Terapix Star Formation Region IC 1396, © 2001 CFHT
services installation/configuration
Article
by FMA - Updated November 23rd, 2007
3w-9xxx :: 3dm :: 3dm2 :: tw_cli :: mysql :: apache2 :: phpmyadmin :: ntp :: proftpd :: rcp :: ssh :: smartd :: logrotate :: gpm :: portlog-info :: Xorg :: cupsd :: postfix :: rkhunter :: udev :: lm_sensors :: bbftp :: mcelog :: dhcp :: gpm

-  3w-9xxx driver

# tar xzvvf 3w-9xxx2.6.tgz
# cd 3w-9xxx2.6
# tar xzvvf 3w-9xxx.tgz
# cd /usr/src/
# ln -s linux linux-2.6
# cd -
# make
# cp 3w-9xxx.ko /lib/modules/`uname -r`/kernel/drivers/scsi/3w-9xxx.ko
# modules-update
# modprobe 3w-9xxx
# vi /etc/modules.autoload.d/kernel-2.6
3w-9xxx


-  Installing 3dm

# scp -r root@mix1:/root/softs/3dm ./3dm-7.7.0
# csh install.3dm  (port8086)
# scp  root@mix1:/etc/init.d/3dm /etc/init.d/3dm
# cat /etc/init.d/3dm
#!/sbin/runscript

depend() {
       use dns logger
       after portmap
}

checkconfig() {
       if [ ! -f /etc/3dmd.conf ] ; then
               eerror "Please create /etc/3dmdconf"
               return 1
       fi
       return 0
}

start() {
       checkconfig || return $?

       ebegin "Starting 3dmd"
       start-stop-daemon --start --quiet --exec /usr/sbin/3dmd
       eend $? "Failed to start 3dmd"
}

stop() {
       ebegin "Stopping 3dmd"
       start-stop-daemon --stop --quiet --exec /usr/sbin/3dmd
       eend $? "Failed to stop 3dmd"
}

# /sbin/depscan.sh
# /etc/init.d/portmap start
# rc-update add portmap default
# /etc/init.d/3dm start
# rc-update add 3dm default
# cat /etc/3dmd.conf  
EMAIL Yes
SERVER mix1.iap.fr
SENDER root
RCPT bertin@iap.fr,magnard@iap.fr
AUDIO No
CALL3WARE No
EMAILRPT 0
PORT 8086
FW 25
HELP /usr/local/doc/3dm
EXTLOG /var/log/3dmExtLog
SNMP No
TRAP
COMM
PASSWORD No
KEY OmwmsK8lKk2
ROPASSWORD Yes
ROKEY V9ZmTQwhpM6
DIAG No
UPS No
UPS_IP
IDLE Yes
IDLETIME 0
POWER 0
SCHED0 00 00 00 00
BGREBUILD0 No
BGSCRUB0 No
BreGVERIFY0 No
SCHED1 00 00 00 00
BGREBUILD1 No
BGSCRUB1 No
BGVERIFY1 No
SCHED2 00 00 00 00
BGREBUILD2 No
BGSCRUB2 No
BGVERIFY2 No
SCHED3 00 00 00 00
BGREBUILD3 No
BGSCRUB3 No
BGVERIFY3 No
REMOTEACCESS Yes


-  Installing 3dm2

# scp -r root@mix1:/root/softs/3dm2 ./3dm2
# ./install.3dm
# scp mix5:/etc/3dm2/3dm2.conf /etc/3dm2/3dm2.conf
# scp mix5:/etc/init.d/3dm2 /etc/init.d/3dm2
# cat /etc/init.d/3dm2
#!/sbin/runscript

depend() {
       use dns logger
       after portmap
}

checkconfig() {
       if [ ! -f /etc/3dm2/3dm2.conf ] ; then
               eerror "Please create /etc/3dm2/3dm2.conf"
               return 1
       fi
       return 0
}

start() {
       checkconfig || return $?

       ebegin "Starting 3dm2"
       start-stop-daemon --start --quiet --exec /usr/sbin/3dm2
       eend $? "Failed to start 3dm2"
}

stop() {
       ebegin "Stopping 3dm2"
       start-stop-daemon --stop --quiet --exec /usr/sbin/3dm2
       eend $? "Failed to stop 3dm2"
}

# /sbin/depscan.sh
# /etc/init.d/portmap start
# rc-update add portmap default
# /etc/init.d/3dm2 start
# rc-update add 3dm2 default
# cat /etc/3dm2/3dm2.conf
Port 8086
EmailEnable 1
EmailSender root
EmailServer carignan.iap.fr
EmailRecipient magnard@iap.fr,bertin@iap.fr,gimi@iap.fr
EmailSeverity 1
ROpwd twEWKIdGUoP76
ADMINpwd twV9ZmTQwhpM6
RemoteAccess 1
Language 0
Logger 0
Refresh 5
BGRate 3333333333333333
Help /usr/local/doc/3dm2


-  3ware Commane Line Interface tw_cli

# tar xzvvf tw_cli-linux-x86_64.tgz
# cd x86_64/
# cp tw_cli.8.nroff /usr/share/man/man8/tw_cli.8
# cp tw_sched.8.nroff /usr/share/man/man8/tw_sched.8
# cp tw_cli tw_sched /usr/local/bin/
# for unit in `tw_cli show | awk '/^c/{print $1}'`; do tw_cli /$unit  show ; done
# for unit in `tw_cli show | awk '/^c/{print $1}'`; do tw_cli /$unit  show unitstatus; done
# tw_cli /c5 show drivestatus
#
# tw_cli show

Array reconstruction:

# tw_cli
//pix7> info c0
p8     DEGRADED         u0     233.76 GB   490234752     A805E7ZE
//pix7> maint remove c0 p8
//pix7> maint rescan c0
//pix7> info c0
p8     OK               -      233.76 GB   490234752     A805E7ZE
//pix7> maint rebuild c0 u0 p8
 or
//pix7> maint rebuild c0 u0 p8 ignoreECC
//pix7> info c0
u0    RAID-5    REBUILDING     0      64K     1870.09   ON     -        -


-  New 3ware firmware update with tw_update

# ./tw_update fw=/home/nis/root.nis/softs/opteron/3ware/9550SX/9.3.0.7/9.3.0.7-9550SX-Upgrade/prom0006.img
Warning: We strongly recommend backing up your data before updating
the firmware. Updating the firmware can render the device driver
and/or management tools incompatible. It is recommended to have
a copy of current firmware image for rollbacks.

Examining compatibility data from firmware image and /c5 ... Done.

New-Firmware        Current-Firmware    Current-Driver    Current-API
----------------------------------------------------------------------
FE9X 3.04.01.011    FE9X 3.04.00.005    2.26.02.007       2.00.00.095

Both API and Driver are compatible with the new firmware.
Recommendation: proceed to update.

Given the above recommendation...
Do you want to continue ? Y|N [N]: Y
Downloading the firmware from file /home/nis/root.nis/softs/opteron/3ware/9550SX/9.3.0.7/9.3.0.7-9550SX-Upgrade/prom0006.img ... Done.
The new image will take effect after reboot.


-  update build_3wraids_page.bash scripts:

$ vi /root/scripts/build_3wraids_page.bash /root/scripts/raidtxt2html.pl


-  mysql

# emerge -v mysql
# ebuild /var/db/pkg/dev-db/mysql-4.0.18/mysql-4.0.18.ebuild config
# /etc/init.d/mysql start
# rc-update add mysql default
# /usr/bin/mysqladmin -u root -h mix2 password 'bddmysql'
# cat /etc/portage/package.unmask
dev-db/mysql

Lost passwd:

# /etc/init.d/mysql stop
# mysqld --skip-grant-tables --user=root &
# mysql -u root
mysql> UPDATE mysql.user SET Password=PASSWORD('newpasswd') WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> quit
# killall mysqld
# /etc/init.d/mysql start
# mysql -p -u root

Backup database:

# /usr/local/bin/mysqlblasy.pl
# cat /usr/local/etc/mysqlblasy.conf
dbusername = root
dbpassword = bddmysql
dbhost = localhost
databases = pmadb,mysql,dbspica,T0002,Photometry,EfigiManClass,DBTRANSFER
backupdir = /var/db/backup/
mysqldump = /usr/bin/mysqldump
mysql = /usr/bin/mysql
loglevel = 2
use compression = yes
use syslog = yes
tar = /bin/tar
compression tool = /bin/gzip
keep = 60
# crontab -e
00 02 * * * /usr/local/bin/mysqlblasy.pl -c /usr/local/etc/mysqlblasy.conf


-  apache2

# emerge -Uv /usr/portage/net-www/apache/apache-2.0.48.ebuild
# etc-update
# rc-update add  apache2 default
# mkdir /var/log/apache2
# mkdir -p /usr/lib/apache2/conf/ssl/
# cp /var/tmp/portage/server.{key,crt} /usr/lib/apache2/conf/ssl/
# mkdir -p /var/cache/apache2/
# vi /etc/conf.d/apache2    (after update of mod_php; -D SSL might not work)
APACHE2_OPTS="-D DEFAULT_VHOST -D PHP5 -D SSL_DEFAULT_VHOST -D SSL -D DOC -D DAV"
# vi /etc/php/apache2-php4/php.ini
memory_limit = 80M
# vi /etc/apache2/conf/commonapache2.conf
<Directory /home/nis/*/public_html>
   AllowOverride All
   Options MultiViews Indexes Includes FollowSymLinks
   DirectoryIndex index.html index.php index.php3 index.shtml index.cgi index.pl index.htm Default.htm default.htm
   <IfModule mod_access.c>
     Order allow,deny
     Allow from all
   </IfModule>
</Directory>
# /etc/init.d/apache2 start
# cat /home/nis/magnard/public_html/show_images.php
<?php
$path_to_images = "./";  // path to your images
function getImagesList($path) {
   $ctr = 0;
   if ( $img_dir = @opendir($path) ) {
       while ( false !== ($img_file = readdir($img_dir)) ) {
           // add checks for other image file types here, if you like
           if ( preg_match("/(\.gif|\.jpg|\.png)$/", $img_file) ) {
               $images[$ctr] = $img_file;
               $ctr++;
           }
       }
       closedir($img_dir);
       return $images;
   } else {
       return false;
   }
}

if ($image_list = getImagesList($path_to_images)) {
       foreach ($image_list as $image) {
         echo "$image<br><a href=\"$image\"><img src=\"$image\"></a><br>";
       }
}
?>


-  phpmyadmin

# euse  -E apache2 curl tiff
# emerge -Uv phpmyadmin
# make sure that "IDENTIFIED BY" in 2.6.1_rc1_create.sql matches controlpass in config.inc.php
# portlog-info phpmyadmin
# /usr/sbin/webapp-config -I -h localhost -u root -d /phpmyadmin phpmyadmin 2.8.0.4
# mysql -u root -p < /usr/share/webapps/phpmyadmin/2.6.1_rc1/sqlscripts/mysql/2.6.1_rc1_create.sql
# cp /var/www/localhost/htdocs/phpmyadmin/libraries/config.default.php /var/www/localhost/htdocs/phpmyadmin/config/config.inc.php
# gvim /var/www/localhost/htdocs/phpmyadmin/config.inc.php
 $cfg['PmaAbsoluteUri'] = 'http://dbterapix.iap.fr/phpmyadmin/';
# /etc/init.d/mysql restart
# mozilla http://dbterapix.iap.fr/phpmyadmin/


-  ntp

# vi /etc/ntp.conf
server ntp.obspm.fr
# vi /etc/conf.d/ntpd  (now obsolete)
NTPDATE_CMD="ntpdate"
NTPDATE_OPTS="-b ntp.obspm.fr"
# vi /etc/conf.d/ntp-client
NTPCLIENT_OPTS="-b -u ntp.obspm.fr"
# /etc/init.d/ntp-client start
# /etc/init.d/ntpd start
# rc-update add ntpd default
# rc-update add ntp-client default


-  proftpd

# emerge -v /usr/portage/net-ftp/proftpd/proftpd-1.2.9.ebuild
# vi /etc/xinetd.d/proftpd
      disable          = no
# cp /etc/proftpd/proftpd.conf.sample /etc/proftpd/proftpd.conf
# vi /etc/proftpd/proftpd.conf
#ServerType          standalone
ServerType          inetd
###FM### allow proftpd to work with NIS!
PersistentPasswd    off
User                            ftp
Group                           ftp
# lock user to its home dir
#DefaultRoot ~

# vi /etc/xinetd.conf
       only_from      = localhost 194.167.0.0 194.57.221.0 145.238.101.115 10.0.1.0
# rc-update add xinetd default
# /etc/init.d/xinetd start

-  ftpix: configuration for PI data (cf. http://www.castaglia.org/proftpd/contrib/ftpasswd.html)

# vi /etc/proftpd/proftpd.conf
AuthPAM                         on
AuthPAMConfig                   ftp
AuthPAMAuthoritative            off
AuthUserFile                    /etc/passwd.proftpd
#AuthGroupFile                   /etc/group.proftpd

# wget http://www.castaglia.org/proftpd/contrib/ftpasswd
# vi ftpasswd
my $default_passwd_file = "/etc/passwd.proftpd";
my $default_group_file = "/etc/group.proftpd";
# ftpasswd --passwd --name petitjean -home /var/ftp/h/pub2/Release_04BF03 --shell /bin/bash --uid 21 --gid 21

# cd /data/ftpix/raid/ftp/PI
# chown  -R ftp:ftp Dougados_04BF28
# find Dougados_04BF28 -type d | xargs chmod 700
# find Dougados_04BF28 -type f | xargs chmod go-rwx
# makepasswd
# ~/ftpasswd --passwd --name  Dougados_04BF28 -home /data/ftpix/raid/ftp/PI/Dougados_04BF28 --shell /bin/bash --uid 21 --gid 21
mix # ~/ftpasswd --passwd --name  Dougados_04BF28 -home /var/ftp/h/pub2/seymour --shell /bin/bash --uid 105 --gid 65534

-  ftpix: configuration for ftps (FTP/SSL) protocol cf. this proftpd how-to and this one.

# mkdir /etc/ftpcert
# cd /etc/ftpcert
# openssl genrsa 1024 > host.key
# chmod 400 host.key
# openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
# vi /etc/proftpd/proftpd.conf
# TLS
<IfModule mod_tls.c>
 TLSEngine on
 TLSLog /var/log/proftpd_tls.log
 TLSProtocol TLSv1
 # Are clients required to use FTP over TLS when talking to this server?
 TLSRequired off
 # Authenticate clients that want to use FTP over TLS?
 TLSVerifyClient off
 # Server's certificate
 TLSRSACertificateFile /etc/ftpcert/host.cert
 TLSRSACertificateKeyFile /etc/ftpcert/host.key
</IfModule>
# /etc/init.d/proftpd restart

Available ftps clients under linux:

  • gftp (uncheck "Verify SSL Peer" in options)
  • lftp:
    $ lftp ftpix.iap.fr
     lftp ftpix:~>  set ftp:ssl-force true
     lftp ftpix:~> login simard
     Password:
     lftp simard@ftpix:~> dir
     -rw-------   1 ftp      ftp      260989598 Aug  7 09:55 releaseJ.tar.gz
     -rw-------   1 ftp      ftp      260365349 Aug  7 09:56 releaseKs.tar.gz
     -rw-------   1 ftp      ftp       2116355 Aug  7 09:56 releaseplot.tar.gz
  • kftpgrabber

-  clix: conf spéciale pour web service qf:

# vi /etc/proftpd/proftpd.conf
AuthPAM             on
AuthPAMConfig       ftp
AuthPAMAuthoritative            on
AuthUserFile                    /etc/passwd.proftpd
#AuthGroupFile                   /etc/group.proftpd
# lock users from other group than users in their home dir (for qfws)
DefaultRoot ~ !users
# mix: DefaultRoot ~ nogroup
###FM### allow proftpd to work with NIS!
PersistentPasswd    off


-  rcp

# vi /etc/xinetd.d/rsh
        cps             = 200 5
       disable         = no
# vi /etc/hosts.equiv
clix.clic.iap.fr
pix1.clic.iap.fr
pix2.clic.iap.fr
pix3.clic.iap.fr
pix4.clic.iap.fr
pix5.clic.iap.fr
pix6.clic.iap.fr
pix7.clic.iap.fr
pix8.clic.iap.fr
pix9.clic.iap.fr
pix10.clic.iap.fr
mix1.clic.iap.fr
mix2.clic.iap.fr
mix3.clic.iap.fr
mix4.clic.iap.fr
mix5.clic.iap.fr
clix2.clix.iap.fr
dbterapix.iap.fr
Then copy /etc/hosts.equiv to all other machines of the cluster. /etc/hosts must not list the machine itself with its external address, as only its cluster address is authorized !

for root login via rsh : WARNING, it's dangerous !! (but useful for fast transfert via rsync -av --rsh=rsh):

From this thread on gentoo forum:

# Emerge netkit-rsh and xinetd on all nodes in the cluster
# Add the cluster network to the "only_from" line in /etc/xinetd.conf (e.g. "only_from = localhost 192.168.0.0/24")
# Change /etc/xinetd.d/rsh to read "disable = no"
# Change /etc/xinetd.d/rlogin to read "disable = no"
# Start xinetd and add it to the default runlevel (/etc/init.d/xinetd start; rc-update add xinetd default)
# Add the name of all hosts to /etc/hosts.equiv on all nodes in the cluster
# Add "server_args = -h" to /etc/xinetd.d/rsh on all nodes in the cluster and "killall -s HUP xinetd"
# Add the name of all cluster hosts to ~root/.rhosts on all nodes in the cluster
# Remove the securetty line from /etc/pam.d/rsh on all nodes in the cluster
# Remove the securetty line from /etc/pam.d/rlogin on all nodes in the cluster

Summary (to be done on mix4 for a login from mix2):

# vi /etc/securetty
rsh
##rexec
##rlogin
# vi ~/.rhosts
mix2.clic.iap.fr root
# vi /etc/xinetd.d/rsh
server_args     = -h
# /etc/init.d/xinetd restart

Remove those security holes after the transfer !!


-  ssh

# vi /etc/ssh/sshd_config
X11Forwarding yes
# vi /etc/ssh/ssh_config
Host *
 ForwardX11 yes
 Cipher blowfish


-  smartd

Make a local ebuild for latest version 5.32 (not in portage tree)

# mkdir -p /usr/local/portage/sys-apps/smartmontools
# cp /usr/portage/sys-apps/smartmontools/smartmontools-5.30.ebuild /usr/local/portage/sys-apps/smartmontools/smartmontools-5.32.ebuild
# vi /usr/local/portage/sys-apps/smartmontools/smartmontools-5.32.ebuild
KEYWORDS="~x86 amd64 ~sparc ~ppc ~alpha"
# ebuild /usr/local/portage/sys-apps/smartmontools/smartmontools-5.32.ebuild digest
# emerge -v smartmontools
# gunzip -c /usr/share/doc/smartmontools-5.32/smartd.conf.gz > /etc/smartd.conf
# vi /etc/smartd.conf
#DEVICESCAN
/dev/twa0 -d 3ware,0 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/03)
/dev/twa0 -d 3ware,1 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/04)
/dev/twa0 -d 3ware,2 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/05)
/dev/twa0 -d 3ware,3 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/06)
/dev/twa0 -d 3ware,4 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/07)
/dev/twa0 -d 3ware,5 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/08)
/dev/twa0 -d 3ware,6 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/09)
/dev/twa0 -d 3ware,7 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,8 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,9 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,10 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,11 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)

/dev/twa1 -d 3ware,0 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/03)
/dev/twa1 -d 3ware,1 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/04)
/dev/twa1 -d 3ware,2 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/05)
/dev/twa1 -d 3ware,3 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/06)
/dev/twa1 -d 3ware,4 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/07)
/dev/twa1 -d 3ware,5 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/08)
/dev/twa1 -d 3ware,6 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/09)
/dev/twa1 -d 3ware,7 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,8 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,9 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,10 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,11 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)



# rc-update add smartd default
# /etc/init.d/smartd start

Reports on every disk connected to the 3ware cards, on all SMART information about the disk, to magnard@iap.fr, toggles autosave of device vendor-specific Attributes on (-S on), performs short self-test every day at 2am, and a long self test Saturdays from 3am to 10am.


-  gpm

# vi /etc/conf.d/gpm
MOUSE=imps2
MOUSEDEV=/dev/input/mice
# rc-update add gpm default
# /etc/init.d/gpm start


-  logrotate

# emerge -va logrotate
# vi /etc/logrotate.conf                                                                                                          

# mail me the reports
mail magnard@iap.fr
#nomail

# keep 40 weeks worth of backlogs
rotate 40


-  portlog-info

# cd /usr/local/bin/
# wget http://tdegreni.free.fr/gentoo/portlog-info
# chmod 755 portlog-info


-  Xorg config Do not !! remove -nolisten tcp in /usr/kde/3.2/share/config/kdm/Xservers

# xorgconfig
or:
# scp efigix:/etc/X11/xorg.conf /etc/X11/xorg.conf
# rc-update add xdm default
# /etc/init.d/xdm start


-  cupsd

# vi /etc/cups/cupsd.conf
BrowsePoll imprimeur.iap.fr:631
mix1 /root # for node in mix{2,3,4}; do scp /etc/cups/cupsd.conf ${node}:/etc/cups/cupsd.conf; done
# /etc/init.d/cupsd restart
# rc-update add cupsd default


-  postfix

# emerge -va postfix
# rc-update add postfix default
# gvim /etc/postfix/main.cf
myhostname = mix5.iap.fr
myorigin = $myhostname
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
relayhost = [carignan.iap.fr]  # on efigix
# postconf alias_maps
alias_maps = hash:/etc/mail/aliases
# vi /etc/mail/aliases
root:               magnard@iap.fr
operator:           magnard@iap.fr
# newaliases
# postsuper -d  ALL             (deletes all queues)
# /etc/init.d/postfix start

For clix (mail server for the whole subnetwork), add to /etc/postfix/main.cf:

myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = subnet
ou
mynetworks=10.0.1.204/24


-  rkhunter

# emerge -va rkhunter
# vi /etc/cron.daily/rkhunter
ENABLE=yes
UPDATE=yes
EMAIL_RECIPIENT=magnard@iap.fr
# vi /etc/rkhunter.conf
MAIL-ON-WARNING=magnard@iap.fr
ALLOW_SSH_ROOT_USER=1

Not necessary anymore:

# echo update the os.dat of rkhunter 1.2.7 for Gentoo 1.12
# echo "705:Gentoo Linux 1.12 (x86_64):/usr/bin/md5sum:/bin:" >> /usr/lib/rkhunter/db/os.dat
# echo "706:Gentoo Linux 1.12 (i386):/usr/bin/md5sum:/bin:" >> /usr/lib/rkhunter/db/os.dat


-  udev

Cf. the gentoo udev guide. Also cf. Gentoo wiki. Warning: the rule to match is case sensitive, so use the output of udevinfo -a -p /sys/class/net/eth0/, and not of ifconfig !

# emerge -va coldplug
# rc-update add coldplug boot
# vi /etc/conf.d/rc
RC_DEVICE_TARBALL="no"
RC_PARALLEL_STARTUP="no"
# vi /etc/udev/rules.d/10-local.rules
KERNEL=="eth*", SYSFS{address}=="00:00:5a:99:a5:54", NAME="eth0"
KERNEL=="eth*", SYSFS{address}=="00:e0:81:28:6b:22", NAME="eth1"


-  lm_sensors

# cd /home/nis/root.nis/softs/opteron/lmsensors
# wget ftp://ftp.tyan.com/software/lms/lms_s4882.conf
# wget ftp://ftp.tyan.com/software/lms/lms_s2882.tgz
# echo "alias char-major-89 i2c-dev" > /etc/modules.d/lm-sensors
# vi /etc/conf.d/lm_sensors
MODULE_0=i2c_amd756_s4882
MODULE_1=i2c-isa
MODULE_2=lm85
MODULE_3=lm63
MODULE_4=w83627hf
# mv /etc/sensors.conf /etc/sensors.conf.old
# cp lms_s4882.conf /etc/sensors.conf
# rc-update add lm_sensors default
# /etc/init.d/lm_sensors start


-  bbftp

Compiled in static on clix.... Problem on opteron !

# wget ftp://ftp.in2p3.fr/pub/bbftp/bbftp-3.0.2.tar.gz
# cd bbftp-3.2.0/bbftpc
# ./configure --with-rfio --with-ssl --with-gzip
# make
# make  install
# ln -s /usr/local/etc/bbftpd  /etc/init.d/bbftpd
# /etc/init.d/bbftpd start
# rc-update add bbftpd default

-  bbftpd

# cd bbftp-3.2.0/bbftpd
# ./configure --enable-authentication=certificates  --with-ssl --with-gzip; make; make install
# cp doc/bbftpd.1 /usr/local/man/man1/
# cd /etc/init.d/
# ln -s /usr/local/etc/bbftpd .
# cd /etc
# for i in 3 4 5; do cd rc${i}.d; ln -s /etc/init.d/bbftpd ./S85bbftpd; cd -; done


-  mcelog

# mv /etc/cron.daily/mcelog /etc/cron.hourly/
# vi /etc/cron.hourly/mcelog
#!/bin/bash
/usr/bin/date >> /var/log/mcelog
/usr/sbin/mcelog >> /var/log/mcelog
# chmod 755 /etc/cron.hourly/mcelog


-  PowerWare UPS

  • connect the UPS with the serial cable and run minicom on /dev/ttyS0 to change the internet settings of the snmp card
  • or configure your NIC in a private area network to connect to the snmp default IP http://192.168.7.18
  • config:
    • IP/GW/Mask/DNS: (194.57.221.2)/194.57.221.1/255.255.255.192
    • UPS Event Actions: Notify Client OS to Shutdown on an AC Failure: Yes, 480sec.
    • Mail Server: carignan.iap.fr
    • DNS Address: 194.167.0.198
    • Sender's Email: magnard@iap.fr
    • SMTP Reply to Address: upsmix8@iap.fr
    • Date/Time: ntp server ntp.obspm.fr GMT+1 Daylight saving
  • Download Netwatch
  • untar and run install.sh (Do not change the default installation path, the config file is not relocatable...)
  • Remove default init.d script, and install the gentoo version:
    # rm /etc/init.d/netwatch.init
    # cat netwatch
    #!/sbin/runscript

    depend() {
     need net
    }

    start() {
     ebegin "Starting PowerWare netwatch"
     start-stop-daemon --start --quiet --background --exec /usr/Powerware/NetWatch/netwatch
     eend $? "Failed to start netwatch"
    }

    stop() {
     ebegin "Stopping PowerWare netwatch"
     start-stop-daemon --stop --quiet --exec /usr/Powerware/NetWatch/netwatch
     eend $? "Failed to stop netwatch"
    }
    # rc-update add netwatch default
    # /etc/init.d/netwatch start


-  clix

# emerge -va dhcp net-dns/bind

  • dhcp

# rc-update add dhcp default
# vi /etc/conf.d/dhcpd
DHCPD_IFACE="eth1"
DHCPD_CHROOT="/chroot/dhcp"
# vi /etc/syslog-ng/syslog-ng.conf
log { source(/chroot/dhcp/dev/log); destination(messages); };
(# ebuild /var/db/pkg/net-misc/dhcp-3.0.1-r1/dhcp-3.0.1-r1.ebuild config)
# emerge --config =dhcp-3.0.3-r9

  • bind

# vi /etc/conf.d/named
CHROOT="/chroot/dns"
CPU="2"
# emerge --config '=net-dns/bind-9.3.2-r4'
(# ebuild /var/db/pkg/net-dns/bind-9.2.5-r4/bind-9.2.5-r4.ebuild config)
# echo "alias rndc='rndc -k /chroot/dns/etc/bind/rndc.key'" >> /root/.bashrc
# rc-update add named default

# rc-update add ypserv default
# rc-update add rpc.yppasswdd  default

# vi /etc/conf.d/local.start
echo "Activating forward"
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then
 echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
fi

Cf. config in /home/nis/root.nis/fred/opterons.config/chroot


-  New kernel installation

cd /usr/src/linux-2.6.13; make modules_install;  cp .config /boot/config-2.6.13; cp System.map /boot/System.map-2.6.13; cp arch/i386/boot/bzImage  /boot/kernel-2.6.13; cd /usr/src/; rm linux; ln -s linux-2.6.13-gentoo linux; vi /boot/grub/grub.conf

title=Gentoo Linux 2.6.13-vanilla
# Partition where the kernel image (or operating system) is located
root (hd0,1)
kernel /boot/kernel-2.6.13 root=/dev/hda2


cd /usr/src; scp mix5:/usr/src/linux-2.6.13.2_compiled.tgz .
tar xf linux-2.6.13.2_compiled.tgz; rm linux; ln -s linux-2.6.13.2 linux; cd linux-2.6.13.2/; make modules_install
mount /boot/; cp arch/x86_64/boot/bzImage  /boot/kernel-2.6.13.2; cp .config /boot/config-2.6.13.2; cp System.map /boot/System.map-2.6.13.2; vi /boot/grub/grub.conf

title=Gentoo Linux 2.6.13.2-vanilla
# Partition where the kernel image (or operating system) is located
root (hd0,0)
kernel /kernel-2.6.13.2 root=/dev/sda5


-  mypartmon.pl:

# cp /home/nis/root.nis/fred/utils.pipeline/mypartmon.pl  /usr/local/bin/mypartmon.pl
# cat /usr/local/etc/mypartmon.conf
# free space limit size in kiB
%partlimits = ( '/'     => 10_000,
               '/var'  => 50_000,
               '/home' => 100_000,
               '/data/fcix2/raid1' => 1_048_576,  # 1 GiB
               '/data/fcix2/raid2' => 1_048_576  # 1 GiB
             );
# crontab -e
# full partition check
0 * * * *  root /usr/local/bin/mypartmon.pl -c /usr/local/etc/mypartmon.conf -m teraop@iap.fr


-  Nagios Cf. gentoo wiki

# mkdir /var/log/nagios
# chmod 750 /var/log/nagios
# chown nagios:nagios /var/log/nagios
# cp /usr/share/doc/nagios-core-2.5/sample-configs/* /etc/nagios/
# cd /etc/nagios/
# gunzip  *.gz
# rename -sample '' *
# chmod 640 *
# chown nagios:apache *.cfg
# vi /etc/conf.d/apache2
-D NAGIOS
# vi /etc/apache2/modules.d/99_nagios.conf
               # allow from terapix subnet
               Allow from 127.0.0.1 194.57.221.0/255.255.255.192
# /etc/apache2/httpd.conf
AddHandler cgi-script .cgi
# vi /usr/nagios/sbin/.htaccess
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthGroupFile /etc/nagios/htpasswd.group
require group nagios
# vi /etc/nagios/htpasswd.group
nagios: nagiosadmin magnard
# chown apache:apache /etc/nagios/htpasswd.users
# chmod 640 /etc/nagios/htpasswd.users
# chown apache:apache /etc/nagios/htpasswd.group
# chmod 640 /etc/nagios/htpasswd.group
# chmod 640 /usr/nagios/sbin/.htaccess
# chown apache:apache /usr/nagios/sbin/.htaccess
# htpasswd2 /etc/nagios/htpasswd.users magnard
#


Site Map  -   -  Contact
© Terapix 2003-2011