In General Linux on
3 September 2009
with no comments 
14 views
Will generate a pair of public-private key (with type DSA) inside ~/.ssh/. Defaults are:
and
The public key can be tranfered to other host with running sshd (ssh server). Default authorization key file used by sshd is ~/.ssh/authorized_keys (this can be configured from /etc/ssh/sshd_config). Append the generated id_dsa.pub to this file in remote host:
$ cat id_dsa.pub >> authorized_keys
My host with private key id_dsa can now ssh to remote host containing my public key in its authorized_keys file.
In General Linux on
2 September 2009
with no comments
5 views
A successful installation in a LAMP system may require more library. I added php5-cli to enable php through command line i.e $ /usr/bin/php , libphp-adodb, php5-snmp.
In localhost snmpd is installed and configured /etc/default/snmpd:
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'
and edit /etc/snmp/snmpd.conf to have:
com2sec readonly localhost <some community string>
Install snmp, then I can test snmpwalk:
$ snmpwalk -Os -c <some community string> -v 1 localhost system
Cacti requires RRDTool and the correct version to be set in Settings menu of the Cacti web console. In my case, RRDTool version is 1.3x. In Cacti 0.8.6.x and above poller.php is called by cron instead of cmd.php, put this trough crontab in Cacti user (enter this Cacti user crontab from crontab -e -u or embed the user in crontab by root instead of individually edited).
*/2 * * * * /usr/bin/php /var/www/cacti/poller.php
It will generate file under rra directory of the web /var/www/cacti/rra/.rrd. RRD tool will create image based on this polling result file.
In OpenView on
2 September 2009
with no comments
9 views
Issue certificate file from management server:
[mgmtsrv]$ ovcm -issue -file /tmp/node.cert -name <nodename> -pass <password> -coreid <coreid from node>
Copy the /tmp/node.cert file to the node and import it.
[node]$ ovcert -importcert -file /tmp/node.cert -pass <password>
It will then appear in the ovcert -list. Communication using HTTPS will also work, test this with bbcutil -ping on either sides.
In General Linux on
20 August 2009
with no comments
7 views
This trial is done in a RedHat (RHEL 5.2) inside VirtualBox. The required squid package is using squid-3.0.STABLE13-1.el5.i386.rpm. Two interfaces is configured in this box as shown in the following NAT masquerading which build a simple router at 192.168.40.40 (eth1) :
1
2
3
4
5
6
7
8
| WAN=wan0
LAN=eth1
IPTABLES=/sbin/iptables
$IPTABLES --flush # Flush all the rules in filter and nat tables
$IPTABLES --table nat --flush
$IPTABLES --delete-chain # Delete all chains that are not in default filter and nat table
$IPTABLES --table nat --delete-chain |
the real script is just two command line below:
1
2
| $IPTABLES --table nat --append POSTROUTING --out-interface $WAN -j MASQUERADE
$IPTABLES --append FORWARD --in-interface $LAN -j ACCEPT |
Default route gateway is wan0 and /etc/resolv.conf is edited with relevant DNS. Internet works perfectly and then after squid is installed, I use the following /etc/squid.conf :
1
2
3
4
5
6
| visible_hostname mithrandir
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
acl intranet src 192.168.40.0/24
http_access allow intranet |
It is pretty straightforward and simple, a listening proxy 192.168.40.40 in port 3128. It is also a router to the internet, NAT, via wan0.
In General Linux, Ubuntu on
5 June 2009
with no comments
8 views
Check UUID:
$ blkid
/dev/loop0: TYPE="squashfs"
/dev/sda1: UUID="46E439E9E439DBBD" LABEL="SYSTEM" TYPE="ntfs"
/dev/sda5: LABEL="DATA" UUID="0686-FAFA" TYPE="vfat"
/dev/sda6: UUID="4ddd1e8c-e2e2-4397-838b-ea953e0a7795" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda7: TYPE="swap" UUID="9be4f92e-4f22-41f4-9aee-1c93f9cdf6ac"
/dev/sda8: UUID="6a969f33-240b-440c-9a43-e68f8b28fd19" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda9: UUID="d7aac664-c177-46aa-be67-40aad4d3f129" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda10: UUID="36cdb4cb-351b-4f47-9c24-64a9e80c826b" TYPE="ext4"
or
$ sudo vol_id -u /dev/sda7
9be4f92e-4f22-41f4-9aee-1c93f9cdf6ac
Put it in /etc/fstab to mount the device at boot.
# /etc/fstab: static file system information.
#
# Use 'vol_id --uuid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda10 during installation
UUID=36cdb4cb-351b-4f47-9c24-64a9e80c826b / ext4 relatime,errors=remount-ro 0 1
# /home was on /dev/sda9 during installation
#UUID=d7aac664-c177-46aa-be67-40aad4d3f129 /home ext3 relatime 0 2
# /home moved to /dev/sda8 using ext4 file system, /apps uses previous /home in /dev/sda9
UUID=6a969f33-240b-440c-9a43-e68f8b28fd19 /home ext3 relatime 0 2
UUID=d7aac664-c177-46aa-be67-40aad4d3f129 /apps ext3 relatime 0 2
# swap was on /dev/sda7 during installation
UUID=9be4f92e-4f22-41f4-9aee-1c93f9cdf6ac none swap sw 0 0
# /dev/sda5
UUID=0686-FAFA /media/sda5 vfat defaults,utf8,umask=007,gid=46 0 1
The sixth field <pass>, is used by the fsck program to determine the order in which filesystem checks are done at reboot time. The root filesystem should be specified with a <pass> of 1, and other filesystems should have a <pass> of 2.
In OpenView on
14 April 2009
with 1 comment
92 views
Most template editing is done through Motif-GUI. A “template engineer” privilege capable of doing many things there. However, to run other steps outside his/her privilege, he/she needs to invoke some command line.
Check installed templates and their status (enabled/disabled) in a node:
$ ovpolicy -list -host
Export a template to a flat file
$ opctempl -get
Template types for templ_type can be one of the following:
CONSOLE_TEMPLATE
OPCMSG_TEMPLATE
LOGFILE_TEMPLATE
MONITOR_TEMPLATE
SNMP_TEMPLATE
EC_TEMPLATE
SCHEDULE_TEMPLATE
Then, previous exporting can be done as e.g.
opctempl SOMECOMPANY-BC-VAS-MTR-OS-FS MONITOR_TEMPL some_output_file
How do we get which template type for a template? Visually in Motif-GUI (there is a Type column there) or by listing available templates in management server e.g. (it will appear inside |TYPE| ):
$ opcnode -list_templs | grep VAS
|GRP| VAS
|MON| SOMECOMPANY-BC-VAS-MTR-OS-FS
|MON| SOMECOMPANY-BC-VAS-MTR-APPS-PORT_10001
Assign one of the above templates by e.g.
$ opcnode -assign_templs templ_name="SOMECOMPANY-BC-VAS-MTR-OS-FS" templ_type=MONITOR_TEMPLATE node_name=vasprdpdb3.somecompany.lan net_type=NETWORK_IP
to remove replace with -deassign_templ.
Check assigned templates using
$ opcnode -list_ass_templs node_name=vasprdpdb3.somecompany.lan net_type=NETWORK_IP
In General Linux, Ubuntu on
30 March 2009
with no comments
2 views
A series of command can be queued by using at command. There are slight variations between UNIXs for at command, the following example is for Ubuntu.
Due to to the purpose of running it for OpenView managed nodes (this is some sort of trial-test), I put the job queue as if it was done through ovdeploy (remotely).
$ echo "cat /etc/hosts > tst.txt" >> tst.at.queue
the queued job is a simple cat directed to an output file (tst.txt).
This next at will queue whatever contained in tst.at.queue
$ at -f tst.at.queue now + 2 minutes
warning: commands will be executed using /bin/sh
job 6 at Mon Mar 30 22:40:00 2009
We can check at queues as:
$ atq
6 Mon Mar 30 22:40:00 2009 a arif
It says that the job will be run at a certain time which is at 22:40:00 system time. When the job is done, queue will become empty and tst.txt will be generated as described in job file tst.at.queue.
In Coding, General Linux on
17 March 2009
with no comments
3 views
The following function:
1
2
3
| processLine(){
<strong>line</strong>="$@"
} |
Does it have some sort of “return value”? (in this case the variable line) by calling it through:
processLine $line
echo $line
In the above example, I echo the value of line after being processed by processLine(). (?)
In OpenView on
11 March 2009
with no comments
109 views
In a de-installed node, OVCoreID can then be manually added to the management server. After installing the node copy the new $ ovcoreid from the managed node to the management server:
opcnode -chg_id cocpeca1.somecompany.lan id=xxx <ovcoreid>
The node label cocpeca1 must already exist, check first by using:
opcnode -list_nodes node_list=cocpeca1.somecompany.lan
It is also better to disable the node first by using:
opcnode -chg_nodetype node_list=cocpeca1.somecompany.lan node_type=DISABLED
After granting (opccsa), it can be re-enabled by:
opcnode -chg_nodetype node_list=cocpeca1.somecompany.lan node_type=CONTROLLED
(Here is related post on forcing OVCoreID)
In OpenView on
11 March 2009
with no comments
117 views
In my-client implementation there is standard owner for OV processes, that is opc_op. We can check this on running agents/OV daemons via ps -ef | grep OV.
A non-standard my-client will return e.g. (which are owned by root):
root 2555 1 0 Mar10 ? 00:00:08 /opt/OV/bin/ovcd
root 2569 2555 0 Mar10 ? 00:00:08 /opt/OV/bin/ovbbccb -nodaemon
root 2597 2555 0 Mar10 ? 00:00:07 /opt/OV/lbin/perf/coda
root 2660 2555 0 Mar10 ? 00:00:00 /opt/OV/lbin/conf/ovconfd
root 2823 2555 0 Mar10 ? 00:00:16 /opt/OV/lbin/eaagt/opcmsga
root 2826 2555 0 Mar10 ? 00:00:00 /opt/OV/lbin/eaagt/opcacta
root 2840 2555 0 Mar10 ? 00:00:00 /opt/OV/lbin/eaagt/opcmsgi
root 8083 2660 0 18:17 ? 00:00:00 /bin/sh -c ps -f | grep OV
root 8085 8083 0 18:17 ? 00:00:00 grep OV
Hence, we’ll have to alter the processes ownership as follows:
[@node as root]
/opt/OV/bin/ovdeploy -inv && ps -ef | grep OV /opt/OV/bin/ovc -kill && ps -ef | grep OV umask 02 && /opt/OV/bin/ovswitchuser.sh -existinguser opc_op -existinggroup opcgrp \ && chmod 4550 /opt/OV/bin/ovbbccb && /opt/OV/bin/ovconfchg -ns bbc.cb -set CHROOT_PATH / && su - opc_op
The last line ($ su - opc_op) switch user to opc_op, so it’ll continue in this user:
[@node as opc_op]
/opt/OV/bin/ovc -start && /opt/OV/bin/ovc -status