tag:blogger.com,1999:blog-43049143131777738202024-03-13T19:52:33.568-07:00VelcroHurtsStephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-4304914313177773820.post-91034623639916005672015-07-21T13:21:00.000-07:002015-07-21T17:13:09.361-07:00Change the strings To expand puppet farther, we should look at some basics and get a better understanding of things.<br />
Out of the box puppet lets you do some fun things, but its reporting and monitoring is a bit lacking unless you buy <a href="https://puppetlabs.com/puppet/puppet-enterprise" target="_blank">Puppet Enterprise</a><br />
So yes there are other ways to get reporting, these are just the ways I found in 2015 to get some insite into things and it starts here.<br />
<br />
Start with I am on Ubuntu systems, so that might be a factor, but just replace the apt-get with yummy install.<br />
<br />
Let's start by making the basic assumption that your puppet server is not a shared resource server, or this will end badly. Ok not this step but any future steps would.<br />
<br />
Let's do the simple install of them from the pre-existing repo you used to install puppetmaster.<br />
<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">root@puppet02:~# sudo apt-get install puppetdb puppetdb-terminus </pre>
</div>
<br />
<br />
The first thing you want to do after the install is change the heap size. This is in /etc/default/puppetdb<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;"># Modify this if you'd like to change the memory allocation, enable JMX, etc</span>
<span style="color: #40ffff;">JAVA_ARGS</span><span style="color: #d0d0d0;">=</span><span style="color: #ed9d13;">"-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -Djava.security.egd=file:/dev/urandom"</span>
</pre>
</div>
<br />
You want to make the -Xmx192m to at least 1GB for under 100 servers<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;"># Modify this if you'd like to change the memory allocation, enable JMX, etc</span>
<span style="color: #40ffff;">JAVA_ARGS</span><span style="color: #d0d0d0;">=</span><span style="color: #ed9d13;">"-Xmx1024m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -Djava.security.egd=file:/dev/urandom"</span>
</pre>
</div>
<br />
Next is tying it to puppetmaster so create the file /etc/puppet/puppetdb.conf and add<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">[</span>main<span style="color: #d0d0d0;">]</span>
<span style="color: #40ffff;">server</span> <span style="color: #d0d0d0;">=</span> puppetdb.example.com
<span style="color: #40ffff;">port</span> <span style="color: #d0d0d0;">=</span> 8081
<span style="color: #40ffff;">soft_write_failure</span> <span style="color: #d0d0d0;">=</span> <span style="color: #24909d;">false</span>
</pre>
</div>
<br />
Next you want puppet to be able to know where to put the confis and the reports so lets tell it in the /etc/puppet/puppet.conf<br />
I add these lines under the [master] section<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #40ffff;">storeconfigs</span> <span style="color: #d0d0d0;">=</span> <span style="color: #24909d;">true</span>
<span style="color: #40ffff;">storeconfigs_backen</span> <span style="color: #d0d0d0;">=</span> puppetdb
<span style="color: #40ffff;">reports</span> <span style="color: #d0d0d0;">=</span> store,puppetdb</pre>
</div>
<br />
Next we add the routes so it knows where to look, the default location is /etc/puppet/routes.yaml so im putting it there<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">---
master:
facts:
terminus: puppetdb
cache: yaml
</pre>
</div>
<br />
<br />
In the offical instructions it says to verify permissions, so lets do that<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">root@puppet02:~# sudo chown -R puppet:puppet /etc/puppet
</pre>
</div>
<br />
Next step is to allow the connections to the /etc/puppetdb/conf.d/jetty.ini<br />
My config is below, I have only added the line host = 0.0.0.0 <br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">[</span>jetty<span style="color: #d0d0d0;">]</span>
<span style="color: #999999; font-style: italic;"># IP address or hostname to listen for clear-text HTTP. To avoid resolution</span>
<span style="color: #999999; font-style: italic;"># issues, IP addresses are recommended over hostnames.</span>
<span style="color: #999999; font-style: italic;"># Default is `localhost`.</span>
<span style="color: #999999; font-style: italic;"># host = <host></span>
<span style="color: #40ffff;">host</span> <span style="color: #d0d0d0;">=</span> 0.0.0.0
<span style="color: #999999; font-style: italic;"># Port to listen on for clear-text HTTP.</span>
<span style="color: #40ffff;">port</span> <span style="color: #d0d0d0;">=</span> 8080
<span style="color: #999999; font-style: italic;"># The following are SSL specific settings. They can be configured</span>
<span style="color: #999999; font-style: italic;"># automatically with the tool `puppetdb ssl-setup`, which is normally</span>
<span style="color: #999999; font-style: italic;"># ran during package installation.</span>
<span style="color: #999999; font-style: italic;"># IP address to listen on for HTTPS connections. Hostnames can also be used</span>
<span style="color: #999999; font-style: italic;"># but are not recommended to avoid DNS resolution issues. To listen on all</span>
<span style="color: #999999; font-style: italic;"># interfaces, use `0.0.0.0`.</span>
ssl-host <span style="color: #d0d0d0;">=</span> 0.0.0.0
<span style="color: #999999; font-style: italic;"># The port to listen on for HTTPS connections</span>
ssl-port <span style="color: #d0d0d0;">=</span> 8081
<span style="color: #999999; font-style: italic;"># Private key path</span>
ssl-key <span style="color: #d0d0d0;">=</span> /etc/puppetdb/ssl/private.pem
<span style="color: #999999; font-style: italic;"># Public certificate path</span>
ssl-cert <span style="color: #d0d0d0;">=</span> /etc/puppetdb/ssl/public.pem
<span style="color: #999999; font-style: italic;"># Certificate authority path</span>
ssl-ca-cert <span style="color: #d0d0d0;">=</span> /etc/puppetdb/ssl/ca.pem
</pre>
</div>
<br />
<br />
Now we want to make sure the certificates are valid. So lets do a puppetdb ssl-setup<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">root@puppet02:~# puppetdb ssl-setup -f
PEM files in /etc/puppetdb/ssl already exists, checking integrity.
Overwriting existing PEM files due to -f flag
Copying files: /var/lib/puppet/ssl/certs/ca.pem, /var/lib/puppet/ssl/private_keys/puppet2.velcrohurts.com.pem and /var/lib/puppet/ssl/certs/puppet2.velcrohurts.com.pem to /etc/puppetdb/ssl
Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct.
</pre>
</div>
<br />
<br />
Then we should be able to restart the puppetmaster service and the puppetdb service<br />
We know it works when the /var/log/puppetdb/puppetdb.log is tailed and it shows the connections<br />
and if everything works right, we should have the output of<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">2015-07-17 15:21:58,104 INFO <span style="color: #d0d0d0;">[</span>o.e.j.s.h.ContextHandler<span style="color: #d0d0d0;">]</span> Started o.e.j.s.h.ContextHandler@788953f5<span style="color: #d0d0d0;">{</span>/,null,AVAILABLE<span style="color: #d0d0d0;">}</span>
2015-07-17 15:21:58,120 INFO <span style="color: #d0d0d0;">[</span>c.p.p.c.services<span style="color: #d0d0d0;">]</span> Starting sweep of stale reports <span style="color: #d0d0d0;">(</span>threshold: 14 days<span style="color: #d0d0d0;">)</span>
2015-07-17 15:21:58,161 INFO <span style="color: #d0d0d0;">[</span>c.p.p.c.services<span style="color: #d0d0d0;">]</span> Finished sweep of stale reports <span style="color: #d0d0d0;">(</span>threshold: 14 days<span style="color: #d0d0d0;">)</span>
2015-07-17 15:21:58,162 INFO <span style="color: #d0d0d0;">[</span>c.p.p.c.services<span style="color: #d0d0d0;">]</span> Starting database garbage collection
2015-07-17 15:21:58,250 INFO <span style="color: #d0d0d0;">[</span>c.p.p.c.services<span style="color: #d0d0d0;">]</span> Finished database garbage collection
</pre>
</div>
<br />
<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-18105642727656523282015-06-18T12:29:00.000-07:002015-06-18T12:29:08.650-07:00Variables May VaryNow that we have talked about puppet some, let's add some variables to the mix.<br />
The simple idea is that they are passed from the puppet/manifest/site.pp to the module/apache/templates/velcrohurts.conf.erb via magic!<br />
<br />
I agree, it is magic, but the magic tells you how to do it.<br />
Lets start with breaking down our previous simple config.<br />
<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;"># Managed by Puppet </span>
<span style="color: #999999; font-style: italic;"># All changes will be overwriten </span>
<VirtualHost *:80>
ServerName internal.velcrohurts.net
DocumentRoot /var/www/html/
LogLevel info
LogFormat <span style="color: #ed9d13;">"%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b"</span> combined
ErrorLog <span style="color: #6ab825; font-weight: bold;">${</span><span style="color: #40ffff;">APACHE_LOG_DIR</span><span style="color: #6ab825; font-weight: bold;">}</span>/velcrohurts-error.log
CustomLog <span style="color: #6ab825; font-weight: bold;">${</span><span style="color: #40ffff;">APACHE_LOG_DIR</span><span style="color: #6ab825; font-weight: bold;">}</span>/velcrohurts-access.log combined
RedirectMatch ^/<span style="color: #40ffff;">$ </span>http://velcrohurts.net/
<Directory /var/www/html/>
AllowOverride all
Order allow,deny
allow from all
</Directory>
</virtualHost>
</pre>
</div>
<br />
The virtual host config has the ServerName, what if we want to use this config for other servers.<br />
We can edit it, or we can set it as a variable. Let's do the second one for this example.<br />
<br />
First we need to copy the config to the modules/apache/templates/velcrohurts.conf.erb<br />
<br />
Then we want to edit it to add the variable names.<br />
<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;"># Managed by Puppet </span>
<span style="color: #999999; font-style: italic;"># All changes will be overwriten </span>
<VirtualHost *:80>
ServerName <%= server_name %>
DocumentRoot /var/www/html/
LogLevel info
LogFormat <span style="color: #ed9d13;">"%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b"</span> combined
ErrorLog <span style="color: #6ab825; font-weight: bold;">${</span><span style="color: #40ffff;">APACHE_LOG_DIR</span><span style="color: #6ab825; font-weight: bold;">}</span>/<%= server_name %><span style="line-height: 125%;">-error.log</span></pre>
<pre style="line-height: 125%; margin: 0;">CustomLog <span style="color: #6ab825; font-weight: bold;">${</span><span style="color: #40ffff;">APACHE_LOG_DIR</span><span style="color: #6ab825; font-weight: bold;">}</span>/<span style="line-height: 125%;"><%= server_name %></span><span style="line-height: 125%;">-access.log combined</span>
RedirectMatch ^/<span style="color: #40ffff;">$ </span>http://velcrohurts.net/
<Directory /var/www/html/>
AllowOverride all
Order allow,deny
allow from all
</Directory>
</virtualHost>
</pre>
</div>
<br />
So now that we have the .erb we need to edit our modules/apache/manifests/init.pp and add the variables there, and make a few changes.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">class apache <span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$server_name</span><span style="color: #d0d0d0;">){</span>
<span style="color: #999999; font-style: italic;"># Install package </span>
package <span style="color: #d0d0d0;">{</span><span style="color: #ed9d13;">'apache2'</span>:
<span style="color: #40ffff;">ensure</span> <span style="color: #d0d0d0;">=</span>> installed,
<span style="color: #d0d0d0;">}</span>
<span style="color: #999999; font-style: italic;"># set the configure for debian </span>
file <span style="color: #d0d0d0;">{</span> <span style="color: #ed9d13;">'/etc/apache2/sites-available/velcrohurts.conf'</span>:
<span style="color: #40ffff;">ensure</span> <span style="color: #d0d0d0;">=</span>> file,
<span style="color: #40ffff;">mode</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'0644'</span>,
<span style="color: #40ffff;">owner</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'root'</span>,
<span style="color: #40ffff;">group</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'root'</span>,
<span style="color: #40ffff;">content</span> <span style="color: #d0d0d0;">=</span>> template<span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">"apache/velcrohurts.conf.erb"</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #40ffff;">require</span> <span style="color: #d0d0d0;">=</span>> Package<span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">'apache2'</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #40ffff;">notify</span> <span style="color: #d0d0d0;">=</span>> Exec <span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">"reload-apache2"</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #d0d0d0;">}</span>
<span style="color: #999999; font-style: italic;"># Reload apache with the config </span>
<span style="color: #999999; font-style: italic;"># And remove the default-000 config </span>
<span style="color: #24909d;">exec</span> <span style="color: #d0d0d0;">{</span><span style="color: #ed9d13;">'/usr/sbin/a2dissite 000-default'</span>:
<span style="color: #40ffff;">require</span> <span style="color: #d0d0d0;">=</span>> Package<span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">'apache2'</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #40ffff;">notify</span> <span style="color: #d0d0d0;">=</span>> Exec <span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">"reload-apache2"</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #d0d0d0;">}</span>
<span style="color: #999999; font-style: italic;"># Now add your config </span>
<span style="color: #24909d;">exec</span> <span style="color: #d0d0d0;">{</span><span style="color: #ed9d13;">'/usr/sbin/a2ensite ajplus'</span>:
<span style="color: #40ffff;">notify</span> <span style="color: #d0d0d0;">=</span>> Exec <span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">"reload-apache2"</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #40ffff;">require</span> <span style="color: #d0d0d0;">=</span>> Package<span style="color: #d0d0d0;">[</span><span style="color: #ed9d13;">'apache2'</span><span style="color: #d0d0d0;">]</span>,
<span style="color: #d0d0d0;">}</span>
<span style="color: #999999; font-style: italic;"># the apache reloader </span>
<span style="color: #24909d;">exec</span> <span style="color: #d0d0d0;">{</span> <span style="color: #ed9d13;">'reload-apache2'</span>:
<span style="color: #24909d;">command</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'/etc/init.d/apache2 reload'</span>,
<span style="color: #40ffff;">refreshonly</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #24909d;">true</span>,
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />
<br />
The final step here is to add the magic, set the manifests/site.pp settings<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">node default <span style="color: #d0d0d0;">{</span>
include accounts
<span style="color: #d0d0d0;">}</span>
<span style="color: #999999; font-style: italic;"># web servers </span>
node web1 <span style="color: #d0d0d0;">{</span>
class apache <span style="color: #d0d0d0;">{</span>
<span style="color: #40ffff;">server_name</span> <span style="color: #d0d0d0;">=</span> internal.velcrohurts.com
<span style="color: #d0d0d0;">}</span>
node web2 <span style="color: #d0d0d0;">{</span>
class apache <span style="color: #d0d0d0;">{</span>
<span style="color: #40ffff;">server_name</span> <span style="color: #d0d0d0;">=</span> public.velcrohurts.com
<span style="color: #d0d0d0;">}</span>
node web3 <span style="color: #d0d0d0;">{</span>
class apache <span style="color: #d0d0d0;">{</span>
<span style="color: #40ffff;">server_name</span> <span style="color: #d0d0d0;">=</span> public.velcrohurts.com
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-29853898982362008732015-06-09T15:56:00.000-07:002015-06-09T15:59:00.330-07:00Do it againHow about a super simple apache install?<br />
This is just a really simple installation of apache, and it can be done with any application. I might even have a short cut in my text expander.<br />
<br />
this is the modules/apache/manifests/init.pp<br />
<br />
<!-- HTML generated using hilite.me --><div style="background: #202020; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%">class apache <span style="color: #d0d0d0">{</span>
<span style="color: #999999; font-style: italic"># Install package </span>
package <span style="color: #d0d0d0">{</span><span style="color: #ed9d13">'apache2'</span>:
<span style="color: #40ffff">ensure</span> <span style="color: #d0d0d0">=</span>> installed,
<span style="color: #d0d0d0">}</span>
<span style="color: #999999; font-style: italic"># set the configure for debian </span>
file <span style="color: #d0d0d0">{</span> <span style="color: #ed9d13">'/etc/apache2/sites-available/velcrohurts.conf'</span>:
<span style="color: #40ffff">ensure</span> <span style="color: #d0d0d0">=</span>> file,
<span style="color: #40ffff">mode</span> <span style="color: #d0d0d0">=</span>> <span style="color: #ed9d13">'0644'</span>,
<span style="color: #40ffff">owner</span> <span style="color: #d0d0d0">=</span>> <span style="color: #ed9d13">'root'</span>,
<span style="color: #40ffff">group</span> <span style="color: #d0d0d0">=</span>> <span style="color: #ed9d13">'root'</span>,
<span style="color: #24909d">source</span> <span style="color: #d0d0d0">=</span>> <span style="color: #ed9d13">'puppet:///modules/apache/velcrohurts.conf'</span>,
<span style="color: #40ffff">require</span> <span style="color: #d0d0d0">=</span>> Package<span style="color: #d0d0d0">[</span><span style="color: #ed9d13">'apache2'</span><span style="color: #d0d0d0">]</span>,
<span style="color: #40ffff">notify</span> <span style="color: #d0d0d0">=</span>> Exec <span style="color: #d0d0d0">[</span><span style="color: #ed9d13">"reload-apache2"</span><span style="color: #d0d0d0">]</span>,
<span style="color: #d0d0d0">}</span>
<span style="color: #999999; font-style: italic"># Reload apache with the config </span>
<span style="color: #999999; font-style: italic"># And remove the default-000 config </span>
<span style="color: #24909d">exec</span> <span style="color: #d0d0d0">{</span><span style="color: #ed9d13">'/usr/sbin/a2dissite 000-default'</span>:
<span style="color: #40ffff">require</span> <span style="color: #d0d0d0">=</span>> Package<span style="color: #d0d0d0">[</span><span style="color: #ed9d13">'apache2'</span><span style="color: #d0d0d0">]</span>,
<span style="color: #40ffff">notify</span> <span style="color: #d0d0d0">=</span>> Exec <span style="color: #d0d0d0">[</span><span style="color: #ed9d13">"reload-apache2"</span><span style="color: #d0d0d0">]</span>,
<span style="color: #d0d0d0">}</span>
<span style="color: #999999; font-style: italic"># Now add your config </span>
<span style="color: #24909d">exec</span> <span style="color: #d0d0d0">{</span><span style="color: #ed9d13">'/usr/sbin/a2ensite ajplus'</span>:
<span style="color: #40ffff">notify</span> <span style="color: #d0d0d0">=</span>> Exec <span style="color: #d0d0d0">[</span><span style="color: #ed9d13">"reload-apache2"</span><span style="color: #d0d0d0">]</span>,
<span style="color: #40ffff">require</span> <span style="color: #d0d0d0">=</span>> Package<span style="color: #d0d0d0">[</span><span style="color: #ed9d13">'apache2'</span><span style="color: #d0d0d0">]</span>,
<span style="color: #d0d0d0">}</span>
<span style="color: #999999; font-style: italic"># the apache reloader </span>
<span style="color: #24909d">exec</span> <span style="color: #d0d0d0">{</span> <span style="color: #ed9d13">'reload-apache2'</span>:
<span style="color: #24909d">command</span> <span style="color: #d0d0d0">=</span>> <span style="color: #ed9d13">'/etc/init.d/apache2 reload'</span>,
<span style="color: #40ffff">refreshonly</span> <span style="color: #d0d0d0">=</span>> <span style="color: #24909d">true</span>,
<span style="color: #d0d0d0">}</span>
<span style="color: #d0d0d0">}</span>
</pre></div><br />
<br />
<br />
That just keeps it nice and simple. It installs the apache app, sets the config, and restarts apache.<br />
My config is simple because I only have 1 site per server, so my modules/apache/files/velcrohurts.conf looks a lot like this.<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;"># Managed by Puppet </span>
<span style="color: #999999; font-style: italic;"># All changes will be overwriten </span>
<VirtualHost *:80>
ServerName internal.velcrohurts.net
DocumentRoot /var/www/html/
LogLevel info
LogFormat <span style="color: #ed9d13;">"%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b"</span> combined
ErrorLog <span style="color: #6ab825; font-weight: bold;">${</span><span style="color: #40ffff;">APACHE_LOG_DIR</span><span style="color: #6ab825; font-weight: bold;">}</span>/velcrohurts-error.log
CustomLog <span style="color: #6ab825; font-weight: bold;">${</span><span style="color: #40ffff;">APACHE_LOG_DIR</span><span style="color: #6ab825; font-weight: bold;">}</span>/velcrohurts-access.log combined
RedirectMatch ^/<span style="color: #40ffff;">$ </span>http://velcrohurts.net/
<Directory /var/www/html/>
AllowOverride all
Order allow,deny
allow from all
</Directory>
</virtualHost>
</pre></div><br />
<br />
Then finally, your module should look like this under your manifests/site.pp<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;"><pre style="line-height: 125%; margin: 0;">node default <span style="color: #d0d0d0;">{</span>
include accounts
<span style="color: #d0d0d0;">}</span>
<span style="color: #999999; font-style: italic;"># web servers </span>
node web1 <span style="color: #d0d0d0;">{</span>
include apache
<span style="color: #d0d0d0;">}</span>
</pre><pre style="line-height: 125%; margin: 0;">node web2 <span style="color: #d0d0d0;">{</span>
include apache
<span style="color: #d0d0d0;">}</span>
node web3 <span style="color: #d0d0d0;">{</span>
include apache
<span style="color: #d0d0d0;">}</span>
</pre></div>Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-10652352552359039782015-05-12T16:47:00.002-07:002015-05-12T16:47:45.996-07:00There are no strings on me! Lets start with puppet. <br />
I think I made a mistake and made it too complicated out of the gate. I did some bad things in my configs, like set environments for different things.<br />
So lets review a basic puppetmaster config with environments.<br />
It is in the standard <i>/etc/puppet/puppet.conf</i> location<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">[</span>main<span style="color: #d0d0d0;">]</span>
<span style="color: #40ffff;">logdir</span><span style="color: #d0d0d0;">=</span>/var/log/puppet
<span style="color: #40ffff;">vardir</span><span style="color: #d0d0d0;">=</span>/var/lib/puppet
<span style="color: #40ffff;">ssldir</span><span style="color: #d0d0d0;">=</span>/var/lib/puppet/ssl
<span style="color: #40ffff;">rundir</span><span style="color: #d0d0d0;">=</span>/var/run/puppet
<span style="color: #40ffff;">factpath</span><span style="color: #d0d0d0;">=</span><span style="color: #40ffff;">$vardir</span>/lib/facter
<span style="color: #40ffff;">environmentpath</span> <span style="color: #d0d0d0;">=</span> <span style="color: #40ffff;">$confdir</span>/environments
<span style="color: #40ffff;">basemodulepath</span> <span style="color: #d0d0d0;">=</span> <span style="color: #40ffff;">$confdir</span>/modules
<span style="color: #40ffff;">dns_alt_names</span> <span style="color: #d0d0d0;">=</span> puppet,puppet.velcrohurts.com,puppet.velcrohurts.local
<span style="color: #40ffff;">prerun_command</span><span style="color: #d0d0d0;">=</span>/etc/puppet/etckeeper-commit-pre
<span style="color: #40ffff;">postrun_command</span><span style="color: #d0d0d0;">=</span>/etc/puppet/etckeeper-commit-post
<span style="color: #40ffff;">server</span> <span style="color: #d0d0d0;">=</span> puppet.velcrohurts.com
<span style="color: #40ffff;">runinterval</span> <span style="color: #d0d0d0;">=</span> 300
<span style="color: #d0d0d0;">[</span>master<span style="color: #d0d0d0;">]</span>
<span style="color: #999999; font-style: italic;"># These are needed when the puppetmaster is run by passenger</span>
<span style="color: #999999; font-style: italic;"># and can safely be removed if webrick is used.</span>
<span style="color: #40ffff;">ssl_client_header</span> <span style="color: #d0d0d0;">=</span> SSL_CLIENT_S_DN
<span style="color: #40ffff;">ssl_client_verify_header</span> <span style="color: #d0d0d0;">=</span> SSL_CLIENT_VERIFY
</pre>
</div>
<br />
So that little bit tells us we want to use environments in /etc/puppet/environments/<br />
inside that directory we have<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">stephen.mcgroarty@nostrings:~<span style="color: #40ffff;">$ </span>ls /etc/puppet/environments/
development example_env production staging
</pre>
</div>
<br />
I think the labels are self explanatory here, but you can add a folder for whatever environment you want. <br />
I recommend usign the <i>environment = </i> tag on the clients.<br />
I actually have a puppet manifest for the client side, so that when I put them in it stays there.<br />
<br />
For the client, I have this manifest under <i>/etc/puppet/environments/staging/modules/puppet/manifests/init.pp</i><br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">class puppet <span style="color: #d0d0d0;">{</span>
file <span style="color: #d0d0d0;">{</span> <span style="color: #ed9d13;">'/etc/puppet/puppet.conf'</span>:
<span style="color: #40ffff;">ensure</span> <span style="color: #d0d0d0;">=</span>> file,
<span style="color: #40ffff;">mode</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'644'</span>,
<span style="color: #40ffff;">owner</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'root'</span>,
<span style="color: #40ffff;">group</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'root'</span>,
<span style="color: #24909d;">source</span> <span style="color: #d0d0d0;">=</span>> <span style="color: #ed9d13;">'puppet:///modules/puppet/puppet.conf.erb'</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span></pre>
</div>
<br />
<br />
Then for the <i>modules/puppet/files/puppet.conf.erb</i> I have the puppet config.<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;">## Managed by Puppet ## </span>
<span style="color: #d0d0d0;">[</span>main<span style="color: #d0d0d0;">]</span>
<span style="color: #40ffff;">logdir</span><span style="color: #d0d0d0;">=</span>/var/log/puppet
<span style="color: #40ffff;">vardir</span><span style="color: #d0d0d0;">=</span>/var/lib/puppet
<span style="color: #40ffff;">ssldir</span><span style="color: #d0d0d0;">=</span>/var/lib/puppet/ssl
<span style="color: #40ffff;">rundir</span><span style="color: #d0d0d0;">=</span>/var/run/puppet
<span style="color: #40ffff;">factpath</span><span style="color: #d0d0d0;">=</span><span style="color: #40ffff;">$vardir</span>/lib/facter
<span style="color: #40ffff;">server</span> <span style="color: #d0d0d0;">=</span> puppet.velcrohurts.local
<span style="color: #40ffff;">environment</span> <span style="color: #d0d0d0;">=</span> staging
<span style="color: #40ffff;">runinterval</span> <span style="color: #d0d0d0;">=</span> 500
</pre>
</div>
<br />
I change the environment = based on what location I want, and using puppet to control the puppet.conf might seem a bit odd, but it never changes on a single server for very long.Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-51275565242747752732015-05-08T01:22:00.003-07:002015-05-08T01:32:56.375-07:00Quick and DirtyLet me make this a quick and dirty one because I just want to post something slightly useful. So no re-write, no review, the errors stay for the most part.<br />
<br />
Here is a git command line shortcut that I use almost daily, and it has been really easy to use from the command prompt, it is an alias for lol<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #333333; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #999999;">[</span><span style="color: #007020;">alias</span><span style="color: #999999;">]</span>
<span style="color: #996633;">lol</span> <span style="color: #999999;">=</span> log --graph --decorate --pretty<span style="color: #999999;">=</span>oneline --abbrev-commit
<span style="color: #996633;">lola</span> <span style="color: #999999;">=</span> log --graph --decorate --pretty<span style="color: #999999;">=</span>oneline --abbrev-commit --all
</pre></div><br />
Once you have it in your /home/username/.gitconfig you can do the cool thing of laughing out loud at git, and some people do, but I dont enjoy typing lol<br />
<br />
The output looks all nice and happy<br />
<br />
git lol<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT9JeMljPgOWo98R_Lu5rx8uMYqtJUsXQI_xhWSnaBTN9HA8wtS7R2Jc6yzDXYdzGuayx2VQUF5EOu1rs_pIaygXwwOqMG1UAo8-JH_yJcHIrCUEI1W88x8Al_4LtTab0wL9mVv1t5YQo/s1600/Screen+Shot+2015-05-08+at+1.13.57+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="122" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT9JeMljPgOWo98R_Lu5rx8uMYqtJUsXQI_xhWSnaBTN9HA8wtS7R2Jc6yzDXYdzGuayx2VQUF5EOu1rs_pIaygXwwOqMG1UAo8-JH_yJcHIrCUEI1W88x8Al_4LtTab0wL9mVv1t5YQo/s400/Screen+Shot+2015-05-08+at+1.13.57+AM.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: left;">vs </div><div class="separator" style="clear: both; text-align: left;">git log </div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKt2AfHHog0YrnxSpELyPY8WXNFRKu73jid_E92sQhCt1pDEKVMGhYskPqNJ7X__npX_Y6wpeusrarND93XWCE5mzGuS3-EDpJzSM6-vriKqFA4J6yeAvSqrqeeMvpLEbudQtGqgIK1IE/s1600/Screen+Shot+2015-05-08+at+1.20.05+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKt2AfHHog0YrnxSpELyPY8WXNFRKu73jid_E92sQhCt1pDEKVMGhYskPqNJ7X__npX_Y6wpeusrarND93XWCE5mzGuS3-EDpJzSM6-vriKqFA4J6yeAvSqrqeeMvpLEbudQtGqgIK1IE/s400/Screen+Shot+2015-05-08+at+1.20.05+AM.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: left;">The choice is yours, but I like pretty colors and shorter blocks. </div>Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-90061524551957320682015-04-22T00:51:00.001-07:002015-04-22T00:51:58.419-07:00Works for me! One of the more interesting things I have had to do lately was setup a site to site VPN in AWS using openswan.<br />
After reading all the notes, blog posts, forum posts I was able to luck onto a configuration that works for me, your milage will vary.<br />
<br />
Spin up your new instances in AWS, details can be found elsewhere, but once you get the new instances spun up in each location you can start the configuration parts.<br />
<br />
After the instance is deployed right click on it and select Networking > Change Source/Dest. Check and then select Enable<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLNnm2RuRFYAIltx05CZidfzxN4s9-zh-41nv-uzP6N_dmHfoYSZH0_nG4FLSH-isgG62LseJpfhZ0DZFgETtMOmDFEvgLODPaEX1V-bjsIOWqpHd3I4txEE60JfedVYWnpWo0Vrt3y10/s1600/Screen+Shot+2015-04-20+at+5.02.18+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLNnm2RuRFYAIltx05CZidfzxN4s9-zh-41nv-uzP6N_dmHfoYSZH0_nG4FLSH-isgG62LseJpfhZ0DZFgETtMOmDFEvgLODPaEX1V-bjsIOWqpHd3I4txEE60JfedVYWnpWo0Vrt3y10/s1600/Screen+Shot+2015-04-20+at+5.02.18+PM.png" height="291" width="640" /></a></div>
<br />
If you do not enable this setting, you will not get full two way traffic, so be warned.<br />
<br />
<br />
Now we want to add the routing to the VPC the select an Elastic IP for the instances and assign it. Once per site. Write down the Network Interface ID, eni-XXXXXXXX<br />
<br />
While under the VPC select Route Tables and then your VPC<br />
Edit > Add Another Route <br />
The next part put your remote subnet and the Network Interface ID, eni-XXXXXXXX and save that.<br />
<br />
For the security parts, you need these.<br />
If you had your instance in the default group, that is fine, but here we want to change it.<br />
I usually make my own firewall rules for this part, use your own judgement here.<br />
<br />
You need UDP 500 and UDP 4500.<br />
You also need ESP 50<br />
<br />
I usually do All Traffic to the remote public IP<br />
And then I do Custom Protocol type in 50, and then all ports to the remote IP<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxhCYqaRotdQYXQsh7IQZAtbuanwZQ4ryRS8pftDUM3Qk9dqDZsKw2rwlfRmJKvLpFTSS7DjkAg1IyMfDDxPt-gR_zRSDyrhze59YSn3pFem9AhA5224VS5QoWiZHwA_CELdqNu8Gp0j0/s1600/Screen+Shot+2015-04-20+at+6.13.55+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxhCYqaRotdQYXQsh7IQZAtbuanwZQ4ryRS8pftDUM3Qk9dqDZsKw2rwlfRmJKvLpFTSS7DjkAg1IyMfDDxPt-gR_zRSDyrhze59YSn3pFem9AhA5224VS5QoWiZHwA_CELdqNu8Gp0j0/s1600/Screen+Shot+2015-04-20+at+6.13.55+PM.png" height="206" width="640" /></a></div>
The sg- sources are the other security groups, you need to to have those for all the subnets to talk to each other.<br />
<br />
Next do you apt-get/yum install openswan, it is part of the standard ubuntu packages. You also want to install ipsec-tools on Ubuntu.<br />
<br />
Now we get to the "works for me" part of this. After reading the openswan manual, may forum, blog and news group posts, I discovered the that I needed more settings then they were showing. So here we go.<br />
<br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">conn conn-name-east
<span style="color: green;">type</span><span style="color: #666666;">=</span>tunnel
<span style="color: #19177c;">left</span><span style="color: #666666;">=</span>10.1.1.101 <span style="color: #408080; font-style: italic;"># your private IP of this server </span>
<span style="color: #19177c;">leftsubnets</span><span style="color: #666666;">=</span>10.1.0.0/16 <span style="color: #408080; font-style: italic;"># Full VPC subnet</span>
<span style="color: #19177c;">leftid</span><span style="color: #666666;">=</span>52.XX.XX.XX <span style="color: #408080; font-style: italic;">#Your public IP of this server </span>
<span style="color: #19177c;">leftsourceip</span><span style="color: #666666;">=</span>10.1.1.101
<span style="color: #19177c;">right</span><span style="color: #666666;">=</span>54.XX.XX.XX <span style="color: #408080; font-style: italic;"># The remote server IP </span>
<span style="color: #19177c;">rightsubnets</span><span style="color: #666666;">=</span>10.2.0.0/16
<span style="color: #19177c;">rightid</span><span style="color: #666666;">=</span>54.XX.XX.XX <span style="color: #408080; font-style: italic;">#The other IP</span>
<span style="color: #19177c;">pfs</span><span style="color: #666666;">=</span>no
<span style="color: #19177c;">forceencaps</span><span style="color: #666666;">=</span>yes
<span style="color: #19177c;">authby</span><span style="color: #666666;">=</span>secret
<span style="color: #19177c;">auto</span><span style="color: #666666;">=</span>start
</pre>
</div>
<br />
Now that is a great start, just change the values accordingly for your other connection<br />
<br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">conn conn-name-west
<span style="color: green;">type</span><span style="color: #666666;">=</span>tunnel
<span style="color: #19177c;">left</span><span style="color: #666666;">=</span>10.2.1.101 <span style="color: #408080; font-style: italic;"># your private IP of this server </span>
<span style="color: #19177c;">leftsubnets</span><span style="color: #666666;">=</span>10.2.0.0/16 <span style="color: #408080; font-style: italic;"># Full VPC subnet</span>
<span style="color: #19177c;">leftid</span><span style="color: #666666;">=</span>54.XX.XX.XX <span style="color: #408080; font-style: italic;">#Your public IP of this server </span>
<span style="color: #19177c;">leftsourceip</span><span style="color: #666666;">=</span>10.2.1.101
<span style="color: #19177c;">right</span><span style="color: #666666;">=</span>52.XX.XX.XX <span style="color: #408080; font-style: italic;"># The remote server IP </span>
<span style="color: #19177c;">rightsubnets</span><span style="color: #666666;">=</span>10.1.0.0/16
<span style="color: #19177c;">rightid</span><span style="color: #666666;">=</span>52.XX.XX.XX <span style="color: #408080; font-style: italic;">#The other IP</span>
<span style="color: #19177c;">pfs</span><span style="color: #666666;">=</span>no
<span style="color: #19177c;">forceencaps</span><span style="color: #666666;">=</span>yes
<span style="color: #19177c;">authby</span><span style="color: #666666;">=</span>secret
<span style="color: #19177c;">auto</span><span style="color: #666666;">=</span>start</pre>
</div>
<br />
Shhh.. it's a secret..<br />
So above we are telling it to auth by secret, I am not sure this is the most secure way to do things, but it does seem to work so far.<br />
On each side I am using the public IP and remote IP in the secrets.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">54.XX.XX.XX 52.XX.XX.XX: PSK <span style="color: #ba2121;">"$VER_SEC_PSK"</span>
</pre>
</div>
<br />
<br />
Now for the commands that need to be run on both servers.<br />
We need to tell our new happy servers that, yes they can talk, and yes they can forward information to the networks<br />
In the /etc/sysctl.conf you want to clear out what is there and add these values.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">net.ipv4.conf.all.rp_filter<span style="color: #666666;">=</span>0
net.ipv4.conf.default.rp_filter<span style="color: #666666;">=</span>0
net.ipv4.conf.eth0.rp_filter<span style="color: #666666;">=</span>0
net.ipv4.conf.lo.rp_filter<span style="color: #666666;">=</span>0
net.ipv4.conf.all.send_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.default.send_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.eth0.send_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.lo.send_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.all.accept_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.default.accept_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.eth0.accept_redirects<span style="color: #666666;">=</span>0
net.ipv4.conf.lo.accept_redirects<span style="color: #666666;">=</span>0
net.ipv4.ip_forward<span style="color: #666666;">=</span>1
</pre>
</div>
<br />
If you do not want to restart the system, type paste these commands so the settings take effect instantly.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/all/accept_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/default/accept_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/all/send_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/default/send_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
<span style="color: green;">echo </span>0 > /proc/sys/net/ipv4/conf/lo/send_redirects
</pre>
</div>
<br />
If you are not able to ping, run this command on the machine, go ahead try it, it is fun.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">iptables -t nat -A POSTROUTING -s localsubnet/16 ! -d remotesubnet/16 -o eth0 -j MASQUERADE
</pre>
</div>
<br />
That last command took me a while, because if you notice I am relying on AWS firewalls to protect me, not the system itself. I want the system to be able to communicate with everything else, on a select IP. <br />
<br />
For simple verification you can run the <i>sudo service ipsec status </i> command<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">ubuntu@myawesomevpnserver-east:~<span style="color: #19177c;">$ </span>sudo service ipsec status
IPsec running - pluto pid: 2282
pluto pid 2282
1 tunnels up
some eroutes exist
</pre>
</div>
<br />
<br />
<br />
Some useful commands and their outputs. <br />
<i>ipsec verify</i> Used to make sure your configurations are in tact<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">ubuntu@myawesomevpnserver-east:~<span style="color: #19177c;">$ </span> sudo ipsec verify
Checking your system to see <span style="color: green; font-weight: bold;">if </span>IPsec got installed and started correctly:
Version check and ipsec on-path <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Linux Openswan U2.6.38/K3.13.0-44-generic <span style="color: #666666;">(</span>netkey<span style="color: #666666;">)</span>
Checking <span style="color: green; font-weight: bold;">for </span>IPsec support in kernel <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
SAref kernel support <span style="color: #666666;">[</span>N/A<span style="color: #666666;">]</span>
NETKEY: Testing XFRM related proc values <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
<span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
<span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Checking that pluto is running <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Pluto listening <span style="color: green; font-weight: bold;">for </span>IKE on udp 500 <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Pluto listening <span style="color: green; font-weight: bold;">for </span>NAT-T on udp 4500 <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Checking <span style="color: green; font-weight: bold;">for</span> <span style="color: #ba2121;">'ip'</span> <span style="color: green;">command</span> <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Checking /bin/sh is not /bin/dash <span style="color: #666666;">[</span>WARNING<span style="color: #666666;">]</span>
Checking <span style="color: green; font-weight: bold;">for</span> <span style="color: #ba2121;">'iptables'</span> <span style="color: green;">command</span> <span style="color: #666666;">[</span>OK<span style="color: #666666;">]</span>
Opportunistic Encryption Support <span style="color: #666666;">[</span>DISABLED<span style="color: #666666;">]</span>
</pre>
</div>
<br />
<i>ipsec auto status </i> make sure you are connected and the tunnel is up. you mainly care about the last 4 lines here, there is a lot of output<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #f8f8f8; border-width: .1em .1em .1em .8em; border: solid gray; overflow: auto; padding: .2em .6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">ubuntu@myawesomevpnserver-east:~<span style="color: #19177c;">$ </span> sudo ipsec auto status
ipsec auto: warning: obsolete <span style="color: green;">command </span>syntax used
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
---- SNIP ----
000 <span style="color: #408080; font-style: italic;">#939: "conn-name-east/1x1":4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3269s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set</span>
000 <span style="color: #408080; font-style: italic;">#938: "conn-name-east/1x1":4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 672s; lastdpd=-1s(seq in:0 out:0); idle; import:not set</span>
000 <span style="color: #408080; font-style: italic;">#930: "conn-name-east/1x1":4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 4875s; newest IPSEC; eroute owner; isakmp#929; idle; import:not set</span>
000 <span style="color: #408080; font-style: italic;">#930: "conn-name-east/1x1" esp.ff5004e8@52.XX.XX.XX esp.b8805a31@10.1.1.101 tun.0@52.XX.XX.XX tun.0@110.1.1.101 ref=0 refhim=4294901761</span>
</pre>
</div>
<br />
<br />
That should get you started, so good luck and remember kids. It works for me!<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-13791680601049006472014-02-24T22:17:00.000-08:002014-02-24T22:17:02.018-08:00For a running comentartyHello Dear reader,<br />
it has been a while.<br />
I don't have a technical update for you at this time, but one is in the works. Hopefully it will be soon completed.<br />
I need to take some video and screen shots to show what I was playing with the last few weeks.<br />
So now that i have mentioned that, let me get off my ass and write those posts. With Screenshots.<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-43513734128275703142013-10-13T05:13:00.001-07:002013-10-13T05:13:57.788-07:00Playing in the SANToday we are going to use <a href="http://stgt.sourceforge.net/manpages/tgtd.8.html" target="_blank">TGT Project</a> to do an iSCSI mapping of some raw storage on a Linux box.<br />
This is a quick and dirty setup, being that it I would not recommend using this in a high production environment or for an extended period of time if you do. In my head, this is just something to do a stop gap on your storage needs.<br />
Also, I highly recommend separating your iSCSI traffic from by different VLANs, as well as using a dedicated iSCSI initiator card instead of the Windows/Linux iSCSI initiator. But this is just my two cents, and its your network.<br />
<br />
Verify that your iSCSI network card is present in the system and that you know what device it is, in my example here it is NIC 3, eth2.<br />
<i>[root@CentOS03 ~]# ifconfig -a</i><br />
<i>eth1 Link encap:Ethernet HWaddr 00:50:56:98:2A:95 </i><br />
<i> inet addr:172.17.1.67 Bcast:172.17.1.255 Mask:255.255.255.0</i><br />
<i> inet6 addr: 2601:9:1400:11c:250:56ff:fe98:2a95/64 Scope:Global</i><br />
<i> inet6 addr: fe80::250:56ff:fe98:2a95/64 Scope:Link</i><br />
<i> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</i><br />
<i> RX packets:79145 errors:0 dropped:0 overruns:0 frame:0</i><br />
<i> TX packets:5167 errors:0 dropped:0 overruns:0 carrier:0</i><br />
<i> collisions:0 txqueuelen:1000 </i><br />
<i> RX bytes:18240397 (17.3 MiB) TX bytes:756186 (738.4 KiB)</i><br />
<i><br /></i>
<i>eth2 Link encap:Ethernet HWaddr 00:50:56:98:50:F1 </i><br />
<i> BROADCAST MULTICAST MTU:1500 Metric:1</i><br />
<i> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</i><br />
<i> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</i><br />
<i> collisions:0 txqueuelen:1000 </i><br />
<i> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)</i><br />
<div>
<br /></div>
<div>
Next we want to set an IP for it, and if it is possible I like my iSCSI NIC to match my servers last octet. My servers IP is 172.17.1.67 so for iSCSI on the separate subnet I will be using 192.168.1.67, just for consistency. </div>
<div>
<br /></div>
<div>
<i>[root@CentOS03 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth2 </i></div>
<div>
<i>Disk /dev/sdb: 107.4 GB, 107374182400 bytesvim /etc/sysconfig/network-scripts/ifcfg-eth2 </i></div>
<div>
<div>
<i>DEVICE=<span style="color: orange;">eth2</span></i></div>
<div>
<i>HWADDR=<span style="color: orange;">00:50:56:98:50:F1</span></i></div>
<div>
<i>TYPE=Ethernet</i></div>
<div>
<i>ONBOOT=yes</i></div>
<div>
<i>IPADDR=<span style="color: orange;">192.168.1.67</span></i></div>
<div>
<i>NETMASK=255.255.255.0</i></div>
<div>
<i>NM_CONTROLLED=yes</i></div>
<div>
<i>BOOTPROTO=none</i></div>
<div>
<i>~<br />~<br />~</i></div>
<div style="font-style: italic;">
<br /></div>
</div>
<div>
As you can see above, I just copied the eth1 config for eth2. There is no issues with my shortcuts here, just make sure you rename the parts in <span style="color: orange;">orange</span> to match your settings, and remove the gateway. </div>
<div>
<br /></div>
<div>
And turn on the second NIC.</div>
<div>
<i>[root@CentOS03 ~]# service network restart </i></div>
<div>
<i></i><br />
<div>
<i><i></i></i><br />
<div style="display: inline !important;">
<i><i>Shutting down interface eth1: [ <span style="color: lime;">OK</span> ]</i></i></div>
<i><i>
</i></i></div>
<i>
<div>
Shutting down loopback interface: [ <span style="color: lime;">OK</span> ]</div>
<div>
Bringing up loopback interface: [ <span style="color: lime;">OK</span> ]</div>
<div>
Bringing up interface eth1: [ <span style="color: lime;">OK</span> ]</div>
<div>
<i>Bringing up interface eth2: [ <span style="color: lime;">OK</span> ]</i></div>
</i></div>
<div>
<br /></div>
<div>
If you do not see eth2 come active, your config has an issue. Try removing the UUID line as well as verify your settings. </div>
<div>
<br /></div>
<div>
Next verify the storage is present, I still like to use fdisk -l shows all the disks in the system, and that is a lower case L </div>
<div>
<div>
<i>[root@CentOS03 ~]# fdisk -l</i></div>
</div>
<div>
<br /></div>
<div>
My drive is showing as /dev/sdb, so note yours for use in a few moments. </div>
<div>
<i>Disk /dev/sdb: 107.4 GB, 107374182400 bytes</i></div>
<div>
<br /></div>
<div>
Now is when we start the magic, we install the TGT Project tools via YUM. </div>
<div>
<i>[root@CentOS03 ~]# yum install scsi-target-utils </i></div>
<div>
<i><br /></i></div>
<div>
This will take about a minute, and you will have to approve all the dependance packages. My video shows more detail, but the files are in the same location. You want to edit the targets.conf for your device. There are a lot of options available in the configuration, but I was going for a quick functional, not secure. </div>
<div>
<i><br /></i></div>
<div>
<div>
<i>[root@CentOS02 terminfo]# cd /etc/tgt/</i></div>
<div>
<i>[root@CentOS02 tgt]# ls</i></div>
<div>
<i>targets.conf</i></div>
<div>
<i>[root@CentOS02 tgt]# vim targets.conf </i></div>
</div>
<div>
<br /></div>
<div>
Give the target an iSCSI ID, and a target ID and then the path to the storage. direct-store is full access to the unformatted disk. </div>
<div>
<br /></div>
<div>
<div>
<target iqn.2008-09.com.velcrohurts:centos02.target1></div>
<div>
direct-store /dev/sdb</div>
<div>
</target></div>
</div>
<div>
<br /></div>
<div>
The server that I wanted it mapped to is a Windows Server 2008 R2. So I have a second NIC installed, on the same subnet. </div>
<div>
I fired up the iSCI initiator and put my IP in the Target field in the Target tab and it connected. </div>
<div>
Your milage may vary. </div>
<div>
<br /></div>
Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-30863599259012639432013-10-05T02:47:00.000-07:002013-10-05T02:48:00.462-07:00Kingdom of the blind Before we start, here is a video link to the installation process.<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/HTCIIs8GeYo?feature=player_embedded' frameborder='0'></iframe></div>
<br />
<br />
With the introduction of Windows 2012 there was a large change with how to deploy domain controllers. There is no more DCPromo, it sends you to a link to <a href="http://technet.microsoft.com/en-us/library/hh472162.aspx#BKMK_GUI" target="_blank">here</a> that tells you to install Active Directory with the Server Manager.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNPoWyLAezab4W6tmXV7XKryc3aclnSzPE2KgeLDFrR_Ni33t-C6z-EkSfkS3LMQ5KJdq2mAVJ7tMUyRHdfkXUmXIp6-R_Cve9hhdH49Sd-ACDvsDCU9xXsIAVvGxauz34g9q2z9QPGag/s1600/Screen+Shot+2013-10-05+at+12.33.06+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="184" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNPoWyLAezab4W6tmXV7XKryc3aclnSzPE2KgeLDFrR_Ni33t-C6z-EkSfkS3LMQ5KJdq2mAVJ7tMUyRHdfkXUmXIp6-R_Cve9hhdH49Sd-ACDvsDCU9xXsIAVvGxauz34g9q2z9QPGag/s400/Screen+Shot+2013-10-05+at+12.33.06+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
In the server manager select Manage > Add Roles and Features </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjykbjx85M3k0BOFftqxPUvXwCxqTdSOhgyWlRoxN_Pp5D88_hDJA3bMN20JuuX8bltSi86SV16lzADLzdN9-YyilLIjQn-jBfwHTtQvoHpChI8YHuWccxxTuDm96nxx8UWcIF3Z6X-LDk/s1600/Screen+Shot+2013-10-05+at+12.40.41+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjykbjx85M3k0BOFftqxPUvXwCxqTdSOhgyWlRoxN_Pp5D88_hDJA3bMN20JuuX8bltSi86SV16lzADLzdN9-YyilLIjQn-jBfwHTtQvoHpChI8YHuWccxxTuDm96nxx8UWcIF3Z6X-LDk/s400/Screen+Shot+2013-10-05+at+12.40.41+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This will open the Add Roles and Features Wizard, on the first screen it will ask you to make sure your server is updated, has a stronger admin password, and has been updated. </div>
<div class="separator" style="clear: both; text-align: left;">
You want to select Role-based or Feature-based installation and then Next </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoo1v1b0jHEDKsGtpvpM9H9iRXThikvtsBDJezSa-cCCiP7TrHUFysms4pdQ8YbWR7jZ9Jx6Lc8vXWpU2RgN2OgxeZwIOzWbi_oI3F6VzarEZ_uYDzZwzPiZN5RUe31w9opw9ctR_fjjE/s1600/Screen+Shot+2013-10-05+at+1.46.47+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoo1v1b0jHEDKsGtpvpM9H9iRXThikvtsBDJezSa-cCCiP7TrHUFysms4pdQ8YbWR7jZ9Jx6Lc8vXWpU2RgN2OgxeZwIOzWbi_oI3F6VzarEZ_uYDzZwzPiZN5RUe31w9opw9ctR_fjjE/s400/Screen+Shot+2013-10-05+at+1.46.47+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
On the Sever Selection page verify the host name and the IP address and then select Next </div>
<div class="separator" style="clear: both; text-align: left;">
In the Server Roles page you want to select Active Directory Domain Servers, then choose Add Feature, and then DNS and Add Feature and then Next </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkLI8wlxL9oYKfrAoqyOHUC6zhBcXpD_G2rUUWXGdTgaAQGp25Ln6pX6Z9Q5Y5udu9SvUR8K63VwmBeZ7Lvio5_crAChRaKpv6Kvp8dn5xevs-yXCz81sZsXzpT_acnXIWgEmB9Fz74jI/s1600/Screen+Shot+2013-10-05+at+1.53.04+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkLI8wlxL9oYKfrAoqyOHUC6zhBcXpD_G2rUUWXGdTgaAQGp25Ln6pX6Z9Q5Y5udu9SvUR8K63VwmBeZ7Lvio5_crAChRaKpv6Kvp8dn5xevs-yXCz81sZsXzpT_acnXIWgEmB9Fz74jI/s400/Screen+Shot+2013-10-05+at+1.53.04+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
On the Features page verify that Group Policy Management is selected and then click Next. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFPRZdluhprtT5VU0DLjkkMbzH-l9ZXzJkDkCxQjgpc8JBt-JKsK8ku7VxJM3AJgoRlokzFH5JClGRczHmGWqZs7Cj9DDyYjChNrM3DWacB0DajlSVwXvjGyDEcwq4WLVbOS2em2GznPo/s1600/Screen+Shot+2013-10-05+at+2.09.14+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFPRZdluhprtT5VU0DLjkkMbzH-l9ZXzJkDkCxQjgpc8JBt-JKsK8ku7VxJM3AJgoRlokzFH5JClGRczHmGWqZs7Cj9DDyYjChNrM3DWacB0DajlSVwXvjGyDEcwq4WLVbOS2em2GznPo/s400/Screen+Shot+2013-10-05+at+2.09.14+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
There is nothing really to select on the AD DS page so select Next </div>
<div class="separator" style="clear: both; text-align: left;">
The DNS Server page will give an error across the top saying that no DNS server has been authenticated for the domain, at this point it is an OK warning, so select Next. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
On the Confirmation page select install. </div>
<div class="separator" style="clear: both; text-align: left;">
It will take a few moments to install the features and afterwards you will see a message that the installation was successful, so select Close. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8_iX5HJqb1KoI7B6Z0tMg1sVsc58siCvv25xNs85QaoHV5fS6S2WAS2PwGGXlJZwmQT3XiOiYduxRRN25VUG8DbW1v_6Yd1Skx-mHrp5_zoMfASGlo4FVwMYs8zRXwDNzgiijuMp1ioI/s1600/Screen+Shot+2013-10-05+at+2.14.14+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8_iX5HJqb1KoI7B6Z0tMg1sVsc58siCvv25xNs85QaoHV5fS6S2WAS2PwGGXlJZwmQT3XiOiYduxRRN25VUG8DbW1v_6Yd1Skx-mHrp5_zoMfASGlo4FVwMYs8zRXwDNzgiijuMp1ioI/s400/Screen+Shot+2013-10-05+at+2.14.14+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
After clicking Close, go back to the Server Manager page, there will be a new exclamation point there, it will be claiming that the server needs to have the roles and features you just installed configured. </div>
<div class="separator" style="clear: both; text-align: left;">
Select the box for <i>Promote this server to a domain controller</i></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidkH-RjZauYbTAmC-l954RiO02zUbM2hcPao3ZeWEhL0bLcZEHbsxWe09GQSF8cHivgAUFwcemO560CFP9yaKf_4U3i68ew74mUrIgXviV1kl4qj9rArXLcxq-WKjLHlNkDGhJrecwPXc/s1600/Screen+Shot+2013-10-05+at+2.16.06+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="315" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidkH-RjZauYbTAmC-l954RiO02zUbM2hcPao3ZeWEhL0bLcZEHbsxWe09GQSF8cHivgAUFwcemO560CFP9yaKf_4U3i68ew74mUrIgXviV1kl4qj9rArXLcxq-WKjLHlNkDGhJrecwPXc/s400/Screen+Shot+2013-10-05+at+2.16.06+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
If this is the first domain controller in your forest, select Add New Forest and type the name of your domain. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGTVx4PBsQ-vQfPuYi1tma8KrCFkC75hSxP_SESe-_oYRQrituIWA_wexZNG3RPCOI8jwSTu3tFZwo8rXaT9O85yVuZXMHnmuWTpRAD5KT85YRhAYRh9GLGESLAFI-9RazkovYrdSyPGE/s1600/Screen+Shot+2013-10-05+at+2.17.45+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGTVx4PBsQ-vQfPuYi1tma8KrCFkC75hSxP_SESe-_oYRQrituIWA_wexZNG3RPCOI8jwSTu3tFZwo8rXaT9O85yVuZXMHnmuWTpRAD5KT85YRhAYRh9GLGESLAFI-9RazkovYrdSyPGE/s400/Screen+Shot+2013-10-05+at+2.17.45+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You want to select the domain functionality level for your domain, if you are going to have 2008 or even 2003 domain controllers, select the functionality accordingly. </div>
<div class="separator" style="clear: both; text-align: left;">
You will also want to type a password for the Directory Services Restore Mode, this is handy incase you ever have any problems with the server. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtb-otlatZ6mC6V4NNnvNWX8vTZ80GeUZF-KmuKM29E7VQ0btTY4vlrjur_VYcvSD1wHk2pXphSBvvw3nFxMlH9BN8sLa8HW1PsGYRbh7ArnKdXOYqgYd3yqQ5OPl260HtAhCDaekregI/s1600/Screen+Shot+2013-10-05+at+2.28.39+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtb-otlatZ6mC6V4NNnvNWX8vTZ80GeUZF-KmuKM29E7VQ0btTY4vlrjur_VYcvSD1wHk2pXphSBvvw3nFxMlH9BN8sLa8HW1PsGYRbh7ArnKdXOYqgYd3yqQ5OPl260HtAhCDaekregI/s400/Screen+Shot+2013-10-05+at+2.28.39+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
When you click next, you will get a warning about DNS not being configured for this domain. This is the step that will allow for DNS configuration for your domain, so go ahead and click next </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
The Additional Options will install the NetBIOS name services on the domain controller. This should come populated with the top level of your domain name, but you can change it to be something different</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbzXzHRlhtokfL8FJ1G8tAVrTPFPDj1sAhH2TI8ZC8YVDNt2FEMX_5ybTHs6m8CwuwImx9LJ24QNmYxAlQaQLzLeVcryeKScZ9eoWpxq1Ql6DncPQcd0n8oAUND_xzJJEnRV2_KNqMIUQ/s1600/Screen+Shot+2013-10-05+at+2.31.32+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbzXzHRlhtokfL8FJ1G8tAVrTPFPDj1sAhH2TI8ZC8YVDNt2FEMX_5ybTHs6m8CwuwImx9LJ24QNmYxAlQaQLzLeVcryeKScZ9eoWpxq1Ql6DncPQcd0n8oAUND_xzJJEnRV2_KNqMIUQ/s400/Screen+Shot+2013-10-05+at+2.31.32+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Next it will prompt you for the location of the AD DS Database, the AD log files and the SYSVOL. I usually leave these defaulted to C:\Windows\ but again, you can change the paths to suit your needs or environment. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj62kKQEFxVrfl3ZzBCtsPdgN89z0L6bvxmBAFxRT76n67H7xxXvnabE6pFY68OzI_FP1G_USlHR3tkvOKVXFgDNt_M_-ZVkST3_u0P41aG65T2d3tXi-FjDrPRMOkoVuDWnylZNgZ-JnQ/s1600/Screen+Shot+2013-10-05+at+2.33.31+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj62kKQEFxVrfl3ZzBCtsPdgN89z0L6bvxmBAFxRT76n67H7xxXvnabE6pFY68OzI_FP1G_USlHR3tkvOKVXFgDNt_M_-ZVkST3_u0P41aG65T2d3tXi-FjDrPRMOkoVuDWnylZNgZ-JnQ/s400/Screen+Shot+2013-10-05+at+2.33.31+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Then we get to the Review Options stage, and that is where we verify all of the settings we just set. </div>
<div class="separator" style="clear: both; text-align: left;">
Just review and make sure everything is how you set it and where you want it then select Next </div>
<div class="separator" style="clear: both; text-align: left;">
<i>* Note: There is a View Script button here, you can use this to create a PowerShell script to deploy the next domain controller from the command line. </i></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
At this point we will be at the Prerequisites Check and this stage will take a few minutes to run, and it should come back with some warnings. </div>
<div class="separator" style="clear: both; text-align: left;">
The warnings I received were for the domain controller encrpytion level being compatible with Windows NT 4, for the DNS server not being installed, and for having DHCP enabled on my IPv6 interface on my single NIC. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1OUeQgLiw28-QYmzsT4f6SvZwj7zh6d-DB9IBu4SiW5JCJsSCKp9-Jtk6NuycgcZBJ6hu-aoagfWDRc-V2mBpqCwP_G4mwlokybWUMM8SJa8_5z3B57ak1CGecgDB_ZHvyp_UbJbYofo/s1600/Screen+Shot+2013-10-05+at+2.37.47+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="293" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1OUeQgLiw28-QYmzsT4f6SvZwj7zh6d-DB9IBu4SiW5JCJsSCKp9-Jtk6NuycgcZBJ6hu-aoagfWDRc-V2mBpqCwP_G4mwlokybWUMM8SJa8_5z3B57ak1CGecgDB_ZHvyp_UbJbYofo/s400/Screen+Shot+2013-10-05+at+2.37.47+AM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
At this point we want to install. </div>
<div class="separator" style="clear: both; text-align: left;">
This will take more than a few minutes and there will be a reboot that is required with this. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
After the server reboots make sure you logon with the domain\Administrator user and verify that you can manage things with Active Directory Users and Computers.</div>
<div class="separator" style="clear: both; text-align: left;">
And you are set. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-22756553411383807502013-09-28T17:51:00.001-07:002013-09-28T17:52:38.492-07:00And then we connected One of the first things I ever learned with RedHat systems was the file /etc/sysconfig/network-scripts/ifcfg-eth0 is used to configure the primary network adapter.<br />
I say that I cannot always remember these settings off the top of my head, because I really don't remember all of them.<br />
I remember that it should look something like this<br />
<br />
<i>DEVICE=eth0 </i><br />
<i>HWADDR=00:00:00:00:00:00</i><br />
<i>TYPE=Ethernet </i><br />
<i>ONBOOT=YES</i><br />
<i>IP{something}=10.10.10.100 </i><br />
<i>GATEWAY=10.10.10.1</i><br />
<i>NETMASK=255.255.255.0 </i><br />
<i>BOOTPROTO=none</i><br />
<br />
but there are so many more flags, that is just all i remember from the top of my head. Is this good enough to get by? Sure, but honestly, at this stage I should know all the command options available, like how to create a NIC bonding (ifcfg-bond0), or what NW_CONTROLLED=yes/no means.<br />
So lets write this out in a little detail and get those brain cells firing and review the bulk of the options and what they are.<br />
<br />
<i>Device=eth0 </i><br />
This one should be obvious, it is the name of the network card, it should be the same as the device listed in ifconfig, so if the device is eth1 the file name should be ifcfg-eth1 and be listed as DEVICE=eth1<br />
<br />
<i>HWADDR=00:00:00:00:00:00 </i><br />
This is the mac address of the adapter. If you need to compare it do an <i>ifconfig -a </i>and it will show you all the details of all interfaces. Since I am currently working within a VM, I have two adapters, lo and eth0<br />
<br />
<i>[root@CentOS01 ~]# ifconfig -a</i><br />
<i>eth0 Link encap:Ethernet HWaddr 00:0C:29:6E:8C:BD </i><br />
<i> inet addr:10.10.10.100 Bcast:10.10.10..255 Mask:255.255.255.0</i><br />
<i> inet6 addr: 2601:9:1400:11c:20c:29ff:fe6e:8cbd/64 Scope:Global</i><br />
<i> inet6 addr: fe80::20c:29ff:fe6e:8cbd/64 Scope:Link</i><br />
<i> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</i><br />
<i> RX packets:452 errors:0 dropped:0 overruns:0 frame:0</i><br />
<i> TX packets:93 errors:0 dropped:0 overruns:0 carrier:0</i><br />
<i> collisions:0 txqueuelen:1000 </i><br />
<i> RX bytes:41651 (40.6 KiB) TX bytes:12272 (11.9 KiB)</i><br />
<i><br /></i>
The HWaddr I happen to have landed is 00:0C:29:6E:8C:BD so this would be my MAC address.<br />
<br />
<i>TYPE=Ethernet</i><br />
If it is a network adapter the the type is Ethernet, in general though, the TYPE= can be left out or matched to the type of device.<br />
<br />
<i>ONBOOT=yes</i><br />
This means it will be enabled when the system reboots<br />
<br />
<i>IP{something}=10.10.10.100 </i><br />
This turns out to be IPADDR= and this would be the IP address of the system. You can enter any acceptable IP address in this value, just make sure its on your network/subnet<br />
<br />
<i>NETMASK=255.255.255.0 </i><br />
Without going into too much detail this is the subnet mask of your network. It is generally a 255.255.255.0 for a /24 and is adjusted with that range.<br />
<br />
<i>GATEWAY=10.10.10.1</i><br />
I have noticed that the Gateway can live in different locations on the system, and can even be set manually with the route command. ( <i>route add default gw 10.10.10.1 netmask 255.255.255.0</i>)<br />
I just like to put it in the ifcfg-eth0 file out of habit.<br />
<br />
<br />
<i>BOOTPROTO=none</i><br />
This is mainly used to control if the server is on DHCP or static IP address. If you want to use DHCP change the BOOTPROTO=dhcp and this will overwrite all the IP Address settings you have configured. Don't believe me, try it out.<br />
<br />
Now we get to the parts that I dont have fully commited to memory.<br />
<br />
<i>USERCTL=NO</i><br />
This allows the standard user to interact with the interface. On servers it should be NO but on workstations YES is fine.<br />
<br />
<i>UUID=e89cd5ff-22ff-49b4-9d77-94777e90e6d3</i><br />
<div>
This is just a unique identification number for the NIC, because sometimes you can run across a MAC address that is duplicated, think LARGE VMware environment. This number can be created and changed by running uuidgen and then copying the new number into its place. </div>
<div>
<br /></div>
<div>
<i>NM_CONTROLLED=no</i></div>
<div>
By enabling this you give the Network Manager daemon control of the network device. </div>
<div>
This can be good or bad, but if you are having random issues, say the network card does not work on system boot, switch this to NO and setup the IP manually here. </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Ok so it turns out I do remember most of the options for making a network adapter work.</div>
<div>
Also, do not forget to edit your /etc/resolve.conf with your DNS settings or else you will not get out. </div>
<div>
<br /></div>
Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-761745219316305532013-08-13T20:51:00.002-07:002013-08-13T20:51:29.327-07:00Multiple NICs and YouHave you tried to configure more than one network card on more than one network in CentOS 6.x or RedHat 6.x yet? Well I did, and I was in for a surprise!<br />
Turns out, that you cannot do it on CentOS easily. I tried this one several servers and even though the IP shows up, I could not ping it from the second network. It was a pain.<br />
Working example is I have interface one configured as 10.20.0.100 netmask 255.255.255.0<br />
I wanted interface two configured on 10.200.0.100 netmask 255.255.255.0<br />
After going crazy verifying every setting in my /etc/sysconfig/network-scripts/ifgcfg-eth0 and ifcfg-eth1 files I found this blog post <a href="http://www.virtualizationteam.com/cloud/how-to-get-redhat-6-2-linux-second-nic-to-ping.html" target="_blank">http://www.virtualizationteam.com/cloud/how-to-get-redhat-6-2-linux-second-nic-to-ping.html </a> that was an unrelated product, but the same root cause.<br />
So after reading it i tried the settings they recommended and it worked, i did have to reboot to get it working fully, but that was all.<br />
<br />
I then had another server we needed this on and I wanted to dig a little deeper, and make less edits, so i view the file /etc/sysctl.conf and this line stuck out to me<br />
<br />
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="td1" valign="baseline">
<div class="p1">
<i># Controls source route verification</i></div>
<div class="p1">
<i>net.ipv4.conf.default.rp_filter = 1</i></div>
<div class="p1">
<i><br /></i></div>
<div class="p1">
As an experiment I changed the 1 to a 0 for<i> </i></div>
<div class="p1">
</div>
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="td1" valign="baseline">
<div class="p1">
<i># Controls source route verification</i></div>
<div class="p1">
<i>net.ipv4.conf.default.rp_filter = 0</i></div>
</td>
</tr>
</tbody>
</table>
</td></tr>
</tbody></table>
Reboot and POOF!! Both networks pingable from their respective subnets. <div>
So long story short, it wasnt a routing issue exactly but an issue with reverse packet filtering and how it routes packets out. </div>
<div>
<br /></div>
Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com2tag:blogger.com,1999:blog-4304914313177773820.post-29054060767360717392013-08-12T23:13:00.002-07:002013-08-12T23:13:49.684-07:00Installing Cacti because I want to believe This is how I installed Cacti for CentOS 6.4<br />
Install all the dependancies first<br />
<i>yum install mysql mysql-server httpd httpd-devel php-mysql php-pear php-common php-gd php-devel php-mbstring php php-cli php-snmp net-snmp-utils net-snmp-libs php-pear-Net-SNMP rrdtool</i><br />
<br />
Make sure that apache and MySQL are set to load on boot.<br />
<i>[root@cacti01 ~]# chkconfig --list | grep -i mysql</i><br />
<i>mysqld <span class="Apple-tab-span" style="white-space: pre;"> </span>0:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 1:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 2:off <span class="Apple-tab-span" style="white-space: pre;"> </span>3:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 4:off <span class="Apple-tab-span" style="white-space: pre;"> </span>5:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 6:off</i><br />
<br />
Well lets fix this<br />
<i>[root@cacti01 ~]# chkconfig mysqld on </i><br />
<i>[root@cacti01 ~]# chkconfig --list | grep -i mysql</i><br />
<i>mysqld <span class="Apple-tab-span" style="white-space: pre;"> </span>0:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 1:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 2:on<span class="Apple-tab-span" style="white-space: pre;"> </span> 3:on <span class="Apple-tab-span" style="white-space: pre;"> </span>4:on <span class="Apple-tab-span" style="white-space: pre;"> </span>5:on<span class="Apple-tab-span" style="white-space: pre;"> </span> 6:off</i><br />
<br />
And the same thing for apache<br />
<i>[root@cacti01 ~]# chkconfig --list httpd</i><br />
<i>httpd <span class="Apple-tab-span" style="white-space: pre;"> </span>0:off <span class="Apple-tab-span" style="white-space: pre;"> </span>1:off <span class="Apple-tab-span" style="white-space: pre;"> </span> 2:off<span class="Apple-tab-span" style="white-space: pre;"> </span>3:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 4:off<span class="Apple-tab-span" style="white-space: pre;"> </span>5:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 6:off</i><br />
<i>[root@cacti01 ~]# chkconfig httpd on </i><br />
<i>[root@cacti01 ~]# chkconfig --list httpd</i><br />
<i>httpd <span class="Apple-tab-span" style="white-space: pre;"> </span>0:off<span class="Apple-tab-span" style="white-space: pre;"> </span> 1:off<span class="Apple-tab-span" style="white-space: pre;"> </span>2:on <span class="Apple-tab-span" style="white-space: pre;"> </span>3:on <span class="Apple-tab-span" style="white-space: pre;"> </span>4:on <span class="Apple-tab-span" style="white-space: pre;"> </span>5:on <span class="Apple-tab-span" style="white-space: pre;"> </span>6:off</i><br />
<br />
And one shot check and startup for SNMP service<br />
<i>[root@cacti01 ~]# /etc/init.d/snmpd status </i><br />
<i>snmpd is stopped</i><br />
<i>[root@cacti01 ~]# chkconfig snmpd on </i><br />
<i>[root@cacti01 ~]# /etc/init.d/snmpd start </i><br />
<i>Starting snmpd: [ OK ]</i><br />
<br />
<br />
Start the web services.<br />
<i>[root@cacti01 ~]# /etc/init.d/httpd start </i><br />
<i>root@cacti01 ~]# /etc/init.d/httpd start</i><br />
<i>Starting httpd: httpd: apr_sockaddr_info_get() failed for cacti01</i><br />
<i>httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName</i><br />
<i> [ OK ]</i><br />
<i> </i><br />
This error is ok for the moment, i just need to install Cacti and setup a domain name for it, so moving on to MySQL<br />
To start the database took a little more than I was expecting...<br />
<i>[root@cacti01 ~]# /etc/init.d/mysqld start</i><br />
<i>Initializing MySQL database: WARNING: The host 'cacti01' could not be looked up with resolveip.</i><br />
<i>[... Edited down ..] </i><br />
<i>Starting mysqld: [ OK ]</i><br />
<br />
Part of the message with the first run of the MySQL was to set a root password with the following command, so i did<br />
<i>[root@cacti01 ~]# /usr/bin/mysqladmin -u root password 'SuperDuperMultiSystemPasswordForBlog'</i><br />
<br />
I verified that i could connect to the database.<br />
I also created a Cacti user for the local host<br />
<i>[root@cacti01 ~]# mysql -u root -p </i><br />
<br />
<i>mysql> create user 'cacti'@'localhost' identified by 'SuperDuperMultiSystemPasswordForBlog' ;</i><br />
<i>Query OK, 0 rows affected (0.00 sec)</i><br />
<i>mysql> create database cacti ;</i><br />
<i>Query OK, 1 row affected (0.00 sec)</i><br />
<i>mysql> grant all on cacti.* to 'cacti'@'localhost'; </i><br />
<i>Query OK, 0 rows affected (0.00 sec)</i><br />
<i>mysql> quit</i><br />
<i>Bye</i><br />
<i>[root@cacti01 ~]# </i><br />
<br />
Now then whats next...<br />
Oh yeah the download of the magical mystical Cacti software<br />
Because I didnt feel like spending the night compiling cacti from source, I cheated slightly. Hey its a RedHat I am allowed to...<br />
I added the rpmforge release of it. Instructions can be found here http://www.tecmint.com/install-and-enable-rpmforge-repository-in-rhel-centos-6-5-4/<br />
<br />
<i>[root@cacti01 ~]# yum install cacti </i><br />
<i>[... EDIT ...]</i><br />
<i>================================================================================</i><br />
<i> Package Arch Version Repository Size</i><br />
<i>================================================================================</i><br />
<i>Installing:</i><br />
<i> cacti noarch 0.8.8a-1.el6.rf rpmforge 2.0 M</i><br />
<i><br /></i>
<i>[... more Edit ...]</i><br />
<i>Is this ok [y/N]: Y </i><br />
and wiz bang installed!<br />
<br />
Find out where the database template for Cacti was put<br />
<i>[root@cacti01 conf]# rpm -ql cacti | grep cacti.sql </i><br />
<i>/var/www/cacti/cacti.sql</i><br />
<br />
and install it<br />
<i>[root@cacti01 conf]# mysql -u cacti -p cacti < /var/www/cacti/cacti.sql </i><br />
<br />
Next locate the config file and set your database parameters<br />
<i>[root@cacti01 include]# vim /var/www/cacti/include/config.php </i><br />
<br />
All i had to change were the following lines<br />
<br />
<i>$database_username = "<b>cacti</b>";</i><br />
<i>$database_password = "<b>cacti</b>";</i><br />
<br />
Allow your network to access the web server<br />
<i>[root@cacti01 cacti]# vim /etc/httpd/conf.d/cacti.conf </i><br />
Add the Allow line but make sure it matches your subnet<br />
<i>deny from all </i><br />
<i><b>Allow from 10.0.0.0/8 </b></i><br />
<br />
Don't forget to make the IP Tables exception, or just turn it off. For my example off it went<br />
<i>[root@cacti01 cacti]# /etc/init.d/iptables stop</i><br />
<i>iptables: Flushing firewall rules: [ OK ]</i><br />
<i>iptables: Setting chains to policy ACCEPT: filter [ OK ]</i><br />
<i>iptables: Unloading modules: [ OK ]</i><br />
<i>[root@cacti01 cacti]# chkconfig iptables off</i><br />
<div>
<br /></div>
Now we get to the GUI side of it, and you can do the web based install.<br />
You want to select New Install<br />
On the next section everything should be green, if it isnt, you missed a step so go back and find your missing dependancies.<br />
SNMP Utility Version - NET-SNMP 5.x<br />
RRDTool Utility Version - RRDTool 1.3.x<br />
And then Finish, login, and change your password.<br />
<br />
Now you are on your own for finding your device MIPs and configuring them<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-23462224045019839542013-05-01T18:48:00.003-07:002013-05-01T18:48:43.938-07:00Exchange Mobile Devices I have been traveling a lot for work, and have not had a chance to make a post, but here we go tonight.<br />
I have seen a few people who work for companies that use Microsoft Exchange, and I can only hope that it is Exchange 2010. But they do not force the users to password the mobile devices, they should.<br />
In my elitest view of things I believe that your mobile phone should be guarded at all costs, it is your lifeline to your friends, your family, your bank accounts, and I am willing to bet a reminder for your next doctors appointment. So why not at least password it?<br />
This is an admin guide on how to force users to password their phones if you are on Exchange 2010, anything else, you need to figure out yourself.<br />
<br />
You want to start by going to the Exchange Management Console (EMC) and going to Organization Configuration > Client Access<br />
Then select the Exchange ActiveSync Mailbox Policies tab<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE7OTbOo-G6SXRSbLPoMzS0hV5stAv-UCdKh7_v2P-0ggO32DX8NdlPuGO7CJzdZByDUEpm9yuocpa7k16jNtrDKY9MGwmZl21LNzT7dTVaS7kjPo8MIcJSLdnE3muRmZVQeYgYfZn5KY/s1600/Screen+Shot+2013-05-01+at+4.52.16+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="424" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE7OTbOo-G6SXRSbLPoMzS0hV5stAv-UCdKh7_v2P-0ggO32DX8NdlPuGO7CJzdZByDUEpm9yuocpa7k16jNtrDKY9MGwmZl21LNzT7dTVaS7kjPo8MIcJSLdnE3muRmZVQeYgYfZn5KY/s640/Screen+Shot+2013-05-01+at+4.52.16+PM.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Once you can create a new policy to deploy to select users, or a global policy that is defaulted on for all users. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
If you want to test it out on a few select users, you can create a new policy. It prompts you for a name, and you can choose the options you want to enforce here as well.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1wK-j__ZEpydbzF9kbMSlR3tO9V3W1mIZb5w3W9WEUmM0OGHYzadJD3S1LaKZkBqVHA2natMfw0I1pi7ZUhhcFUxSN1N2zYd9nBmy4KlGODV2VLLB6L0ikTBaREsXC1mYsRmlb0B8maY/s1600/Screen+Shot+2013-05-01+at+5.40.31+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="353" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1wK-j__ZEpydbzF9kbMSlR3tO9V3W1mIZb5w3W9WEUmM0OGHYzadJD3S1LaKZkBqVHA2natMfw0I1pi7ZUhhcFUxSN1N2zYd9nBmy4KlGODV2VLLB6L0ikTBaREsXC1mYsRmlb0B8maY/s400/Screen+Shot+2013-05-01+at+5.40.31+PM.png" width="400" /></a></div>
<br />
When you hit New it will give you a timer and then a completed.<br />
Once your new policy displays in the EMC, you should open it up and review all the settings it did not show you when you were creating. You can do things like prevent users from accessing their camera or their bluetooth devices.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9PiDMrit2M9-Vwb3o6tTES8wYEkJ2FY-Mx77Cc5_PPkGxCTfEqLK4WKJ_yXnrdnf98rgtPowxQhz43aXRdWytXsJ-GSpfCjEBJGJUkpdXxVn4lEw1akFWHqRQKUxE_64HTlkRHOVu1sQ/s1600/Screen+Shot+2013-05-01+at+6.41.37+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9PiDMrit2M9-Vwb3o6tTES8wYEkJ2FY-Mx77Cc5_PPkGxCTfEqLK4WKJ_yXnrdnf98rgtPowxQhz43aXRdWytXsJ-GSpfCjEBJGJUkpdXxVn4lEw1akFWHqRQKUxE_64HTlkRHOVu1sQ/s320/Screen+Shot+2013-05-01+at+6.41.37+PM.png" width="283" /></a></div>
<br />
Now that you have the policy it is time to apply it to some users, for your testing.<br />
<br />
!!!NO SCREEN SHOTS FOR THIS SECTION!!!<br />
<br />
This is done in under the Recipient Configuration > Mailbox.<br />
Select your user then properties> Mailbox Feature tab > Exchange ActiveSync and then the arrow above it for properties.<br />
This will let you select from one of the existing Exchange ActiveSync Policies that you have, or the test on your have just created.<br />
<br />
Alternatively you can change the policy via PowerShell script.<br />
<i>Get-CASMailbox -Identity smcgroarty@velcrohurts.net -ActiveSyncMailboxPolicy "StephenTestPolicy"</i><br />
<i><br /></i>
After your testing, you can switch this over to the default policy by right clicking on it under Exchange ActiveSync Mailbox Policies and selecting "Set as Default"<br />
<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-11525971875296806272013-04-14T03:25:00.000-07:002013-04-14T03:25:02.124-07:00HP Touchpad - All SpaceI just posted how to <a href="http://www.velcrohurts.net/2013/04/hp-touchpad-factory-refresh.html">Factory Refresh</a> your HP TouchPad. That guide does not include the steps for recovering all space and deleting all data. That is this post.<br />
<br />
Downloaded items you will need:<br />
<ul>
<li>PalmWebOS SDK - <a href="https://developer.palm.com/content/resources/develop/sdk_pdk_download.html" target="_blank">here</a> </li>
<li>Recovery uImage - <a href="http://www.mediafire.com/?9p7kv73k5nv9a4d" target="_blank">here</a> </li>
<li>WebOS Doctor 3.00 - From <a href="http://downloads.help.palm.com/webosdoctor/rom/touchpad/wd300wifi/webosdoctorp300hstnhwifi.jar" target="_blank">Palm.com</a></li>
</ul>
Mount the Palm WebOS SDK.dmg and install the mpkg file, it will install under /opt/nova/bin/<br />
<br />
You want to boot into the recovery by either of the following steps<br />
<br />
<ol>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Power off the device, then power it back on by holding Volume UP and Power </li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Your moboot menu and selectin 'boot weOS Recovery' </li>
</ol>
<div>
Once you have booted into recover, you want to run the following command, this is the full path but you can shortcut it. </div>
<div>
<div>
<i>/opt/nova/bin/novaterm boot mem:// < /Users/smcgroarty/Downloads/nova-installer-image-topaz.uimage</i></div>
</div>
<div>
<br /></div>
<div>
This will load you into a boot prompt that looks something like this </div>
<div>
<i>root§webos-device:/#</i></div>
<div>
Once at this prompt you want to delete all the partitions and re-create them required system once. </div>
<div>
You can either copy and paste the following or type them all out manually. </div>
<div>
If you cut and paste them do it one line at a time, some lines have a prompt. </div>
<div>
<div>
<i>lvm.static vgscan --ignorelockingfailure</i></div>
<div>
<i>lvm.static vgchange -ay --ignorelockingfailure</i></div>
<div>
<i>lvm.static vgremove store</i></div>
<div>
<i>lvm.static vgscan --ignorelockingfailure</i></div>
<div>
<i>lvm.static vgchange -ay --ignorelockingfailure</i></div>
<div>
<i>lvm.static vgcreate -s 8M store /dev/mmcblk0p14</i></div>
<div>
<i>lvm.static vgscan --ignorelockingfailure</i></div>
<div>
<i>lvm.static vgchange -ay --ignorelockingfailure</i></div>
<div>
<i>lvm.static lvcreate -l 71 -i 1 -M y --major 254 --minor 0 -n root store</i></div>
<div>
<i>lvm.static lvcreate -l 8 -i 1 -M y --major 254 --minor 1 -n var store</i></div>
<div>
<i>lvm.static lvcreate -l 2 -i 1 -M y --major 254 --minor 2 -n update store</i></div>
<div>
<i>lvm.static lvcreate -l 3 -i 1 -M y --major 254 --minor 3 -n log store</i></div>
<div>
<i>lvm.static lvcreate -l 32 -i 1 -M y --major 254 --minor 4 -n mojodb store</i></div>
<div>
<i>lvm.static lvcreate -l 17 -i 1 -M y --major 254 --minor 5 -n filecache store</i></div>
<div>
<i>lvm.static lvcreate -l 1618 -i 1 -M y --major 254 --minor 6 -n media store</i></div>
<div>
<i>lvm.static lvcreate -l 64 -i 1 -M y --major 254 --minor 7 -n swap store</i></div>
<div>
<i>lvm.static vgscan --ignorelockingfailure</i></div>
<div>
<i>lvm.static vgchange -ay --ignorelockingfailure</i></div>
<div>
<i>mkdosfs -f 1 -s 64 /dev/store/media</i></div>
</div>
<div>
<br /></div>
<div>
Once you have recreated the file system, hold the home button and the power button to turn off the tablet. </div>
<div>
Turn it back on and hold the Volume Up+Power to get back into recovery mode.</div>
<div>
Once in recovery mood, click on the webosdoctorp300hstnhwifi.jar file, WebOS Doctor 3.04 will not work for this part. </div>
<div>
<br /></div>
<div>
Follow the on screen prompts, and when you get to the install drivers, you want to skip that part that installs the drivers, and it will still install. </div>
<div>
It will take about 10 minutes to install the software, and about 5 minutes to boot afterwards. </div>
<div>
Once you have booted and sighed in you can verify and the free space should be around 13GB. </div>
<div>
<br /></div>
<div>
<b>Extras: </b></div>
<div>
After you do the install of 3.0 you can login and do the update to 3.05. It will take about 15 minutes to do the update. </div>
<div>
<br /></div>
Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-3029975510632025602013-04-14T03:03:00.001-07:002013-04-14T03:27:00.888-07:00HP Touchpad - Factory RefreshWith the HP Touchpad, you might have installed Android on it, and then you want to give it to someone else for their use, only problem is, you cannot seem to get android, and all your data off of it.<br />
Well this is how I went about it.<br />
I am doing this on a mac, and i did have issues doing this on windows as well.<br />
I could not get novacom to install on Win7.<br />
I tried to follow the <a href="http://forum.xda-developers.com/showthread.php?t=1426244" target="_blank">Guide - Factory Condition Reset</a> and I could not get all the tools to work<br />
<div>
<br /></div>
These are the tools that worked for me:<br />
<ul>
<li>PalmWebOS SDK - <a href="https://developer.palm.com/content/resources/develop/sdk_pdk_download.html" target="_blank">here</a> </li>
<li>WebOS Doctor 3.04 - From <a href="http://downloads.help.palm.com/webosdoctor/rom/touchpad/p304rod10182011/wd304wifi/webosdoctorp304hstnhwifi.jnlp">Palm.com</a></li>
</ul>
<div>
<br /></div>
<div>
<br /></div>
<div>
Mount the Palm WebOS SDK.dmg and install the mpkg file, it will install under /opt/nova/bin/</div>
<div>
<br /></div>
<div>
Boot your Touchpad into recovery mode by one of the following methods</div>
<div>
<ol>
<li>Power off the device, then power it back on by holding Volume UP and Power </li>
<li>Your moboot menu and selectin 'boot weOS Recovery' </li>
</ol>
<div>
This will display a USB symbol on the screen</div>
</div>
<div>
<br /></div>
<div>
to test that it is running, you can open a console and type </div>
<div>
<i>/opt/nova/bin/novacom </i></div>
<div>
<br /></div>
<div>
It will display the usage menu</div>
<div>
<div>
<i>MyMacbook:~ smcgroarty$ novacom </i></div>
<div>
<i>version: novacom-22</i></div>
<div>
<i>usage: novacom [-a address] [-p port] [-t] [-l] [-d device] [-c cmd] [-r password] [-w] <command></i></div>
</div>
<div>
<Trimed for space> </div>
<div>
<br /></div>
<div>
Next you want to run the downloaded WebOS Doctor 3.04 </div>
<div>
This will open a java windows and be labeled as "Recovery Tool" </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC1JzELqBYilzaJ2T24EW7yBrNJkwGUd8KgPIzXzvQVDDxn4PQsrwpZ2d9YJFyz2SOi6Jf9kWvebSvJa1ZVh8ria8nDFWVwj3TsAIGn-ACIeCItuxNKBWfbbFjdYevwPM6OA_ULe1rM8I/s1600/Screen+Shot+2013-04-14+at+1.28.03+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC1JzELqBYilzaJ2T24EW7yBrNJkwGUd8KgPIzXzvQVDDxn4PQsrwpZ2d9YJFyz2SOi6Jf9kWvebSvJa1ZVh8ria8nDFWVwj3TsAIGn-ACIeCItuxNKBWfbbFjdYevwPM6OA_ULe1rM8I/s320/Screen+Shot+2013-04-14+at+1.28.03+AM.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
Select your language and click next</div>
<div>
Confirm your language </div>
<div>
Accept the license agreement</div>
<div>
It states it will take 15 minutes to 1 hour so make sure if you are on a laptop, you are have enough battery, and also, before i started the tablet was charged to 100%</div>
<div>
<br /></div>
<div>
At this point the software asked me to install the drivers, but it wouldnt let me because a newer version was installed. Clicking cancel still allowed me to move on. </div>
<div>
<br /></div>
<div>
Click Accept and it will start the install, and it requests that you do not disconnect your device. </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK5RpVSPzc6g0Q-VIzvwCoRjeETSZzh99PgqVPLb8bmSLucKGCUrSnOkGlB62QaRjEipWi9z_FPnv0lQQaLMYoQD5lohiWq4GQl_zufoVD506rwhRtB_F8oJtL3d3Bx5P-9TqBtdpMPHY/s1600/Screen+Shot+2013-04-14+at+1.32.08+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK5RpVSPzc6g0Q-VIzvwCoRjeETSZzh99PgqVPLb8bmSLucKGCUrSnOkGlB62QaRjEipWi9z_FPnv0lQQaLMYoQD5lohiWq4GQl_zufoVD506rwhRtB_F8oJtL3d3Bx5P-9TqBtdpMPHY/s320/Screen+Shot+2013-04-14+at+1.32.08+AM.png" width="320" /></a></div>
<div>
<br /></div>
<div>
Also at this stage it will display a microchip image on the screen with an arrow pointing at it on the TouchPad </div>
<div>
My computer took less than 10 minutes to do the install, and then about 5 more minutes of the tablet setting itself up.<br />
<br /></div>
<div>
After this, the device will reset. and should boot to HP WebOS and ask for your account details. </div>
<div>
Also, click Done in the java window, then go play with your fresh tablet, but remember our data s still on the device. </div>
<div>
<br /></div>
<div>
<b>Extra Steps:</b><br />
After loading in WebOS, i created my account, let it update, then did a complete factory wipe to remove all of my data. </div>
<div>
I then logged in again, resynced my accounts, and then wiped the accounts again before shippit it out. </div>
<div>
<br /></div>
<div>
Final Note, this will leave 10GB of space free on the device, for recovering all the space on the device, and deleting the CyanogenMod partitions and following the next guide.<br />
EDIT - Next guide is <a href="http://www.velcrohurts.net/2013/04/hp-touchpad-all-space.html" target="_blank">All Space</a><br />
<br /></div>
Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-16575737459500851492013-04-01T15:10:00.000-07:002013-04-01T23:59:07.964-07:00Sleep with me I recently upgraded my home computer. My first new one in 5 years.<br />
A basic breakdown of the build is<br />
<a href="http://www.asus.com/Motherboards/P8Z77V_LX/" target="_blank">Asus P8Z77-V LX</a> motherboard<br />
<a href="http://ark.intel.com/products/65520/Intel-Core-i5-3570K-Processor-6M-Cache-up-to-3_80-GHz?wapkw=3570k" target="_blank">Intel i5 3570k</a> CPU (overclocked stably to 4.2GHz)<br />
16GB Patriot RAM<br />
<a href="http://www.asus.com/Graphics_Cards/GT6402GD3/" target="_blank">Asus NVidia GT640</a><br />
320GB SATA2 HDD (OS X)<br />
2TB SATA6 HDD (Windows)<br />
<a href="http://www.corsair.com/hydro-series-h50-cpu-cooler.html" target="_blank">Corsair H50</a> water cooler<br />
<a href="http://www.thermaltakeusa.com/products-model.aspx?id=C_00001841" target="_blank">ThermalTake </a>Commander MS-I Snow Edition<br />
<br />
So the parts list is pretty basic, but I did have some issues that were unexpected. Like Windows would not sleep. I thought this was an issue I had created at first, so after getting everything setup, all the drivers installed, and the choice apps setup, I discovered the issue.<br />
So I started over with re-installing Windows 7, and only the basic network drivers.<br />
Same issue.<br />
Ran the powercfg -energy and discovered that USB was preventing it from sleeping. The board has USB 2 and USB 3 onboard. So I installed the drivers from <a href="http://www.asus.com/" target="_blank">Asus</a>, and still received the same issues from the powercfg report.<br />
After a bit of poking around I discovered a fix that works.<br />
Go into Control Panel > Power Options<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtpcm09ErIcI8fQnMnDYuj5qZtBLq9MRyqFpDhk05rDHv2QKjGop9HI_YNbN5eFEMU-4nyJQBqgKHMFT-KD_XmqaOKv_MQfwQrGjcaVkd3dedqmL3rtS0tlQ9lllKlBo4mWyu4hVIA-p0/s1600/Screen+Shot+2013-04-01+at+2.51.18+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="123" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtpcm09ErIcI8fQnMnDYuj5qZtBLq9MRyqFpDhk05rDHv2QKjGop9HI_YNbN5eFEMU-4nyJQBqgKHMFT-KD_XmqaOKv_MQfwQrGjcaVkd3dedqmL3rtS0tlQ9lllKlBo4mWyu4hVIA-p0/s400/Screen+Shot+2013-04-01+at+2.51.18+PM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
I just search for power because it does not display correctly on a desktop.<br />
and then Change power-saving settings > Balanced - Change plan settings > Change advanced power settings<br />
This will pop up a new window, in the new window you want to look for and expand Sleep > Allow hybrid sleep > settings: Off <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizUkILMs5caxrNHOZ9wRK1wOyCbNq_Qo0zZ7Jj7VD5o98fLlVKL-RNdGRidpCTaVuIZp7GbT-BZBf80ozmHmIaPfLhc5smJQmDvhvcHM6gnz_h30pNpR9lOXqQ4p8EpUowB8PGk2-1abA/s1600/power-hybrid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizUkILMs5caxrNHOZ9wRK1wOyCbNq_Qo0zZ7Jj7VD5o98fLlVKL-RNdGRidpCTaVuIZp7GbT-BZBf80ozmHmIaPfLhc5smJQmDvhvcHM6gnz_h30pNpR9lOXqQ4p8EpUowB8PGk2-1abA/s400/power-hybrid.png" width="373" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Hit apply, and you can now test it by going Start > Shutdown > Sleep<br />
To verify open a command prompt as administrator and type powercfg -lastwake<br />
<br />
<br />
Edit - 4/2/2013 - 12:00AM - Changed screen shot of power settings to my own screen shot<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-5180189951145796062013-03-28T11:19:00.001-07:002013-03-28T11:32:35.388-07:00A geeky calendarTo continue a little bit with some of the <a href="http://projects.tynsoe.org/en/geektool/" target="_blank">geektool</a> things, i was browsing around and came across a page with a small list of common user commands at <a href="http://applevie.ws/2009/09/a-small-list-of-common-geektool-user-commands/">applevie.ws</a> and found a calendar script.<br />
The script they reference there is<br />
<br />
<br />
<i>cal | sed -e '1d' -e '2p;2p;2p;2p' | sed -e '$!N;s/\n/ /' -e '$!N;s/\n/ /' -e '$!N;s/\n/ /' -e '$!N;s/\n/ /' | sed "s/^/ /;s/$/ /;s/ $(date +%e) /\|$(date +%e)\|/" </i><br />
<div>
<br /></div>
<br />
and that will give you a nice little plugin that looks like this<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLHGQ-qsYhKJdijH305_AatAYiMsebzqLoziiZpqm-nv8VkjwL_SjNn1Bgy4rSx4VXrUM9x59h3uKjUpZ218Ibwe0y83U2v-cScQMbZc01r-a9HYGBMuQoxwwtYtTeGAobkhjDdRKqAfA/s1600/Screen+Shot+2013-03-28+at+11.13.19+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLHGQ-qsYhKJdijH305_AatAYiMsebzqLoziiZpqm-nv8VkjwL_SjNn1Bgy4rSx4VXrUM9x59h3uKjUpZ218Ibwe0y83U2v-cScQMbZc01r-a9HYGBMuQoxwwtYtTeGAobkhjDdRKqAfA/s1600/Screen+Shot+2013-03-28+at+11.13.19+AM.png" /></a></div>
<br />
With some slight tweaking to the <i>sed </i>script you can make the dates line up nice and pretty, but i felt that the calendar in that format was a little too long for me, and I always perfered the square date.<br />
So using <i>sed</i> I was able to take the above script and warp it slightly to this<br />
<i><br /></i>
<i>cal | sed "s/^/ /;s/$/ /;s/ $(date +%e) /\[$(date +%e)\]/"</i><br />
<br />
and that gives me the following calendar with [ ] around todays date.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpC1V8llKoH7hasHya1pb7o_7MqWpejQuTkB40DhcWHGMzX0fmg5zVEYlYyudIn8xhfcOtq35TCTjAGu4O1Cht_ewxJlTIMwJM3dSKKgoLsAEVw97ObV-yQ4QTHD71gIQBwfORPn2Csng/s1600/Screen+Shot+2013-03-28+at+11.17.26+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpC1V8llKoH7hasHya1pb7o_7MqWpejQuTkB40DhcWHGMzX0fmg5zVEYlYyudIn8xhfcOtq35TCTjAGu4O1Cht_ewxJlTIMwJM3dSKKgoLsAEVw97ObV-yQ4QTHD71gIQBwfORPn2Csng/s320/Screen+Shot+2013-03-28+at+11.17.26+AM.png" width="320" /></a></div>
Now this isnt anything advanced, there are some ruby scripts around that add color to the bars around the date, but I like the simplicity of this.<br />
<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com1tag:blogger.com,1999:blog-4304914313177773820.post-69760677601352028912013-03-16T19:56:00.002-07:002013-03-17T18:12:16.931-07:00Format what nowThis is something that keeps coming up so I thought I would do a few self notes on it.<br />
There are a few assumptions here, at least on your part.<br />
1. You have purchased/downloaded a ISO from Microsoft of Windows 7/8<br />
<ul>
<li>I dont care what version that is on you.</li>
<li>I will not help you "acquire" any version so do not ask </li>
</ul>
<div>
2. You are a computer that can support boot from USB </div>
<div>
<ul>
<li>This should really be a no-brainer you are trying to make a USB boot stick</li>
<li>You need to find your motherboard/computer manufacture to find out how</li>
<li>I will not help you with this step, I do not know your hardware </li>
</ul>
<div>
3. Your computer is capable of running Windows 7 </div>
</div>
<div>
<ul>
<li>If you dont know get the <a href="http://www.microsoft.com/en-us/download/details.aspx?id=20" target="_blank">Microsoft Windows 7 Upgrade Advisor </a> (<a href="http://windows.microsoft.com/en-us/windows/buy" target="_blank">Windows 8 System Requirements</a>) </li>
</ul>
</div>
<br />
<br />
Creating a Windows 7 USB Installation drive<br />
<br />
1. Start by inserting your happy little USB drive into your computer, I recommend an 8GB drive, you should be able to do it with a 4GB<br />
* BACK UP ALL YOUR DATA!!! if you have anything on that USB stick that you want to keep make a copy now<br />
<br />
2. <s>Right click on the drive and select Format. Choose NTFS and Quick Format, it will take a few moments but it will take a lot longer without the Quick Format selected</s> <br />
Well that didnt work as advertised. So I had to insert the USB drive, and then open a command prompt as administrator, then run the <i>diskpart</i> tool.<br />
Once diskpart opens you want to find your USB drive, mine was disk 2 and i used "list disk" to find it<br />
Once you find it type<br />
<i>clean </i><br />
<i>create partition primary </i><br />
<i>active </i><br />
and then you can format it by right clicking on it in explorer to NTFS.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTYEl9tYfVjv3h28Uo2sOMdwNEuFe9jp8pL3RttJQJEGlu0DBDsG6fIUeYJa8FkksQ8XQU0YsGbj0CvZAiogeSowpQvb3_XERFqhPepMXN2dd8K40fSjs8qJxQHEr9QIjaNnETmMi-q_0/s1600/Format.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTYEl9tYfVjv3h28Uo2sOMdwNEuFe9jp8pL3RttJQJEGlu0DBDsG6fIUeYJa8FkksQ8XQU0YsGbj0CvZAiogeSowpQvb3_XERFqhPepMXN2dd8K40fSjs8qJxQHEr9QIjaNnETmMi-q_0/s320/Format.png" width="184" /></a></div>
<br />
3. Extract the ISO that you purchased to a folder. I used <a href="http://www.7-zip.org/" target="_blank">7-zip</a> for this. Right click choose 7-Zip > Extract to ... and choose a folder.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicHfj0EFx1x4Ewc6_94OWlf7PQTEll6l4NL0OP7ReD3cXIF1m10eA4fLLq3VrrtUukxV-ooKrVyT8OMuQqVvuip7HMyZIjzsVARp5zG_Pfl33_dz_zqyi7_fy9XdFhAwbhkom0lQpCME8/s1600/Unzip.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicHfj0EFx1x4Ewc6_94OWlf7PQTEll6l4NL0OP7ReD3cXIF1m10eA4fLLq3VrrtUukxV-ooKrVyT8OMuQqVvuip7HMyZIjzsVARp5zG_Pfl33_dz_zqyi7_fy9XdFhAwbhkom0lQpCME8/s640/Unzip.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
4. Copy the files that you just extracted to your USB drive. My copy is about 3.1GB and it took about 10 minutes to copy, your mileage will vary.<br />
<br />
5. Next step is to make sure you have set the USB drive as Active and Assigned<br />
<br />
Open an command prompt as administrator (start>cmd> right click run as administrator)<br />
<div>
run <i>diskpart</i> and type <i>list disk</i> </div>
<div>
you will see several disks listed, find your USB drive, mine is Disk 2 </div>
<div>
<br /></div>
<br />
<br />
6. Run the bootsect.exe command to make the USB drive bootable.<br />
Open an command prompt as administrator (start>cmd> right click run as administrator)<br />
Go to the location that you extracted your Windows 7 ISO from the command prompt, in my case it was my Downloads folder.<br />
<i>cd \Users\smcgroarty\Downloads\Windows7Install\boot\ </i><br />
run the command BOOTSEC.EXE and it will install the Windows Boot Manager onto the USB drive so that it can be booted from.<br />
<br />
<i>F:\Users\smcgroarty\Downloads\Windows7Install\boot>bootsect.exe /nt60 E:</i><br />
<i>Target volumes will be updated with BOOTMGR compatible bootcode.</i><br />
<i><br />
</i> <i>E: (\\?\Volume{af2d4079-8e6a-11e2-a08c-001d7d09aba5})</i><br />
<i><br />
</i> <i> Successfully updated NTFS filesystem bootcode.</i><br />
<i><br />
</i> <i>Bootcode was successfully updated on all targeted volumes.</i><br />
<div>
<br /></div>
<br />
7. You should now be able to boot off the USB drive and install Windows 7<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-71198972439221645552013-03-16T13:16:00.000-07:002013-03-16T13:16:28.271-07:00Gone, all goneWell my soon to be pervious hosting company was able to get my host upgraded to the proper and new version of <a href="http://www.dotnetblogengine.net/" target="_blank">blogengine.net</a>, but it did come at a small price.<br />
I have lost all my historical data for <a href="http://www.velcrohurts.com/blog" target="_blank">velcrohurts.com </a><br />
So none of my old stuff is there, and I am oddly ok with this.<br />
That leaves it up to a new choice, do I want to rebuild on that same platform that just lost a couple of years worth of data, or move the hosting account, and email, to another provider.<br />
I think I am going to move it to a new provider and I have weighed the options.<br />
<a href="http://blogger.com/">Blogger.com</a> seems to be working well enough for me. It is simple enough to use from my desktop and there is even an <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.blogger&hl=en" target="_blank">android app</a> that I havent gotten too deep into yet.<br />
There is also the <a href="http://wordpress.com/" target="_blank">WordPress</a> option. That one seems to be more popular amongst most of my friends and colleagues, and there is also an <a href="https://play.google.com/store/apps/details?id=org.wordpress.android&hl=en" target="_blank">android app</a> for it.<br />
Now the real reason I went with blogengine in the past was I had more time. I could customize the theme the way I wanted. I could do things like hide the login box, and limit user accounts easily. I do not have this this type of time anymore, so I am looking for something that does the heavy lifting for me.<br />
The next part is cost. I do not advertise, I do not like banner ads, I do not have any ad clicks. My site generates less than 100 hits in a busy month, so I do not intend to make any money from the site, but I do not want it to cost any more than $100 a year, that is domain registration, hosting, and email accounts.How much would you pay for a brain dump site of your own?<br />
My previous provider thought it would be a nice touch to register velcrohurts.net for me, "First year free!" and then start charging me. So I have had this domain for about two years without noticing it because of them. I had set it to expire after the first year, but they renewed it for me, as a courtesy.<br />
So I think my next steps are to move the domain to <a href="http://hover.com/">hover.com</a> (formerly tu-cows hosting) and then migrate velcrohurts email and blog site to google.<br />
Yes, google, because they already know more about me than everyone else combined.<br />
<br />
<br />
<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-90965469947666392132013-03-10T03:01:00.002-07:002013-03-10T03:01:49.654-07:00GeekTool As a newish user to the mac world, there are some things that I really liked about windows, one of them was <a href="http://rainmeter.net/cms/" target="_blank">Rainmeter</a>. It was a good desktop plugin with a lot of community driven themes for displaying all sorts of items. I have even had some friends that spent a night or two making their own theme.<br />
I was looking for something simular in the Apple world, and found <a href="http://projects.tynsoe.org/en/geektool/" target="_blank">GeekTool</a>. I have it display the time, weather batter status on my laptop. On my desktop it just displays the date.<br />
Lets review the simple settings for it here<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho-x6z8NJa90_3x1rELR3zFBm4_a-nLJvXO1Jr7O_GUNhiB-FF7KZrg1ojcwe9O9u5GpU9VEvQCFnxIudZ5AWK91NyafO3d2PO0dlYJGfHaXFC8DZhI2uLzUF16E5roHZR-PlEeZNnKEs/s1600/Default-Menubar.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho-x6z8NJa90_3x1rELR3zFBm4_a-nLJvXO1Jr7O_GUNhiB-FF7KZrg1ojcwe9O9u5GpU9VEvQCFnxIudZ5AWK91NyafO3d2PO0dlYJGfHaXFC8DZhI2uLzUF16E5roHZR-PlEeZNnKEs/s320/Default-Menubar.png" width="320" /></a></div>
<br />
This is the default Apple menu bar. I mean seriously there is a lot of stuff on there, do I really need the admin module? The BlueTooth? Time Machine? I know how to get to the System Preferences, so no, I do not need all that stuff.<br />
<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggYVDT06XYk_eNm8adWsjn6EX1Dqo_YeZAGrYYrxYW5BY5_RuMG_ysvievgKsxGMkw3_ZGcBLKLDu2iLzo53JeqQlVU68EopVmerCsp2Jt4CBRt5C8SI5qjjw2NfvEfALkz08XSFf_bkw/s1600/ShortMenubar.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="113" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggYVDT06XYk_eNm8adWsjn6EX1Dqo_YeZAGrYYrxYW5BY5_RuMG_ysvievgKsxGMkw3_ZGcBLKLDu2iLzo53JeqQlVU68EopVmerCsp2Jt4CBRt5C8SI5qjjw2NfvEfALkz08XSFf_bkw/s200/ShortMenubar.png" width="200" /></a>There we go, much better. Now you might ask what about the time?<br />
Well lets get to that next. I happen to run dual screen at home, so it is not a big deal here to turn off the time on the menu bar.<br />
<br />
<br />
<br />
With GeekTool, I can setup a simple location on the desktop to display the time and date.<br />
I know what you are thinking, and that is "but it is right there in the menu bar, why would you want to change it?" The short answer to that is "because I can" but the better answer is, on my laptop the menu bar is not that long, it has a resolution of 1280x800, so every pixel of space up there is precious to me.<br />
<br />
So here is how the time looks on my second screen.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzI-BbEaASYytv0nrCdzZ7nnFO_T92n4Gna82UgMoWyVOXJ9j1KdOqMlVXSVT5t71ApBHLGX6H0jyXUYkC1BScQnMsrL0EIwK7GdwiaYYpidIa6VtXD9aTot1MRdg0ohBQcPyOigf2iHA/s1600/Screen+Shot+2013-03-02+at+2.46.05+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzI-BbEaASYytv0nrCdzZ7nnFO_T92n4Gna82UgMoWyVOXJ9j1KdOqMlVXSVT5t71ApBHLGX6H0jyXUYkC1BScQnMsrL0EIwK7GdwiaYYpidIa6VtXD9aTot1MRdg0ohBQcPyOigf2iHA/s320/Screen+Shot+2013-03-02+at+2.46.05+PM.png" width="320" /></a></div>
Now we are going to get to the fun parts of this, the simple code behind.<br />
<br />
<br />
<br />
There are two shells behind the date and time.<br />
First one is for time, and the second shell is for the date. I wanted a larger font size for the time.<br />
Time: <i>date +%I:%M </i><br />
Date: <i>date +%A,%" "%d%n%B,%" "%Y </i><br />
And I think that is all I have for the night.<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-84215186696224577812013-03-04T21:12:00.001-08:002013-03-04T21:12:27.239-08:00Slightly AnnoyedWhat ever happened to dates on posts? I mean I can expect blogs not to always be dated, but what about journals? And some paper publications? Seriously, when I want to look something up, I check the date to make sure that is the most current source. If I don't see a date then I just move on thinking "it is so out of date, why bother?" I should specify, that this is mainly for technical things, like How to Add your domain to gmail for email.<br />
the first entry on google, funny enough, is a blog from 8 years ago and I know it has changed since then.<br />
So please people, put a date on your articles.<br />
-Stephen<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-20069773383601072812013-03-03T20:52:00.000-08:002013-03-03T20:52:21.113-08:00Here we go Since I said this was a simple test of the blog, let me start out that way.<br />
I have recently become an Apple user. I have an iMac on my desk at work, a Macbook Pro for work, and I am borrowing an iPad for some general testing. I am not planning on getting an iPhone, or becoming a full on Apple Fanboi any time soon. I still love my android devices and will continue to use them. But one of the difficult parts about all this was keeping notes and tasks in sync.<br />
I dont need to share these notes or tasks with anyone, but I do have the options.<br />
I found an app called <a href="https://www.wunderlist.com/">WunderList</a>, and it is pretty nice.<br />
By default it gives you serveral lists, and you can add/edit those lists and share your "work" list with one set of people and your "personal" list with another set.<br />
Another example is that I can be in a meeting with my Android phone, type the take aways from that meeting, go to my desktop, open the app or web page there, and start working on them.<br />
I had tried to use <a href="https://catch.com/">Catch.Com </a> for this, but it wasnt as well rounded, like it does not have a mac or windows client, just the mobile platform clients. I am old, I like having separate applications for this stuff.<br />
That should be a good, albeit badly, written first start on this blogspot.<br />
-Stephen<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0tag:blogger.com,1999:blog-4304914313177773820.post-14336396857073524162013-03-03T19:32:00.000-08:002013-03-03T19:32:13.392-08:00Hello WorldSince I have this nifty neato test domain, velcrohurts.net, I think it is time I actually start using it.<br />
This is my first post with Blogger, and if i like it i will repoint my domain here, but in the mean time lets get started.<br />
<br />Stephen McGroartyhttp://www.blogger.com/profile/14724031209591214430noreply@blogger.com0