Wednesday, December 29, 2010

Howto display whole file without first line - AWK

I was asked lately to write a one liner in bash/sh/csh to display the whole file content without the first line, a bit weird and perhaps unnecessary task but still some what challenging.

For example if this the the content of file.txt:
line1
line2
line3

The data wanted is:
line2
line3

After a bit of head scratching I came up with this not elegant solution:

# length=`cat file.txt|wc -l`;cat file.txt| tail -`${length} -1`

But the output was a bit clumpsy and it's more of a 2 commands chain and not exactly a one liner.. So, after searching for a solution  I came up to this gem:

#cat file1.txt|awk FNR-1
line2
line3

Another Option:

You can use the following syntax to make awk print from one string to another, thus ommiting the first line (just change beginning & end strings):
 # awk '/Beginning/,/End/'

When used correctly awk can be your swiss army knife.
Peace.

Saturday, December 25, 2010

Howto force fsck or bypass fsck in Linux

A nice little trick to force/bypass fsck:

To force fsck, type (as root):
#touch /forcefsck

To bypass fsck (as root):
#touch /fastboot

Boot the machine, and whoala!

Tuesday, December 21, 2010

Unix/Linux - Print out "string" between "match1" and "match2"

I was looking for a way to print text between "match1" and "match2", these two commands will achieve this:
 
sed -ne 's/.*\(match1.*match2\).*/\1/p'

egrep -o 'match1.*match2'

Wednesday, December 15, 2010

Check network connectivity with Perl

Sometimes it's crucial to check network connectivity to some server before running some script that will run on it, I've been searching for the easiest way to check network connectivity (ping) in Perl (without sprintf or system) and looks like I found one, the script uses the "Net::Ping" module.

The following script takes a server name as argument and verifies wether it's up or down:

#!/usr/bin/perl -w

use strict;

use warnings;

use Net::Ping;
#################################
my $master=$ARGV[0];

my $p = Net::Ping->new();

if ($p->ping($server))

{

printf "$server is up\n";

exit (0);
} else {

print"the server $server has no ping \n";

exit(0);

}

Monday, December 6, 2010

Howto - Find broken symbolic links

2 cool ways to find broken symbolic links on your system:
Bash:
for i in `find /`; do if (test -h $i); then file $i|grep broken; fi; done

Output:
./bar_link: broken symbolic link to `/etc/foo'



Any Shell:
find / -type l ! -exec test -r {} \; -print

Output:
./bar_link

When measuring the results with "time" command - the 2nd command wins, so if performance is critical in your case, use the 2nd one :)

Monday, November 15, 2010

Finding failed disks on EMC Celerra

In order to find failed disk(s) on EMC Celerra NAS storage
we need to query the storage processor) from its control station.
Each Celerra has two storage processors - SPa and SPb.
To find the IP's of the SP's we will look inside /etc/hosts: 
$cat /etc/hosts |grep A_CK |awk '{print $1}'
192.168.1.200 
We will query one of the SP's to get the FAULTED disks:
$/nas/sbin/navicli -h 192.168.1.200 getcrus |grep -i FAULT
DAE2 Bus 1 Enclosure 0       *FAULT* 
  (Bus 1 Enclosure 0 : Faulted; Bus 1 Enclosure 0 Disk 5 : Removed)
Next, to find out number of spare disks run:  
$/nas/sbin/navicli -h SPA getlun |grep Spare
RAID Type:                  Hot Spare
Bus 0 Enclosure 0  Disk 5   Hot Spare Ready
RAID Type:                  Hot Spare
Bus 0 Enclosure 0  Disk 11   Hot Spare Ready
RAID Type:                  Hot Spare
Bus 0 Enclosure 0  Disk 13   Hot Spare Ready
RAID Type:                  Hot Spare
Bus 0 Enclosure 0  Disk 14   Hot Spare Ready
RAID Type:                  Hot Spare
So in our case we got more 4 spare disks... 

Friday, October 15, 2010

Generate IPV6 Addresses with BASH

A fast way to generate some IPV6 addresses via BASH, with tool called "wcalc" that will help generating hexadecimal values.
First make sure "Wcalc" package is installed on your system:

root@paul-laptop:~# rpm -qa Wcalc
Wcalc-1.6.2-1


Next, using bash "for" loop let's generate some addresses (values selected randomly):

root@paul-laptop:~# for i in $(seq 600 610) ;do echo -n '2001:fade:28e1:3712::1'; echo ${i} |wcalc -h|awk -F x '{print $2}';done

Output:

2001:fade:28e1:3712::1258
2001:fade:28e1:3712::1259
2001:fade:28e1:3712::125a
2001:fade:28e1:3712::125b
2001:fade:28e1:3712::125c
2001:fade:28e1:3712::125d
2001:fade:28e1:3712::125e
2001:fade:28e1:3712::125f
2001:fade:28e1:3712::1260
2001:fade:28e1:3712::1261
2001:fade:28e1:3712::1262

Tuesday, October 12, 2010

Reinstall MBR with GRUB stage1

Creating a dual-boot Linux system such as the Red Hat/Debian is a neat way to experiment with both distributions another advantage is  having a fallback point.
A small downside is that the GRUB stage1 information in the MBR can be overwritten by the second install. In our example, Red Hat is installed on the first disk, and Debian is installed on the second. After Debian is installed, however, the Debian GRUB menu is displayed instead of the Red Hat menu that we are used to and that has been customized for our installation.

Let's see how we can solve this issue -

step 1 
Boot to grub CLI

step 2
The root (hd0,0) command sets the (hd0,0) partition as the location of the boot directory. This command tells GRUB in which partition the stage2 and grub.conf or menu.lst files are located.

step 3
The find /boot/grub/stage1 command returned the first stage1 entry it found.
Both disks should have this file. In this instance, GRUB shows the stage1 file from the second disk.Because we want GRUB to format the MBR on the first disk, /dev/hd0 is used.

step 4
The setup (hd0) command writes the MBR of the selected disk or partition.

That's it! The whole process should look like this :

Saturday, October 9, 2010

SAMBA - QUICK HOWTO part 2

In this short tutorial I will show you how to create a user based share on a samba server.

First, Install samba server:

apt-get install samba


Start the samba service:

/etc/init.d/samba start

Check service is running and bound to port 139:

lsof -i :139

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
smbd    14942 root   23u  IPv6  18189      0t0  TCP *:netbios-ssn (LISTEN)


Add a samba user that will access the shared folder (you'll be prompted for password):

smbpasswd -a tango

The main configuration file sits at:

/etc/samba/smb.conf

Open it with your favourite text editor

We will add a share for the user tango, the share is located at:

/usr/srv/www/tangodomain

The share will look like this:
[tango share]
comment =tango's stuff
writeable = yes
path = /usr/srv/www/tangodomain
 
valid users = tango

Hup samba so changes take effect:

killall -HUP samba


Now, you can access the samba server from any Windows station as tango.

\\samba-serv\tango


You can map a network drive from Windows to make access more comfortable, from your Windows machine run:

C:\net use x: \\samba-serv\tango

Saturday, October 2, 2010

Howto: Tkdiff - a great comperation tool

Tkdiff is very useful small tool that's based on the original Unix "diff" command but much more "eye friendly".
Imagine a situation where you have to compare 2 huge files/XML templates/ router configurations etc... well you got the point, the process can be much more smoother using this great tool, let's see how to install it and some basic usage:

In my case I used CentOS 5.4 virtual machine, but any Unix/Linux flavor will do.
Tkdiff has a dependency of "tk" package which is an addon for TCL scripting language which allows to create GUI apps.

So first we shall install tk package:

#yum install tk

Download the "tkdiff" RPM package from any repository you chose, like this one:

#\wget http://www.dil.univ-mrs.fr/linux/dil/centos/5/tkdiff-6.3-1.noarch.rpm

And install it:
#rpm -ivh tkdiff-6.3-1.noarch.rpm

If you want to compare 2 files named file1 file2, the usage is as follows:

#tkdiff file1 file2















Here we can see that "123" is same on both files, while the difference is at line contains string "456" ,which  exists only in file2.

A sure great tool for any admin, engineer, developer.

Have fun.

Tuesday, September 14, 2010

Change ILO settings via CLI from Linux

ILO - aka "Integrated Lights Out" is an advanced console technology that HP has implemented in most of their servers, it includes dozens of cool features and allows total remote control on the server in all kinds of aspects. ILO includes lot's of advanced configurations such as IP configuration, DNS, SNMP, LDAP integration, Users, Permissions and many more.

The "traditional" way to change these settings is via server downtime and booting it to ILO BIOS (usually by pressing F8 at boot time) and changing it there.

But what if we have hundreds of servers that require immediate change, going the first way would be a huge waste of time, therefore HP introduced a cool scripting tool (for both Linux & Windows) called  - "hponcfg". In this short tutorial we will understand how to use it - read on:


To use "hpconfg" we first have to make sure a service called "hprsm" is installed properly & running and that the needed modules are loaded into kernel:

linux01 #rpm -q hprsm hponcfg
hprsm-7.9.0-108.sles10
hponcfg-1.6.0-1

linux01 #/etc/init.d/hprsm start

The service is running and we are ready to configure our ILO settings, to see the current settings we can generate an XML template with our current settings, to achieve this execute:

linux01 #hponcfg -w /tmp/ilo_cfg_`uname -n`.xml
Firmware Revision = 1.81 Device type = iLO 2 Driver name = cpqci
RILOE II/iLO configuration successfully written to file "/tmp/ilo_config_linux01.xml"


Now, we can see our current ILO configuration represented in the XML template we saved to /tmp, let's see what it contains:

linux01 #cat /tmp/ilo_config_linux01.xml



















Ok, now you can edit whatever parameter you like and upload the updated XML template to ILO via "hpocnfg tool".

To upload the XML template, execute:
linux01 #hponcfg -f /tmp/ilo_config_`uname -n`.xml

Please note that  restart of ILO is needed for changes to take effect.

Sunday, August 29, 2010

Check Hyper Threading - Linux

When you need to know whether hyper-threading is enabled without rebooting your system (and checking BIOS/UEFI), you can simply look at the output of /proc/cpuinfo and compare the siblings with the cpu cores fields.
Even though /proc/cpuinfo shows you all the logical CPUs (processor field) in the system, the siblings field holds the number of logical CPUs for the physical CPU this entry belongs to (including both the cores and the hyper-threaded LCPUs).

For example, if you see:
processor : 7
physical id : 9
siblings : 4
cpu cores : 2

That means that LCPU #7 (the eight logical CPU in your system) is one of the 4 logical CPUs on the physical CPU that has 2 cores. So - hyper-threading is enabled.

Friday, July 30, 2010

Alias with arguments (BASH,CSH)

A neat way to make your life abit easier in Linux/Unix is using aliases, but how do you use an alias with an argument?
Let's say you want make a special "change directory" (we will call it cdd) command that will also display your current position in the file system tree.

Bash uses $1,$2,$3..etc for passed arguments, so we will add a little function inside our .bashrc file that will accomplish this mission:


cdd () { cd ${1} ; echo $PWD ; }

In C shell thing are little bit different, this will achieve the same effect when put into .cshrc:

alias cdd 'cd \!*;echo $cwd;'

Wednesday, July 14, 2010

Installing & Configuring Bind 9 (Ubuntu/Debian)

Numerous articles have been written about bind9, most of them are long, clumpy and not really explain how things work in detail. In this fairly short article I will try to give my point of view and make thing a bit more clear especially for new admins, so lets start!

First install bind9:

#apt-get install bind9

Next, open /etc/bind/named.conf.local, here you will need to add your zone name + the appropriate zone db file.
You will also need to add reverse look zone + db file (for reverse lookups), this is how your file will generally look like. 

* Note:I've used 192.168.0.0/24 subnet in my case:


#vi /etc/bind/named.conf.local



zone "linux.lan" {
type master;
file "/etc/bind/zones/linux.lan.db";
};
 

zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};



Next, add your ISP's DNS server to /etc/bind/named.options as a forwarder, This means is when your DNS server will not know the answer it will query the forwarder and provide a non-authoritative answer.

Create the directory that will contain the zones db:

# mkdir /etc/bind/zones


Create the db file:

#vi /etc/bind/zones/linux.lan.db 

linux.lan. IN SOA dns1.linux.lan. admin.linux.lan. (

2006081401
28800
3600
604800
38400 )

linux.lan. IN NS dns1.linux.lan.
IN A 192.168.0.7
dns1 IN A 192.168.0.7



It's time to create a reverse zone db-file, pay attention that the servers PTR record has 7, that stands for 192.168.0.7:

#vi /etc/bind/zones/rev.rev.0.168.192.in-addr.arpa

@ IN SOA linux.lan. admin.linux.lan. (
2006081401;
28800;
604800;
604800;
86400 );

IN NS dns1.linux.lan.
7 IN PTR linux.lan.



Next, restart bind to changes to take effect:


# /etc/init.d/bind9 restart



To make searches more convinient, you can (and should) add your domain suffix to /etc/resolv.conf

#echo "search linux.lan" >> /etc/resolv.conf

Test your DNS via host,nslookup or dig commands:

#host dns1
dns1.linux.lan has address 192.168.0.7


Works like magic!

Wednesday, June 30, 2010

LPIC-2 Certified!

Today I officially became LPIC2 certified!
Both exams (117-201&117-202) were not as hard as I expected, still challenging though.
My best advice for people who planning to take the tests in the future is PRACTICE!
Build your own Linux environment of different distro's, install, configure and explore in depth.
Only by practical experience you will understand how things really work.

Some good sources I used for my studying:

Awesome in-depth tutorials focused on LPIC 2 Test (material was re-newed in 2010):

LPI Tutorials by IBM (offering tutorials for all 3 levels).

Saturday, June 19, 2010

Block domains with SQUID

Squid is one of the most popular proxy servers for Linux out there, it offers loads of features making it an excellent choice for organizations wanting to implement traffic policies.
With squid you can block content based on different criterias, also you can cache web content - this is another huge advantage because it helps to minimize WAN traffic. Many ISP's implement this feature to save valuable B/W to abroad.

In this example I will show you one of the most basic features - how to block domains using squid, perhaps I'll add more in the future, so let's start:

The main squid config file is:/etc/squid/squid.conf
The file consists of access lists & rules, it's very well documented and even contains some good examples. Generally, when creating a rule in Squid we need to stick for the following 3 steps:

1 - First we need to make an ACL for the subnet / range we want to block the URL from.

2 - Then, make an ACL for the URLs we want to block.

3 - Finally, create an "http_access deny" rule using those two ACLs.


Let's say we want to deny facebook.com in our organization. The following configuration would deny anybody in the 192.168.0.0/24 subnet access to facebook.com
acl banned_clients src 192.168.0.0/255.255.255.0
acl blocked_url dstdomain .facebook.com
http_access deny banned_clients blocked_url

So when a user tries to access facebook.com from 192.168.0.0/24 range he will get:

Thursday, June 17, 2010

Change MTU size in Linux

Maximum Transmission Unit(MTU), the largest physical packet size, measured in bytes, that a network can transmit. Any messages larger than the MTU are divided into smaller packets before being sent .
By optimizing the MTU setting you can gain substantial network performance.
In IPv4 the values range between 576 and 1500 bytes being the max size.

The general syntax is: ifconfig "interface" mtu "size"

For example:ifconfig eth0 mtu 1420


Will change MTU to 1420 bytes.

For permanent change, you can add the MTU parameter into your interface configuration file,
For example in Debian the configuration will look like this:



iface eth0 inet static
address 192.168.0.100
network 192.168.0.0
gateway 192.168.0.254
netmask 255.255.255.0
mtu 1420

Saturday, June 12, 2010

Apache:create password protected directory

In this short tutorial I'll show how to restrict certain folders of your web server for certain users/groups.


Let's say we need to restrict some files that will be located under /var/www/secret (/var/www is our DocumentRoot - aka the place where our site html/java/php stuff is located).

First we need to create (-c flag) a new user and set it a password, pay attention to the file path, it will contain the username and it's encrypted password (somewhat similar to /etc/shadow):

#htpasswd -c /etc/apache2/userslist admin
New password:*****
Retype new password:*****
Adding password for user admin

We can change the password later with htpasswd command (without any flag).

After we've added the user we need to edit our site configuration file, on Debian it's located under: /etc/apache2/sites-available/default

We need to edit our directory block with the proper settings, it should look something like this (pay attention to the last directory block):















If we want to allow more than one user we can add more valid users in the "Require user" line, More elegant approach will be to create group file (like /etc/apache2/groupfile) that will look something like this:

#cat /etc/apache2/groupfile

admins:paul admin bob dave

2 lines will be changed: 
instead of require user , require group.
instead of AuthUserFile /path/to/file, AuthGroupFile /path/to/file

Last thing left is to restart apache:

#apache2ctl restart

Thursday, May 20, 2010

Howto:Check if service supports TCP wrappers

You have added a correct entry to /etc/hosts.allow to allow certain clients to connect for certain service, you save the changes but nothing happens!
You recheck the syntax, but everything seems to be just right...
What happened here and why? 
Not all services support TCP wrapping, to determine if they do we will need to querry them via "ldd" command and see their shared library dependencies, let's take sshd service as an example:


# ldd `which sshd` |grep -i libwrap
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f04d29fd000)

The presense of libwrap module in ldd output states that the current service supports TCP wrappers.

Thursday, May 6, 2010

Quick Howto:Linux DHCP

DHCP service allows dynamic host IP allocation, a useful option for desktop, notebooks and any other mobile IP based appliance.
Linux based DHCP (dhcpd v3) is relatively  easy to configure, the main configuration file is:  

/etc/dhcp.conf

The brief configuration of a subnet will look like this:



subnet 192.168.0.0 netmask 255.255.255.0 {

        range 192.168.0.200 192.168.0.229;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.0.255;
        option routers 192.168.0.1;
}


The DHCP protocol has a vast number of options that it can pass to clients to configure them correctly. Some of the most important are shown in the following example:
 
default-lease-time 21600;
max-lease-time 43200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "example.com";
option ntp-servers 192.168.1.1;

Most of these should be self-explanatory. The lease times are how long the client can hold on to the IP address it is given without reconfirming with the server, in seconds. With the default-lease-time set to 21600, the client is instructed to contact the DHCP server at least every 6 hours. If it has not been in touch within 43,200 seconds, 12 hours, it should consider itself to be out of a lease.


To add a static entry, to ensure a certain station will get permanent IP address (useful for servers, printers etc) use the following syntax:

host chronos {
                hardware ethernet d8:50:2b:4c:a3:82;
                fixed-address 192.168.1.20;
             }
 
 
 
When dhcpd is running it will generate entries in the file:  
/var/lib/dhcp/dhcpd.leases:

The leases file includes active leases for current client hosts + lease details such as lease start and end time , mac address and hostname of the client host:

lease 192.168.1.12 {
 starts 2 2010/04/01 20:07:05;
 ends 3 2010/04/02 08:07:05;
 hardware ethernet 00:00:e8:4a:2c:5c;
 uid 01:00:00:e8:4c:5d:31;
 client-hostname "shiva01";
}
 
When configuration is completed you can run: dhcpd configtest to test whether the configuration is good.

Please note -

1. DHCP server listens on port 68 so be sure to configure your firewall correctly.

2. When DHCP broadcasts need to be forward over routers (happens alot in enterprise environment), a forwarder must be set on the router.
On Cisco systems the option called "ip-helper" and it's used like this:
ip-helper "adress-of-dhcp-server"

Saturday, April 24, 2010

Switch NIC order without reboot (Suse)

Let's say we have two nics installed on our system, eth0, and eth1.
At some times latter, you removed eth0 from the system/replaced it's board.
Now eth1 is the only nic in your machine... and you want to rename this nic (eth1 as eth0).

This is how it's done:

# rcnetwork stop
# vi /etc/udev/rules.d/30-net_persistent_names.rules


Through udev configuration we can change the systems nic order as we desire:

SUBSYSTEM=="net", ACTION=="add", SYSFS{address}=="00:02:b3:22:84:f3", IMPORT="/lib/udev/rename_netiface %k eth1"


 Let's change eth1, as eth0,
SUBSYSTEM=="net", ACTION=="add", SYSFS{address}=="00:02:b3:22:84:f3", IMPORT="/lib/udev/rename_netiface %k eth0"

Save and exit the file.

Now execute the following command
# /lib/udev/rename_netiface
i.e
# /lib/udev/rename_netiface eth1 eth0



Now, restart rcnetwork, and we're done:
# rcnetwork start

Sunday, April 18, 2010

Quick Howto: Configuring Linux Auto Mounter

The Linux automounter is a great feature that allows "transparent" mounts, means you can access samba / nfs shares without actually mounting the area by yourself. Let's see how it's done:

The master configuration file is /etc/auto.master , you will not deal much with it because it simply points to other auto.* configuration files, be sure though your confguration file is listed there.
On most distro auto.misc exists by default so I will use it in this example.

I've set up an NFS share of the /nfs directory on a remote server called "prana" . I've also configured the following command in my /etc/auto.misc file on my local server:


nfs  -rw,soft,intr  prana:/nfs


We need to reload autofs configuration with:

/etc/init.d/autofs restart


Make sure your firewall configured to accept nfs connections and the relevant deamons are up and running (nfs,portmap,mountd).

Now, when accessing /misc/nfs on local server you should see the contents of the exported /nfs folder on prana.

Adding disk to Linux VM without reboot

Have you rebooted your Linux VM after adding storage to it so changes will take effect? No more !
Here is a sweet way to re-scan the SCSI bus "on the fly":

1.Check your current disk status with: fdisk -l

2.Add the wanted disk via VMware GUI

3.To rescan the bus:
root@chronos# echo "- - -" > /sys/class/scsi_host/host#/scan


Replace host# with actual value such as host0. You can find scsi_host value using the following command:
root@chronos# ls /sys/class/scsi_host
host0
So the command will look like this:
root@chronos# echo "- - -" > /sys/class/scsi_host/host0/scan


Tuesday, March 30, 2010

Cisco router memory types.






When it often seems transparent to the user Cisco routers rely on 4 different
types of
memory for it's operations. This is an important concept in the Cisco world and as a Network administrator you need to be familiar with them
The types memory types are: Flash, RAM, ROM, and NVRAM.



Flash Memory: Flash memory is used to store and run the Cisco IOS software - the router's operating system. When a router is powered down, the contents of Flash memory are not lost. However, its contents can be upgraded by "flashing" the chip. While a router is running, the contents of Flash are set to a read-only mode. Flash memory for a Cisco 2500 series router ranges in size from a minimum of 4MB up to a maximum of 16MB. You might consider adding additional Flash memory to meet the space requirements of the IOS version that you have chosen to run. For a Cisco 2501, the base IP version of IOS 12.0 requires a minimum of 8MB of Flash memory. So, if you had a Cisco 2501 that shipped with only 4MB of Flash, you would require at least one additional 4MB SIMM. For IOS versions with more advanced feature sets, it is not uncommon to require at least 16MB of Flash.




RAM: Random Access Memory (RAM) represents the non-permanent or volatile working area of memory on a Cisco router. When the router is powered down, the contents of RAM are lost. By default, RAM is broken up into two main areas - Main Processor Memory, and Shared I/O Memory. Main Processor Memory is where the routing table, ARP tables, and running configuration are stored. Shared I/O Memory is used as a buffer location for temporarily storing packets prior to processing. Most Cisco 2500 routers will have 2MB of RAM soldered to the system board (this amount, however, depends on the revision number of the router), along with one SIMM slot to add additional RAM. The maximum amount of RAM that can be added to a Cisco 2500 is 16MB. If 16MB is added, that provides a maximum of 18MB of available RAM. In cases where a RAM SIMM is installed, its capacity will be used as Main Processor Memory, while the onboard RAM (2MB) will be used as Shared I/O memory. If no SIMM chip is present, that 2MB of on-board RAM will be split between both areas, providing each with 1MB of working space. This should be avoided for performance reasons.






ROM : In older Cisco router models, Read-Only Memory (ROM) chips were used to store the IOS software. In newer models, this is no longer the case. As mentioned previously, the IOS image is now stored in Flash memory (it can also be stored on a TFTP server, as I'll discuss in the next chapter). ROM is now used as the memory area from which a Cisco router begins the boot process, and is made up of a number of elements. These elements are implemented via microcode, a set of programming instructions that are contained in ROM.

NVRAM: Non-Volatile Random Access Memory (NVRAM) is used as the storage
location for the router's startup configuration file. After the router loads its IOS image,
the settings found in the startup configuration are applied.
When changes are made to a router's running configuration,
they should always be saved to the startup configuration (stored in NVRAM)
or they will be lost when the router shuts down.
Remember that the running configuration is stored in RAM,
which is erased when the router is powered down.
On a Cisco 2500 series router, NVRAM is a relatively tiny 32KB in size.



Knowing what's going on where is an important part of not only understanding how a
Cisco router operates, but will also help to determine the source of problems or issues,should the need arise.

Wednesday, March 10, 2010

NetApp - The Ultra Small Survival Guide







Info:
sysconfig -a (displays all filer info)
fcadmin device_map (displays shelf info)
storage show disk –p (displays disk info)
sysconfig -r (displays disks info + rebuild progress)
ifconfig -a (displays network configuration info)
ifstat (displays network interface statistics)
netstat (displays network statistics)
dns info (displays DNS config)
nis info (displays NIS config)
quota report (displays quota usages)
vol status (displays volume status)
snap list (displays all snapshots on the volumes)
version (displays "Ontap" OS version)
uptime (shows uptime of the filer)

Administration:
quota on/off (disable/enable quota for qtree)
quota resize (executed for quota changes to take place)
exportfs -a (exports everything in /etc/exports )
wrfile/rdfile (read write to system files)
vol create/destroy/online/offline (volume manipulations)
cifs setup/shares/access (cifs configurations)
lun create/map (lun configurations)

Tuesday, March 2, 2010

Howto: Change your MAC address (Linux)

Quick and useful:

jenova:~ # ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:0C:29:65:95:D2
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0


jenova:~ # ifconfig eth0 hw ether 001122334455

jenova:~ # ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:11:22:33:44:55
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0

Sunday, February 21, 2010

HP Smart Array - Brief Tutorial

HP/Compaq servers use cciss drivers to represent the disks.

This cciss driver doesn't use the regular SCSI stack,
that's why the disks will appear as:

#ls -lah /dev/cciss/
total 0

brw-rw----  1 root disk 104,  0 2008-08-28 14:36 c0d0
brw-rw----  1 root disk 104,  1 2008-08-28 14:36 c0d0p1
brw-rw----  1 root disk 104,  2 2008-08-28 14:36 c0d0p2
brw-rw----  1 root disk 104,  3 2008-08-28 14:36 c0d0p3
brw-rw----  1 root disk 104, 16 2008-08-28 14:36 c0d1
brw-rw----  1 root disk 104, 17 2008-08-28 14:36 c0d1p1

When:
  • c0=controller 0
  • d0=disk 0
  • p1=partition 1
HP offers a CLI tool for Disks information querry / management called "hpacucli" (can be obtained from their page).
This tool can do both (detailed) reporting and management, let's see how it works:

#hpacucli controller all show
Smart Array 6i in Slot 0      ()


#hpacucli ctrl slot=0 logicaldrive all show status

logicaldrive 1 (33.9 GB, RAID RAID 1+0):  OK
logicaldrive 2 (136.7 GB, RAID RAID 1+0):  OK

Let's list the drives on controller in slot 0:
#hpacucli ctrl slot=0 pd all show status

physicaldrive 1:0 (port 1:id 0, 36.4 GB): OK
physicaldrive 1:1 (port 1:id 1, 36.4 GB): OK
physicaldrive 1:2 (port 1:id 2, 146.8 GB): OK
physicaldrive 1:3 (port 1:id 3, 146.8 GB): OK

This tool can be extremely useful when implemented in monitoring scripts.
Also it makes easier on the user instead of searching /var/log/messages

Friday, February 19, 2010

Generate hosts file with Perl

A sweet way to add couple of servers to your hosts file/NIS map using a tiny perl script:

#!/usr/bin/perl -w

use strict;
use warnings;
print `clear`;
my $j=10;

open (HOSTS ,">>/etc/hosts.txt") or die $!;
for (my $num=0;$num <= 10; $num++) {
printf(HOSTS "server$j \t server$j.domain.org \t 192.168.0.$num\n");
$j++;
}
close (HOSTS) or die $! ;

#END


The output will be:

server10 server10.domain.org 192.168.0.0

server11 server11.domain.org 192.168.0.1
server12 server12.domain.org 192.168.0.2
server13 server13.domain.org 192.168.0.3
server14 server14.domain.org 192.168.0.4
server15 server15.domain.org 192.168.0.5
server16 server16.domain.org 192.168.0.6
server17 server17.domain.org 192.168.0.7
server18 server18.domain.org 192.168.0.8
server19 server19.domain.org 192.168.0.9
server20 server20.domain.org 192.168.0.10

Wednesday, February 10, 2010

Set up SSH on ESXi server

Virtualization has become an integral part of any big IT environment with VMware being the clear market leader. Vmware offers two main version for it's server OS (which hosts the virtual machines - aka VM's ) :ESXi server being the light version and ESX being the "heavy" version. In this short post I will demonstrate how to enable SSH on the ESXi server, which can be used for some remote command line manipulations ;) OK, let's start, After EXSi has been deployed this is the console you will see:



At the console, hit "Alt-F1" to get the first console (you are on the second, by default):

Type:unsupported’.

Give the root password to log in.
You should get a shell prompt
with warning:


Please note that this is not a standard Unix/Linux shell, lots of commands are missing and others may behave differently.

Next, we need to enable SSH in inted.conf:


vi /etc/inetd.conf

Uncomment the "ssh" line & save the file.

Find the PID of inetd & HUP it so that the changes take care:

kill -HUP 1234

SSH is enabled from now, feel free to use it for monitoring, scripting etc..

Monday, January 11, 2010

Finding Specific MAC - (Cisco IOS)

Finding a specific MAC in Cisco IOS can be accomplished via:

show mac-address-table

This gives a complete table of Port vs. Mac Addr.

If you want to find a specific mac address, lets say 00:11:22:33:44:5e use:

show mac-address-table | include 445e


The output is similar to Unix "grep" command.

For further debugging you can use show interface status and/or show cdp neighbors to see where it connects to.

Howto change NIC order in Linux (SUSE 10)

I recently had an issue with a mother board that was replaced on some server, after renaming the configuration file to the correct MAC address (ifcfg-eth-id-00:1a:64:7a:d0:be), the new NIC was recognized as eth4, (and not eth0 as previously),after digging abit in the depths of the OS I have found a solution:

/etc/udev/rules.d/30-net_persistent_names.rules

Through this file you can configure the NIC order by MAC address.
For example:

SUBSYSTEM=="net", ACTION=="add", SYSFS{address}=="00:1a:64:7a:d0:be", IMPORT="/lib/udev/rename_netiface %k eth0"

To change take place you will probably need to reboot the machine so udev will re-read it's configurations(restarting networking service is not enough).

Friday, January 8, 2010

Perl One Liner:Fibonacci Series

Now for something little different, I stumbled upon in the net, this one liner prints the Fibonacci series (first 20 numbers).

perl -e'@p=(0,1);until($#p>20){print"$p[-2]\n";push @p,$p[-2]+$p[-1]}'


The power of Perl...

Assign static adress via DHCP (Cisco IOS)

Usually a good idea will be to assign a static IP allocation for a server, in order to do that we need to get servers MAC address as it's identifier:

Next , prepend 01 to it and insert a dot after every fourth character to get the client-ID you need to enter on the DHCP server. For example, the MAC address 0200.1000.1234 becomes client-id 0102.0010.0012.34, and the static DHCP pool (Server_static) on a router is configured as follows:


cisco851(config)#ip dhcp pool Server_static
cisco851(dhcp-config)#host 10.0.0.10 255.255.255.0
cisco851(dhcp-config)#client-identifier 0102.0010.0012.34

Saturday, January 2, 2010

Howto:Install & Configure SWAT

In this article I will demonstrate how to install SWAT on Ubuntu Linux (the tutorial is good for almost any other Linux distro). I come out of conclusion that samba service is already installed so I will focus more on SWAT.
SWAT is a great GUI managment tool that allows us to manage Samba services via user friendly web-interface, the latest version of SWAT is very dynamic and includes many great options (such as LDAP,Kerberos,Domain Controller authentication and many more) for smooth intergration with Windows based environment.

First install SWAT with:

apt-get install swat

Next, verify SWAT installation:


I suggest to configure SWAT via Xinet.d deamon, all you have to do is create an apropriate file with xinetd rules:

touch /etc/xinetd.d/swat

vi /etc/xinetd.d/swat

This is how the configuration file will look like (in general):


As you can see, we allowed access from localhost, and the port that will be bound to SWAT service is port 901 tcp.
It will be a good idea to restart xinetd service so the changes take place:
/etc/init.d/xinetd restart
Now, verify that xinetd is running and the port is bound to SWAT:




We are almost there, if you have firewall set a propriate rule and allow traffic to port 901 (localhost).
Try accessing the GUI via the your browser:
*note if you're asked for password you should add a samba administrator via:
smbpasswd -a samba_admin

Works like magic, from here you can perform any needed Samba related administration tasks.