Friday, June 5, 2009

Creating a self signed certificate for apache - A very quick HowTo

1. generate a private key ( Tag - self signed certificate for apache)
openssl genrsa -des3 -out yourdomain.com.key 1024

2. Generate CSR ( Tag - self signed certificate for apache)
openssl req -new -key yourdomain.com.key -out yourdomain.com.csr

Now enter all details as shown below 

Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:WB
Locality Name (eg, city) [Newbury]:Kolkata
Organization Name (eg, company) [My Company Ltd]:ABC Co
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:www.yourdomain.com
Email Address []:admin@yourdomain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


3. Remove passphrase ( Tag - self signed certificate for apache)
cp yourdomain.com.key yourdomain.com.key.orig
openssl rsa -in yourdomain.com.key.orig -out yourdomain.com.key

4. generate certificate  ( Tag - self signed certificate for apache)
openssl x509 -req -days 730 -in yourdomain.com.csr -signkey yourdomain.com.key -out yourdomain.com.crt

5. Copy required files
cp server.crt /etc/apache2/conf/ssl.crt
cp server.key /etc/apache2/conf/ssl.key

6: Configuring SSL In Apache( Tag - self signed certificate for apache)

User the SSL Vhosts or in main configuration file 
put 
--------------------------------------------------------------
SSLEngine on
SSLCertificateFile /etc/apache2/conf/ssl.crt
SSLCertificateKeyFile /etc/apache2/conf/ssl.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
--------------------------------------------------------------
7: Restart Apache ( Tag - self signed certificate for apache)

/etc/init.d/apache2 stop
/etc/init.d/apache2 stop

You are done , now test :)

Thursday, June 4, 2009

Rsync backup - a quick HowTo

This is a quick HowTo for taking backup using rsync utility.
Rsync utility is an open sourec tool used for incremental backup.

Man page of rsync describes all options for rsync utility.

Here we show you some simple command for incremental backup using rsync.

For example we have two Linux servers server1 and server2 and we want to take
incremental backup of server1 "/data" directory to server2 "/backup/data".
In order to do this rsync utility must be installed in both of the servers.

Steps:

1. login to server2 and create the backup directory /backup/data (Tag - Rsync backup)
2. now run the following command from server2  (Tag - Rsync backup)
rsync -avz -e ssh user@server1:/data/ /backup/data/  ( this will fetch files fromm server1 and store it to local(server2) /backup/data)    (Tag - Rsync backup)
3. This will prompt for user password (ssh) - server1    (Tag - Rsync backup)
5. After providing password for user rsync will start syncing files.
6. Once this is done , you can see all files under /data in server1 are also in /backup/data/ in server2              (Tag - Rsync backup)
7. Now to schedule this backup process , you can use cron .   (Tag - Rsync backup)

If you don't want to provide password each time , you can setup password less ssh 
between these two servers.   (Tag - Rsync backup)

Password Less SSH -- quick HowTo

Password less ssh:
This is a quick HowTo for setting up password less ssh.
For example we have two servers server1 and server2 and 
two users user1 in server1 and user2 in server2
Now from server 1 we want tgo password less ssh to server2 
For this we need to follow a few steps 

1. login to as user1 to server1 
2. run "ssh-key-gen -t rsa" from command prompt 
it will provide following out put

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 user1@server1

Now you have private key at /home/user1/.ssh/id_rsa and
public key at /home/user1/.ssh/id_rsa.pub

3. Now we need to copy the content of /home/user1/.ssh/id_rsa.pub file to server2

4. login to server2 using user2 user

5. cd .ssh/

6. copy the entire content of /home/user1/.ssh/id_rsa.pub from server1 and put into authorized_keys
   i.e /home/user2/.ssh/authorized_keys of server2

7. If you already have authorized_keys file with some other keys , then just append to it.

8. Now you can ssh as user1@server to user2@server2 without being promted for password.

Wednesday, June 3, 2009

Nagios Temperature Monitoring

I have written a short nagios plugin for Nagios Temperature Monitoring .
This plugin will work on linux and it will use "mbmon" system utility to trace the system temperature.

Please check that "/usr/bin/mbmon" commad runs successfully in your system.
else install mobmon utility 
-------------Perl Script for Nagios Temperature Monitoring----
#! /usr/bin/perl -w
## Nagios-NRPE check Temperature Status
# Developed by Polo


$result="";
$error=0;
if ($status = `sudo /usr/bin/mbmon -c1 -T 7`)
{
@status = split(/\n/,$status);
$numlines = @status;
$count=0;
while ( $count < $numlines )
{
if ( $status[$count] > 60 )
{
$error = $error +1;
#$result=$result.','.$status[$count];
}
$result=$result.','.$status[$count];
$count++;
}
if ($error > 0)
{
$output= 'TEMPRATURE CRITICAL Status:'.$result."\n";
print $output;
exit 2;
}
else
{
$output= 'TEMPRATURE OK Status:'.$result."\n";
print $output;
exit 0;
}
}
else
{
exit 3;
}

NFS Cluster setup - a Quick HowTo

This is a quick HowTo for NFS Cluster setup.

Required setup (NFS Cluster setup - a Quick HowTo):
(This requirement is as per our assumpsion , you can customise it further as per requirement)
Server1: Debain Linux installed with NFS server and client package with one private ip address
Server2:                               --- same ------

One virtual ip address for fail over.

/data/share partition will be mirrored by DRBD.

Proposed partitions for each NFS servers.

/dev/md0 -- 500 MB /boot (primary, ext3, Bootable flag: on)
/dev/md1 -- 10000 MB / (logical, ext3)
/dev/md2 - Double of RAM swap (logical)
/dev/md3 -- 200 MB un mounted (logical, ext3) (will contain DRBD's meta data) 
/dev/md4 -- 100 GB un mounted (logical, ext3) (will contain the /data/sharedirectory)


Steps (NFS Cluster setup - a Quick HowTo):

After Linux installation 

1. Check all partitions are ok and /dev/md3 and /dev/md4 are un mounted.(Tag - NFS Cluster setup)
2. Install NTP and update time in both servers 
3. Install NF Server - apt-get install nfs-kernel-server. (Tag - NFS Cluster setup)
4. Remove from auto boot 
update-rc.d -f nfs-kernel-server remove (Tag - NFS Cluster setup)
update-rc.d -f nfs-common remove  (Tag - NFS Cluster setup)

5. Edit /etc/exports  (Tag - NFS Cluster setup)
Put /data/share 192.168.1.0/255.255.255.0(rw,no_root_squash,no_all_squash,sync)
6. Install DRBD on both servers (Tag - NFS Cluster setup)
apt-get install kernel-headers-2.6.8-2-386 drbd0.7-module-source drbd0.7-utils
cd /usr/src/  (Tag - NFS Cluster setup)
tar xvfz drbd0.7.tar.gz
cd modules/drbd/drbd
make
make install  (Tag - NFS Cluster setup)

7. Configure on both servers (NFS Cluster setup - a Quick HowTo) (Tag - NFS Cluster setup)

Edit /etc/drbd.conf (Tag - NFS Cluster setup)

resource r0 {

 protocol C;
 incon-degr-cmd "halt -f";

 startup {
    degr-wfc-timeout 120;    # 2 minutes.
  }

  disk {
    on-io-error   detach;
  }

  net {

  }

  syncer {

    rate 10M;

    group 1;

    al-extents 257;
  }

 on server1 {                
   device     /dev/drbd0;       
   disk       /dev/md4;         
   address    192.168.1.xx:7788; 
   meta-disk  /dev/md3[0];      
  }

 on server2 {                
   device    /dev/drbd0;        
   disk      /dev/md4;          
   address   192.168.1.xx:7788; 
   meta-disk /dev/md3[0];       
  }

}



modprobe drbd
drbdadm up all
cat /proc/drbd


11. server1/server2 (NFS Cluster setup - a Quick HowTo): (Tag - NFS Cluster setup)
mkdir /data
server1:
mount -t ext3 /dev/drbd0 /data
mv /var/lib/nfs/ /data/
ln -s /data/nfs/ /var/lib/nfs
mkdir /data/share
umount /data
server2:
rm -fr /var/lib/nfs/
ln -s /data/nfs/ /var/lib/nfs

12. Install and configure Heartbeat (Tag - NFS Cluster setup)
apt-get install heartbeat
edit /etc/heartbeat/ha.cf
logfacility     local0
keepalive 2
#deadtime 30 # USE THIS!!!
deadtime 10
bcast   eth0
node server1 server2

 
edit /etc/heartbeat/haresources   (Tag - NFS Cluster setup)
server1  IPaddr::192.168.1.xx/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 nfs-kernel-server

/etc/heartbeat/authkeys    (Tag - NFS Cluster setup)
auth 3
3 md5 somerandomstring

chmod 600 /etc/heartbeat/authkeys  (Tag - NFS Cluster setup)
/etc/init.d/drbd start
/etc/init.d/heartbeat start

Thursday, May 28, 2009

linux network configuration - A Quick Howto

Linux Network configuration files .


One of the linux network configuration part is to setup DNS , to do this you need to edit 
/etc/resolv.conf  -- DNS Configuration in linux

-----
search yourdomain.com
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
-----

Secondly you might need to edit the host file 

/etc/hosts
---
127.0.0.1       localhost
---

For fedora and redhat , you can use an easy GUI tool for linux network configuration .
command : /usr/sbin/system-config-network 

After running this command you can simply select the interface to edit and configure 

Also from text mode you can configure linux networking using ifconfig tool like 
/sbin/ifconfig eth0 192.168.75.50 netmask 255.255.255.0 broadcast 192.168.75.255
For debian 
Just edit /etc/network/interfaces 
and put like
-------------------------
# The loopback network interface 
auto lo iface lo inet loopback  
# The primary network interface allow-hotplug eth0 iface eth0 inet static         address 192.168.75.50         netmask 255.255.255.0         network 192.168.75.0         broadcast 192.168.75.255 
----------------------

save and exit , then restart network service ussuing command "/etc/init.d/network restart".

For alias ip configuration just follow the smae steps except assign ip address in virtual interface like eth1:1 , eth1:2..etc.



How to copy a disk - Linux

Here are the steps which shows
How to copy a disk over network .

Copy a disk over network , target machine enter following command:

"nc" utility and "dd" are used to copy a disk over network
nc -l -p 6565 | gzip –dfc | dd of=/dev/hdb

And on source machine.

dd if=/dev/hda | gzip –cf | nc 192.168.75.21 6565