Friday 23 October 2015

TinyDNS & DNSCache Installation in Linux

Reference : http://www.slideshare.net/yonitg/tinydns-and-dnscache

#yum install gcc make
#cd /usr/local/src
#wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
#wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
#wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
#tar xzvf daemontools-0.76.tar.gz
#cd admin/daemontools-0.76/
#./package/install
-----------------------------
@@Note@@
Error:
@@At this point the script will stop with error message as "
/usr/bin/ld: errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference in envdir.o
/lib64/libc.so.6: could not read symbols: Bad value
collect2: ld returned 1 exit status

Solution:
@@Run the below command to fix it and run again ./package/install@@
#echo gcc -O2 -include /usr/include/errno.h > compile/conf-cc
./package/install
------------------------------
#cd /usr/local/src
#tar xzvf ucspi-tcp-0.88.tar.gz
#cd ucspi-tcp-0.88
#echo gcc -O2 -include /usr/include/errno.h > conf-cc
#make
#make setup check

#cd /usr/local/src
#tar xzvf djbdns-1.05.tar.gz
#cd djbdns-1.05
#echo gcc -O2 -include /usr/include/errno.h > conf-cc
#make
#make setup check

#cd /usr/local/src
#useradd -d /dev/null -s /bin/false dnscache
#useradd -d /dev/null -s /bin/false dnslog
##create the dnscache:
#dnscache-conf dnscache dnslog /etc/dnscache 10.1.14.83
##create the acl for the server (who can query):
#touch /etc/dnscache/root/ip/10.1
#touch /etc/dnscache/root/ip/10.2
#touch /etc/dnscache/root/ip/172.1
##create the link for the daemon tools to start the service
#ln -sf /etc/dnscache /service/dnscache
useradd -d /dev/null -s /bin/false tinydns
useradd -d /dev/null -s /bin/false tinylog
##create the server
tinydns-conf tinydns tinylog /etc/tinydns 127.0.0.1
cd /etc/tinydns/root/
init q
ln -sf /etc/tinydns /service/tinydns

#vim /etc/init/daemontools.conf
#Add below lines then save and close
# daemontools

start on runlevel [2345]

stop on runlevel [016]

respawn

exec /usr/local/bin/svscanboot



:wq

Run below command to start the dameontools
#initctl start daemontools


cp /etc/tinydns/root/data /root/bkp/data_Orig
vim /etc/tinydns/root/data
#SOA
.gai.net:10.1.14.83:a:259200

#PTR
.1.10.in-addr.arpa:10.1.14.83:a:259200
.2.10.in-addr.arpa:10.1.14.83:a:259200
.1.172.in-addr.arpa:10.1.14.83:a:259200

=sys-0001.gai.net:10.1.6.81:86400
=sys-0002.gai.net:10.1.6.82:86400
=sys-0003.gai.net:10.1.6.91:86400
=sys-0004.gai.net:10.1.6.92:86400

:wq

cd /etc/tinydns/root/
make ; svc -t /service/*

##Create below files

#vim /etc/dnscache/env/CACHESIZE
#change the value to 7000000

#vim /etc/dnscache/env/DATALIMIT
#change the value to 10485760

#vim /etc/dnscache/root/servers/1.10.in-addr.arpa
127.0.0.1

#vim /etc/dnscache/root/servers/2.10.in-addr.arpa
127.0.0.1

#vim /etc/dnscache/root/servers/gai.net
127.0.0.1

#vim /etc/dnscache/root/servers/@
203.145.184.13
8.8.8.8
8.8.4.4
180.151.151.152

cd /etc/tinydns/root/
make ; svc -t /service/*

#Now change the nameserver ip to 10.1.14.83 and ping the local machine sys-0001.gai.net (it should give ip as 10.1.6.81)









Posted by at No comments:

Tuesday 1 September 2015

Compile Python with Custom OpenSSL in CentOS/Redhat Linux [ Python 2.7.9 OpenSSL 1.0.1 TLS 1.2 ]


Step 1#
wget https://www.openssl.org/source/openssl-1.0.1p.tar.gz
tar xzvf openssl-1.0.1p.tar.gz
cd openssl-1.0.1p
./config shared --prefix=/usr/local/openssl_1_0_1p
make
make install

 Step 2#
wget https://www.python.org/ftp/python/2.7.9/Python-2.7.9.tgz


tar xzvf Python-2.7.9.tgz
cd Python-2.7.9
 
vim Modules/Setup.dist

###Modify & Enable below Lines###

SSL=/usr/local/openssl_1_0_1p
_ssl _ssl.c \
        -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
        -L$(SSL)/lib -lssl -lcrypto

:wq

./configure --prefix=/usr/local/python2.7.9 --enable-unicode=ucs4 --enable-shared
 
ln -s /usr/local/openssl_1_0_1p/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.1.0.0
ln -s /usr/local/openssl_1_0_1p/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0
make
make install

 Step 3#
#/usr/local/python2.7.9/bin/python
>import ssl 
>ssl.OPENSSL_VERSION 

The Result will show the above installed openSSL version

Extra Errors:

Action:
#cd setuptools-21
#/usr/local/python_2.7_10/bin/python setup.py install

Error:

No PyErr_ReplaceException File

Solution:

export PATH=/usr/local/python_2.7_10/bin/:$PATH
export LD_LIBRARY_PATH=/usr/local/python_2.7_10/lib/:$LD_LIBRARY_PATH

vim /usr/local/python_2.7_10/include/python2.7/pyerrors.h
##Disable below line##

PyAPI_FUNC(void) _PyErr_ReplaceException(PyObject *, PyObject *, PyObject *);

:wq

make
make install
#cd setuptools-21
#/usr/local/python_2.7_10/bin/python setup.py install
Posted by at No comments:

Wednesday 26 August 2015

GitBlit Master Slave Replication Setup


Step 1#
#In Master GIT Server[Master URL http://git.example.net:1337]


vim /opt/gitblit/data/gitblit.properties
# Modify or Add lines as below
git.enableGitServlet = true
web.showFederationRegistrations = true
federation.passphrase = p@$$w0rd [We can set anything here]
:wq!
#ps aux | grep java
#service gitblit stop
#ps aux | grep java
#service gitblit start
Step 2#
Login to http://git.example.net:1337
Click on Admin Profile-->federation-->Copy the federation tokens for "all repositories, users, & settings"
(Example: Here token is c12b82e1b5e0ba6baec48119468aa09595663164)
Step 3#
#Install Fresh GitBlit Server
#Go to Slave GIT Server
vim /opt/gitblit/data/gitblit.properties
#Modify Or Add lines as below
federation.allowProposals=true
federation.example1.url = http://git.example.net:1337
federation.example1.token = c12b82e1b5e0ba6baec48119468aa09595663164 [Paste the token copied from Master GIT]
federation.example.frequency = 5 mins [Replication frequency between Master and Backup Slave]
federation.example.folder =
federation.example.bare = true
federation.example.mirror = true
federation.example.mergeAccounts = true
#ps aux | grep java
#service gitblit stop
#ps aux | grep java
#service gitblit start
Step 4#
#Monitor the log file in both the Master & Slave Servers
tail -f /opt/gitblit/data/logs/gitblit.log
Successful Logs Example:
Master:
[INFO ] ARF: lendingstream.git/info/refs?service=git-upload-pack (100) authenticated [Here lendingstream.git Repo name, like wise will get for all Repo]
[INFO ] Federation PULL_USERS request from SLAVE_IP
[INFO ] Federation PULL_TEAMS request from SLAVE_IP
[INFO ] Federation PULL_SETTINGS request from SLAVE_IP
[INFO ] Federation PULL_SCRIPTS request from SLAVE_IP
Slave:
[INFO ] Pulling federated repository lendingstream.git from example1 @ http://git.example.net:1337
[INFO ] Next pull of example1 @ http://git.example.net:1337 scheduled for DATE_TIME
Step 5#
#How to Check Slave is working fine.
1. Login to Slave's GIT Dashboard by admin and check the Repo's & Users are synched or not
2. Clone any repository to Local using any Master's username & password from Slave's URL.
Posted by at 5 comments:

Sunday 16 August 2015

Ovirt Manager Backup Script


#!/bin/bash
today=`date +"%d-%B-%Y"`
remove_3day_old_file=`date +"%d-%B-%Y" --date="3 day ago"`
(
if [ -d /usr/local/ovirt_backup ]
then
echo "Backup Folder /usr/local/ovirt_backup exist"
else
mkdir /usr/local/ovirt_backup
fi
echo "Backup Started `date`"
/usr/bin/engine-backup --mode=backup --scope=all --file=/usr/local/ovirt_backup/ovirt_backup_`date +%d-%B-%Y`.tar --log=/usr/local/ovirt_backup/ovirt_backup_`date +%d-%B-%Y`_log.txt
scp /usr/local/ovirt_backup/ovirt_backup_`date +%d-%B-%Y`* scpuser@destination.example.com:/data/Server_Backups/ovirtmanager/
#rm /usr/local/ovirt_backup/ovirt_backup_$remove_3day_old_file* -f
echo "rm /usr/local/ovirt_backup/ovirt_backup_$remove_3day_old_file* -f"
echo "Backup Completed `date`"

)1>/tmp/ovirtmanager_bkp_out.txt 2>/tmp/ovirtmanager_bkp_err.txt

if [ -s /tmp/ovirtmanager_bkp_err.txt ]
then
(
        echo "To: mdmansoor26@gmail.com"
        echo "From: mdmansoor26@gmail.com"
        echo "Subject: [Alert] $0 script Error `hostname`"
        echo -e "Dear Team,\n\n"
        echo -e "\n\nContents of /tmp/ovirtmanager_bkp_err.txt"
        cat /tmp/ovirtmanager_bkp_err.txt
        echo -e "\n\nRegards,\nLinux Admin Team\n\n"
        echo -e "\n*** THIS IS A AUTO GENERATED ALERT GENERATED AT `date` ***\n"
)| /usr/sbin/sendmail -t -f mdmansoor26@gmail.com

else

(
        echo "To: mdmansoor26@gmail.com"
        echo "From: mdmansoor26@gmail.com"
        echo "Subject: [INFO] Ovirtmanager Backup completed on `date +"%d-%B-%Y"`"
        echo -e "Dear Team,"
        echo -e "\n\nOvirtmanager Backup completed on `date +"%d-%B-%Y"`"
        echo -e "\n\nScript Running in host: `hostname`"
        echo -e "\n\nScript Name: $0"
        echo -e "\n\nSource Path: ovirtmanager:/usr/local/ovirt_backup/ovirt_backup_`date +"%d-%B-%Y"`.tar & /usr/local/ovirt_backup/ovirt_backup_`date +"%d-%B-%Y"`_log.txt"
        echo -e "\n\nDestination Path: destination.example.com:/data/Server_Backups/ovirtmanager/ovirt_backup_`date +"%d-%B-%Y"`.tar & ovirt_backup_`date +"%d-%B-%Y"`_log.txt"
        echo -e "\n\nRegards,\nProd Support Team\n\n"
        echo -e "\n*** THIS IS A AUTO GENERATED ALERT GENERATED AT `date` ***\n"
)| /usr/sbin/sendmail -t -f mdmansoor26@gmail.com

fi
[root@ovirtmanager ovirt_backup]#
Posted by at 1 comment:

Ovirt Manager Upgrade / Ovirt Host Upgrade / Ovirt FreeIPA Integration


Upgrade Plan: Total Down Time Required: 4 hrs
Backup & Restore Plan:
Backup:
/usr/bin/engine-backup --mode=backup --scope=all --file=ovirt_backup_`date +%d-%B-%Y`.tar --log=ovirt_backup_`date +%d-%B-%Y`_log.txt
Restore:
/usr/bin/engine-backup --mode=restore --file=ovirt_backup_`date +%d-%B-%Y`.tar --log=ovirt_restore_`date +%d-%B-%Y`_log.txt
---------------------------------------------
If Restore DB credentials, use the below command
/usr/bin/engine-backup --mode=restore --file=ovirt_backup_`date +%d-%B-%Y`.tar --log=ovirt_restore_`date +%d-%B-%Y`_log.txt --change-db-credentials --db-host=localhost --db-user=engine --db-name=engine --db-password

Enter the password as xxxxxxxxx [Got this credentials from ovirtmanager.example.com:/etc/ovirt-engine/engine.conf.d/10-setup-database.conf ]
----------------------------------------------

Step 1 # Upgrade From 3.3.1  to 3.4.4.1 [Down Time required : 1.30 hrs ]
#yum localinstall http://resources.ovirt.org/pub/yum-repo/ovirt-release34.rpm
#yum update "ovirt-engine-setup*"
#engine-setup [Enter the appropriate details and continue this setup]

Step 2 #  Upgrade From 3.4.4.1 to 3.5.3 [Down Time required : 1.30 hrs ]
#yum localinstall http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm
#yum update "ovirt-engine-setup*"
#engine-setup [Enter the appropriate details and continue this setup]

Step 3 # Upgrade Ovirt Node from 3.0.1 to 3.5  [Down Time required : 3 hrs ]
#Go to OvirtManager Terminal
#yum install ovirt-node-iso
Put Host in maintenance mode and click upgrade in Hosts tab

To Add External Domains in Ovirt for authentication [ Down Time required : 15 mins ]
#Go to OvirtManager Terminal
#engine-manage-domains delete --domain=example.com
#service ovirt-engine restart
#Point the SRA record in alps.example.com to Peregrine only
#engine-manage-domains add --domain=example.com --provider=IPA --user=admin
#service ovirt-engine restart
Posted by at 341 comments:

Friday 14 August 2015

htpasswd for multiple users using bash script

Step 1# Add users   in /tmp/users.txt

vim /tmp/users.txt
mansoor
user1
user2
:wq


Step 2# Create & Run script
vim htpasswd_change.sh
#!/bin/bash
for user in `cat /tmp/users.txt`
do
pass=`tr -dc A-Za-z0-9 < /dev/urandom | head -c 6 | xargs`
htpasswd -bm /var/www/html/webserver/htpasswd $user $pass
echo "$user " " : " " $pass"
done
Posted by at No comments:

Useradd for multiple users using bash script

Step 1#  Add users in below file

 vim users.txt
mansoor
user1
user2
:wq

Step 2# vim useradd.sh
#!/bin/bash
for user in `cat users.txt`
do
useradd -g groupname -d /data/$user $user
pass=`tr -dc A-Za-z0-9 < /dev/urandom | head -c 6 | xargs`
echo -e $pass | passwd --stdin $user
echo "Username: $user Password: $pass"
done
Posted by at No comments:

SelfSigned SSL Certificate create command


Step 1# openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout redhat.example.com.key -out redhat.example.com.crt

 Step 2# vim /etc/httpd/conf.d/ssl.conf

 ##Modify below lines 

 SSLCertificateFile /root/SSL_Cert_Zabbix.gai.net/redhat.example.com.crt
SSLCertificateKeyFile /root/SSL_Cert_Zabbix.gai.net/redhat.example.com.key

 Step 3# /etc/init.d/httpd reload
Posted by at No comments:

Friday 7 August 2015

SSL Certificate Check and Email Using Bash Script

#!/bin/bash
TodayPlus30=`date +%d" "%b" "%Y  -d '+30 day'`
TodayPlus15=`date +%d" "%b" "%Y  -d '+15 day'`
TodayPlus7=`date +%d" "%b" "%Y  -d '+7 day'`
TodayPlus1=`date +%d" "%b" "%Y  -d '+1 day'`
convert_TodayPlus30=`date --date="$TodayPlus30" '+%s'`
convert_TodayPlus15=`date --date="$TodayPlus15" '+%s'`
convert_TodayPlus7=`date --date="$TodayPlus7" '+%s'`
convert_TodayPlus1=`date --date="$TodayPlus1" '+%s'`

function email {
(
        echo "To: mohamed.mansoor@example.com"
        echo "From: mohamed.mansoor@example.com"
        echo "Subject: [ALERT] [SSL EXPIRE] $certificate SSL Certificate Expires On $enddate"
        echo -e "Dear Team,"
        echo -e "\n\n$certificate SSL Certificate expires on $enddate. Kindly check and renew the certificate earliest."
        echo -e "\n\nScript Running in host: `hostname`"
        echo -e "\n\nScript Name: $0"
        echo -e "\n\nRegards,\nProd Support Team\n\n"
        echo -e "\n*** THIS IS A AUTO GENERATED ALERT GENERATED AT `date` ***\n"
)| /usr/sbin/sendmail -t -f mohamed.mansoor@example.com

}

for certificate in www.zebit.com:443
do
enddate=`openssl s_client -connect $certificate 2>/dev/null | openssl x509 -noout -enddate | awk -F= '{print $2}'| awk '{print $2" "$1" "$4}'`
convert_enddate=`date --date="$enddate" '+%s'`
if [ $convert_enddate -eq $convert_TodayPlus30 ]
then
email
elif [ $convert_enddate -eq $convert_TodayPlus15 ]
then
email
elif [ $convert_enddate -eq $convert_TodayPlus7 ]
then
email
elif [ $convert_enddate -eq $convert_TodayPlus1 ]
then
email
fi
done
Posted by at No comments:

Sunday 26 July 2015

Zabbix Master / Proxy Installation in Centos/RHEL 6


Plan 2 # Install Zabbix Master 2.4.5 & Proxy 2.4.5 in Different Path

Step 1# Copy the Zabbix-2.4.5.tgz to Test-NS12, RS9, NS3, TMS1-GF, Peregrine, VSFTP
under /usr/local/src location and Extract the same

Step 2# Install the Proxies & Agent in Node Servers (RS9, NS3, TMS1-GF, Peregrine, VSFTP)

# cd /usr/local/src/zabbix-2.4.5
# ./configure --prefix=/usr/local/zabbix_proxy --enable-proxy --enable-agent --with-mysql --with-net-snmp --with-jabber –with-libcurl

# make install

# cd database/mysql

# mysql
# mysql> create database zabbix_proxy
# mysql> grant all on zabbix_proxy.* to 'zabbix_proxy'@'localhost' identified by 'zabbix_proxy';
# mysql> flush privileges;
# mysql> use zabbix_proxy;
# mysql> source schema.sql;
# mysql> quit;
# vim /usr/local/zabbix_proxy/etc/zabbix_proxy.conf
##Modify below lines

Server=xx.xx.xx.xx [Master IP]
Hostname=GAIndia [Proxy Name, here GAIndia is example]
ListenPort=20051 [Here Port changed from 10051 to 20051 for Port Conflict Issue ]
DBName=zabbix_proxy
DBUser=zabbix_proxy
DBPassword=zabbix_proxy
ConfigFrequency=300
HousekeepingFrequency=1
ProxyOfflineBuffer=24
#wq!

# vim /usr/local/zabbix_proxy/etc/zabbix_agentd.conf
##Modify below lines

ServerActive=xx.xx.xx.xx [Proxy Server IP]
ListenPort=20050 [ Here Port changed from 10050 to 20050 for Port Conflict Issue ]
##Hostname= [Disable this line]
:wq!


Step 3 # Install Zabbix Master 2.4.5 in Test-NS12

# cd /usr/local/src/zabbix-2.4.5

# ./configure –prefix=/usr/local/zabbix_server --enable-server --enable-agent --with-mysql --with-net-snmp --with-jabber –with-libcurl

# make install

# cd frontends/php/

# mkdir /var/www/html/zabbix_server

# rsync -avz . /var/www/html/zabbix_server/

# chown apache:apache /var/www/html/zabbix_server -Rvf

# cd /usr/local/src/zabbix-2.4.5/database/mysql

# mysql
# mysql> create database zabbix_server
# mysql> grant all on zabbix_server.* to 'zabbix_server'@'localhost' identified by 'zabbix_server';
# mysql> flush privileges;
# mysql> use zabbix_server;
# mysql> source schema.sql;

# mysql> source data.sql;

# mysql> source images.sql;
# mysql> quit;

# vim /etc/httpd/conf/httpd.conf

##Add Below lines in End of the file

<VirtualHost *:80>
ServerAdmin prodsupport@globalanalytics.com
DocumentRoot /var/www/html/zabbix_server
ServerName mansoor.zabbix.net
ServerAlias localhost
ErrorLog logs/mansoor.zabbix.net-error_log
CustomLog logs/mansoor.zabbix.net-access_log common
</VirtualHost>


# /etc/init.d/httpd restart


Step 4 # Start Zabbix Server in Test-NS12

# vim /usr/local/zabbix_server/etc/zabbix_server.conf
# Modify below lines

ListenPort=20051 [Here Port changed from 10051 to 20051 for Port Conflict Issue ]

# /usr/local/zabbix_server/sbin/zabbix_server -c /usr/local/zabbix_server/etc/zabbix_server.conf

# tail -f /tmp/zabbix_server.log

# Add DNS Entry for mansoor.zabbix.net to 68.70.161.109 in DNS MadeEasy

# Connect to http://mansoor.zabbix.net and Install Zabbix_Server

Step 5# Configure the Proxy in Master Dashboard's & Start Zabbix Proxy

Adding proxies in Master Dashboard
To configure a proxy in Zabbix frontend:
  • Go to: Administration → Proxies
  • Click on Create proxy













Proxy name
Enter the proxy name. It must be the same name as in the Hostname parameter in the proxy configuration file.

Proxy mode
Select the proxy mode.
Active - the proxy will connect to the Zabbix server and request configuration data

Hosts
Add hosts to be monitored by the proxy.

Description
Enter the proxy description.

            1. Host Configuration in Master Dashboard

You can specify that an individual host should be monitored by a proxy in the host configuration form, using the Monitored by proxy field.




Step 6 # Start Zabbix Proxy & Zabbix Agentd in Proxy Servers [RS9, NS3, TMS1-GF, Peregrine, VSFTP]

# killall zabbix_server
# killall zabbix_agentd
# /usr/local/zabbix_proxy/sbin/zabbix_proxy -c /usr/local/zabbix_proxy/etc/zabbix_proxy.conf
# /usr/local/zabbix_proxy/sbin/zabbix_agentd -c /usr/local/zabbix_proxy/etc/zabbix_agentd.conf

Step 7 # Zabbix Agentd Configuration
# killall zabbix_agentd
# Edit the Zabbix_Agentd Configuration File in All Zabbix Agents and Restart the Zabbix Agentd
# vim /usr/local/zabbix_proxy/etc/zabbix_agentd.conf
##Server= [Disable this Option]
ServerActive=xx.xx.xx.xx [Proxy Server IP]
# zabbix_agentd

Step 8 # check the Log Files of Server & Proxy

# Master server # tail -f /tmp/zabbix_server.log
# Proxy Servers # tail -f /tmp/zabbix_proxy.log

Step 9 # Export Below from Test-NS12 and Import the same in Test-NS12 New Zabbix Instance

Groups, Hosts, Templates, Discovery rules, Triggers, Graphs, Screens, Maps, Images
Posted by at No comments:
Subscribe to: Posts (Atom)