S50hplip S50snmpd S55sshd S56cups S56rawdevices S56xinetd S58ntpd S60apcupsd S65dovecot S78spamassassin S80postfix S85gpm S85httpd S90crond S90elogd S90splunk S90xfs S95anacron S95atd S95saslauthd S97libvirtd S97rhnsd S97yum-updatesd S98avahi-daemon S98haldaemon S98mailman S99firstboot S99local S99smartd
Corn
Jalapeno
Roentgen
Xen to VMware Conversion 2009-06-23
The transfer process
- Shutdown the xen virtual machine and make a backup of the .img file.
- Make a tarball of roentgens filesystem
- This must be done as root
- tar -cvf machine.tar /lib /lib64 /etc /usr /bin /sbin /var /root
- Set up an identical OS (CentOS 5.3) on VMWare Server.
- Mount the location of the tarball and extract to the /
- Make sure to backup the original OSs /etc/ to /etc.bak/
- tar -xvf machine.tar
Files to copy back over from the /etc.bak/
/etc/sysconfig/network-scripts/ifcfg-* /etc/inittab /etc/fstab /etc/yum* /etc/X11*
Turn roentgen on to prepare for rsync transfer.
Make sure to shutdown all important services (httpd, mysqld, etc)
Log on to roentgen as root and run the following command for each folder archived above.
rsync -av --delete /src/(lib) newserver.unh.edu:/dest/(lib)>>rsync.(lib).log
Rsync process
--delete delete extraneous files from dest dirs -a, --archive archive mode; equals -rlptgoD (no -H,-A,-X) --no-OPTION turn off an implied OPTION (e.g. --no-D)
This tells us how to convert xen to vmware
- download the current kernel for the xen virtual machine (not the xen kernel) and install it on the virtual machine. This is done so when the virtual machine is transitioned into a fully virtualized setup, it can boot a normal kernel not the xen kernel.
- shutdown roentgen to copy the image file to a back for exporting
- Install qemu-img
- Run the following command:
- qemu-img convert <source_xen_machine> -O vmdk <destination_vmware.vmdk>
- Now it boots but, it also kernel panics.
This was scratched and instead made a tarball of roentgens filesystem.
http://www.howtoforge.com/how-to-convert-a-xen-virtual-machine-to-vmware
Wigner
This is the HP printer in the office.
Color to Black 2009-08-07
This is how to switch Wigner from color to black, when color ink is low.
- Log onto the web interface of wigner, with username as npg-admins.
- Go into the Settings tab
- Drill down into Configure Device>System Setup, now scroll down and look for the options and set them from:
Color/Black Mix Mostly Color Pages Mostly Black Pages Color Supply Stop Autocontinue Black
- There are also some settings in this location and the ones I changed will be listed, and I changed them from the Normal settings
Configure Devices>Print Quality>Print Modes> Color Normal Mode Autosensing Mode
