Archive for June, 2010

Cisco:Routing protocols OSPF

Tuesday, June 29th, 2010

How to setup OSPF routing :

How to view what protocols is running:

show ip protocols

how to kill rip protocols (if exists)

configure terminal
no router rip

How create OSPF protocols

configure terminal
router ospf 1   [ here 1 is the process id, which has to be same to every router in the organization ]
network 192.168.1.1 0.0.0.0 area 0
Or
network 192.168.1.0 0.0.255.255 area 0

How to set default route to go to internet
From main router :

configure terminal
router ospf 1
default-information originate

How to join Area 0 with Area 1
(Ip of Area 1 is :172.30.0.0-172.30.0.7 , Summary route: 172.30.0.0/21, Wild card mask for ospf 0.0.7.255)

configure terminal
router ospf 1
network 172.30.0.0 0.0.7.255 area 1

How to summarize Are 1 Network before adding to Area 0(How to create range) :

configure terminal
router ospf 1
area 1 range 172.30.0.0 255.255.248.0

How to debug ospf relation

debug ip ospf adj
clear ip ospf process

Nagios script to monitor memory uses

Thursday, June 24th, 2010
#!/bin/bash
 
#Version 1.0
#######################################
#Nagios scrept to check memory status##
#Commands : free -m#####################
#######################################
 
 
#Status check for nagios script
 
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
 
 
#Define All the variables for commands
 
declare -rx SCRIPT=${0##*/}
declare -rx CMD_AWK="/bin/awk"
declare  -rx CMD_CAT="/bin/cat"
declare  -rx CMD_FREE="/usr/bin/free"
#####Section 1.1 :Definning function for free memory checking########
#Definning function to check free memory status#####################
#####################################################################
 
function FUNC_FREE_CMD
 
{
 
MEM_STATUS=$( $CMD_FREE -m | grep buffers/cache | awk '{print $4}')
 
 
########Checking if Current memory is critial or normal ######
 
if [ $MEM_STATUS -le 325 ]
then
 
#echo "Critical,Memory Level: $MEM_STATUS"
echo "Critical,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
exit $STATE_CRITICAL
fi
 
if [ $MEM_STATUS -le 350 ]
then
 
echo "Warnings,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
exit $STATE_WARNING
 
else
echo "Memory Seems Ok,Total Memory is: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
#echo "Critical,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS"
exit $STATE_OK
fi
 
}
 
#############Section 1.2 calling  the function###############
######## And processing data from this fucntion##############
FUNC_FREE_CMD

Thanks

Cisco:Basic Commands to setup vlan

Wednesday, June 16th, 2010

Vlan Network Diagram

Trunking:
(1)Create trunk ports between 2 switch:
to setup trunk between port F0/11 and F012 of Switch S1
For Port F0/11

configure terminal
interface fastEthernet 0/11
switchport mode trunk
note : if upper commands say : command rejected  with error : Trunk encapsulation is Auto, then do the followings
switchport trunk encapsulation dot1q
Now type again : switchport mode trunk

For Port F0/12

configure terminal
interface fastEthernet 0/12
switchport mode trunk
note : if it upper commands say ,  : command rejected  with error : Trunk encapsulation is Auto, then do the followings
switchport trunk encapsulation dot1q
Now type again : switchport mode trunk

Set others ports a Access ports 1 to 10, then 13 to 23
configure terminal

 interface range fastEthernet 0/1-10
 switchport mode access
 
 interface range fastEthernet 0/13-23
 switchport mode access

How to view which ports are trunk for a switch :

show interfaces trunk

VTP :
(a) Configure VTP:

How to see VTP status :

 show vtp status

Setup VTP Domain

   configure terminal
   vtp domain MYDomain

(B) How to create vtp client
By default every switch is a vtp server. To make switch as VTP client:

configure terminal
vtp mode client

Configuring VLAN:

(3)How to view vlan information

show vlan

How to create vlan

 configure terminal
 vlan 10
exit
show vlan

How to assign a name to a vlan

 configure terminal
 vlan 10
 name SALES

How to assign port to vlan
example : we want to make pc ip : 192.168.1.50 which is connected to switch 3 via port F0/8 and we want to make this pc under vlan 10

From switch 3 :
 configure terminal
 interface fastEthernet 0/8
 switchport access vlan 10

How to routing between Vlan 10 and Vlan20 for subnet (192.168.20.0 and 192.168.10.0)(Router on a stick)
To routing between vlan , we need to create sub-interface inside a router(example router2)
For interface 1

configure terminal
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

For interface 2

configure terminal
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

It will create 2 interface like bellow :

R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.2 YES manual up up

FastEthernet0/0.10 192.168.10.1 YES manual up up

FastEthernet0/0.20 192.168.20.1 YES manual up up

FastEthernet0/1 192.168.2.1 YES manual up up
R2#
To be continue

Mysql Server processlist shows negative value(-) in connect column for system user

Wednesday, June 9th, 2010

Some times process list out put show negative value like bellow :
Command :

watch /usr/local/mysql/bin/mysqladmin -ppass processlist

8 | system user | | Connect | -1247 | Has read all relay log; waiting for the slave I/O thread to update it |

One of the reason :
make sure both Server has same time zone.
if there is any time difference between 2 server the replicate client show negative values

How To Set Up MySQL Database Replication With SSL Encryption

Wednesday, June 9th, 2010

SSl Replication between 2 Active Active Mysql Server


Step1 :
Set up normal replication first and find out if mysql server is compiled with ssl supports
Ref:http://www.fosiul.com/index.php/2009/11/mysql-server-master-master-active-active-replication/

Bellow commands will verify if mysql server is compiled with ssl supports

SHOW VARIABLES LIKE ‘have_openssl’;

output :

(Yes mean)Mysql Server is compiled with ssl


Step2 :
in Server1 :
(a)Create Self signed certificate .
Note : While Creating self signed certificate use different common name for each certificate,other wise it will through ssl certificate error.

Creating Self signed certificate :
ref :http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html

mkdir /usr/local/mysql/ssl ( I am assuming ,mysql has been compiled at /usr/local/mysql directory)

cd /usr/local/mysql/ssl

# Create CA certificate (Use different common name)

shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
         -key ca-key.pem > ca-cert.pem

# Create server certificate (use different common name)

shell> openssl req -newkey rsa:2048 -days 1000 \
         -nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate

shell> openssl req -newkey rsa:2048 -days 1000 \
         -nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

So it will be like bellow picture

Step 2 :

Copy all these files into Server 2 .Location : /usr/local/mysql/ssl

Reason : we will make Master Master Active Active Replication. There would be ssl encryption between Server1 to server 2 and server2 to server1.
Picture :SSl Replication between 2 Active Active Mysql Server

scp * root@ns2.server2co.uk:/usr/local/mysql/ssl/
(Assume, we are in /usr/local/mysql/ssl directory of Server1)

Step 3:

For Server1 :

Edit my.cnf file add bellow lines in [ Mysqld] sections
 
ssl-key=/usr/local/mysql/ssl/server-key.pem
ssl-cert=/usr/local/mysql/ssl/server-cert.pem
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
 
[client]
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
ssl-key=/usr/local/mysql/ssl/client-key.pem
ssl-cert=/usr/local/mysql/ssl/client-cert.pem
 
 
For Server2 :
<pre lang="GNU">
Edit my.cnf file add bellow lines in [ Mysqld] sections
 
ssl-key=/usr/local/mysql/ssl/server-key.pem
ssl-cert=/usr/local/mysql/ssl/server-cert.pem
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
 
 
[client]
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
ssl-key=/usr/local/mysql/ssl/client-key.pem
ssl-cert=/usr/local/mysql/ssl/client-cert.pem

Restart the both server, using the –skip-slave-start
ref :href=”http://dev.mysql.com/doc/refman/5.1/en/replication-options-slave.html#option_mysqld_skip-slave-start

/usr/local/mysql/bin/mysqld_safe --skip-slave-start --user=mysql &

Now check if both server has ssl linked to accurate directory

Execute bellow command in mysql server console in both server.

mysql> show variables like '%ssl%';

it will give output like bellow picture

Ssl Enabled and its looking to right directory

Step 4 :
Create replication user
For server 1

GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO slave@'ip.of.your.server2' IDENTIFIED BY 'strong-password' require SSL;

For server 2

GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO slave@'ip.of.your.server1' IDENTIFIED BY 'strong-password' require SSL;

Step 5 :
Server 1:
Open firewall rules ,and allow traffic to 3306 port from only ip of server2

Server 2:

Open Firewall rules ,and allow traffic to 3306 port from only ip of server1

Step 5 :

Test if both server accepting ssl connection from each other and its going via Secure ssl encryption
From Server 1/Server 2 :

mysql --ssl -hip-of-server1 -uSSL_CLIENT -ppassword

if everything goes ok then you should see mysql prompt. at the mysql prompt , type
\s to verify that its going through via ssl encryption.

Look at the ssl column for :
SSL:Cipher in use is DHE-RSA-AES256-SHA or similar
Same as bellow picture:

Ssl is enabled

Step 6 :
Connect Serve1 with SErver 2 and SErver 2 with Server 1

Server1 to Server2 :

CHANGE MASTER TO MASTER_HOST='ip.of.your.server2', MASTER_USER='slave', MASTER_PASSWORD='password', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=53678, MASTER_SSL=1,MASTER_SSL_CA = '/usr/local/mysql/ssl/ca-cert.pem', MASTER_SSL_CERT = '/usr/local/mysql/ssl/client-cert.pem', MASTER_SSL_KEY = '/usr/local/mysql/ssl/client-key.pem';

Server2 to Server1

CHANGE MASTER TO MASTER_HOST='ip.of.your.server1', MASTER_USER='slave', MASTER_PASSWORD='password', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=53488, MASTER_SSL=1,MASTER_SSL_CA = '/usr/local/mysql/ssl/ca-cert.pem', MASTER_SSL_CERT = '/usr/local/mysql/ssl/client-cert.pem', MASTER_SSL_KEY = '/usr/local/mysql/ssl/client-key.pem';

NOte : make sure you lock al the tables before taking log file positions and also check the log file position from both server.

Step 6 :
Now start slave server on both server.

 
slave start

Step 7:
Verify if both server looking to each other.

Server1/Server2

show slave status\G;

check if the output is similar with the bellow picture

Check if all slaves looking to each other

Look for bellow options :

Master_Host: xx.xx.xx.xx
Master_User: slave
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 128108
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /usr/local/mysql/ssl/ca-cert.pem
Master_SSL_Cert: /usr/local/mysql/ssl/client-cert.pem
Master_SSL_Key: /usr/local/mysql/ssl/client-key.pem

Please let me know if there is any problem you face while implementing this.
Thanks

nagios script to check dns servers status

Monday, June 7th, 2010
#!/bin/bash
###################################
#Purpose:################################################################
###(a) Monitor if all your name server is online:        Status :Done ####
###(b) Monitor if all name server has same zone record : Staus : Ongoing##
###(c) Monitor the Response time of Dns server         : Status : Ongoing#
#########################################################################
 
#Status check variables for nagios script#####
#####################################
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
 
#####################################
##Declaration of vairables###########
#####################################
 
declare -rx  CMD_HOST="/usr/bin/host";
declare -rx CMD_AWK="/bin/awk"
declare  -rx CMD_CAT="/bin/cat"
declare -rx CMD_GREP="/bin/grep"
declare -rx CMD_DIG="/usr/bin/dig"
ZONE=$1;  # This value will captuer zone record prvided as parameter from script.
#############################################################
#Command to use : host -t ns fosiul.co.uk | awk '{print $4}'#
#############################################################
NUMBER_OF_DNSSrv=$($CMD_HOST -t ns $ZONE | $CMD_AWK '{print $4}' )
s=0
for i in $NUMBER_OF_DNSSrv
do
###########################################################
###Now Find out if all the name server is running##########
##########################################################
 
############Command#######################
########dig @dnserver ############
DNS_LIVE_RESULT=$($CMD_DIG @$i | $CMD_GREP -c  'connection timed out')
 
if [ $DNS_LIVE_RESULT -gt 0 ]
 
        then
         OFFLINE_ARRAY[$s]=$i
          ((s+=1))
fi
done
if [ ${#OFFLINE_ARRAY[*]} -eq 0 ]
then
 echo "All servers are online"
 exit $STATUS_OK
else
 s=0
  echo -n "Following servers are offline: "
  while [ $s -lt ${#OFFLINE_ARRAY[*]} ]
   do
    echo -n "${OFFLINE_ARRAY[$s]} "
    ((s+=1))
   done
   echo
  exit $STATE_CRITICAL
fi
 
 
 
done

Linux:How to run c program in linux

Friday, June 4th, 2010

1. Open an editor in linux Example vi editor
2. Write a simple program and save it as progra1.c

  #include <stdio.h>
  int main (void)
{
printf ("Programming is fun.\n");
return 0;
}

3. compile the program : $ gcc prog1.c
4. Run the program : ./a.out
Or
5.you can give it a different name : gcc prog1.c –o prog1
Now run the program by typing : prog1