NetBackup Activity Monitor

At my work during project Go Live! sessions I am often asked for the status of the scheduled backup which end early in the morning on weekends. I hate to wake up early on weekends so this is a nice little thing I do to achieve the task while I am sleeping. 

I found neat little perl script which uses the following two tools from netbackup to give a nicely formatted output in email. The tools are bpdbjobs which lists the list of jobs performed and bperror which gives you the status of the job. 

Click here for the original post and script. 

Now once you have the script which sends an email, all I have to do is set an at job to execute the script at the time the user wants the status of the backup. 

Google Chrome Froze

After using Google chrome [BETA] for couple of days, the much hyped sandboxing failed today for me. While browsing a site with flash plugin, the browser froze, it was unresponsive. Their feature of being able to close bad tabs failed as I was not able to get the Task manager from the browser itself. I opened up Task manager to see bunch of chrome.exe processes. I assumed the one which takes up the maximum memory to be the actual browser itself and the rest as tabs and started killing each one of them until the browser is responsive again, but by that time I have lost all the other tabs I was browsing.

This could have happened as plugins themselves are run as separate process. A small widget or a program which runs outside of the browser that works the same way as the task manager for google chrome would be useful in this scenario as you could just fire up the second program to identify and kill the troubling process, just a thought.

IE bug or feature?

I have recently noticed the following behavior testing IE. Here is an explanation on what is happening

Steps
1. Start IE and look at the task manager to see how much memory is being used.
(Observation): iexplore.exe starts with some memory X MB.
2. Start a new window by clicking File-->New Window check the memory.
(Observation): The iexplore.exe process increases by 2-3 MB in memory usage total X+2MB
3. Now Start IE by double clicking the shortcut or the iexplore.exe directly.
(Observation): You will find a new iexplore.exe process running with X MB
4. Repeat step 3 multiple times.
(Observation): New iexplore.exe processes start with X MB of memory.

Now for the Bug or Feature discussion.
Advantages
Lets look at what we can achieve with this behavior.
When started using step 3 above each iexplore.exe has its own session. So you can have multiple sessions from a server with different useraccounts.
Ex: You can login as different users and check / complete your tasks in google.com all simultaneosly.
Disadvantages
Every time you start iexplore.exe the starting memory usage (X MB) is close to 10x more than opening a new window using step 2. Image why the computer is all slow all of a sudden if you are browing online.

Conclusion
Using firefox you share a session always across multiple browser windows does not depend on how you open a new browser window/tab. Now its upto you to decide whether this is a feature that MS gives its users or is it a bug they have been ignoring to fix.

Windows LPR on Unix

Solaris
From your Solaris system, do this (assumes printer IP is 192.168.1.99):

# lpadmin -p hp3200m -s 192.168.1.99 -I any

Type the following to set the default printer (assuming the printer is hp3200m):

# lpadmin -d hp3200m

You need to be sure that print services are started (/usr/lib/lpsched or the equivalent command using Service Management Facility [SMF] in the Solaris 10 OS).

BigAdmin

Linux
#lpadmin -p LinuxPrinterName -E -v lpd://IP_ADDRESS/WindowsPrinterName

AT related

Users can schedule jobs to be run at a future time using the at command and the usage is simple refer "man at". Now once the job is scheduled you can look at the jobs in the at queue using at -l or atq commands.

Once you get the queue to see what is present in the at job look in /var/spool/cron/atjobs/< job name>

Install openoffice from yum

# yum groupinstall "Office/Productivity"

Media Wiki email problems

I have moved my media wiki from one server to another and suddenly the email feature stopped working. After a lot of searching I found out that email for Media Wiki needs php-pear-Mail which can be easily installed by

# yum install php-pear-Mail

after that add the following to LocalSettings.php

# Sending e-mails (requires php-pear-Mail)
$wgSMTP = array
  'host'     => "localhost",
  'IDhost'   => "localhost",
  'port'     => 25,
);

Source

Remote desktop to Windows from Linux

First install rdesktop

#yum install rdesktop

To connect use
$ rdesktop windows_server

More info on rdesktop

VPN to windows from Linux

Use PPTP client.
PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN).

Link

Moving a Certificate from Apache to a Windows IIS Server.

1.) Back up your certificate:

To import your certificate to Windows, you will first need to combine your primary certificate, Intermediate (CA) Certificate, and your private key file into a .pfx type backup file. To do this, use the following command:

openssl pkcs12 -export -out DigiCertBackup.pfx -inkey your_private_key_file.txt -in your_domain_name.crt -certfile DigiCertCA.crt

This creates a backup of your primary certificate called DigiCertBackup.pfx. Copy this file to your IIS Server.

2.) Import the .pfx file to your Windows server
Once you have copied the .pfx file to your Windows server, follow the instructions for importing your .pfx file to Windows IIS server

Source

Nagios for network and service monitoring

Introduction

Nagios is a open source service and network monitoring program.

Installation

Install the following rpms

nagios-2.9-1.el5.rf.i386.rpm
nagios-plugins-1.4.9-1.el5.rf.i386.rpm

Configuration

Add users nagios to cgi.cfg for the following attributes

authorized_for_system_information=nagios
authorized_for_configuration_information=nagios
authorized_for_all_services=nagios
authorized_for_all_hosts=nagios
authorized_for_all_service_commands=nagios
authorized_for_all_host_commands=nagios

Web user setup

Add nagios to /path/to/nagios.htpasswd Add the following to /etc/httpd/conf.d/nagios

Options ExecCGI
AllowOverride None
order allow,deny
Allow from all
 AuthName "Nagios Access"
 AuthType Basic
 AuthUserFile /path/to/nagios.htpasswd
 Require valid-user


Alias /nagios/ /usr/share/nagios/

Options None
AllowOverride None
order allow,deny
Allow from all
 AuthType Basic
 AuthName "Nagios Access"
 AuthUserFile /path/to/nagios.htpasswd
 Require valid-user

Add Hosts and Services to /etc/nagios/localhost.cgi Follow the example configuration
Any questions or problems put them in the comments, I will try to help

Create your own SSL certificate

Here is a quick document on creating SSLs of your own.
List of steps summarized just in case the original site goes down

$ openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024
To create a key file1-file5 are random compressed files.

$ openssl rsa -in server.key -out server.pem
To delete the password from the key

$ openssl req -new -key server.key -out server.csr
To create a certificate signing request

$ openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
To create a self signed certificate.

SSL Certificate

Short Tutorial on screen

If you are like me using Putty or any ssh client to connect to many servers and are looking for a cleaner approach use screen window manager.

Screen Tutorial

Gathering System Information

For Solaris
Refer : Short Notes

Important commands to remember.
/usr/sbin/psrinfo -pv
To get physical processor information
/usr/sbin/prtconf
System Configuration

Linux
CPU Info
look in /proc/cpuinfo
or search for Physical Processor ID"

System architecture could be obtained by using
$uname -a

Force user to change password on login Linux

To force a user to change his password at login use
#chage -d 0 username

It is the same as passwd -t username in solaris.

How to find whether Solaris is 32 or 64 bit

Had to search for this today and found that
# isainfo -vk
will give you what you are looking for. The same information a linux machine can be obtained by the following command
$ uname -m

Automate Apache Tomcat Clusters

The following script is a handy tool which I use to install an apache instance with mod_jk module and several tomcat instances which are used as a loadbalancing setup. After executing this script all you have to do is start the individual servers and everything should work.

The code

#!/bin/bash
################################################################################
# This script is to automate a typical apache tomcat loadbalanced setup
# Author: Tharun Kumar Allu
# Email : tharun_DOT_allu_AT_gmail.com
################################################################################
# Setup all the variables properly
# Change the source to your choice before executing the script
# The only requirement in this script is they have to be tar.gz
# if you have other formats then change the basename directive below to reflect
# that
APACHE_SOURCE="http://apache.seekmeup.com/httpd/httpd-2.2.8.tar.gz"
TOMCAT_BINARY="http://www.uniontransit.com/apache/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz"
MODJK_SOURCE="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.26/tomcat-connectors-1.2.26-src.tar.gz"
# Number of Tomcat clusters that you want to be installed
NUM_CLUSTERS=2
# Apache parameters to ./configure script enable more modules you might require
# here
APACHE_CONFIG=" --enable-so --enable-jk"

# Path where all the applications are installed  if this path is not accessable
# by the user executing this script then prefix su - to 'make install' for
# apache and mod_jk
INSTALL_PREFIX="/path/to/your/install/directory"

# Set the prefix of the ports that are used by Tomcat here for example port 8080
# is changed to 12080 for cluster 0 and 13080 and so on for the other clusters

TC_PORT_PREFIX_ORIG=12

################################################################################
OLD_PWD=`pwd`

mkdir temp$$

cd temp$$

wget $APACHE_SOURCE
wget $TOMCAT_BINARY
wget $MODJK_SOURCE

tar zxvf `basename $APACHE_SOURCE` >/dev/null
cd `basename $APACHE_SOURCE .tar.gz`

./configure --prefix=$INSTALL_PREFIX/apache/ $APACHE_CONFIG
make
# prefix su - to the following command if current user does not have write
# access to $INSTALL_PREFIX
make install
cd ..
pwd

# Installing tomcat clusters and changing server.xml

TC_PORT_PREFIX=$TC_PORT_PREFIX_ORIG

for ((i=0;i<$NUM_CLUSTERS;i++));do         tar zxvf `basename $TOMCAT_BINARY` >/dev/null
       mv `basename $TOMCAT_BINARY .tar.gz` $INSTALL_PREFIX/tomcat-cluster-$i
       mv $INSTALL_PREFIX/tomcat-cluster-$i/conf/server.xml $INSTALL_PREFIX/tomcat-cluster-$i/conf/server.xml.orig
       cat $INSTALL_PREFIX/tomcat-cluster-$i/conf/server.xml.orig | sed s/"Engine name=\"Catalina\""/"Engine name=\"Catalina\" jvmRoute=\"cluster-"$i"\""/ | sed s/8005/"$TC_PORT_PREFIX"005/ | sed s/8080/"$TC_PORT_PREFIX"080/ | sed s/8009/"$TC_PORT_PREFIX"009/ >$INSTALL_PREFIX/tomcat-cluster-$i/conf/server.xml
       TC_PORT_PREFIX=`expr $TC_PORT_PREFIX + 1`;
done

# Compiling and installing mod_jk.so
tar zxvf `basename $MODJK_SOURCE`
cd `basename $MODJK_SOURCE .tar.gz`
cd native
./configure --with-apxs=$INSTALL_PREFIX/apache/bin/apxs
make
# prefix su - to the following command if current user does not have write
# access to $INSTALL_PREFIX
make install

cd $OLD_PWD

rm -rf temp$$

touch $INSTALL_PREFIX/apache/conf/workers.properties

# Adding JK related entries to apache httpd.conf
echo "JkWorkersFile \"conf/workers.properties\"" >> $INSTALL_PREFIX/apache/conf/httpd.conf
echo "JkLogFile \"logs/mod_jk.log\"" >>$INSTALL_PREFIX/apache/conf/httpd.conf

echo "JkLogLevel info" >>$INSTALL_PREFIX/apache/conf/httpd.conf

echo "JkMount /jkstatus* jkstatus" >> $INSTALL_PREFIX/apache/conf/httpd.conf

#Building the loadbalancer worker.properties file

echo "worker.list=loadbalancer,jkstatus" >> $INSTALL_PREFIX/apache/conf/workers.properties

TC_PORT_PREFIX=$TC_PORT_PREFIX_ORIG

for ((i=0;i<$NUM_CLUSTERS;i++));do         echo "worker.type=ajp13" >> $INSTALL_PREFIX/apache/conf/workers.properties
       TEMP_X=`hostname`;
       HOST=`host $TEMP_X  | awk '{print $4}'`
       echo "worker.cluster-$i.host=$HOST" >> $INSTALL_PREFIX/apache/conf/workers.properties
       echo "worker.cluster-$i.port=$TC_PORT_PREFIX"009 >> $INSTALL_PREFIX/apache/conf/workers.properties
       echo "worker.cluster-$i.lbfactor=1" >>  $INSTALL_PREFIX/apache/conf/workers.properties
       BALANCED_WORKERS=$BALANCED_WORKERS,cluster-$i
       TC_PORT_PREFIX=`expr $TC_PORT_PREFIX + 1`;
done

echo "worker.loadbalancer.balance_workers=$BALANCED_WORKERS" >> $INSTALL_PREFIX/apache/conf/workers.properties
echo "worker.jkstatus.type=status" >> $INSTALL_PREFIX/apache/conf/workers.properties

mv $INSTALL_PREFIX/apache/conf/httpd.conf $INSTALL_PREFIX/apache/conf/httpd.conf.orig

sed s/"Listen 80"/"Listen 80\n\n\nLoadModule modules\/mod_jk.so\n"/ $INSTALL_PREFIX/apache/conf/httpd.conf.orig > $INSTALL_PREFIX/apache/conf/httpd.conf

Paging / monitoring service using Perl

Here I have written a small perl program which is used to read a configuration file where you can specify different types of services to be monitored and send out an email / page (email to mobile number).

This is pager.conf example

# This configuration file is used to setup paging for individual applications
# each filed is separated by one tab only.
# FIELD1 is server name
# FIELD2 is list of comma separated processes
# FIELD3 is type of process db - database proc - process mlog - message log
# FIELD4 is email address of the pager can be comma separated for multiple
# recipients.
#=============================================
# server        processes       type    email
#=============================================
server1    db    user@domail.com

Here is the actual perl program

#!/usr/bin/perl
$CONF="/path/to/pager.conf";
open(F,"<$CONF") or die "Cannot open $CONF\n";

# Setting up default email.
$to=="user\@domain.com";
$from="pager\@server.com";
$subject="Paging default";
$out = "Default message!";

$line= < F>
while($line)
{
        chomp($line);
# Ignore Comments
        if($line =~ m/^#/)
        {
                $line= < F>
                next;
        }
#Ignore Empty lines
        if($line =~ m/^(\s)*$/)
        {
                $line= < F>
                next;
        }
# Get server proc type and email information from config file
        ($server,$proc,$type,$email)=split(/\t/,$line);
        @proclist=split(/,/,$proc);
        #print "Server=$server\nproc=$proc\ntype=$type\nemail=$email\n";
        foreach $i (@proclist)
        {
# if it is a database check whether its up or not send out email alerts if it is down
                if($type eq "db")
                {
                        $ret=system("Your Database related checking script/ command");
                        #print "return = $ret\n";
                        if( $ret != 0 )
                        {
                                $to=$email;
                                $subject="$server $i $type is down";
                                $out="Paging service Info:\n$server $i $type is down.\nsincerely,\nPager\n";
                                email_alert();
                        }
                }
                elsif($type eq "proc")
                {
# if it is a process check whether its running or not send out email alerts if it is down
                        $ret=system("Your process related script / command");
                        #print "return = $ret\n";
                        if( $ret != 0 )
                        {
                                $to=$email;
                                $subject="$server $i $type is down";
                                $out="Paging service Info:\n$server $i $type is down.\nsincerely,\nPager\n";
                                email_alert();
                        }
                }
                elsif($type eq "mlog")
                {
                        $ret=system("Your log search script / command");
                        #print "return = $ret\n";
                        if( $ret == 0 )
                        {
                                $to=$email;
                                $subject="$server $i has error";
                                $out="Paging service Info:\nOn $server $i log has error in it.\nsincerely,\nPager\n";
                                email_alert();
                        }
                }

        }
        $line= < F>
}

#Function that sends email look at the configuration for default email at the top of the script

sub email_alert
{
        #print "entered email\n";
        #print "$to\n$from\n$subject\n$out\n";
        # send email using UNIX/Linux sendmail
        open(MAIL, "|/usr/sbin/sendmail -t");

        ## Mail Header
        print MAIL "To: $to\n";
        print MAIL "From: $from\n";
        print MAIL "Subject: $subject\n";

        ## Mail Body
        print MAIL $out;
        close(MAIL);
}

This script could give you a starting point to add more services. Once it is done run it as a cron job every x amount of time where x is your interval at which your want to test for these services. On my side I test them every 5 minutes. with a cron entry .

SSH with no password

This is a very handy setting I use to login to various machines with out actually entering the password every time.
I have used this to setup user accounts on different servers so that I can monitor processes, disk space, etc.
lets first do the actual no password setup.

On Server 1
$ ssh-keygen -t dsa
Do not enter any password for key as this will defeat the whole purpose of not typing a password.
this creates id_dsa and id_dsa.pub files in ~/.ssh which are private and public keys respectively.
On Server 2
copy id_dsa.pub from Server 1 to Server 2
append the contents of id_dsa.pub to ~/.ssh/authorized_keys2
$ cat id_dsa.pub >> ~/.ssh/authorized_keys2

Now ssh from Server 1 for that user to Server 2 does not require a password.

Moving mediawiki to a different server

• make a dump of the database

ex:
mysqldump --port=2081 --socket=mysql.sock --user=root
--password=yourpasswd --databases wikidb --single-transaction
--flush-logs | bzip2 -c > backup.bz2

• make a archive of the web folder of wiki

ex: tar jcvf web.backup.tbz wiki/

• On the new server install mysql, php , php-mysql, httpd
• create a database and user in mysql.
• change LocalSettings.php to point to new database
• start/restart httpd

Apache with ssl on Solaris

You have to install openssl if it is not already installed.
$ ./configure --prefix=/path/to/apache/ --enable-so --enable-jk --enable-ssl --with-ssl=/path/to/openssl/
$ make
# make install

HTTP setup for accessing subversion

Install modules mod_dav_svn.so mod_authz_svn.so
and make the following change in your httpd.conf

      DAV svn
      SVNPath /path/to/svn
      AuthType Basic
      AuthName "Your Subversion"
      AuthUserFile /path/to/htpasswd
      Require valid-user

Note: For further security you can have this location accessible only through SSL by using virtual host directive.

How to move subversion (SVN)

• on old server svnadmin dump /repo/path > repo.dmp
• on new server
svnadmin create /repo/path and svnadmin load /repo/path < repo.dmp


Long Due

This is something which has been long due. I have been using linux from a long time and wanted to post my difficulties and achievements in a blog but did not get an opportunity to do so. Now that I have been working with Linux in an Enterprise level, I though I will put some of my ideas implementations etc so that others can easily pickup.