Monday, November 25, 2013

DHCP client overwriting resolv.conf how to stop it on linux

prevent resolv.conf updates only, the fastest way is to redefine the function to do nothing:
create flowing file 
# cat /etc/dhclient-enter-hooks
make_resolv_conf() {
exit 0
}
Then save the file and ensure it is executable:
# chmod a+x /etc/dhclient-enter-hooks
Note that, as explained in the man page, the dhclient-script is not standard so if this configuration doesn’t work, please read the man page.

Thursday, October 17, 2013

backup zenoss monittoring server in linux

It is important to back your Zenoss data up. The default location it wants to dump the backup to is /tmp when you kick off a backup from the GUI. Most times this is fine, but every now and then you will run into /tmp  filling up during a Zenoss backup. Here is how to use zenbackup from the command line and specify a specific backup directory.
Procedure 1. SSH into the server and su to the zenoss user.
2. Make a backup directory under $ZENHOME/backup/tmp if it doesn't exist already.
   zenoss@servername$ mkdir -p $ZENHOME/backup/tmp
3. Change directory into the $ZENHOME/backup/ and kick off the backup:
   zenoss@servername$ cd $ZENHOME/backup 
   zenoss@servername$ zenbackup --temp-dir=./tmp --file=Zenoss.Backup.July.12.2012
      INFO:zenbackup:Getting MySQL dbname, user, password from ZODB.
      2012-07-12 14:31:15,045 INFO zenbackup: Backing up events database.
      

zenoss-4 installation steps on linux server

Here is getting Zenoss 4 up and running on  CentOS 6 server. This guide was originally tested on a freshly patched CentOS 6.3 on August 12, 2012. Zenoss 4.2 was the current version of Zenoss.

two types of installation.
1.Auto Deploy

There is a nice auto install script available now - it is recommended you use this method on a new install. Example is for Zenoss 4.2.4 - always check the Zenoss site for new versions before starting. 


# wget --no-check-certificate https://github.com/zenoss/core-autodeploy/tarball/4.2.4 -O auto.tar.gz
# tar xvf auto.tar.gz
# cd zenoss-core-autodeploy-*
# ./core-autodeploy.sh
 
Navigate to your server using a web browser:
http://server-ip:8080

2.Manual Way
Install EPEL repos.
rpm -ivh http://fedora.mirror.nexicom.net/epel/6/i386/epel-release-6-8.noarch.rpm
yum check-update
Disable SELinux (or configure it properly)
Disable iptables (or configure it - see Firewall Ports)

Procedure

1. Setup /home/zenoss directory.
useradd -m -d /home/zenoss -c "Zenoss User" zenoss 
chown zenoss:zenoss /home/zenoss
2. Remove conflicting packages
rpm -qa | grep -i matahari
rpm -qa | grep -i qpid
rpm -e --nodeps <package> 
3. Remove Old Mysql - if any:
service mysql stop
rpm -qa | grep -i mysql 
rpm -e --nodeps <package>
4. Install / Update prerequisites:

Oracle Java → 1.6 Update 31 or later. 1.7 is NOT supported. The one in yum is 1.5.x. DO NOT use this version. Get 1.6.
wget http://javadl.sun.com/webapps/download/AutoDL?BundleId=65508
chmod +x jre-6u33-linux.x64-rpm.bin*
./jre-6u33-linux.x64-rpm.bin
Test with:
java -version
 java version "1.6.0_33"
 Java(TM) SE Runtime Environment (build 1.6.0_33-b04)
 Java HotSpot(TM) 64-Bit Server VM (build 20.8-b03, mixed mode)
RRDtool → 1.4.7 or later.
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
yum -y --nogpgcheck localinstall rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
vi /etc/yum.repos.d/rpmforge.repo and set enabled to 0. 
yum -y --enablerepo=rpmforge-extras install rrdtool-1.4.7
MySQL Community Server → 5.5.25 or later. Go to: http://dev.mysql.com/downloads/mysql → Select Oracle & Red Hat Linux 6
Download the following:
MySQL Client Utilities (currently MySQL-client-5.5.25a-1.el6.x86_64.rpm)
MySQL Server (currently MySQL-server-5.5.25a-1.el6.x86_64.rpm)
MySQL Shared (currently MySQL-shared-5.5.25a-1.el6.x86_64.rpm)
SCP them to your server.
yum -y --nogpgcheck localinstall MySQL*
DO NOT set mysql password.
Add the following to /etc/my.cnf (create if not already existing)
[mysqld]
max_allowed_packet=16M
innodb_buffer_pool_size=256M
innodb_additional_mem_pool_size=20M
Start up MySQL:
service mysql start
chkconfig --add mysql
chkconfig --level 2345 mysql on
If you see the following message when you start mysql:
A RANDOM PASSWORD HAS BEEN SET FOR THE MySQL root USER ! You will find that password in '/root/.mysql_secret'.
Then you will need to check the /root/.mysql_secret file for the current password. This appears to be fairly new behaviour (MySQL-server.x86_64 0:5.6.11-1.el6 )


Configure blank root password for the Zenoss installer (add the -p option to be prompted for password if you find that a password was generated for you during first mysql start):
mysqladmin -u root password ''
mysqladmin -u root -h localhost password ''
RabbitMQ → 2.8.4 or later.
wget http://www.rabbitmq.com/releases/rabbitmq-server/v2.8.4/rabbitmq-server-2.8.4-1.noarch.rpm
yum -y --nogpgcheck --enablerepo=epel localinstall rabbitmq-server-2.8.4-1.noarch.rpm
service rabbitmq-server start
chkconfig rabbitmq-server on
Nagios Plugins → 1.4.15 or later.
yum --enablerepo=epel install nagios-plugins 
Erlang → (was installed during rabbitmq install if you didnt notice)

6. Download the latest version of ZenOSS to your server. Current in example is 4.2.
wget http://sourceforge.net/projects/zenoss/files/zenoss-4.2/zenoss-4.2.0/zenoss-4.2.0.el6.x86_64.rpm/download
yum -y --enablerepo=epel --nogpgcheck localinstall zenoss-4.2.0.el6.x86_64.rpm
7. Fire up the last few services:
service memcached start
chkconfig memcached on
service snmpd start
chkconfig snmpd on
8. Start up Zenoss - watch for errors or complaints.
service zenoss start
9. Hit the Zenoss WebGUI at <serverip>:8080 and finish walking through the wizard to complete the install.
10. Install Zenpacks:
wget http://sourceforge.net/projects/zenoss/files/zenpacks-4.2/zenpacks-4.2.0/zenoss-core-zenpacks-4.2.0.el6.x86_64.rpm
yum -y --nogpgcheck localinstall zenoss-core-zenpacks-4.2.0.el6.x86_64.rpm
11. Next fine tune your Zenoss installation. See Performance Tuning section.

Errors

Symlinking /usr to /local/usr or something of that nature breaks zenoss startup script.
service zenoss start
env: /etc/init.d/zenoss: No such file or directory
No skip to dashboard button off install.
Rebooted server. Fixed it - there were no errors during install when this happened.

 

Friday, September 20, 2013

How to install Cisco VPN client on ubuntu 13.04

This tutorial explain how to install Cisco VPN client on ubuntu 13.04.On Ubuntu, you don't need to install the Cisco VPN Client: NetworkManager includes support for Cisco IPSec VPNs.
Procedure to follow
Install network-manager-vpnc using the following command from your terminal
sudo apt-get install network-manager-vpnc
This will install vpnc, network-manager-vpnc and network-manager-vpnc-gnome.
Now you need to left click on your network manager applet (Located in your notification area) And choose "Configure VPN..."

Now you need to click on Add

Choose VPN connection type as "Cisco Compatible VPN(VPNC)" and click on create

Enater your cisco VPN details under VPN tab

Now you need to select IPV4 Settings tab click on routes

Here you need to select "Use this connection only for resources on its network" click ok otherwise your traffic significantly slowed down

To start your new VPN, just follow the steps again, but instead of "Configure VPN", you'll click on the entry you created.

Wednesday, August 21, 2013

How to install bacula on centos6 step by step

Bacula is an open source, network backup software, used to allow the System Administrators to manage backup, recovery and send the verification of data’s from any systems in any location across the network.
Install Bacula
In this how-to i am using MySQL for database, you can use either PostgreSQL or MySQL. My Backup server hostname and IP Address are “server.unixmen.local” and “192.168.1.101/24″ respectively. Change the values as per your scenario. This how-to was tested on CentOS 6.5, although it should work with RHEL, Scientific Linux 6.x versions too.
First let us install Bacual and mysql server using command:
# yum install bacula-director-mysql bacula-console bacula-client bacula-storage-mysql mysql-server mysql-devel -y
Start MySQL service and create root password for mysql.
Note: In this tutorial, i am using password as “centos” wherever i need to setup password . Define your own.
# service mysqld start
# chkconfig mysqld on
# mysqladmin -u root password centos
Next run the following commands one by one to create database and necessary tables for Bacula. Here “-u root” means that login with root account and “-p” means prompt for mysql root password i.e “centos” in my case.
# /usr/libexec/bacula/grant_mysql_privileges -u root -p
# /usr/libexec/bacula/create_mysql_database -u root -p
# /usr/libexec/bacula/make_mysql_tables -u root -p
# /usr/libexec/bacula/grant_bacula_privileges -u root -p
Now set bacula user password on MySQL. To do that, log in to your MySQL server with command:
# mysql -u root -p
And set password as shown below:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 67
Server version: 5.5.35 MySQL Community Server (GPL) by Remi

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> UPDATE mysql.user SET password=PASSWORD("centos") WHERE user='bacula';
Query OK, 2 rows affected (0.00 sec)
Rows matched: 2  Changed: 2  Warnings: 0

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)

mysql> exit
Bye
Now update all Bacula configuration files with new password and addresses as shown below.
Update Bacula Director
Edit file /etc/bacula/bacula-dir.conf,
# vi /etc/bacula/bacula-dir.conf
Update Bacula server hostname, bacula mysql user password, Bacula console password, Bacula file daemon password etc. Be mindful that you should use a fully qualified domain name for adding clients or simply use the IP address instead.
[...]
Director {                            # define myself
  Name = bacula-dir
  DIRport = 9101                # where we listen for UA connections
  QueryFile = "/usr/libexec/bacula/query.sql"
  WorkingDirectory = "/var/spool/bacula"
  PidDirectory = "/var/run"
  Maximum Concurrent Jobs = 1
  Password = "centos"         # Console password
  Messages = Daemon

[...]

# Client (File Services) to backup
Client {
  Name = bacula-fd
  Address = 192.168.1.101
  FDPort = 9102
  Catalog = MyCatalog
  Password = "centos"          # password for FileDaemon
  File Retention = 30 days            # 30 days
  Job Retention = 6 months            # six months
  AutoPrune = yes                     # Prune expired Jobs/Files
}

[...]
# Definition of file storage device
Storage {
  Name = File
# Do not use "localhost" here
  Address = 192.168.1.101                # N.B. Use a fully qualified name here
  SDPort = 9103
  Password = "centos"
  Device = FileStorage
  Media Type = File
}

[...]
# Generic catalog service
Catalog {
  Name = MyCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:sqlite3"; dbaddress = 127.0.0.1; dbport =
  dbname = "bacula"; dbuser = "bacula"; dbpassword = "centos"
}

[...]

Console {
  Name = bacula-mon
  Password = "centos"
  CommandACL = status, .status
}
Update Bacula Console
Edit file /etc/bacula/bconsole.conf,
# vi /etc/bacula/bconsole.conf
Change the console password:
Director {
  Name = bacula-dir
  DIRport = 9101
  address = localhost
  Password = "centos"
}
Update Storage Daemon
Edit file /etc/bacula/bacula-sd.conf,
# vi /etc/bacula/bacula-sd.conf
Update the password, Find the red lines and delete them, do not uncomment them. Also set your Archive device path.
[...]
Director {
  Name = bacula-dir
  Password = "centos"
}

##Delete the following lines (Do not uncomment). As i installed centos minimal server, i don't have a GUI mode, so that i deleted the following section##

# Restricted Director, used by tray-monitor to get the
#   status of the storage daemon
#
Director {
  Name = bacula-mon
  Password = "@@MON_SD_PASSWORD@@"
  Monitor = yes
}

[...]

Device {
  Name = FileStorage
  Media Type = File
  Archive Device = /mybackup
  LabelMedia = yes;                   # lets Bacula label unlabeled media
  Random Access = Yes;
  AutomaticMount = yes;               # when device opened, read it
  RemovableMedia = no;
  AlwaysOpen = no;
}
[...]
Update file daemon
Edit file /etc/bacula/bacula-fd.conf,
# vi /etc/bacula/bacula-fd.conf
Update the password and delete the lines shown in red colour.
# List Directors who are permitted to contact this File daemon
#
Director {
Name = bacula-dir
Password = "centos"
}

##Delete (do not uncomment) these lines if you only using CUI mode in Backup server ##

# Restricted Director, used by tray-monitor to get the
#   status of the storage daemon
#
Director {
Name = bacula-mon
Password = "@@MON_SD_PASSWORD@@"
Monitor = yes
}
As i mentioned in the above configuration, my archive device path is “/mybackup”. So let me create a directory called “mybackup”.
# mkdir /mybackup
# chown bacula /mybackup
Now we finished all passwords and address modifications. Next restart all bacula daemons and make them to start automatically on every reboot.
# service bacula-dir start
# service bacula-fd start
# service bacula-sd start
# chkconfig bacula-dir on
# chkconfig bacula-fd on
# chkconfig bacula-sd on
Bacula has been successfully installed and configured. You can now add clients, jobs and volumes by updating the bacula config files. Alternatively you can use webmin to make the work more simple. It is quite easier then updating the config files manually.
Manage Bacula With Webmin
Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more.
# wget http://sourceforge.net/projects/webadmin/files/webmin/1.660/webmin-1.660-1.noarch.rpm
# rpm -Uvh webmin-1.660-1.noarch.rpm
# service webmin start
# chkconfig webmin on
Adjust Firewall/Router
If you want to access the bacula server through from a remote system, allow the webmin port “10000″ and bacula ports “9101″, “9102″, “9103″ through your firewall or router.
Edit file /etc/sysconfig/iptables,
# vi /etc/sysconfig/iptables
Add these following lines in your iptables config file.
[...]
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9101 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9102 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9103 -j ACCEPT
[...]
Restart iptables:
# service iptables restart
Access Webmin
Now you can login through webmin by “//http://server-ip-address:10000″ or “http://domain-name:10000/”.
Login to webmin using your root user and its password.
You will find the Bacula Backup System in the left pane of webmin console under System -> Bacula Backup System. If not is found there, try in the “unused modules” section.

Click on the “Bacula Backup System” link. Initially the Bacula server won’t start automatically. To start Bacula server click on “Module Configuration” link on the right of the “Bacula Backup System” page.
Select the database i.e “MySQL” in this case and enter the bacula database user password. Then click save.

Now you will get the window like shown below.
That’s it. From here you can add Backup clients, Volumes and schedule jobs etc.




Tuesday, August 20, 2013

install RHEL EPEL repository on Centos 5.x or 6.x

The following article will describe how to configure a CentOS 5.x-based or Centos 6.x-based system to use Fedora Epel repos and third party remi package repos. These package repositories are not officially supported by CentOS, but they provide much more current versions of popular applications like PHP or MYSQL.

Install the extra repositories

The first step requires downloading some RPM files that contain the additional YUM repository definitions. The instructions below point to the 64-bit versions that work with our Cloud Server instances.

Centos 5.x

wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
sudo rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

Centos 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
Once installed you should see some additional repo definitions under the /etc/yum.repos.d directory.
$ ls -1 /etc/yum.repos.d/epel* /etc/yum.repos.d/remi.repo
/etc/yum.repos.d/epel.repo
/etc/yum.repos.d/epel-testing.repo
/etc/yum.repos.d/remi.repo

Enable the remi repository

The remi repository provides a variety of up-to-date packages that are useful or are a requirement for many popular web-based services. That means it generally is not a bad idea to enable the remi repositories by default.
First, open the /etc/yum.repos.d/remi.repo repository file using a text editor of your choice:
sudo vim /etc/yum.repos.d/remi.repo
Edit the [remi] portion of the file so that the enabled option is set to 1. This will enable the remi repository.
name=Les RPM de remi pour Enterprise Linux $releasever - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
failovermethod=priority
You will now have a larger array of yum repositories from which to install.

Sunday, August 18, 2013

Configure linux dns server step by step guide (Master Slave DNS Server)

The DNS ( Domain Name System ) is a distributed system, used for transalate domain names to IP and vice a versa. This article will help you to How to Setup Master Slave DNS Server on CentOS 6 and RHEL Systems.
Network Scenario for this Setup:
  • Master DNS Server IP: 10.3.150.14 ( ns1.linuxadmin.net )
  • Slave DNS Server IP: 10.3.150.15 ( ns2.linuxadmin.net )
  • Domain Name : demolinuxadmin.net ( For Testing Purpose )
  • Domain IP : 10.3.150.16 ( For Testing Purpose )
Step 1: Install Required RPMS ( at Master and Slave Both )
Install bind packages at both Master and Slave dns servers using following commands.
# yum install bind bind-chroot
Step 2: Setup Master (NS1) DNS Server
There are two types of configuration files in DNS.
  • One is main dns configuration files named “named.conf”
  • Another type of configuration file are called zone file. Which is individually created for all domains. named.conf keeps an entry for all zone files.
2.1 Configure named.conf using below configuration
# vim /var/named/chroot/etc/named.conf
Content of named.conf:
// /var/named/chroot/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 192.168.1.0/24; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "demolinuxadmin.net" IN {
        type master;
        file "/var/named/demolinuxadmin.net.db";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
2.2 Create a zone file for you domain “demolinuxadmin.net”
# vim /var/named/chroot/var/named/demolinuxadmin.net.db
Content of zone file:
; Zone file for demolinuxadmin.net
$TTL 14400
@      86400    IN      SOA     ns1.linuxadmin.net. webmaster.linuxadmin.net. (
                3215040200      ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

demolinuxadmin.net. 86400 IN NS ns1.linuxadmin.net.
demolinuxadmin.net. 86400 IN NS ns2.linuxadmin.net.
demolinuxadmin.net. IN A 10.3.150.16
demolinuxadmin.net. IN MX 0 demolinuxadmin.net.
mail IN CNAME demolinuxadmin.net.
www IN CNAME demolinuxadmin.net.
2.3 Add more domains in dns server.
To add more domains in dns, create zone files individually for all domain as above. After that add any entry for all zones in named.conf like below. Change demolinuxadmin.net with your domain name.
zone "demolinuxadmin.net" IN {
        type master;
        file "/var/named/demolinuxadmin.net.db";
        allow-update { none; };
};
Step 2.4: Start named service .
Start named (bind) service using following command and setup auto start on system boot.
# /etc/init.d/named restart
# chkconfig named on
Step 3: Setup Slave (NS2) DNS Server
At slave dns server you need to update named.conf file only. All zone files will automatically synced from master dns server. Any changes done on Master will reflect on slave after a specified time interval.
3.1 Configure named.conf using below configuration
# vim /var/named/chroot/etc/named.conf
Content of named.conf:
// /var/named/chroot/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 192.168.1.0/24; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "demolinuxadmin.net" IN {
        type slave;
        file "slaves/demolinuxadmin.net.db";
        masters { 10.3.150.14; };
};

include "/etc/named.rfc1912.zones";
Step 3.2: Start named Service
Start named (bind) service using below command.
# /etc/init.d/named restart
# chkconfig named on
After restarting named service, Check zone files on slave dns server at /var/named/chroot/var/named/slaves/.
Step 4: Finally Test Your DNS Setup.
Query to your Master and Slave DNS Server directly using following commands, You will get the same resonse from both servers.
Syntax: nslookup <domainname.com> <dns server name/ip>
Query to Master DNS Server:
# nslookup demolinuxadmin.net 10.3.150.14

Server:         10.3.150.14
Address:        10.3.150.14#53

Name:   demolinuxadmin.net
Address: 10.3.150.16
Query to Slave DNS Server:
# nslookup demolinuxadmin.net 10.3.150.15

Server:         10.3.150.15
Address:        10.3.150.15#53

Name:   demolinuxadmin.net
Address: 10.3.150.16
Above outputs is showing that dns server has successfully resolved domain demolinuxadmin.net from master and slave dns servers.