(a)Last_Errno: 1008
mysql>STOP SLAVE; SET GLOBAL SQL_SLAVE_SKIP_COUNTER=1; START SLAVE; |
Reason :
Error: 1008 SQLSTATE: HY000 (ER_DB_DROP_EXISTS)
Message: Can’t drop database ‘%s’; database doesn’t exist
Mysql Errors and solutions
May 14th, 2013apache puppet module (example)
April 29th, 2013(a)
init.pp (/etc/puppet/modules/apache/manifests)
class apache {
package {
'apache2':
ensure => installed
}
package {
'libapache2-mod-python':
ensure => installed,
notify => Exec["reload-apache2"],
require => Package["apache2"],
}
service { "apache2":
ensure => running,
hasstatus => true,
hasrestart => true,
require => Package["apache2"],
}
file { "/etc/apache2/sites-available/debian.fosiul.lan":
ensure => present,
source => "puppet://$servername/modules/apache/scripts/debian.fosiul.lan",
owner => root,
group => root,
replace => true,
force =>true
}
file { "/etc/apache2/sites-available/web1.fosiul.lan":
ensure => present,
source => "puppet://$servername/modules/apache/scripts/web1.fosiul.lan",
owner => root,
group => root,
replace => true,
force =>true
}
define module ( $ensure = 'present', $require = 'apache2' ) {
case $ensure {
'present' : {
exec { "/usr/sbin/a2enmod $name":
unless => "/bin/readlink -e ${apache2_mods}-enabled/${name}.load",
notify => Exec["force-reload-apache2"],
require => Package[$require],
}
}
'absent': {
exec { "/usr/sbin/a2dismod $name":
onlyif => "/bin/readlink -e ${apache2_mods}-enabled/${name}.load",
notify => Exec["force-reload-apache2"],
require => Package["apache2"],
}
}
default: { err ( "Unknown ensure value: '$ensure'" ) }
}
}
exec {
"reload-apache2":
command => "/etc/init.d/apache2 reload",
refreshonly =>true,
}
} |
Ref : http://projects.puppetlabs.com/projects/1/wiki/Debian_Apache2_Recipe_Patterns
(b) Create related file under /etc/puppet/modules/apache/files/scripts
boot a system from command line when grub.cfg file is missing (debian)
April 29th, 2013(a) if you know where is the grub.cfg located then you can run like this
configfile /boot/grub/grub.cfg or configfile (hdX,Y)/boot/grub/grub.cfg |
(b) if you dont know where is grub.cfg then follow the bellow steps:
(a) set root='(hdo0,msdos1)' (b) linux /vmlinuz root=/dev/sda1 (c) initrd /initrd.img (d) boot |
miscellaneous date output (bash)
April 22nd, 2013(1)
DATE=`/bin/date --utc "+%Y%m%d%H%M%S"`
echo $DATE
Output : 20130422134138
Screen commands
April 21st, 20131) setup tab in screen
Edit .screenrc and Edit bellow :
caption always "%{= kw}%-w%{= BW}%n %t%{-}%+w %-= @%H - %LD %d %LM - %c"
git basic commands
June 23rd, 2012(1) Set the Identity
$ git config --global user.name "John Doe" $ git config --global user.email johndoe@example.com |
(2) Set Editor
git config --global core.editor nano |
(3) Check Your settings
git config --list |
(4) Initializing a Repository in an Existing Directory
git init |
(5) Add Files into Existing repository
git add testfile.txt git commit -m "Initial Commit" (6) Clone existing repository <pre lang="GNU"> git clone git://github.com/schacon/grit.git |
How to install spacewalk in Server and client
June 17th, 2012Installing Spacewalk in Server:
Ref: https://fedorahosted.org/spacewalk/wiki/HowToInstall
Installing Spacewalk in client(Registering client with spacewalk server):
Ref: https://fedorahosted.org/spacewalk/wiki/RegisteringClients
(1) Install the bellow repo
# rpm -Uvh http://spacewalk.redhat.com/yum/1.7/RHEL/5/i386/spacewalk-client-repo-1.7-5.el5.noarch.rpm also # BASEARCH=$(uname -i) # rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/$BASEARCH/epel-release-5-4.noarch.rpm |
(2) Install bellow rpm
yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin |
(3) Register the client with server
rhnreg_ks --serverUrl=http://YourSpacewalk.example.org/XMLRPC --activationkey=<key-with-fedora-custom-channel> |
Invalid command ‘WSGIScriptAliasMatch’, perhaps misspelled \ or defined by a module not included in the server configuration(Spacewalk)
June 15th, 2012You can enable this module by editing /etc/httpd/conf.d/wsgi.conf and un-commenting the “LoadModule wsgi_module modules/mod_wsgi.so” line.
Turn off FSCK at booting time
June 15th, 2012$sudo tune2fs -c -1 `mount | awk '$3 == "/" {print $1}'`
or
$sudo tune2fs -c -1 /dev/yourhdd |
or
set the last field of /etc/fstab to 0:
/dev/sda1 / ext4 defaults 1 0
Github and Git commands
June 6th, 20121)How to clone a git repo into a new computer
Ref:https://help.github.com/articles/fork-a-repo
git clone git@github.com:username/Spoon-Knife.git |
2) push code from cloned repo
git push origin master |
3)
windows miscellaneous commands
June 6th, 20121. See which accounts are disabled
C:\Users\Administrator>dsquery user OU=_IT,OU=_Departments,OU=_BedFord,DC=aac-domain,DC=lan -disabled |
Protected: Bash script learning(essential notes)
April 2nd, 2012How add a cronjob under user apache
March 22nd, 2012if you want to setup a cron job under different user or under apache, find out who is the owner of apache process
ps aux | grep apache |
in my case the owner of apache process is “daemon”.
now create a cron job under “demon” user
crontab -u daemon -e |
Now insert any cron job
* * * * * cd /usr/local/apache/htdocs/website; /usr/local/bin/php webpage.php > /dev/null 2>&1 |
References
March 5th, 2012(a)Restarting the Management agents on an ESX or ESXi Server
Log in to your ESX host as root from either an SSH session or directly from the console. Run this command: service mgmt-vmware restart Caution: Ensure Automatic Startup/Shutdown of virtual machines is disabled before running this command or you risk rebooting the virtual machines. For more information, see Restarting hostd (mgmt-vmware) on ESX hosts restarts hosted virtual machines where virtual machine Startup/Shutdown is enabled (1003312) and Determining whether virtual machines are configured to autostart (1000163). Press Enter. Run this command: service vmware-vpxa restart Press Enter. Type logout and press Enter to disconnect from the ESX host. If this process is successful, it appears as: [root@server]# service mgmt-vmware restart Stopping VMware ESX Server Management services: VMware ESX Server Host Agent Watchdog [ OK ] VMware ESX Server Host Agent [ OK ] Starting VMware ESX Server Management services: VMware ESX Server Host Agent (background) [ OK ] Availability report startup (background) [ OK ] [root@server]# service vmware-vpxa restart Stopping vmware-vpxa: [ OK ] Starting vmware-vpxa: [ OK ] [root@server]# |
How to install snmp in centos/debian
December 21st, 2011In centos
yum install net-snmp-utils |
In debian
apt-get install snmpd |
Take a Backup of Original Configuration file and Create a new one
cd /etc/snmp mv snmp.conf snmp.bk mcedit snmp.conf |
Create a new config file from scratch
agentAddress udp:192.0.0.xxx:161 rocommunity public 192.0.0.0/24 syslocation "MysqlServer, unit1" |
Now Restart the snmpd server
In Centos
/etc/init.d/snmpd start |
In Debian
/etc/init.d/snmpd start |
Check if snmp server is running or not (From the server itself)
pgrep snmpd 19946 snmpwalk -v1 -cpublic 192.0.0.ip-of-server |
Centos:Yum behind a proxy
November 2nd, 2011if your servers are behind a proxy and you need to provide username and password for the proxy server , then you need to configure yum.conf file with bellow syntax
http_proxy=http://username:password@proxyaddress:port/ proxy_username=username proxy_password=password <pre lang="GNU"> if you dont need to provide username and password for proxy server then : <pre lang="GNU"> http_proxy=http://proxyserveraddress:port/ <pre lang="GNU"> also add bellow lines into .bashrc file <pre lang="GNU"> http_proxy="http://proxyserveraddress:3128" export http_proxy |
Centos:How to add newly created logical volume into fstab
November 2nd, 2011When you create a Logical volume , you need to add it into /etc/fstab file for it to stay as mounted when server reboot.
suppose you have create a logical volume like bellow
lvdisplay --- Logical volume --- LV Name /dev/POSREP-DB/DB VG Name POSREP-DB LV UUID 0IEKZw-tEoI-jJWt-OGXT-F0B7-hEic-hCbteW LV Write Access read/write LV Status available # open 1 LV Size 1.17 GB Current LE 300 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:2 |
now you’ll need to set the label for this directory with the following command:
# e2label /dev/POSREP-DB/DB DB |
Now add this one into /etc/fstab
LABEL=DB /DB ext3 defaults 0 1 |
at last, create a directory with bellow command
mkdir /DB |
now if you reboot the server , the logical volument will be mounted automatically in /DB directory.
Citrix:Useful link
October 20th, 2011(a) How to create local lvm in Citrix Xen
To create a local lvm SR on /dev/sdb use the following command. xe sr-create host-uuid=<valid_uuid> content-type=user \ name-label=<"Example Local LVM SR"> shared=false \ device-config:device=/dev/sdb type=lvm |
(b) How to Create a Raw Logical Volume Manager Virtual Disk Infrastructure
xe vdi-create sm-config:type=raw sr-uuid=687a023b-0b20-5e5f-d1ef-3db777ce7ae4 name-label="My Raw LVM VDI" virtual-size=8GiB type=user |
(c)How to attach a new hardirve and make it available for citrix xen >
Suppose We have a attach a new hard drive /dev/sdb and we want to attach this one with the existing citrix xen server. Before we do anything, we need to create a new Sr by using bellow command.
xe sr-create host-uuid=fb187e42-d757-4c81-a996-84f7054f1f49 content-type=user name-label="posrep" shared=false device-config:device=/dev/sdb type=lvm |
it will create a new Sr and from XenCenter you will see the new storage as posrep.
(d) How to find the host-uuid
xe host-list
uuid ( RO) :
name-label ( RW): xen2.local.lan
name-description ( RW): Default install of XenServer |
the valid-uuid is : fb187e42-d757-4c81-a996-84f7054f1f49
(e)How to Adjust Virtual CPU Count for Domain0 on XenServer 5.6 Feature Pack 1
Note: A maximum of eight vCPU’s can be assigned.
1. Use a text editor at the console of your XenServer to edit the following file:
/etc/sysconfig/unplug-vcpus
2. Change the value in this line from 4 to the number of vCPUs you would like assigned to Dom0.
Before:
NR_DOMAIN0_VCPUS=4
After:
NR_DOMAIN0_VCPUS=1
This change leaves one vCPU assigned to Dom0
3. Run the following command for the change to take effect:
service unplug-vcpus start
Rebooting is NOT required when DECREASING the vCPU count.
Reboot IS required when INCREASING the vCPU count.
4. To verify that the adjustment is active, run the following command:
cat /proc/cpuinfo |
(f)
how to update the static memory range of a virtual machine:
get the Uid of the vm
xe vm-list
xe vm-list
uuid ( RO) : e203d2f0-ceb1-db50-d9d0-1dcd4854db32
name-label ( RW): posrep
power-state ( RO): running |
Now set the static-min,dynamic-min , dynamic-max and static-max
xe vm-memory-limits-set \ uuid=<uuid> \ static-min=<value> \ dynamic-min=<value> \ dynamic-max=<value> static-max=<value> example : xe vm-memory-limits-set uuid=e203d2f0-ceb1-db50-d9d0-1dcd4854db32 static-min=20480MiB dynamic-min=20480MiB dynamic-max=20480MiB static-max=20480MiB |
check if it has been effected by bellow command
xe vm-param-get uuid=e203d2f0-ceb1-db50-d9d0-1dcd4854db32 param-name=memory-dynamic-max; |
(g) Citirx Live motion
http://support.citrix.com/article/CTX115813
(h)How to add snmp
http://support.citrix.com/article/CTX116187
Linux:how to clone hardrive over network
August 24th, 2011Purpose :
I want to clone a hardrive “/dev/sda” over network.
Server A will get the clone data and Server B will will sent the clone data.
disk space of Server B is :
fdisk -l Disk /dev/sda: 20.0 GB, 20020396032 bytes 255 heads, 63 sectors/track, 2434 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00083b1c Device Boot Start End Blocks Id System /dev/sda1 * 1 2329 18705408 83 Linux /dev/sda2 2329 2434 842753 5 Extended /dev/sda5 2329 2434 842752 82 Linux swap / Solaris |
step 1:
Receving Serer (Sever A) :
nc -l -p 1234 | dd of=/dev/sda |
step 2:
Sending Serer (Sever B) :
dd if=/dev/sda | nc 192.168.1.220 1234 |
it will start to clone hardirve.
it can take up to 3 to 4 hours depends on hardrive size.
How to install apache2 php mysql in debian
August 18th, 2011Install apache2 and php modules
apt-get install apache2 php5 libapache2-mod-php5 php5-mysql |
Install mysql server
apt-get install mysql-server |
Restart apache2
/etc/init.d/apache2 restart |
How to allow root to login in debian desktop
August 17th, 2011(a) edit gdm3 file
nano /etc/pam.d/gdm3 |
(b) disable bellow line
auth required pam_succeed_if.so user != root quiet_success |
Linux:how to setup openvpn in centos or debain
May 1st, 2011In debain
apt-get install openvpn |
In Centos
yum install openvpn |
Create Certificate in debain
(a) The default directory for easy-rsa certificates is "/usr/share/doc/openvpn/examples/easy-rsa/2.0/". Now copy that directory into /etc/openvpn #cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/ # cd /etc/openvpn/2.0/ (b). Now we will create the certificate for CA #. ./vars #./clean-all #./build-ca 7. Then we will create the certificate for server #./build-key-server server (c). Then we will create the certificate for client #./build-key client (d). We will build diffie hellman #./build-dh (e). now all the keys should be created in /keys #cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ #ls -al ca.key ca.crt server.key server.csr server.crt client.key client.crt client.csr |
Note :
Now we have the keys and certificates. So we will send them to our clients who want to connect OPENVPN Server. Just be sure that:
ca.key-> only,must be in CA Server
client.crt-> only,must be in Client
client.key-> only,must be in Client
server.crt-> only,must be in OPENVPN Server
server.key-> only,must be in OPENVPN Server
ca.crt-> must be in CA Server and all of the clients.
Openvpn server file configuration : (In debain)
(a) create a file in /etc/openvpn/server.conf
#vim /etc/openvpn/server.conf
and past the following :
port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem #Note: #(it should be a network that you DONT currently use) server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt #Note #(whatever the network is that you want the VPN client to connect to) push "route 192.168.2.0 255.255.255.0" #push "redirect-gateway def1" push "dhcp-option DNS 192.168.2.1" client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 |
Now Restart the openvpn server
/etc/init.d/openvpn restart |
Make sure firewall can forward port 1194 to your openvpn server
Linux:Iptables rules for different services
March 20th, 2011Bellow information for nfs server:
vi /etc/sysconfig/nfs LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 RQUOTAD_PORT=875 STATD_PORT=662 STATD_OUTGOING_PORT=2020 |
Now reboot the services
# service portmap restart # service nfs restart # service rpcsvcgssd restart |
Now add rules into iptables
-A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p udp -m udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 32803 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p udp -m udp --dport 32769 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p udp -m udp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 875 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p udp -m udp --dport 875 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 662 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p udp -m udp --dport 662 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
Selinux commands for services
March 5th, 2011(a)Selinux Requirement for NIS Clients
setsebool -P allow_ypbind=1 ypbind_disable_trans=1 yppasswdd_disable_trans=1
Use getsebool command to verify :
getsebool allow_ypbind ypbind_disable_trans yppasswdd_disabled _trans |
allow_ypbind -> on
ypbind_disable_trans –>on
yppasswdd_disable_trans –> on
b) Selinux for vsftpd
getsebool -a | grep ftp allow_ftpd_anon_write --> off allow_ftpd_full_access --> off allow_ftpd_use_cifs --> off allow_ftpd_use_nfs --> off ftp_home_dir --> off httpd_enable_ftp_server --> off tftp_anon_write --> off |
allow user to read and write to their own home directory
setsebool -P ftp_home_dir 1 |
(c) Selinux for Samba Share
If you want to share /data via samba
chcon -R -t samba_share_t /data |
If you want to share home directory
setsebool -P samba_enable_home_dirs 1 |
Linux: Mutt(How to attach file from command line)
January 5th, 2011If you want to attach a file in mutt from command line :
echo "Body of email" | mutt -a attach.txt -s "subject" user@gmail.com |
-a : please provide the full path for attachment.
Linux:How to exclude packages from yum update
January 4th, 2011If you want to exclude packages from yum update then you can type –exclude command as bellow :
yum update --exclude=openssl,openssl-devel,bind,bind-chroot,bind-utils,bind-libs |
Or
yum update --exclude=openssl --exclude=openssl-devel --exclude=bind --exclude=bind-chroot --exclude=bind-utils --exclude=bind-libs |
Or
4 my apache keep crashing
January 4th, 2011Hi
My apache keep crashing
Unable to access VMware on port 8333
December 30th, 2010For Windows Xp
Solution : Please make sure vmware host agent service is running.
Please check the picture.
Vmware Host agent
Linux:How to compile php with mysqli support
December 23rd, 2010While installing php from source with mysqli support could be big trouble , Most of the time it through bellow errors
configure: error: Cannot find libmysqlclient under /usr. |
if you see this kind of error, try to find out where is libmysqlclient into your server, by typing
locate libmysqlclient |
you might see output like this :
/usr/lib64/mysql/libmysqlclient.a /usr/lib64/mysql/libmysqlclient.la /usr/lib64/mysql/libmysqlclient_r.a /usr/lib64/mysql/libmysqlclient_r.la |
Resolution is to tell php where is your lib directory is ,
for a 64 bit server, its /usr/lib64. so configure your php like bellow
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/var/lib/mysql --with-libdir=/lib64 --with-mysqli --enable-mbstring --with-gd --with-zlib --with-jpeg-dir --with-png-dir --with-openssl --with-curl --with-mcrypt --with-imap --with-kerberos --with-imap-ssl |
Hope this will help.
Linux: How to configure sendmail to receive email (Basic Steps)
December 13th, 2010Ref:http://www.sendmail.org/tips/virtualHosting
(a) Edit /etc/mail/sendmail.mc and modify bellow lines , It will allow sendmail to received email from outside of localhost.
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl to DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl |
(b) Edit /etc/mail/virtualtable type , this will map virtual addresses into real addresses
joe@yourdomain.com jschmoe |
Here, sendmail will receive email , and any email comming with address joe@yourdomain.com will be delivered into to jschmoe’s inbox
(c) Edit /etc/mail/local-host-names and insert the domain name. This lets Sendmail know that you will provide it with a list of domains for which it may accept mail
fosiul.com domain1.com domain2.com |
(d) Now restart sendmail
service sendmail restart |
e) Open the port 25 in your firewall or iptables
3 Cant Access mysql Sever
November 29th, 2010hi
When I am trying to run plesk , it does not open and and mysql server does not start.
the error i am seeing is :
# service psa start
Starting psa… done
Starting xinetd service… done
Starting named service… done
Starting mysqld service… failed
Starting postgresql service… failed
Starting psa-spamassassin service… done
Plesk: Starting Mail Server… already started
ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)
Starting mail handlers tmpfs storage
ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)
Starting psa… done
ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)
cahit
Linux:How to configure centralized yum repo server (Centos)
November 26th, 2010Local yum repository is used for local network and to make sure that all your server has same rpm for benchmarking and patching purpose.Its also save bandwidth because all the rpm will be store in one server(Central Repo Server) and rest of the servers will install those rpm from local repo server. Hence they don’t have to download from public server.
For Creating Central Repo server, you will need a Apache server .
In our organization I have created Yum server directory under (Its for 64 bit server)
/usr/local/apache/htdocs/install/centos64/
But you can chose any Directory .
- Building the Base Repository:
Step 1 :# Copy all content from CD/DVD to Repository Directory
Copy all the files and directory from Centos 5.5 DVD or CD into /usr/local/apache/htdocs/install/centos64/
So your directory should look like bellow
[root@controlserver1 centos64]# ls CentOS RELEASE-NOTES-de.html RELEASE-NOTES-nl EULA RELEASE-NOTES-en RELEASE-NOTES-nl.html GPL RELEASE-NOTES-en.html RELEASE-NOTES-pt_BR images RELEASE-NOTES-en_US RELEASE-NOTES-pt_BR.html isolinux RELEASE-NOTES-en_US.html RELEASE-NOTES-ro kicks RELEASE-NOTES-es RELEASE-NOTES-ro.html ks.cfg RELEASE-NOTES-es.html repodata NOTES RELEASE-NOTES-fr RPM-GPG-KEY-beta RELEASE-NOTES-cs RELEASE-NOTES-fr.html RPM-GPG-KEY-CentOS-5 RELEASE-NOTES-cs.html RELEASE-NOTES-ja TRANS.TBL RELEASE-NOTES-de RELEASE-NOTES-ja.html |
As you can see Centos Directory has all the rpm , So I decided to make Centos directory as my Centralized yum directory.
For Centralized yum repository , I need to create rpm headers for base repository , so execute bellow command
Step 2: Create the base repository headers
createrepo /usr/local/apache/htdocs/install/centos64/CentOS |
Upper command will create repodata directory under Centos directory
the directory should be like bellow :
[root@controlserver1 CentOS]# cd repodata/ [root@controlserver1 repodata]# pwd /usr/local/apache/htdocs/install/centos64/CentOS/repodata [root@controlserver1 repodata]# ls -al total 14252 drwxr-xr-x 2 root root 4096 Nov 26 15:20 . drwxr-xr-x 3 root root 221184 Nov 26 15:20 .. -rw-r--r-- 1 root root 3373682 Nov 26 15:20 filelists.xml.gz -rw-r--r-- 1 root root 9813890 Nov 26 15:20 other.xml.gz -rw-r--r-- 1 root root 1144150 Nov 26 15:20 primary.xml.gz -rw-r--r-- 1 root root 951 Nov 26 15:20 repomd.xml [root@controlserver1 repodata]# |
Building repository for updating yum packages
Step 3: Create a directory call updates
[root@controlserver1 centos64]# pwd /usr/local/apache/htdocs/install/centos64 [root@controlserver1 centos64]# mkdir updates |
So it should be like this
[root@controlserver1 centos64]# pwd /usr/local/apache/htdocs/install/centos64 [root@controlserver1 centos64]# ls CentOS RELEASE-NOTES-de.html RELEASE-NOTES-nl EULA RELEASE-NOTES-en RELEASE-NOTES-nl.html GPL RELEASE-NOTES-en.html RELEASE-NOTES-pt_BR images RELEASE-NOTES-en_US RELEASE-NOTES-pt_BR.html isolinux RELEASE-NOTES-en_US.html RELEASE-NOTES-ro kicks RELEASE-NOTES-es RELEASE-NOTES-ro.html ks.cfg RELEASE-NOTES-es.html repodata NOTES RELEASE-NOTES-fr RPM-GPG-KEY-beta RELEASE-NOTES-cs RELEASE-NOTES-fr.html RPM-GPG-KEY-CentOS-5 RELEASE-NOTES-cs.html RELEASE-NOTES-ja TRANS.TBL RELEASE-NOTES-de RELEASE-NOTES-ja.html updates |
Step 4: Select an rsync mirror to upload
Select any mirror from here:
http://www.centos.org/modules/tinycontent/index.php?id=31
Step 5 : Rsync the updates-released repository
rsync -avrt rsync://rsync.mirrorservice.org/mirror.centos.org/5.5/updates/x86_64/RPMS/ --exclude=debug/ /usr/local/apache/htdocs/install/centos64/updates/ |
It will download all the rpms from listed website into my updates directory.
Step 6: Rsync the repodata from
Go into updates directory and download all the contents from repodata.
[root@controlserver1 updates]# pwd /usr/local/apache/htdocs/install/centos64/updates [root@controlserver1 updates]# rsync -avrt rsync://rsync.mirrorservice.org/mirror.centos.org/5.5/updates/x86_64/repodata --exclude=debug/ /usr/local/apache/htdocs/install/centos64/updates/ |
Step 7:Edit yum.conf
Create a repo file under your : /etc/yum.repos.d directory.
[root@mysqlcluster2 yum.repos.d]# pwd
/etc/yum.repos.d
[root@mysqlcluster2 yum.repos.d]# ls
CentOS-Base.repo CentOS-Media.repo local.repo
[root@mysqlcluster2 yum.repos.d]
And disable other repos by inserting enabled=0 , Example :
[centosplus]
name=CentOS-$releasever – Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
Insert the bellow lines into local.repo files
[base-local] name=Centos $releasever - $basearch failovermethod=priority baseurl=http://10.0.0.55/centos64/CentOS/ enabled=1 gpgcheck=0 [updates-local] name=Centos $releasever - $basearch - Updates failovermethod=priority baseurl=http://10.0.0.55/centos64/updates/ enabled=1 gpgcheck=0 |
Now try yum command
yum clean all Loaded plugins: fastestmirror Cleaning up Everything Cleaning up list of fastest mirrors [root@mysqlcluster2 /]# yum update Loaded plugins: fastestmirror Determining fastest mirrors base-local | 951 B 00:00 base-local/primary | 1.1 MB 00:00 base-local 3186/3186 updates-local | 1.9 kB 00:00 updates-local/primary_db | 1.0 MB 00:00 Setting up Update Process |
Centralized Local repository is done!!..
Apapce 2: How to turn off directory listings
November 22nd, 2010Directory listings can be a security threat .
By default apache has bellow lines:
Options Indexes FollowSymLinks |
Delete indexes from that line, so it will be like bellow
Options FollowSymLinks |
Now restart apache daemon.
It will stop Apache to show directory listing .
Ticket listing
November 21st, 2010You can view the list tickets on this page.
The frontend ticket listing feature is only available in the premium release. Don't hesitate to order it!
Ticket submission form
November 21st, 2010You can submit tickets on this page.
The frontend submission form feature is only available in the premium release. Don't hesitate to order it!
1 Ticket Submission Form
November 21st, 2010You can submit ticket on this page
The frontend submission form feature is only available in the premium release. Don't hesitate to order it!
Linux:How to install vncserver
November 15th, 2010Ref: http://wiki.centos.org/HowTos/VNC-Server
(a)Install vnc-server packages
yum install vnc-server |
(b)Create your VNC users
useradd user1 |
(c)Set your users’ VNC passwords:
Login to each user, and run vncpasswd. This will create a .vnc directory.
vncpasswd |
(d)Edit the server configuration
Edit /etc/sysconfig/vncservers, and add the following to the end of the file.
VNCSERVERS="2:root 3:user1" VNCSERVERARGS[2]="-geometry 640x480" VNCSERVERARGS[3]="-geometry 640x480" |
(e)Create xstartup scripts/ Starting the server
/sbin/service vncserver start |
(g) Edit xstartup
Login each user’s home directory and Edit xstartup file
cd /root/.vnc vi xstartup Uncomment bellow 2 lines unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc |
xstartup file should be like this
#!/bin/sh ( while true ; do xterm ; done ) & # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm & |
(g) Restart vnserver again
service restart vncserver |
Linux: lsof command and its uses
November 1st, 2010How to view only TCP Established connections
lsof -iTCP | grep ESTABLISHED |
How to view traffic on specific port ( port 22)
Syntax is : lsof -i : port number lsof -i :22 | grep ESTABLISHED |
How to view traffic from specific ip address
lsof -i@ip.of.your.user |
how to view open files by a individual users
lsof -u username |
How to collect information about a process
lsof -p process_id |
Linux:Unable to copy long( _ ,#) file name from windows to samba server
October 5th, 2010Some times , When trying to copy long directories/subdirectories or file name include (_ or # ) from windows to Samba server, it gives error example : “unable to copy” or “Cant move folder file_name_long_name.cfm ,the file name or extension is too long”
The solution is :
[ share ]
path = /share-name /long-directory
read only = no
case sensitive = True
default case = upper
preserve case = no
short preserve case = no |
after Edit, please reboot the server
Miscellaneous useful websites about xen
September 27th, 2010Useful Links :
Live Migration:
http://www.linux.com/archive/feed/55773
Linux:How to force puppet client to download updates from puppet server
September 17th, 2010By default puppetd (puppet server) applies the client configuration; in 1800 seconds. If you have some emergency updates which has to be apply to every puppet clients instanly , you can do followings :
(a) puppetrun (This commands run from the puppet server)
SYNOPSIS Trigger a puppetd run on a set of hosts. USAGE puppetrun [-a|--all] [-c|--class ] [-d|--debug] [-f|--fore- ground] [-h|--help] [--host ] [--no-fqdn] [--ignoreschedules] [-t|--tag ] [--test] [-p|--ping] |
If you dont have LDAP support then -a(–all) and -c(–class) is useless . In that case ,if you want to force update every hosts, you will have to define all your hosts with puppetrun command ,
Eample :
According to puppetrun man pages, then uses is : EXAMPLE sudo puppetrun -p 10 --host host1 --host host2 -t remotefile -t web-server or puppetrun --host host1 --host host2 |
(b) func
If you have loads of server then its not practical to add all the hosts with puppetrun command!!.
in that case we can use func command .
how to install and use func
After install func in master and all rest of the server.
we can execute the bellow command :
Note : Please dont run puppetd daemon in clients if you want to update by calling func .
http://docs.puppetlabs.com/guides/scaling.html#triggered_selective_updates
func "*" call command run "puppetd --onetime" |
This command will execute puppetd command one time only and it will download all the updates from puppet server.
Last updates : 17th September 2010
Linux:InnoDB: Unable to lock ./ibdata1, error: 37
September 14th, 2010Ref: http://bugs.mysql.com/bug.php?id=47769
Database is located on the remote storage that mount via NFS. During mysql startup the
following entries appear in the .err file:
InnoDB: Unable to lock ./ibdata1, error: 37
Solution: mount -t nfs -o nolock IP:/data /data
Linux: Troubleshooting Redhat Cluster Suite
September 8th, 2010If you find that you are seeing error messages when you try to configure your system, or if after configuration your system does not behave as expected, you can perform the following checks and examine the following areas.
*
Connect to one of the nodes in the cluster and execute the clustat(8) command. This command runs a utility that displays the status of the cluster. It shows membership information, quorum view, and the state of all configured user services.
The following example shows the output of the clustat(8) command.
[root@clusternode4 ~]# clustat
Cluster Status for nfsclust @ Wed Dec 3 12:37:22 2008
Member Status: Quorate
Member Name ID Status
------ ---- ---- ------
clusternode5.example.com 1 Online, rgmanager
clusternode4.example.com 2 Online, Local, rgmanager
clusternode3.example.com 3 Online, rgmanager
clusternode2.example.com 4 Online, rgmanager
clusternode1.example.com 5 Online, rgmanager
Service Name Owner (Last) State
------- --- ----- ------ -----
service:nfssvc clusternode2.example.com starting |
In this example, clusternode4 is the local node since it is the host from which the command was run. If rgmanager did not appear in the Status category, it could indicate that cluster services are not running on the node.
*
Connect to one of the nodes in the cluster and execute the group_tool(8) command. This command provides information that you may find helpful in debugging your system. The following example shows the output of the group_tool(8) command.
[root@clusternode1 ~]# group_tool
type level name id state
fence 0 default 00010005 none
[1 2 3 4 5]
dlm 1 clvmd 00020005 none
[1 2 3 4 5]
dlm 1 rgmanager 00030005 none
[3 4 5]
dlm 1 mygfs 007f0005 none
[5]
gfs 2 mygfs 007e0005 none
[5] |
The state of the group should be none. The numbers in the brackets are the node ID numbers of the cluster nodes in the group. The clustat shows which node IDs are associated with which nodes. If you do not see a node number in the group, it is not a member of that group. For example, if a node ID is not in dlm/rgmanager group, it is not using the rgmanager dlm lock space (and probably is not running rgmanager).
The level of a group indicates the recovery ordering. 0 is recovered first, 1 is recovered second, and so forth.
*
Connect to one of the nodes in the cluster and execute the cman_tool nodes -f command This command provides information about the cluster nodes that you may want to look at. The following example shows the output of the cman_tool nodes -f command.
[root@clusternode1 ~]# cman_tool nodes -f
Node Sts Inc Joined Name
1 M 752 2008-10-27 11:17:15 clusternode5.example.com
2 M 752 2008-10-27 11:17:15 clusternode4.example.com
3 M 760 2008-12-03 11:28:44 clusternode3.example.com
4 M 756 2008-12-03 11:28:26 clusternode2.example.com
5 M 744 2008-10-27 11:17:15 clusternode1.example.com |
The Sts heading indicates the status of a node. A status of M indicates the node is a member of the cluster. A status of X indicates that the node is dead. The Inc heading indicating the incarnation number of a node, which is for debugging purposes only.
*
Check whether the cluster.conf is identical in each node of the cluster. If you configure your system with Conga, as in the example provided in this document, these files should be identical, but one of the files may have accidentally been deleted or altered.
*
In addition to using Conga to fence a node in order to test whether failover is working properly as described in Chapter 6, Testing the NFS Cluster Service, you could disconnect the ethernet connection between cluster members. You might try disconnecting one, two, or three nodes, for example. This could help isolate where the problem is.
*
If you are having trouble mounting or modifying an NFS volume, check whether the cause is one of the following:
o
The network between server and client is down.
o
The storage devices are not connected to the system.
o
More than half of the nodes in the cluster have crashed, rendering the cluster inquorate. This stops the cluster.
o
The GFS file system is not mounted on the cluster nodes.
o
The GFS file system is not writable.
o
The IP address you defined in the cluster.conf is not bounded to the correct interface / NIC (sometimes the ip.sh script does not perform as expected).
*
Execute a showmount -e command on the node running the cluster service. If it shows up the right 5 exports, check your firewall configuration for all necessary ports for using NFS.
*
If SELinux is currently in enforcing mode on your system, check your /var/log/audit.log file for any relevant messages. If you are using NFS to serve home directories, check whether the correct SELinux boolean value for nfs_home_dirs has been set to 1; this is required if you want to use NFS-based home directories on a client that is running SELinux. If you do not set this value on, you can mount the directories as root but cannot use them as home directories for your users.
*
Check the /var/log/messages file for error messages from the NFS daemon.
*
If you see the expected results locally at the cluster nodes and between the cluster nodes but not at the defined clients, check the firewall configuration at the clients.
Troubleshooting Red Hat Cluster Suite Networking
Ref : http://people.redhat.com/ccaulfie/docs/CSNetworking.pdf
Linux:named: transfer of ‘domain.com/IN’ from #53: failed while receiving responses: permission denied
September 3rd, 2010When you setup a Slave Dns server and trying to transfer zone from master server, you might see problem as bellow :
Sep 3 09:52:37 publicdns1.domani.local named[13635]: dumping master file: tmp-PKhZ6y6rRp: open: permission denied Sep 3 09:52:37 publicdns1.domain.local named[13635]: transfer of 'domain.com/IN' from 11.22.33.44#53: failed while receiving responses: permission denied Sep 3 09:52:37 publicdns1.domain.local named[13635]: transfer of 'domain.com/IN' from 11.22.33.44#53: end of transfer |
Solutions :
Make sure slave server is trying to create the zone file under /slave directory .( file “slaves/domain.com.zone”;)
Setting in named.conf for slave server would be like bellow
### Add Authoritiative zone for domain.com#######
zone "domain.com" IN {
type slave;
file "slaves/domain.com.zone";
masters {11.22.33.44; };
}; |
How to run perl/Python script from Linux Apache server
September 2nd, 2010For httpd.conf ( /usr/local/apache/conf – if you compile by source OR /etc/httpd/conf/httpd -: if you compile by yum)
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" |
If you want to run cgi script from under your domain , example , www.fosiul.com/cgi-bin/test.cgi , do as bellow
<VirtualHost *:80>
ServerAdmin fosiul@example.co.uk
DocumentRoot /usr/local/apache/htdocs/example/
ServerName www.example.co.uk
ServerAlias example.co.uk
......................................
......................................
<Directory "/usr/local/apache/htdocs/example/">
Options FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/apache/htdocs/example/cgi-bin/">
Order deny,allow
Allow from all
Allow from xx.xx.xx.xx # If you just want to run cgi script from certain Ips , then you need to disable "Allow from All" options
#Deny from all # if you only want to allow cgi script from certain ip then you need to enable "Deny from all" options
</Directory>
ScriptAlias /cgi-bin/ /usr/local/apache/htdocs/example/cgi-bin/ |
Now create a directory under : /usr/local/apache/example/cgi-bin
Create a cgi script
#!/usr/bin/perl -T
use strict;
use CGI;
my $cgi = new CGI;
print $cgi->header;
print $cgi->start_html('test world');
print $cgi->h1('Hellow test');
print $cgi->li('list');
print $cgi->end_html(); |
run this cgi script : http://www.example.co.uk/cgi-bin/test.cgi
How to run a python under cgi script
create a cgi script (testpy.cgi) as bellow to run python
#!/usr/bin/python print "Content-Type: text/plain\n\n" print "Hello, World!\n" |
Now run this script as , www.example.co.uk/cgi-bin/testpy.cgi
Linux:How to configure/secure public primary/secondary bind dns server
September 1st, 2010Localhost Resolver :
(a) install bind
yum install bind bind-chroot bind-devel |
(b) Copy named.conf and related files from /usr/share/doc/bind-9.3.6/sample/etc/
cp /usr/share/doc/bind-9.3.6/sample/etc/* /var/named/chroot/etc/ |
(c) File lists in /var/named/chroot/etc are as bellows :
[root@publicdns1 etc]# ls localtime named.rfc1912.zones rndc.conf named.conf named.root.hints rndc.key |
Check the Ownership of files. Ownership should be root:named as
bellow:
[root@publicdns1 etc]# pwd /var/named/chroot/etc [root@publicdns1 etc]# ls -al total 64 drwxr-x--- 2 root named 4096 Aug 28 13:38 . drwxr-x--- 6 root named 4096 Aug 28 13:37 .. -rw-r--r-- 1 root root 3661 Aug 24 12:53 localtime -rw-r--r-- 1 root named 5299 Aug 28 13:38 named.conf -rw-r--r-- 1 root named 775 Aug 28 12:20 named.rfc1912.zones -rw-r--r-- 1 root named 524 Aug 28 12:20 named.root.hints -rw-r--r-- 1 root named 0 Aug 28 12:20 rndc.conf -rw-r----- 1 root named 113 Aug 28 12:12 rndc.key [root@publicdns1 etc]# |
If the ownership is not right then we can change it as follows :
chown root:named named.conf named.rfc1912.zones named.root.hints rndc.conf rndc.key |
(d) Copy named.root into /var/named/chroot/var/named directory
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/ |
File lists are :
[root@publicdns1 named]# ls data domain.co.uk.zone named.root slaves [root@publicdns1 named]# |
(e) For allowing internal pc’s to resolve dns request and for internal host name , we need to work on “view “localhost_resolver” ” section as bellow
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost;10.0.0.0/24; };
match-destinations { localhost;10.0.0.0/24; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
}; |
Note : all the internal zone information will be placed on named.rfc1912.zones files
(f) Now edit named.rfc1912.zones which is located /var/named/chroot/etc
and enter bellow lines
zone “internaldomain.local” IN {
type master;
file “internaldomain.local.zone”;
};
So the Edited named.rfc1912.zones file be like bellow
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
//zone "." IN {
// type hint;
// file "named.ca";
//};
zone "internaldomain.local" IN {
type master;
file "internaldomain.local.zone";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
}; |
(g)
create a zone file internaldomain.local.zone file in /var/named/chroot/var/named like bellow:
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS internaldns
IN MX 10 internalmailserver
IN A 10.0.0.20
internaldns IN A 10.0.0.9
Account IN A 10.0.0.6
internalmailserver IN A 10.0.0.10
www IN A 10.0.0.20 |
Note : make sure you have permission as bellow or bind would not be able to read it.
chown root:named internaldomain.local.zone |
Primary Server:
(A)
Create zone entries in named.conf
Since This server will work as public dns server,We will create zone entries for example.co.uk under external views.
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
allow-query-cache { none; };
// Disable lookups for any cached data and root hints
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
### Add Authoritiative zone for example.co.uk#######
zone "example.co.uk" IN {
type master;
file "example.co.uk.zone";
allow-update { none; };
allow-transfer { 22.33.44.55; };//only this host will received updates from this master server.
};
}; |
Secondary Server :
Follow every steps from beginning . We just need to make changes on named.conf file to allow slave to download zone file, updates from master server.
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
allow-query-cache { none; };
// Disable lookups for any cached data and root hints
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
### Add Authoritiative zone for example.co.uk#######
zone "example.co.uk" IN {
type slave;
file "slaves/example.co.uk.zone";
masters { 55.55.55.55 ;};
};
}; |
Full named.conf file for Primary Name server(Public + Local host resolver :
cat named.conf
//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/nam ed).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost;10.0.0.0/24; };
match-destinations { localhost;10.0.0.0/24; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subn ets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don 't
// end up providing free DNS service to all takers
allow-query-cache { none; };
// Disable lookups for any cached data and root hints
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "example.co.uk" IN {
type master;
file "example.co.uk.zone";
allow-update { none; };
allow-transfer { 22.33.44.55; };//only this host will received updates from this master server.
};
}; |
Full named.conf for Public Slave server
cat named.conf
//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/nam ed).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost;10.0.0.0/24; };
match-destinations { localhost;10.0.0.0/24; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subn ets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don 't
// end up providing free DNS service to all takers
allow-query-cache { none; };
// Disable lookups for any cached data and root hints
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "example.co.uk" IN {
type slave;
file "slaves/example.co.uk.zone";
masters { 55.55.55.55 ;};
};
}; |
Securing Name server :
(a) Dont End up providing free dns service for every one
options {
recursion no;
}; |
(b)
options {
fetch-glue no;
}; |
(c)Allow zone transfer from specific host
### Add Authoritiative zone for example.co.uk#######
zone "example.co.uk" IN {
type master;
file "example.co.uk.zone";
allow-update { none; };
allow-transfer { 22.33.44.55; };//only this host will received updates from this master server. |
(d) Don’t disclose Bind version
options {
version "Not disclosed";
}; |
Cisco:Miscellaneous commands
August 5th, 2010How to Delete OLD Ios from flash memory
Router# delete old IOS image name Delete filename [old IOS image name]? Delete flash: old IOS image name [confirm] Router# |
How claim the memory back?
Router# squeeze flash: Squeeze operation may take a while. Continue? [confirm] squeeze in progress... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee Rebuild file system directory... Squeeze of flash complete Router# |
Running-projects
July 15th, 2010Objective : Write Monitoring script for bellow network diagram.
Script include : (a) Monitor Mysql replication
(b) Monitor Dns Servers
(i) Change A records for any Apache server failure.
(c) Monitor Apache servers
(d) Monitor Red hat clusters
(e) Monitor DRBD replication
How to configure Cisco router to use Microsoft DHCP server Or Active Directory Server between vlans
July 9th, 2010
Note :This is a router on a stick method (cisco 1941 router)
(a) Find out router interfaces
EVROUTER#show ip interface brief Interface IP-Address OK? Method Status Prot ocol GigabitEthernet0/0 unassigned YES manual up up GigabitEthernet0/1 88.88.88.81 YES DHCP up up NVI0 unassigned NO unset up up |
(b) Create Sub interface related to individuals vlan
For vlan1 configure terminal interface GigabitEthernet0/0.1 encapsulation dot1Q 1 ip address 192.168.1.1 255.255.255.0 For Vlan 10 configure terminal interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 For Vlan 20 configure terminal interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0 |
output should be :
EVROUTER#show ip interface brief Interface IP-Address OK? Method Status Prot ocol GigabitEthernet0/0 unassigned YES manual up up GigabitEthernet0/0.1 192.168.1.1 YES manual up up GigabitEthernet0/0.10 192.168.10.1 YES manual up up GigabitEthernet0/0.20 192.168.20.1 YES manual up up GigabitEthernet0/1 88.88.88.81 YES DHCP up up NVI0 unassigned NO unset up up EVROUTER# |
(c)Setup the relay agent for individuals subnet
For vlan 1 EVROUTER#configure terminal EVROUTER(config)#interface gigabitEthernet 0/0.1 EVROUTER(config-subif)#ip helper-address 192.168.1.7 For Vlan10: EVROUTER#configure terminal EVROUTER(config)#interface gigabitEthernet 0/0.10 EVROUTER(config-subif)#ip helper-address 192.168.1.7 For vlan20 EVROUTER#configure terminal EVROUTER(config)#interface gigabitEthernet 0/0.20 EVROUTER(config-subif)#ip helper-address 192.168.1.7 |
now all your vlans will be able to get Ip from each individuals subnet from DHCP server and they would be able to use active directory to login each computer with their user name and password.
(d) Allow each vlans to use internat
(1) label each interface and sub interface for NAT
configure terminal
interface gigabitEthernet 0/0.1
ip nat inside
exit
interface gigabitEthernet 0/0.10
ip nat inside
exit
interface gigabitEthernet 0/0.20
ip nat inside
exit
interface gigabitEthernet 0/1
ip nat outside
exit |
(2)Create Access list to allow this vlans to use NAT
configure terminal
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255 |
(3)Enable nat overload
ip nat inside source list NAT_ADDRESS gigabitEthernet 0/1 overload |
note : At this point all vlans will be able to get to the internet .
Cisco:How to solve line protocol down problem for serial interface in packet tracer
July 3rd, 2010I am using cisco 2811 router with 1 WIC-1T card for serial interface
Both router is connected by serial (DCE/DTE) interface and and ip is set as follows:
router 1: 192.168.1.1 255.255.255.0
router 1: 192.168.1.2 255.255.255.0
Problem: line protocol is showing down .
Example bellow :
R1#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES manual administratively down down FastEthernet0/1 unassigned YES manual administratively down down Serial0/3/0 192.168.1.1 YES manual up down Vlan1 unassigned YES manual administratively down down |
Reason :
one of the reason is on DCE , clock rate is set to : no clock , as bellow example
R1#show controllers serial 0/3/0
Interface Serial0/3/0
Hardware is PowerQUICC MPC860
DCE V.35, no clock
idb at 0x81081AC4, driver data structure at 0x81084AC0
SCC Registers:
General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8
Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00
Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E
Interrupt Registers:
Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000
Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000
Command register [CR]=0x580
Port A [PADIR]=0x1030, [PAPAR]=0xFFFF
[PAODR]=0x0010, [PADAT]=0xCBFF
Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E
[PBODR]=0x00000, [PBDAT]=0x3FFFD
Port C [PCDIR]=0x00C, [PCPAR]=0x200
[PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F
Receive Ring
rmd(68012830): status 9000 length 60C address 3B6DAC4
rmd(68012838): status B000 length 60C address 3B6D444
Transmit Ring
--More-- |
Solve:
add clock rate by hand
R1#configure t R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#in R1(config)#interface se R1(config)#interface serial 0/3/0 R1(config-if)#clo R1(config-if)#clock r R1(config-if)#clock rate 1000000 R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up |