by
FMA
- Updated November 23rd, 2007
3w-9xxx driver
# tar xzvvf 3w-9xxx2.6.tgz
# cd 3w-9xxx2.6
# tar xzvvf 3w-9xxx.tgz
# cd /usr/src/
# ln -s linux linux-2.6
# cd -
# make
# cp 3w-9xxx.ko /lib/modules/`uname -r`/kernel/drivers/scsi/3w-9xxx.ko
# modules-update
# modprobe 3w-9xxx
# vi /etc/modules.autoload.d/kernel-2.6
3w-9xxx
Installing 3dm
# scp -r root@mix1:/root/softs/3dm ./3dm-7.7.0
# csh install.3dm (port8086)
# scp root@mix1:/etc/init.d/3dm /etc/init.d/3dm
# cat /etc/init.d/3dm
#!/sbin/runscript
depend() {
use dns logger
after portmap
}
checkconfig() {
if [ ! -f /etc/3dmd.conf ] ; then
eerror "Please create /etc/3dmdconf"
return 1
fi
return 0
}
start() {
checkconfig || return $?
ebegin "Starting 3dmd"
start-stop-daemon --start --quiet --exec /usr/sbin/3dmd
eend $? "Failed to start 3dmd"
}
stop() {
ebegin "Stopping 3dmd"
start-stop-daemon --stop --quiet --exec /usr/sbin/3dmd
eend $? "Failed to stop 3dmd"
}
# /sbin/depscan.sh
# /etc/init.d/portmap start
# rc-update add portmap default
# /etc/init.d/3dm start
# rc-update add 3dm default
# cat /etc/3dmd.conf
EMAIL Yes
SERVER mix1.iap.fr
SENDER root
RCPT bertin@iap.fr,magnard@iap.fr
AUDIO No
CALL3WARE No
EMAILRPT 0
PORT 8086
FW 25
HELP /usr/local/doc/3dm
EXTLOG /var/log/3dmExtLog
SNMP No
TRAP
COMM
PASSWORD No
KEY OmwmsK8lKk2
ROPASSWORD Yes
ROKEY V9ZmTQwhpM6
DIAG No
UPS No
UPS_IP
IDLE Yes
IDLETIME 0
POWER 0
SCHED0 00 00 00 00
BGREBUILD0 No
BGSCRUB0 No
BreGVERIFY0 No
SCHED1 00 00 00 00
BGREBUILD1 No
BGSCRUB1 No
BGVERIFY1 No
SCHED2 00 00 00 00
BGREBUILD2 No
BGSCRUB2 No
BGVERIFY2 No
SCHED3 00 00 00 00
BGREBUILD3 No
BGSCRUB3 No
BGVERIFY3 No
REMOTEACCESS Yes
Installing 3dm2
# scp -r root@mix1:/root/softs/3dm2 ./3dm2
# ./install.3dm
# scp mix5:/etc/3dm2/3dm2.conf /etc/3dm2/3dm2.conf
# scp mix5:/etc/init.d/3dm2 /etc/init.d/3dm2
# cat /etc/init.d/3dm2
#!/sbin/runscript
depend() {
use dns logger
after portmap
}
checkconfig() {
if [ ! -f /etc/3dm2/3dm2.conf ] ; then
eerror "Please create /etc/3dm2/3dm2.conf"
return 1
fi
return 0
}
start() {
checkconfig || return $?
ebegin "Starting 3dm2"
start-stop-daemon --start --quiet --exec /usr/sbin/3dm2
eend $? "Failed to start 3dm2"
}
stop() {
ebegin "Stopping 3dm2"
start-stop-daemon --stop --quiet --exec /usr/sbin/3dm2
eend $? "Failed to stop 3dm2"
}
# /sbin/depscan.sh
# /etc/init.d/portmap start
# rc-update add portmap default
# /etc/init.d/3dm2 start
# rc-update add 3dm2 default
# cat /etc/3dm2/3dm2.conf
Port 8086
EmailEnable 1
EmailSender root
EmailServer carignan.iap.fr
EmailRecipient magnard@iap.fr,bertin@iap.fr,gimi@iap.fr
EmailSeverity 1
ROpwd twEWKIdGUoP76
ADMINpwd twV9ZmTQwhpM6
RemoteAccess 1
Language 0
Logger 0
Refresh 5
BGRate 3333333333333333
Help /usr/local/doc/3dm2
3ware Commane Line Interface tw_cli
# tar xzvvf tw_cli-linux-x86_64.tgz
# cd x86_64/
# cp tw_cli.8.nroff /usr/share/man/man8/tw_cli.8
# cp tw_sched.8.nroff /usr/share/man/man8/tw_sched.8
# cp tw_cli tw_sched /usr/local/bin/
# for unit in `tw_cli show | awk '/^c/{print $1}'`; do tw_cli /$unit show ; done
# for unit in `tw_cli show | awk '/^c/{print $1}'`; do tw_cli /$unit show unitstatus; done
# tw_cli /c5 show drivestatus
#
# tw_cli show
Array reconstruction:
# tw_cli
//pix7> info c0
p8 DEGRADED u0 233.76 GB 490234752 A805E7ZE
//pix7> maint remove c0 p8
//pix7> maint rescan c0
//pix7> info c0
p8 OK - 233.76 GB 490234752 A805E7ZE
//pix7> maint rebuild c0 u0 p8
or
//pix7> maint rebuild c0 u0 p8 ignoreECC
//pix7> info c0
u0 RAID-5 REBUILDING 0 64K 1870.09 ON - -
New 3ware firmware update with tw_update
# ./tw_update fw=/home/nis/root.nis/softs/opteron/3ware/9550SX/9.3.0.7/9.3.0.7-9550SX-Upgrade/prom0006.img
Warning: We strongly recommend backing up your data before updating
the firmware. Updating the firmware can render the device driver
and/or management tools incompatible. It is recommended to have
a copy of current firmware image for rollbacks.
Examining compatibility data from firmware image and /c5 ... Done.
New-Firmware Current-Firmware Current-Driver Current-API
----------------------------------------------------------------------
FE9X 3.04.01.011 FE9X 3.04.00.005 2.26.02.007 2.00.00.095
Both API and Driver are compatible with the new firmware.
Recommendation: proceed to update.
Given the above recommendation...
Do you want to continue ? Y|N [N]: Y
Downloading the firmware from file /home/nis/root.nis/softs/opteron/3ware/9550SX/9.3.0.7/9.3.0.7-9550SX-Upgrade/prom0006.img ... Done.
The new image will take effect after reboot.
update build_3wraids_page.bash scripts:
$ vi /root/scripts/build_3wraids_page.bash /root/scripts/raidtxt2html.pl
mysql
# emerge -v mysql
# ebuild /var/db/pkg/dev-db/mysql-4.0.18/mysql-4.0.18.ebuild config
# /etc/init.d/mysql start
# rc-update add mysql default
# /usr/bin/mysqladmin -u root -h mix2 password 'bddmysql'
# cat /etc/portage/package.unmask
dev-db/mysql
Lost passwd:
# /etc/init.d/mysql stop
# mysqld --skip-grant-tables --user=root &
# mysql -u root
mysql> UPDATE mysql.user SET Password=PASSWORD('newpasswd') WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> quit
# killall mysqld
# /etc/init.d/mysql start
# mysql -p -u root
Backup database:
# /usr/local/bin/mysqlblasy.pl
# cat /usr/local/etc/mysqlblasy.conf
dbusername = root
dbpassword = bddmysql
dbhost = localhost
databases = pmadb,mysql,dbspica,T0002,Photometry,EfigiManClass,DBTRANSFER
backupdir = /var/db/backup/
mysqldump = /usr/bin/mysqldump
mysql = /usr/bin/mysql
loglevel = 2
use compression = yes
use syslog = yes
tar = /bin/tar
compression tool = /bin/gzip
keep = 60
# crontab -e
00 02 * * * /usr/local/bin/mysqlblasy.pl -c /usr/local/etc/mysqlblasy.conf
apache2
# emerge -Uv /usr/portage/net-www/apache/apache-2.0.48.ebuild
# etc-update
# rc-update add apache2 default
# mkdir /var/log/apache2
# mkdir -p /usr/lib/apache2/conf/ssl/
# cp /var/tmp/portage/server.{key,crt} /usr/lib/apache2/conf/ssl/
# mkdir -p /var/cache/apache2/
# vi /etc/conf.d/apache2 (after update of mod_php; -D SSL might not work)
APACHE2_OPTS="-D DEFAULT_VHOST -D PHP5 -D SSL_DEFAULT_VHOST -D SSL -D DOC -D DAV"
# vi /etc/php/apache2-php4/php.ini
memory_limit = 80M
# vi /etc/apache2/conf/commonapache2.conf
<Directory /home/nis/*/public_html>
AllowOverride All
Options MultiViews Indexes Includes FollowSymLinks
DirectoryIndex index.html index.php index.php3 index.shtml index.cgi index.pl index.htm Default.htm default.htm
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# /etc/init.d/apache2 start
# cat /home/nis/magnard/public_html/show_images.php
<?php
$path_to_images = "./"; // path to your images
function getImagesList($path) {
$ctr = 0;
if ( $img_dir = @opendir($path) ) {
while ( false !== ($img_file = readdir($img_dir)) ) {
// add checks for other image file types here, if you like
if ( preg_match("/(\.gif|\.jpg|\.png)$/", $img_file) ) {
$images[$ctr] = $img_file;
$ctr++;
}
}
closedir($img_dir);
return $images;
} else {
return false;
}
}
if ($image_list = getImagesList($path_to_images)) {
foreach ($image_list as $image) {
echo "$image<br><a href=\"$image\"><img src=\"$image\"></a><br>";
}
}
?>
phpmyadmin
# euse -E apache2 curl tiff
# emerge -Uv phpmyadmin
# make sure that "IDENTIFIED BY" in 2.6.1_rc1_create.sql matches controlpass in config.inc.php
# portlog-info phpmyadmin
# /usr/sbin/webapp-config -I -h localhost -u root -d /phpmyadmin phpmyadmin 2.8.0.4
# mysql -u root -p < /usr/share/webapps/phpmyadmin/2.6.1_rc1/sqlscripts/mysql/2.6.1_rc1_create.sql
# cp /var/www/localhost/htdocs/phpmyadmin/libraries/config.default.php /var/www/localhost/htdocs/phpmyadmin/config/config.inc.php
# gvim /var/www/localhost/htdocs/phpmyadmin/config.inc.php
$cfg['PmaAbsoluteUri'] = 'http://dbterapix.iap.fr/phpmyadmin/';
# /etc/init.d/mysql restart
# mozilla http://dbterapix.iap.fr/phpmyadmin/
ntp
# vi /etc/ntp.conf
server ntp.obspm.fr
# vi /etc/conf.d/ntpd (now obsolete)
NTPDATE_CMD="ntpdate"
NTPDATE_OPTS="-b ntp.obspm.fr"
# vi /etc/conf.d/ntp-client
NTPCLIENT_OPTS="-b -u ntp.obspm.fr"
# /etc/init.d/ntp-client start
# /etc/init.d/ntpd start
# rc-update add ntpd default
# rc-update add ntp-client default
proftpd
# emerge -v /usr/portage/net-ftp/proftpd/proftpd-1.2.9.ebuild
# vi /etc/xinetd.d/proftpd
disable = no
# cp /etc/proftpd/proftpd.conf.sample /etc/proftpd/proftpd.conf
# vi /etc/proftpd/proftpd.conf
#ServerType standalone
ServerType inetd
###FM### allow proftpd to work with NIS!
PersistentPasswd off
User ftp
Group ftp
# lock user to its home dir
#DefaultRoot ~
# vi /etc/xinetd.conf
only_from = localhost 194.167.0.0 194.57.221.0 145.238.101.115 10.0.1.0
# rc-update add xinetd default
# /etc/init.d/xinetd start
ftpix: configuration for PI data (cf. http://www.castaglia.org/proftpd/contrib/ftpasswd.html)
# vi /etc/proftpd/proftpd.conf
AuthPAM on
AuthPAMConfig ftp
AuthPAMAuthoritative off
AuthUserFile /etc/passwd.proftpd
#AuthGroupFile /etc/group.proftpd
# wget http://www.castaglia.org/proftpd/contrib/ftpasswd
# vi ftpasswd
my $default_passwd_file = "/etc/passwd.proftpd";
my $default_group_file = "/etc/group.proftpd";
# ftpasswd --passwd --name petitjean -home /var/ftp/h/pub2/Release_04BF03 --shell /bin/bash --uid 21 --gid 21
# cd /data/ftpix/raid/ftp/PI
# chown -R ftp:ftp Dougados_04BF28
# find Dougados_04BF28 -type d | xargs chmod 700
# find Dougados_04BF28 -type f | xargs chmod go-rwx
# makepasswd
# ~/ftpasswd --passwd --name Dougados_04BF28 -home /data/ftpix/raid/ftp/PI/Dougados_04BF28 --shell /bin/bash --uid 21 --gid 21
mix # ~/ftpasswd --passwd --name Dougados_04BF28 -home /var/ftp/h/pub2/seymour --shell /bin/bash --uid 105 --gid 65534
ftpix: configuration for ftps (FTP/SSL) protocol cf. this proftpd how-to and this one.
# mkdir /etc/ftpcert
# cd /etc/ftpcert
# openssl genrsa 1024 > host.key
# chmod 400 host.key
# openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
# vi /etc/proftpd/proftpd.conf
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd_tls.log
TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/host.cert
TLSRSACertificateKeyFile /etc/ftpcert/host.key
</IfModule>
# /etc/init.d/proftpd restart
Available ftps clients under linux:
- gftp (uncheck "Verify SSL Peer" in options)
- lftp:
$ lftp ftpix.iap.fr
lftp ftpix:~> set ftp:ssl-force true
lftp ftpix:~> login simard
Password:
lftp simard@ftpix:~> dir
-rw------- 1 ftp ftp 260989598 Aug 7 09:55 releaseJ.tar.gz
-rw------- 1 ftp ftp 260365349 Aug 7 09:56 releaseKs.tar.gz
-rw------- 1 ftp ftp 2116355 Aug 7 09:56 releaseplot.tar.gz
- kftpgrabber
clix: conf spéciale pour web service qf:
# vi /etc/proftpd/proftpd.conf
AuthPAM on
AuthPAMConfig ftp
AuthPAMAuthoritative on
AuthUserFile /etc/passwd.proftpd
#AuthGroupFile /etc/group.proftpd
# lock users from other group than users in their home dir (for qfws)
DefaultRoot ~ !users
# mix: DefaultRoot ~ nogroup
###FM### allow proftpd to work with NIS!
PersistentPasswd off
rcp
# vi /etc/xinetd.d/rsh
cps = 200 5
disable = no
# vi /etc/hosts.equiv
clix.clic.iap.fr
pix1.clic.iap.fr
pix2.clic.iap.fr
pix3.clic.iap.fr
pix4.clic.iap.fr
pix5.clic.iap.fr
pix6.clic.iap.fr
pix7.clic.iap.fr
pix8.clic.iap.fr
pix9.clic.iap.fr
pix10.clic.iap.fr
mix1.clic.iap.fr
mix2.clic.iap.fr
mix3.clic.iap.fr
mix4.clic.iap.fr
mix5.clic.iap.fr
clix2.clix.iap.fr
dbterapix.iap.fr
Then copy /etc/hosts.equiv to all other machines of the cluster. /etc/hosts must not list the machine itself with its external address, as only its cluster address is authorized !
for root login via rsh : WARNING, it's dangerous !! (but useful for fast transfert via rsync -av --rsh=rsh):
From this thread on gentoo forum:
# Emerge netkit-rsh and xinetd on all nodes in the cluster
# Add the cluster network to the "only_from" line in /etc/xinetd.conf (e.g. "only_from = localhost 192.168.0.0/24")
# Change /etc/xinetd.d/rsh to read "disable = no"
# Change /etc/xinetd.d/rlogin to read "disable = no"
# Start xinetd and add it to the default runlevel (/etc/init.d/xinetd start; rc-update add xinetd default)
# Add the name of all hosts to /etc/hosts.equiv on all nodes in the cluster
# Add "server_args = -h" to /etc/xinetd.d/rsh on all nodes in the cluster and "killall -s HUP xinetd"
# Add the name of all cluster hosts to ~root/.rhosts on all nodes in the cluster
# Remove the securetty line from /etc/pam.d/rsh on all nodes in the cluster
# Remove the securetty line from /etc/pam.d/rlogin on all nodes in the cluster
Summary (to be done on mix4 for a login from mix2):
# vi /etc/securetty
rsh
##rexec
##rlogin
# vi ~/.rhosts
mix2.clic.iap.fr root
# vi /etc/xinetd.d/rsh
server_args = -h
# /etc/init.d/xinetd restart
Remove those security holes after the transfer !!
ssh
# vi /etc/ssh/sshd_config
X11Forwarding yes
# vi /etc/ssh/ssh_config
Host *
ForwardX11 yes
Cipher blowfish
smartd
Make a local ebuild for latest version 5.32 (not in portage tree)
# mkdir -p /usr/local/portage/sys-apps/smartmontools
# cp /usr/portage/sys-apps/smartmontools/smartmontools-5.30.ebuild /usr/local/portage/sys-apps/smartmontools/smartmontools-5.32.ebuild
# vi /usr/local/portage/sys-apps/smartmontools/smartmontools-5.32.ebuild
KEYWORDS="~x86 amd64 ~sparc ~ppc ~alpha"
# ebuild /usr/local/portage/sys-apps/smartmontools/smartmontools-5.32.ebuild digest
# emerge -v smartmontools
# gunzip -c /usr/share/doc/smartmontools-5.32/smartd.conf.gz > /etc/smartd.conf
# vi /etc/smartd.conf
#DEVICESCAN
/dev/twa0 -d 3ware,0 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/03)
/dev/twa0 -d 3ware,1 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/04)
/dev/twa0 -d 3ware,2 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/05)
/dev/twa0 -d 3ware,3 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/06)
/dev/twa0 -d 3ware,4 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/07)
/dev/twa0 -d 3ware,5 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/08)
/dev/twa0 -d 3ware,6 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/09)
/dev/twa0 -d 3ware,7 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,8 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,9 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,10 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa0 -d 3ware,11 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,0 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/03)
/dev/twa1 -d 3ware,1 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/04)
/dev/twa1 -d 3ware,2 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/05)
/dev/twa1 -d 3ware,3 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/06)
/dev/twa1 -d 3ware,4 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/07)
/dev/twa1 -d 3ware,5 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/08)
/dev/twa1 -d 3ware,6 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/09)
/dev/twa1 -d 3ware,7 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,8 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,9 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,10 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
/dev/twa1 -d 3ware,11 -a -m magnard@iap.fr -o on -S on -s (S/../.././02|L/../../6/10)
# rc-update add smartd default
# /etc/init.d/smartd start
Reports on every disk connected to the 3ware cards, on all SMART information about the disk, to magnard@iap.fr, toggles autosave of device vendor-specific Attributes on (-S on), performs short self-test every day at 2am, and a long self test Saturdays from 3am to 10am.
gpm
# vi /etc/conf.d/gpm
MOUSE=imps2
MOUSEDEV=/dev/input/mice
# rc-update add gpm default
# /etc/init.d/gpm start
logrotate
# emerge -va logrotate
# vi /etc/logrotate.conf
# mail me the reports
mail magnard@iap.fr
#nomail
# keep 40 weeks worth of backlogs
rotate 40
portlog-info
# cd /usr/local/bin/
# wget http://tdegreni.free.fr/gentoo/portlog-info
# chmod 755 portlog-info
Xorg config Do not !! remove -nolisten tcp in /usr/kde/3.2/share/config/kdm/Xservers
# xorgconfig
or: # scp efigix:/etc/X11/xorg.conf /etc/X11/xorg.conf
# rc-update add xdm default
# /etc/init.d/xdm start
cupsd
# vi /etc/cups/cupsd.conf
BrowsePoll imprimeur.iap.fr:631
mix1 /root # for node in mix{2,3,4}; do scp /etc/cups/cupsd.conf ${node}:/etc/cups/cupsd.conf; done
# /etc/init.d/cupsd restart
# rc-update add cupsd default
postfix
# emerge -va postfix
# rc-update add postfix default
# gvim /etc/postfix/main.cf
myhostname = mix5.iap.fr
myorigin = $myhostname
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
relayhost = [carignan.iap.fr] # on efigix
# postconf alias_maps
alias_maps = hash:/etc/mail/aliases
# vi /etc/mail/aliases
root: magnard@iap.fr
operator: magnard@iap.fr
# newaliases
# postsuper -d ALL (deletes all queues)
# /etc/init.d/postfix start
For clix (mail server for the whole subnetwork), add to /etc/postfix/main.cf:
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = subnet
ou
mynetworks=10.0.1.204/24
rkhunter
# emerge -va rkhunter
# vi /etc/cron.daily/rkhunter
ENABLE=yes
UPDATE=yes
EMAIL_RECIPIENT=magnard@iap.fr
# vi /etc/rkhunter.conf
MAIL-ON-WARNING=magnard@iap.fr
ALLOW_SSH_ROOT_USER=1
Not necessary anymore:
# echo update the os.dat of rkhunter 1.2.7 for Gentoo 1.12
# echo "705:Gentoo Linux 1.12 (x86_64):/usr/bin/md5sum:/bin:" >> /usr/lib/rkhunter/db/os.dat
# echo "706:Gentoo Linux 1.12 (i386):/usr/bin/md5sum:/bin:" >> /usr/lib/rkhunter/db/os.dat
udev
Cf. the gentoo udev guide. Also cf. Gentoo wiki. Warning: the rule to match is case sensitive, so use the output of udevinfo -a -p /sys/class/net/eth0/, and not of ifconfig !
# emerge -va coldplug
# rc-update add coldplug boot
# vi /etc/conf.d/rc
RC_DEVICE_TARBALL="no"
RC_PARALLEL_STARTUP="no"
# vi /etc/udev/rules.d/10-local.rules
KERNEL=="eth*", SYSFS{address}=="00:00:5a:99:a5:54", NAME="eth0"
KERNEL=="eth*", SYSFS{address}=="00:e0:81:28:6b:22", NAME="eth1"
lm_sensors
# cd /home/nis/root.nis/softs/opteron/lmsensors
# wget ftp://ftp.tyan.com/software/lms/lms_s4882.conf
# wget ftp://ftp.tyan.com/software/lms/lms_s2882.tgz
# echo "alias char-major-89 i2c-dev" > /etc/modules.d/lm-sensors
# vi /etc/conf.d/lm_sensors
MODULE_0=i2c_amd756_s4882
MODULE_1=i2c-isa
MODULE_2=lm85
MODULE_3=lm63
MODULE_4=w83627hf
# mv /etc/sensors.conf /etc/sensors.conf.old
# cp lms_s4882.conf /etc/sensors.conf
# rc-update add lm_sensors default
# /etc/init.d/lm_sensors start
bbftp
Compiled in static on clix.... Problem on opteron !
# wget ftp://ftp.in2p3.fr/pub/bbftp/bbftp-3.0.2.tar.gz
# cd bbftp-3.2.0/bbftpc
# ./configure --with-rfio --with-ssl --with-gzip
# make
# make install
# ln -s /usr/local/etc/bbftpd /etc/init.d/bbftpd
# /etc/init.d/bbftpd start
# rc-update add bbftpd default
bbftpd
# cd bbftp-3.2.0/bbftpd
# ./configure --enable-authentication=certificates --with-ssl --with-gzip; make; make install
# cp doc/bbftpd.1 /usr/local/man/man1/
# cd /etc/init.d/
# ln -s /usr/local/etc/bbftpd .
# cd /etc
# for i in 3 4 5; do cd rc${i}.d; ln -s /etc/init.d/bbftpd ./S85bbftpd; cd -; done
mcelog
# mv /etc/cron.daily/mcelog /etc/cron.hourly/
# vi /etc/cron.hourly/mcelog
#!/bin/bash
/usr/bin/date >> /var/log/mcelog
/usr/sbin/mcelog >> /var/log/mcelog
# chmod 755 /etc/cron.hourly/mcelog
PowerWare UPS
- connect the UPS with the serial cable and run minicom on /dev/ttyS0 to change the internet settings of the snmp card
- or configure your NIC in a private area network to connect to the snmp default IP http://192.168.7.18
- config:
- IP/GW/Mask/DNS: (194.57.221.2)/194.57.221.1/255.255.255.192
- UPS Event Actions: Notify Client OS to Shutdown on an AC Failure: Yes, 480sec.
- Mail Server: carignan.iap.fr
- DNS Address: 194.167.0.198
- Sender's Email: magnard@iap.fr
- SMTP Reply to Address: upsmix8@iap.fr
- Date/Time: ntp server ntp.obspm.fr GMT+1 Daylight saving
- Download Netwatch
- untar and run install.sh (Do not change the default installation path, the config file is not relocatable...)
- Remove default init.d script, and install the gentoo version:
# rm /etc/init.d/netwatch.init
# cat netwatch
#!/sbin/runscript
depend() {
need net
}
start() {
ebegin "Starting PowerWare netwatch"
start-stop-daemon --start --quiet --background --exec /usr/Powerware/NetWatch/netwatch
eend $? "Failed to start netwatch"
}
stop() {
ebegin "Stopping PowerWare netwatch"
start-stop-daemon --stop --quiet --exec /usr/Powerware/NetWatch/netwatch
eend $? "Failed to stop netwatch"
}
# rc-update add netwatch default
# /etc/init.d/netwatch start
clix
# emerge -va dhcp net-dns/bind
# rc-update add dhcp default
# vi /etc/conf.d/dhcpd
DHCPD_IFACE="eth1"
DHCPD_CHROOT="/chroot/dhcp"
# vi /etc/syslog-ng/syslog-ng.conf
log { source(/chroot/dhcp/dev/log); destination(messages); };
(# ebuild /var/db/pkg/net-misc/dhcp-3.0.1-r1/dhcp-3.0.1-r1.ebuild config)
# emerge --config =dhcp-3.0.3-r9
# vi /etc/conf.d/named
CHROOT="/chroot/dns"
CPU="2"
# emerge --config '=net-dns/bind-9.3.2-r4'
(# ebuild /var/db/pkg/net-dns/bind-9.2.5-r4/bind-9.2.5-r4.ebuild config)
# echo "alias rndc='rndc -k /chroot/dns/etc/bind/rndc.key'" >> /root/.bashrc
# rc-update add named default
# rc-update add ypserv default
# rc-update add rpc.yppasswdd default
# vi /etc/conf.d/local.start
echo "Activating forward"
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
fi
Cf. config in /home/nis/root.nis/fred/opterons.config/chroot
New kernel installation
cd /usr/src/linux-2.6.13; make modules_install; cp .config /boot/config-2.6.13; cp System.map /boot/System.map-2.6.13; cp arch/i386/boot/bzImage /boot/kernel-2.6.13; cd /usr/src/; rm linux; ln -s linux-2.6.13-gentoo linux; vi /boot/grub/grub.conf
title=Gentoo Linux 2.6.13-vanilla
# Partition where the kernel image (or operating system) is located
root (hd0,1)
kernel /boot/kernel-2.6.13 root=/dev/hda2
cd /usr/src; scp mix5:/usr/src/linux-2.6.13.2_compiled.tgz .
tar xf linux-2.6.13.2_compiled.tgz; rm linux; ln -s linux-2.6.13.2 linux; cd linux-2.6.13.2/; make modules_install
mount /boot/; cp arch/x86_64/boot/bzImage /boot/kernel-2.6.13.2; cp .config /boot/config-2.6.13.2; cp System.map /boot/System.map-2.6.13.2; vi /boot/grub/grub.conf
title=Gentoo Linux 2.6.13.2-vanilla
# Partition where the kernel image (or operating system) is located
root (hd0,0)
kernel /kernel-2.6.13.2 root=/dev/sda5
mypartmon.pl:
# cp /home/nis/root.nis/fred/utils.pipeline/mypartmon.pl /usr/local/bin/mypartmon.pl
# cat /usr/local/etc/mypartmon.conf
# free space limit size in kiB
%partlimits = ( '/' => 10_000,
'/var' => 50_000,
'/home' => 100_000,
'/data/fcix2/raid1' => 1_048_576, # 1 GiB
'/data/fcix2/raid2' => 1_048_576 # 1 GiB
);
# crontab -e
# full partition check
0 * * * * root /usr/local/bin/mypartmon.pl -c /usr/local/etc/mypartmon.conf -m teraop@iap.fr
Nagios Cf. gentoo wiki
# mkdir /var/log/nagios
# chmod 750 /var/log/nagios
# chown nagios:nagios /var/log/nagios
# cp /usr/share/doc/nagios-core-2.5/sample-configs/* /etc/nagios/
# cd /etc/nagios/
# gunzip *.gz
# rename -sample '' *
# chmod 640 *
# chown nagios:apache *.cfg
# vi /etc/conf.d/apache2
-D NAGIOS
# vi /etc/apache2/modules.d/99_nagios.conf
# allow from terapix subnet
Allow from 127.0.0.1 194.57.221.0/255.255.255.192
# /etc/apache2/httpd.conf
AddHandler cgi-script .cgi
# vi /usr/nagios/sbin/.htaccess
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthGroupFile /etc/nagios/htpasswd.group
require group nagios
# vi /etc/nagios/htpasswd.group
nagios: nagiosadmin magnard
# chown apache:apache /etc/nagios/htpasswd.users
# chmod 640 /etc/nagios/htpasswd.users
# chown apache:apache /etc/nagios/htpasswd.group
# chmod 640 /etc/nagios/htpasswd.group
# chmod 640 /usr/nagios/sbin/.htaccess
# chown apache:apache /usr/nagios/sbin/.htaccess
# htpasswd2 /etc/nagios/htpasswd.users magnard
#
