Posts Tagged operating systems

iSCSI SAN for CentOS 5.4


Well I guess I could have used OpenFiler for this… BUT here are a few steps to creating your own SAN-type-thing on CentOS 5.4…

#!/bin/bash
# iSCSI SAN for CentOS5.4
cd /usr/src
# Get the iscsi package
wget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20/iscsitarget-1.4.20.tar.gz/download
yum -y install kernel-devel openssl-devel gcc rpm-build make automake autoconf # you may already have these, this was a newer build for me so I didn’t…
tar -xzvf iscsitarget-1.4.20.tar.gz
cd iscsitarget-1.4.20
make
make install

# Name the disk
echo “Ok, I am going to name the disk for you”
echo “iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead” # awk only needed if u use FQDN’s
echo “BUT… you need to tell me what disk to use…”
df -h
echo “Type in the full path to your disk, i.e.(/dev/<md3>)”
read dname
touch /etc/initiators.allow
idname=”`echo iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname`”
echo “$idname 192.168.11.0/24” >> /etc/initiators.allow
touch /etc/initiators.deny
echo “ALL:ALL” >> /etc/initiators.deny
touch /etc/ietd.conf
echo “Target iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname” >> /etc/ietd.conf
echo ”        IncomingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        OutgoingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        Lun 0 Path=/dev/SAN/diskname,Type=fileio,IOMode=wb” >> /etc/ietd.conf
echo ”        Alias iSCSI for diskname” >> /etc/ietd.conf
echo ”        ImmediateData Yes” >> /etc/ietd.conf
echo ”        MaxConnections 1″ >> /etc/ietd.conf
echo ”        InitialR2T Yes” >> /etc/ietd.conf
yum -y install iscsi-initiator-utils open-iscsi
echo “InitiatorName=iqn.2010-04.factslx01-sanhead:factslx01” >> /etc/iscsi/initiatorname.iscsi
# /etc/iscsi/iscsid.conf
mv /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.bak
touch /etc/iscsi/iscsid.conf
chmod 600 /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “#node.startup = automatic” /etc/iscsi/iscsid.conf
echo “#node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_interval = 5” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_timeout = 5” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.abort_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.lu_reset_timeout = 20” /etc/iscsi/iscsid.conf
echo “#node.session.initial_login_retry_max = 8” /etc/iscsi/iscsid.conf
echo “#node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “#node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144” /etc/iscsi/iscsid.conf
echo “#discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.HeaderDigest = None” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FastAbort = Yes” /etc/iscsi/iscsid.conf
echo “#” /etc/iscsi/iscsid.conf
echo “# Custom Settings” /etc/iscsi/iscsid.conf
echo “node.startup = automatic” /etc/iscsi/iscsid.conf
echo “node.session.auth.authmethod = CHAP” /etc/iscsi/iscsid.conf
echo “node.session.auth.username = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.auth.username_in = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password_in = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_interval = 10” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.session.initial_login_retry_max = 10” /etc/iscsi/iscsid.conf
echo “node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072” /etc/iscsi/iscsid.conf
echo “discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FastAbort = No” /etc/iscsi/iscsid.conf
echo “# EOF” /etc/iscsi/iscsid.conf
service iscsi start
i=”`ifconfig |grep -v 127.0.0.1|grep “inet addr:” |awk -F “:” ‘{print $2}’|cut -c 1-14`”
iscsiadm -m discovery -t st -p $i # IP for iSCSI host
iscsiadm -m node -p $i -T iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname –login

So there it is !!! Now go use OpenFiler… LOL -> http://www.openfiler.com/

Advertisements

, , , , , , , , , ,

2 Comments

Solaris 10 in jail


Well I took a stab @ this one last week… although it seems to be lacking in one respect… It is a good start.  If you didn’t already notice, I have decided to start mocking up scripts from the steps I am taking to perform these little diddy’s to complete the automation/repetitive goal of administration.

#!/bin/sh
# Solaris FTP chroot jail
cd /
mkdir /ftpjail
cd /ftpjail
mkdir -p dev etc etc/ftpd etc/default usr/bin usr/sbin usr/lib/security usr/lib/locale usr/lib/security/sparcv9 usr/lib usr/share/lib/zoneinfo upload ftpuser
chmod 100 usr/sbin
chmod 444 dev etc/default usr/share usr/share/lib usr/share/lib/zoneinfo
chmod 555 etc etc/ftpd usr usr/bin usr/lib usr/lib/locale usr/lib/security
chmod 777 upload
ln -s usr/bin bin
cd /ftpjail/dev
mknod conslog c 21 0
mknod null c 13 2
mknod zero c 13 12
mknod tcp c 42 0
mknod ticlts c 105 2
mknod ticotsord c 105 1
mknod udp c 41 0
chmod 666 conslog null tcp ticlts ticotsord udp zero
cd ..
# vi etc/group
# “etc/group” [New file]
touch etc/group
echo “other::1:root” >> etc/group
echo “ftp::30000:” >> etc/group
#
# vi etc/pam.conf
# “etc/pam.conf” [New file]
touch etc/pam
echo “ftp auth required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
echo “ftp account required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
echo “ftp session required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
#
# vi etc/passwd
# “etc/passwd” [New file]
touch etc/passwd
echo “root:x:0:1:::” >> etc/passwd
echo “ftp:x:30000:30000::/upload:/bin/false” >> etc/passwd
echo “ftpuser:x:30000:30000::/ftpuser:/bin/sh” >> etc/passwd
#
# vi etc/shadow
# “etc/shadow” [New file]
touch etc/shadow
echo “root:*LK*:6445::::::” >> etc/shadow
echo “ftp:*LK*:13651::::::” >> etc/shadow
echo “ftpuser:cdHH60rUQrF3Q:13651::::::” >> etc/shadow # passwd = “ftpuser”
#
# vi etc/shells
# “etc/shells” [New file]
touch etc/shells
echo “/bin/sh” >> etc/shells
#
# vi etc/ftpd/ftpaccess
# “etc/ftpd/ftpaccess” [New file]
touch etc/ftpd/ftpaccess
echo “hostname ftpserver” >> etc/ftpd/ftpaccess
echo “defaultserver private” >> etc/ftpd/ftpaccess
echo “class   all   real,guest,anonymous  *” >> etc/ftpd/ftpaccess
echo “# all the following default to “yes” for everybody” >> etc/ftpd/ftpaccess
echo “delete          no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “overwrite       no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “rename          no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “chmod           no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “umask           no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “# specify the upload directory information” >> etc/ftpd/ftpaccess
echo “upload  /       *       no” >> etc/ftpd/ftpaccess
echo “upload  /       /upload yes” >> etc/ftpd/ftpaccess
echo “greeting terse” >> etc/ftpd/ftpaccess
echo “noretrieve” >> etc/ftpd/ftpaccess
echo “#allow-retrieve /upload/” >> etc/ftpd/ftpaccess
echo “defumask 777” >> etc/ftpd/ftpaccess
#
useradd ftpuser
sed -i ‘s/ftpuser:*LK*:::::::/ftpuser:cdHH60rUQrF3Q:14722::::::/’ /etc/shadow
echo “/usr/sbin/in.ftpd -P 2020 -p 2021 -S -u 022 -W -a -Q” >> usr/bin/runme
#
cd /ftpjail/etc
chmod 444 group pam.conf passwd shadow shells /ftpjail/etc/ftpd/ftpaccess
chmod 100 /ftpjail/usr/bin/runme
#
cp -p /etc/default/init default/init
cp /usr/bin/sh /ftpjail/usr/bin/sh; chmod 111 /ftpjail/usr/bin/sh
cp /usr/sbin/in.ftpd /ftpjail/usr/sbin/in.ftpd; chmod 6100 /ftpjail/usr/sbin/in.ftpd; chown 30000:30000 /ftpjail/usr/sbin/in.ftpd
cp -rp /usr/lib/locale/* /ftpjail/usr/lib/locale
cp -rp /usr/share/lib/zoneinfo/* usr/share/lib/zoneinfo
cd /ftpjail/usr/lib
cp -p /usr/lib/libbsm.so.1 .
cp -p /usr/lib/libc.so.1 .
cp -p /usr/lib/libcmd.so.1 .
cp -p /usr/lib/libdl.so.1 .
cp -p /usr/lib/libgen.so.1 .
cp -p /usr/lib/libmd5.so.1 .
cp -p /usr/lib/libmp.so.2 .
cp -p /usr/lib/libnsl.so.1 .
cp -p /usr/lib/libpam.so.1 .
cp -p /usr/lib/libresolv.so.2 .
cp -p /usr/lib/libsecdb.so.1 .
cp -p /usr/lib/libsocket.so.1 .
cp -p /usr/lib/ld.so.1 .
cp -p /usr/lib/nss_user.so.1 .
cp -p /usr/lib/nss_files.so.1 .
chmod 555 *
cd /ftpjail/usr/lib/security
cp -p /usr/lib/security/crypt_bsdbf.so.1 .
cp -p /usr/lib/security/crypt_bsdmd5.so.1 .
cp -p /usr/lib/security/crypt_sunmd5.so.1 .
cp -p /usr/lib/security/pam* .
cd /ftpjail/usr/lib/security/sparcv9
cp -p /usr/lib/security/sparcv9/* .
# Give out the ‘ls’ command
cp /usr/bin/ls /ftpjail/usr/bin/ls; chmod 111 /ftpjail/usr/bin/ls
# Test commands
# chroot /ftpjail /usr/bin/sh
# If the above is successful, start up the server:
chroot /ftpjail /usr/bin/sh -c runme
# Check to see if the server has started:
ps -ef|grep ftpd
#
# ftp 192.168.11.34 2021
# login ftpuser/ftpuser
# EOF

So that’s basically it…

, , , , , , ,

Leave a comment

Solaris 10 – n- NFS


I fired out an NFS share from a Solaris 10 box today for a Windows and Linux share… I thought I would post my “quick -n- dirty” steps… The Windows share required the installation of the UNIX for Windows tools… it comes on the CD 🙂

Add the new filesystems you want to share:
sunblade # cat /etc/dfs/sharetab
/a              –       nfs     rw      FACTS
/export/home    –       nfs     rw      FACTS
/usr6           –       nfs     rw      FACTS_TEST

execute “shareall” @ the command line:

execute /etc/init.d/nfs.server start <– ensure changes are taken

On the server you want to mount on:
create the mount points on / :

drwxrwxrwx  14 root     root         512 Sep  1 16:12 a_sunblade
drwxr-xr-x  44 root     root        1024 Feb 10 16:22 usr6_sunblade

then mount the filesystems you want:
# mount sunblade:/a /a_sunblade
# mount sunblade:/usr6 /usr6_sunblade
# df -h |grep sunblade
sunblade:/a             17G    10G   7.0G    60%    /a_sunblade
sunblade:/usr6          33G    17G    16G    52%    /usr6_sunblade

fstab entry for NFS mount:
[root@centOS54 /]# cat /etc/fstab
/dev/VolGroup00/LogVol00 /                       ext3    defaults        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0
SFX4140P:/export/home   /SFX4140P               nfs     rsize=8192,wsize=8192,timeo=14,intr <– this one

, , , , , ,

Leave a comment

Teaser


Ya this is exactly that, a teaser. I am going, well have already started to work on a custom linux distro guide based on CentOS 5.4 with a focus on gateway/web settings.  I will not waste your time with non-working attempts on this one so it may be a bit before I actually have something that will install and do exactly what I am stating here without issues.  I will post items of interest throughout the process however as they present themselves.  Stay tuned.

, , , , , , ,

Leave a comment

CUPS… Ain’t no cup -o- Joe…


Ok… So I work in an environment that requires printing from the UNIX/Linux hosts I manage… Printing sucks… plain and simple.  Anyway… We are moving a customer from a SCO box to a new RHEL 5 platform so off I go into the testing phase for printing.  CUPS being my obvious choice, I will just give you the quick-n-dirty version here as I spent WAY too much time looking @ this, but too late now.

So lets say you are starting from the very beginning, like I was with a raw build.  First things first… get CUPS (LOL):

yum -y install cups cups-devel (I grabbed the devel just for the heck-of-it, you may not need it)

This will give you (As of 4-8-2010):

cups-1.3.7-11.el5_4.6
cups-libs-1.3.7-11.el5_4.6
cups-devel-1.3.7-11.el5_4.6

Make sure it is “ON”:

chkconfig –list cups
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off

Now for the actual setup…  This got a bit out of whack for me but I only say that to embarrass myself ?

We will be working from the /etc/cups directory here so navigate over there if you will please… 🙂  Not too much in here but a few files to config, the main file being cupsd.conf so lets open that one up and make something work shall we?

-rw——- 1 root lp      0 Mar  6 18:19 classes.conf
-rw-r–r– 1 root lp      0 Mar  6 18:19 client.conf
-rw-r–r– 1 root lp    141 Mar 10 13:00 client.conf.rpmsave
-rw-r—– 1 root lp   2704 Apr  8 11:28 cupsd.conf
-rw-r—– 1 root lp   2578 Mar  6 18:19 cupsd.conf.default
drwxr-xr-x 2 root root 4096 Mar  6 18:19 interfaces
-rw-r–r– 1 root root 4533 Mar  6 18:19 mime.convs
-rw-r–r– 1 root root 6298 Mar  6 18:19 mime.types
-rw-r–r– 1 root lp    215 Mar  6 18:19 pdftops.conf
drwxr-xr-x 2 root lp   4096 Apr  8 11:38 ppd
-rw——- 1 root lp    351 Apr  8 11:38 printers.conf
-rw——- 1 root lp      0 Mar  6 18:19 printers.conf.O
-rw-r–r– 1 root root  947 Mar  6 18:19 pstoraster.convs
-rw-r–r– 1 root lp    186 Mar  6 18:19 snmp.conf
drwx—— 2 root lp   4096 Apr  8 11:35 ssl

So there is the expected amount of jargon in here but we need to get the web interface working… Oh I should say that in fact some of what I am going to outline here is not necessary if you have an X Window running on the localhost (with a browser obviously).  I don’t have that in these installations so I need remote access to the CUPS web interface… I guess you could setup a VNC server as well and use that to the localhost, but that seems a bit to effort-full as I don’t need the VNC for anything else.  Anyway, open the file with your editor of choice and lets tweak a few things.  Most of this is @ the very top of the file so that is pretty reasonable.  For some reason this interface is REALLY finicky… so put this in correctly or you will be banging your head on the desk for a while…

# Only listen for connections from the local machine.
Listen localhost:631  <– This is the default, comes already written
Listen 192.168.11.25:631 <– I added this one…
Listen 192.168.11.25:80 <– and this one for remote access as I stated above. This is the server IP… That may not be as obvious as you think…
#Port 631 <– These can work also, but allow anything from anywhere, never a good idea
#Port 80
Listen /var/run/cups/cups.sock <– This is also a default, leave it alone

Go a few lines down…

# Default authentication type, when authentication is required…
DefaultAuthType Basic

# Restrict access to the server…
<Location />
Order allow,deny
Allow localhost <– Added
Allow @LOCAL <– Added
</Location>

# Restrict access to the admin pages…
<Location /admin>
#  Encryption Required <– this will force you to use HTTPS… not a bad idea, it is enabled by default
Order allow,deny
Allow localhost <– Added
Allow @LOCAL <– Added
</Location>

# Restrict access to configuration files…
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow localhost <– Added
Allow @LOCAL <– Added
</Location>

Basically, that’s it.  How the hell that took me more than 5 minutes to do is beyond me, but now it is guaranteed to take you only 5 minutes :).  I will also mention that I added a line in my firewall to allow port 631; I already allowed 80.

At this point you can browse to the CUPS web interface and start adding/managing your printers 🙂

https://<your-server-IP&gt;:631

The rest really is pretty self explanatory.  Happy printing 🙂

, , , , , , , , , , ,

Leave a comment