Thursday, 11 December 2014

Making an LDAP client for user authentication - CentOS 6 and 5

Install the software: 
yum install nss-pam-ldapd nscd pam_krb5 

-bash-3.2# authconfig --enablecache --enableshadow --passalgo=sha512 --disablenis --enableldap --ldapserver="ldap://YOUR_LDAP_SERVER" --ldapbasedn="dc=YOUR_DC1,dc=YOUR_DC2,dc=YOUR_DC3" --enablekrb5 --krb5kdc=YOUR_KERBEROS_DOMAIN --krb5adminserver=YOUR_KERBEROS_SERVER --krb5realm=YOUR_KERBEROS_REALM --enablelocauthorize --disablekrb5kdcdns --disablekrb5realmdns --disablewinbind --disablewins --disablesmartcard --enablemkhomedir --update
Then edit/create the nslcd.conf file: 
# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.

uid nslcd
gid ldap

# The location at which the LDAP server(s) should be reachable.
uri ldap://YOUR_LDAP_SERVER/

# The search base that will be used for all queries.
base dc=YOUR_DC1,dc=YOUR_DC2,dc=YOUR_DC3

# The DN to bind with for normal lookups.
binddn uid=YOUR_ADMIN,ou=YOUR_OU,dc=YOUR_DC1,dc=YOUR_DC2,dc=YOUR_DC3

# The password
bindpw SECRETPASSWORDHERE

ssl no
tls_cacertdir /etc/openldap/cacerts

map passwd homeDirectory "/home/$uid"
Then check /etc/nsswitch.conf file, making sure the following entries are present: 
passwd:     files ldap
shadow:     files ldap
group:      files ldap
Restart nslcd: 
/etc/init.d/nslcd restart
nslcd is not available on CentOS 5, so we use sssd instead. 
yum install sssd
yum remove nscd
Edit the sssd.conf file to: 
[sssd]
domains = ADS.BRIS.AC.UK
services = nss,pam
config_file_version = 2
 
[nss]
filter_groups = root
filter_users = root
override_homedir = /home/%u
 
# A domain with identities provided by LDAP and authentication by Kerberos
[domain/YOUR_KERBEROS_DOMAIN]
enumerate = false
 
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
 
ldap_uri = ldap://YOUR_LDAP_SERVER/
ldap_search_base = dc=YOUR_DC1,dc=YOUR_DC2,dc=YOUR_DC3
#tls_reqcert = demand
ldap_tls_cacert = /etc/openldap/cacerts
ldap_default_bind_dn = uid=YOUR_ADMIN,ou=YOUR_OU,dc=YOUR_DC1,dc=YOUR_DC2,dc=YOUR_DC3
ldap_default_authtok_type = password
ldap_default_authtok = SECRETPASSWORDHERE
 
krb5_server = YOUR_KERBEROS_SERVER
krb5_realm = YOUR_KERBEROS_REALM
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
Run this authconfig command: 
-bash-3.2$ authconfig --enablesssdauth --enablesssd --disableldap --update
Then check /etc/nsswitch.conf file, making sure the following entries are present: 
passwd:     files sss
shadow:     files sss
group:      files sss
Restart sssd: Restart nslcd: 
/etc/init.d/sssd restart
Make sure it starts up at boot time: 
-bash-3.2# chkconfig --list
iscsi           0:off   1:off   2:off   3:on    4:on    5:on    6:off
iscsid          0:off   1:off   2:off   3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
multipathd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
netplugd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
puppet          0:off   1:off   2:off   3:off   4:off   5:off   6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sssd            0:off   1:off   2:off   3:on    4:on    5:on    6:off
-bash-3.2# chkconfig sssd on
-bash-3.2# chkconfig --list
iscsi           0:off   1:off   2:off   3:on    4:on    5:on    6:off
iscsid          0:off   1:off   2:off   3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
multipathd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
netplugd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
puppet          0:off   1:off   2:off   3:off   4:off   5:off   6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sssd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
Posted by at No comments:

Wednesday, 10 December 2014

Foreman broken! Passenger - Error writing to temporary file

Nobody has touched it but overnight it broke! Now we just get this error from passenger: 
Web application could not be started
Error writing to temporary file
Application root
/usr/share/foreman
Environment (value of RAILS_ENV, RACK_ENV, WSGI_ENV and PASSENGER_ENV)
production
Ruby interpreter command
/usr/bin/ruby193-ruby
User and groups
uid=497(foreman) gid=498(foreman) groups=498(foreman),52(puppet)
Environment variables
[cut]

Ulimits

    Unknown

System memory usage

                 total       used       free     shared    buffers     cached
    Mem:         32057      31710        347          3        715      29020
    -/+ buffers/cache:       1973      30084
    Swap:         4047          0       4047

Powered by Phusion Passenger, mod_rails / mod_rack for Apache and Nginx.
I spent nearly all day looking at this but with no avail. Does anyone have any ideas?
Posted by at No comments:

Tuesday, 9 December 2014

Ganeti Xen VM - Creating and Growing Disk

Installing a Ganeti VM

(1) root@node03 /srv/ganeti/os/centos
#  /usr/local/projects/deploy/ganeti/bin/mk-gnt-instance-hail.sh  -h fsxz.isys -m 4096 -c 2 -d 66 -o centos+5
Tue Dec  9 15:54:28 2014  - INFO: Selected nodes for instance fsxz.isys via iallocator hail: node05.gnt6.fog.priv, node04.gnt6.fog.priv
Tue Dec  9 15:54:30 2014 * creating instance disks...
Tue Dec  9 15:54:40 2014 adding instance fsxz.isys to cluster config
Tue Dec  9 15:54:42 2014 * checking mirrors status
Tue Dec  9 15:54:43 2014  - INFO: - device disk/0:  0.70% done, 18m 48s remaining (estimated)
Tue Dec  9 15:54:43 2014  - INFO: - device disk/1:  1.90% done, 1m 53s remaining (estimated)
Tue Dec  9 15:54:43 2014 * pausing disk sync to install instance OS
Tue Dec  9 15:54:44 2014 * running the instance OS create scripts...

Growing Disks

Growing a VM disk involves 2 stages:
Grow the block device
Resize the file system

Ganeti can grow the block device for you using the gnt-instance grow-disk command: 

$ gnt-instance grow-disk test.mydomain.com 0 100G
The instance will not see the new disk size until it's rebooted.

# Reboot the instance $ sudo gnt-instance reboot test.mydomain.com Resize the file system After the VM is rebooted, log in to it (ssh) and resize the partion 

sudo resize2fs /dev/xvdX
A Script to generate a MAC address from the IP address: 
#!/bin/bash

echo -n 'Virtual MAC 02:00'
printf ':%02X' ${1//./ }
echo
Posted by at No comments:

Monday, 8 December 2014

Install Grub Boot option - after installing new distro

Install new distro on spare partition or disk. Do not install grub! Boot up original distro (Debian 7 here). 
root@sonsmon:/home/sont# update-grub
Generating grub.cfg ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-3.2.0-4-amd64
Found initrd image: /boot/initrd.img-3.2.0-4-amd64
Found CentOS release 5.11 (Final) on /dev/sda2
done

root@sonsmon:/home/sont# cd /boot/grub
root@sonsmon:/boot/grub# vi grub.cfg
### BEGIN /etc/grub.d/30_os-prober ###
menuentry "CentOS release 5.11 (Final) (on /dev/sda2)" --class gnu-linux --class gnu --class os {
        insmod part_msdos
        insmod ext2
        set root='(hd0,msdos2)'
        search --no-floppy --fs-uuid --set=root d87e04c9-0742-46d7-8ad7-39835b144cc8
        multiboot /boot/xen.gz-2.6.16.400.el5
        linux /boot/vmlinuz-2.6.18-400.el5xen root=/dev/sda2
        initrd /boot/initrd-2.6.18-400.el5xen.img
}
### END /etc/grub.d/30_os-prober ###
Create a new boot initrd image loaded with drivers: 
[root@localhost ~]# cd /boot
[root@localhost boot]# mkinitrd -v --omit-scsi-modules --preload=xenblk --with=xennet --builtin=virtio_pci --builtin=virtio_blk --builtin=xen_vbd initrd-xen-para-son.img 2.6.18-400.el5xen
Posted by at No comments:

Saturday, 6 December 2014

Disney Infinity (Xbox360) - Pokemon Alpha Sapphire (Nintendo 3DS)

Posted by at No comments:

Friday, 5 December 2014

Kickstart file - Installing Centos 6 


text
install
url --url http://mirror.ox.ac.uk/sites/mirror.centos.org/6/os/x86_64/
shutdown

lang en_GB.UTF-8
# langsupport --default en_GB.UTF-8 en_GB.UTF-8 en_US.UTF-8
keyboard uk

network --device eth0 --bootproto dhcp

firewall --enabled --port=22:tcp

timezone --utc Europe/London
rootpw --iscrypted #hashed password here#
bootloader --location=mbr --driveorder=hda --append="rhgb quiet"

# Do not configure the X Window System
skipx

zerombr
clearpart --all
part /boot --fstype ext3 --size=250
part pv.01 --size=100 --grow

volgroup volg0 pv.01
logvol / --vgname=volg0 --size=5000 --name=root --fstype ext4
logvol /var --vgname=volg0 --size=9000 --name=var --fstype ext4
logvol /opt --vgname=volg0 --size=50000 --name=opt --fstype ext4
logvol swap --vgname=volg0 --size=2000 --name=swap --fstype swap

%packages
@core
@base

%post
# Fix up IPV6 DNS behaviour
echo "options single-request-reopen" >> /etc/resolv.conf

# Add getty on hvc0 for Xen guests
sed -i 's!^ACTIVE_CONSOLES=\(.*\)!ACTIVE_CONSOLES="\1 /dev/hvc0"!' /etc/sysconfig/init 
echo hvc0 >> /etc/securetty 

# Add repos
chvt 3
cd /etc/yum.repos.d
wget http://repoman.domain/local/sysops/repos/dell-omsa-repository.repo
wget http://repoman.domain/local/sysops/repos/epel-testing.repo
wget http://repoman.domain/local/sysops/repos/epel.repo
wget http://repoman.domain/local/sysops/repos/foreman-plugins.repo
wget http://repoman.domain/local/sysops/repos/foreman.repo
wget http://repoman.domain/local/sysops/repos/local.repo
wget http://repoman.domain/local/sysops/repos/puppetlabs.repo
cd /etc/pki/rpm-gpg
wget http://repoman.domain/local/sysops/repos/RPM-GPG-KEY-puppetlabs
yum -y update
yum -y install nss-pam-ldapd nscd pam_krb5
yum -y install puppet lgtoclnt
chvt 1
Posted by at No comments:

Thursday, 4 December 2014

Installing Munin node client - on Solaris 11

1. Install gnu-tar, gnu-make and make with pkg. 2. Install the following Perl modules: Net::Server, Time::HiRes, and Net:SNMP 3. Create Munin User 
root@sol11server:/var/tmp# groupadd -g 500 munin
root@sol11server:/var/tmp# useradd -d /export/home/munin/ -m -g munin -u 500 munin
80 blocks
4. Download the Munin source and make install: 
root@sol11server:/var/tmp# wget http://downloads.munin-monitoring.org/munin/stable/2.0.25/munin-2.0.25.tar.gz
--2014-12-04 11:43:04--  http://downloads.munin-monitoring.org/munin/stable/2.0.25/munin-2.0.25.tar.gz
Resolving downloads.munin-monitoring.org (downloads.munin-monitoring.org)... 87.238.48.91, 2a02:c0:1018::fa57
Connecting to downloads.munin-monitoring.org (downloads.munin-monitoring.org)|87.238.48.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1337586 (1.3M) [application/x-gzip]
Saving to: `munin-2.0.25.tar.gz'

100%[====================================================================================>] 1,337,586   1002K/s   in 1.3s

2014-12-04 11:43:05 (1002 KB/s) - `munin-2.0.25.tar.gz' saved [1337586/1337586]

root@sol11server:/var/tmp# gtar zxvf munin-2.0.25.tar.gz

root@sol11server:~# cd munin-2.0.25

root@sol11server:~# gmake install-common-prime install-node-prime install-plugins-prime
5. Edit the munin-node.conf, set host_name and allow ip address of Munin server. 6. Install the modules using this script: 
#!/bin/sh
for i in `cat /var/tmp/plugins-list`
do
        ln -s /opt/munin/lib/plugins/$i /etc/opt/munin/plugins/$i
done
The plugins-list will be a list of the modules you wish munin-node to run, e.g.: 
apache_accesses
apache_processes
apache_volume
df
df_inode
http_loadtime
memcached_
munin_stats
munin_update
netstat
ntp_
ntp_kernel_err
ntp_kernel_pll_freq
ntp_kernel_pll_off
ntp_offset
ntp_states
ping_
processes
ps_
psu_
7. Install startup/shutdown script, and then startup Munin-node. 
#!/sbin/sh
#
prog="munin-node"
path="/opt/munin/sbin"

/usr/bin/mkdir -p /var/run/munin

case "$1" in
'restart')
        #stop the daemon, then fall through to the start
        /usr/bin/pkill -x $prog
        $path/$prog
        ;;
'start')
        $path/$prog
        ;;

'stop')
        /usr/bin/pkill -x $prog
        ;;

*)
        echo "Usage: $0 { start | stop | restart }"
        exit 1
        ;;
esac
exit 0
Posted by at No comments:
Subscribe to: Posts (Atom)