Thursday, September 15, 2011

Update 2011

Today I realized that after a year of non activity I continue to remove spam but never touch the blog. This is due to my current position being in management hence I do not write as much code or solve as many solutions, and if I do they would be bound to intellectual property.  I will say that I will soon revamp this and begin to add more detail.

I will start with this.  I am me, I have no solid state connections and am not bound to silicon etching.  I am free to grow and think and will continue to move forward on what is right for the community of knowledge.

Wednesday, September 9, 2009

Veritas responsefile creation script in Ruby

Started to port my Veritas responsefile creation script to Ruby. It is functional with command line arguments only. Interactive mode will be included shortly.

http://malcolm.baxter.googlepages.com/vxinstall.rb

Friday, August 21, 2009

Veritas CFS GCO VVR main.cf example

In building out a Global CFS cluster using Veritas SFCFS (Cluster File System), with GCO (Global Cluster Option), and VVR (Volume Replicator), I noticed there are not any really good examples except ones for SFRAC. Here is a sample which was put together on Linux. You will have to update your appropriate parts, and add your own application. This uses TIBCO EMS as an example application.
http://malcolm.baxter.googlepages.com/CFS_GCO_VVR_main.cf

Veritas Python responsefile creation script

Here is a version of my Veritas responsefile creation script ported to Python. Some changes will be done along the way, but this first copy is functional and works well.
http://malcolm.baxter.googlepages.com/vxinstall.py

Thursday, April 2, 2009

VX responsefile script

Here is a link to a formatted version of the VX responsefile script. Updates included in this version.
http://malcolm.baxter.googlepages.com/vxinstall.pl

Scripts

Will be posting links to the formatted code within a few days as time permits. Also some additions to the VX responsefile script which make it aware of more than two nodes. I needed to add this for large CFS clusters and RAC clusters using SFCFS.

SLES 9 network adapter setup

As promised here is the code for the SLES 9 network setup. This will create any missing hwcfg files as well as ifcfg files without having to use Yast which will reset your network.
http://malcolm.baxter.googlepages.com/sles_if_setup.bsh

Friday, March 27, 2009

Life as I know it update

I have finally gotten around to doing some house cleaning which means lots of good scripts to play with. Included are some WanBoot scripts and other automated install scripts for both Kickstart and Autoyast. As SLES 9 does not use ETHTOOL_OPTS I have a nice clean little script that brings it together. Also a new script to create the ifcfg files with all the SLES options in them. Easier than Yast and it wont restart your network ;-)

Will post within the next few days. Also in the process of automating Solaris 8 moves into Solaris 8 branded containers in Solaris 10. Hope to have this wrapped up soon and perhaps it will make someones life a bit easier than mine has been. Noticed today OpenSolaris build 110 is in IPS so I will be reviewing the release notes and perhaps doing an image-update this evening.

Thursday, May 10, 2007

Veritas VCS and Nagios

Here is a quick insight into getting Nagios with Apache working on a Linux RHEL based system. I set this up on CentOS 4.4 and used YUM to install Nagios. I also created the Volumes and File systems in VxVM but I will leave that part out and show just how simple it is to get Nagios clustered in VCS. This assumes you have two VCS nodes setup called 'nagiosa' and 'nagiosb'. Once you finish this and add some storage and what else you need for your setup enable the resources and bring them online!

# Make the config writable
haconf -makerw

# Create New Nagios Service Group
hagrp -add NagiosSG
hagrp -modify NagiosSG SystemList nagiosa 0 nagiosb 1
hagrp -modify NagiosSG AutoStartList nagiosa
hagrp -modify NagiosSG Parallel 0

# Create Nagios Application resource
hares -add nagsvc Application NagiosSG
hares -modify nagsvc Critical 0
hares -modify nagsvc User root
hares -modify nagsvc StartProgram /sbin/service nagios start
hares -modify nagsvc StopProgram /sbin/service nagios stop
hares -modify nagsvc CleanProgram
hares -modify nagsvc PidFiles /var/run/nagios.pid

# Create Apache web server resource
hares -add apachesvc Apache NagiosSG
hares -modify apachesvc Critical 0
hares -modify apachesvc ServerRoot /etc/httpd
hares -modify apachesvc DetailMonitor 0
hares -modify apachesvc Port 80
hares -modify apachesvc Address 0.0.0.0
hares -modify apachesvc ConfigFile /etc/httpd/conf/httpd.conf

# Link Apache to Nagios so Apache must come up first
hares -link nagsvc apachesvc

# Save and close the config
haconf -dump -makero

Wednesday, April 25, 2007

FTP new files to remote server

It has been a while since I have added a good script so here is one that I put together for a friend who needed to send files in a directory that are updated daily to remote client. Have a look at the script and feel free to ask if you don't understand it. This is pretty straight forward.

#!/bin/bash

# Script variables
shopt -s -o xtrace
shopt -s -o vi
shopt -s -o nounset
SPATH="/path/to/script/home"
RUN_LOG="${SPATH}/ftp_log"
SENT_FILE="${SPATH}/send_files_log"

# update date on log files
touch ${RUN_LOG} || {echo "cannot create ftp_log"; exit 1;}
touch ${SENT_FILE} || {echo "cannot create send_files_log"; exit 1;}

# Set home DIR
cd ${SPATH}

# static variables
ALL_FILES=$(ls -l|awk '{if (NR == 1 || $1 ~ /^d/) {next;} print $9}')
DATE="$(date)"

# User defined variables
HOST='10.0.0.1'
USER='user'
PASSWD='password'
TMP_LIST="/tmp/ftp_xfer_log"
REMOTE_DIR="/remote/server/path"

# if tmp list exsists clean it up or create it
if [ -f ${TMP_LIST} ]; then
>${TMP_LIST}
else
touch ${TMP_LIST}
fi


# Create list to send
for file in ${ALL_FILES}
do
grep $file ${SENT_FILE} >/dev/null 2>&1
(($? == 1)) && echo $file >> ${TMP_LIST}
done

# Reformat tmp_list
XFILES="$(echo ${TMP_LIST} | xargs)"

# FTP Files to server
ftp -v -n ${HOST} <quote USER ${USER}
quote PASS ${PASSWD}
prompt
cd ${REMOTE_DIR}
bin
put ${XFILES}
quit
END_SCRIPT

# Place newly sent files into sent list
echo ${TMP_LIST} >> ${SENT_FILE}

# Update Log
echo "" >> ${RUN_LOG}
echo ${DATE} >> ${RUN_LOG}
echo "following files sent successfully" >> ${RUN_LOG}
echo ${TMP_LIST} >> ${RUN_LOG}

# End Script
exit 0

Friday, March 23, 2007

Solaris 10 RBAC for apache and sendmail

This document describes the setup of Solaris 10 roles for Web and Mail Administrators. It is assumed that Apache 2.0 and sendmail are already setup and working on the target server. Apache is also assumed to be running as user ‘webservd’. This configuration will allow Administrators/Developers to switch to a new account (RBAC Role) and run commands necessary to handle Apache, and sendmail. Commands will be run by the user specified in the preceding command prompt, i.e. “[root] # ls” – means the ls command should be run as root. Substitute user ‘mbaxter’ with the users needed for this document.

Step 1 Stop Apache and Coldfusion.

[root] # svcadm –v disable –s apache2
[root] # svcadm -v disable -s sendmail

Step 2 Create separate Administrative Role

[root] # roleadd –g webservd –d /home/webadm –m webadm
[root] # passwd webadm
New Password:
Re-enter new Password:
Passwd: password successfully changed for webadm
[root] # usermod –R webadm mbaxter

Step 3 Create authorizations for webadm.
Add the following lines to /etc/security/auth_attr file in vi

[root] # vi /etc/security/auth_attr
sunw.*:::Custom Authorizations::
sunw.grant:::Grant Custom Authorizations::
sunw.smf.manage.http/apache2:::Manage the Apache2 Service::
sunw.smf.modify.application.http/apache2:::Modify the Apache2 Application Properties::

Assign new authorizations to root user by editing /etc/user_attr
[root] # vi /etc/user_attr
root::::auths=solaris.*,solaris.grant,sunw.*,sunw.grant;profiles=Web Console Management,All;lock_after_retries=no

Step 4 Grant SMF-Specific authorizations to webadm

[root] # rolemod –A sunw.smf.manage.http/apache2,sunw.smf.modify.application.http/apache2 webadm

Step 5 Configure Apache2 with reduced privileges and required authorizations.

[root] # svccfg –s apache2

Install new properties:
svc:/network/http:apache2> setprop httpd/value_authorization = astring:
sunw.smf.modify.application.http/apache2
svc:/network/http:apache2> setprop general/action_authorization = astring:
sunw.smf.manage.http/apache2
svc:/network/http:apache2> setprop general/value_authorization =
astring: sunw.smf.manage.http/apache2

Configure reduced privileges:
svc:/network/http:apache2> setprop start/user = astring: webservd
svc:/network/http:apache2> setprop start/group = astring: webservd
svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr
svc:/network/http:apache2> setprop start/limit_privileges = astring: :default
svc:/network/http:apache2> setprop start/use_profile = boolean: false
svc:/network/http:apache2> setprop start/supp_groups = astring: :default
svc:/network/http:apache2> setprop start/working_directory = astring: :default
svc:/network/http:apache2> setprop start/project = astring: :default
svc:/network/http:apache2> setprop start/resource_pool = astring: :default
svc:/network/http:apache2> end
[root] # svcadm –v refresh apache2
Action refresh set for svc:/network/http:apache2.

Step 6 Change ownership of log files.

[root] # cd /var/apache2/logs
[root] # chown webservd:webservd access_log error_log

Step 7 Configure Pidfile and Lockfile location.

[root] # mkdir –p /var/apache2/run
[root] # chown webservd:webservd /var/apache2/run
[root] # vi /etc/apache2/httpd.conf
Make these changes:
LockFile /var/apache2/logs/accept.lock
PidFile /var/apache2/run/httpd.pid

Step 8 Create Sendmail Profile by editing /etc/security/prof_attr with vi

[root] # vi /etc/security/prof_attr
Sendmail Management:::Sendmail Management Profile:

Step 9 Create Sendmail executable attributes by editing /etc/security/exec_attr with vi

[root] # vi /etc/security/exec_attr
Sendmail Management:solaris:cmd:::/usr/sbin/sendmail:uid=0

Sendmail Management:solaris:cmd:::/usr/sbin/dig:uid=0
Sendmail Management:solaris:cmd:::/usr/bin/mailq:uid=0


Step 10 Add Sendmail Profile to webadm

[root] # rolemod –P “Sendmail Management” webadm

Step 11 Change ownership of /etc/apache2 to webadm

[root] # chown –R webadm:webservd /etc/apache2

Step 12 Change ownership of /etc/mail to webadm

[root] # chown –R webadm:webservd /etc/mail

Step 13 Test configurations:

[root] # svcs –v apache2
disabled - 14:41:05 - svc:/network/http:apache2
[root] # su – webadm
[webadm] # svcadm –v enable –s apache2
[webadm] # svcs –v apache2
online - Sep_21 112 svc:/network/http:apache2
[webadm] # svcadm -v enable -s sendmail

Step 14 Add users to webadm role.

[root] # usermod –R webadm mbaxter

Wednesday, March 21, 2007

Script formatting

Had a few emails concerned with the spacing of the scripts supplied here and the layout. I do not go through and HTML code the scripts so that they are tabbed correctly or so that run on lines do to the blogs width limit are met. So if you have a problem reading it and cannot figure out the format send me an email and I will send you the script in its original form.

Friday, March 9, 2007

Application logging for Nagios output

I am sure there are dozens of ways to create application output logs for use with Nagios. I have a specific format that I use and a script that is called by apps to update the log. I will first post the log format then the script. don't forget to change the relative paths.

app_log:
BEGIN::Complete::0900030307::0244030507
PROCESS1::Complete::Good
PROCESS2::Complete::Good
PROCESS3::Complete::Good

monlog_update script:
http://malcolm.baxter.googlepages.com/monlog_update.pl

Tuesday, March 6, 2007

Solaris 10 RBAC

This document describes the setup of Solaris 10 roles for Coldfusion Developers. It is assumed that Apache 2.0 and Coldfusion are already setup and working on the target server. Coldfusion and Apache are also assumed to be running as user ‘webservd’. This configuration will allow developers to switch to a new account (RBAC Role) and run commands necessary to handle Apache, and Coldfusion. Commands will be run by the user specified in the preceding command prompt, i.e. “[root] # ls” – means the ls command should be run as root. Substitute user ‘mbaxter’ with the users needed for this document.

Step 1 Stop Apache and Coldfusion.

[root] # svcadm –v disable –s apache2
[root] # /etc/init.d/coldfusionmx7 stop

Step 2 Create separate Administrative Role

[root] # roleadd –g webservd –d /home/webadm –m webadm
[root] # passwd webadm
New Password:
Re-enter new Password:
Passwd: password successfully changed for webadm
[root] # usermod –R webadm mbaxter

Step 3 Create authorizations for webadm.
Add the following lines to /etc/security/auth_attr file in vi

[root] # vi /etc/security/auth_attr
sunw.*:::Custom Authorizations::
sunw.grant:::Grant Custom Authorizations::
sunw.smf.manage.http/apache2:::Manage the Apache2 Service::
sunw.smf.modify.application.http/apache2:::Modify the Apache2 Application Properties::

Assign new authorizations to root user by editing /etc/user_attr
[root] # vi /etc/user_attr
root::::auths=solaris.*,solaris.grant,sunw.*,sunw.grant;profiles=Web Console Management,All;lock_after_retries=no

Step 4 Grant SMF-Specific authorizations to webadm

[root] # rolemod –A sunw.smf.manage.http/apache2,sunw.smf.modify.application.http/apache2 webadm

Step 5 Configure Apache2 with reduced privileges and required authorizations.

[root] # svccfg –s apache2

Install new properties:
svc:/network/http:apache2> setprop httpd/value_authorization = astring:
sunw.smf.modify.application.http/apache2
svc:/network/http:apache2> setprop general/action_authorization = astring:
sunw.smf.manage.http/apache2
svc:/network/http:apache2> setprop general/value_authorization =
astring: sunw.smf.manage.http/apache2

Configure reduced privileges:
svc:/network/http:apache2> setprop start/user = astring: webservd
svc:/network/http:apache2> setprop start/group = astring: webservd
svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr
svc:/network/http:apache2> setprop start/limit_privileges = astring: :default
svc:/network/http:apache2> setprop start/use_profile = boolean: false
svc:/network/http:apache2> setprop start/supp_groups = astring: :default
svc:/network/http:apache2> setprop start/working_directory = astring: :default
svc:/network/http:apache2> setprop start/project = astring: :default
svc:/network/http:apache2> setprop start/resource_pool = astring: :default
svc:/network/http:apache2> end
[root] # svcadm –v refresh apache2
Action refresh set for svc:/network/http:apache2.

Step 6 Change ownership of log files.

[root] # cd /var/apache2/logs
[root] # chown webservd:webservd access_log error_log

Step 7 Configure Pidfile and Lockfile location.

[root] # mkdir –p /var/apache2/run
[root] # chown webservd:webservd /var/apache2/run
[root] # vi /etc/apache2/httpd.conf
Make these changes:
LockFile /var/apache2/logs/accept.lock
PidFile /var/apache2/run/httpd.pid

Step 8 Create Coldfusion Profile by editing /etc/security/prof_attr with vi

[root] # vi /etc/security/prof_attr
Coldfusion Management:::Coldfusion Management Profile:

Step 9 Create Coldfusion executable attributes by editing /etc/security/exec_attr with vi

[root] # vi /etc/security/exec_attr
Coldfusion Management:solaris:cmd:::/etc/init.d/coldfusionmx7:uid=0

Step 10 Add Coldfusion Profile to webadm

[root] # rolemod –P “Coldfusion Management” webadm

Step 11 Change ownership of /etc/apache2 to webadm

[root] # chown –R webadm:webservd /etc/apache2

Step 12 Test configurations:

[root] # svcs –v apache2
disabled - 14:41:05 - svc:/network/http:apache2
[root] # su – webadm
[webadm] # svcadm –v enable –s apache2
[webadm] # svcs –v apache2
online - Sep_21 112 svc:/network/http:apache2
[webadm] # /etc/init.d/coldfusionmx7 start

Step 13 Add users to webadm role.

[root] # usermod –R webadm mbaxter

Friday, February 16, 2007

Simple Solutions

Sometimes a short Bash script is just what the doctor ordered. I Needed a quick script to check a files date on a remote machine and generate an error code if it was over 24 hours old. I will paste the code and a Nagios Expect plugin I wrote to call the script and interface with Nagios.

Remote test script in Bash:
http://malcolm.baxter.googlepages.com/nohup_test.sh

Nagios check script in Expect:
http://malcolm.baxter.googlepages.com/check_applogtime.exp>