Tuesday, February 05, 2008
Oracle and network detection
I recently had to do a rhel server setup for Oracle 10g. I'd configured static networking for the server but Oracle started complaining I had dhcp set for the NIC. I verified my network settings and tried again but it still kept complaining about the same. Finally I added an entry to the /etc/hosts file and Oracle was happy about it. I don't understand the logic in looking at the /etc/hosts file to determine whether the network configuration is static or dhcp. But anyhow "it works" :)
Sunday, January 27, 2008
Oracle 10g installation on RHEL4 AS x86_64 bit HP Blade BL 480c
Hardware:
HP ProLiant BL480c G1, Intel Xeon E5345 (x86_64) 2 * Quad Core 2.33GHz
Memory 8192 MB, Hard disk 440 GB - RAID 5 H/w array of 146.8 * 4 SAS disks
Software:
Operating System Red Hat Enterprise Linux 4 AS Update 6 x86_64 bit
Kernel Version Linux 2.6.967.ELsmp #1 SMP x86_64 GNU/Linux
Database Oracle 10g Release 2 Database
Installation procedure:
Note: Many of the special notes and parameters are specific to this installation on this hardware only. While installing other servers on a different type of hardware or different versions of the OS or any software used, choose the values accordingly.
1. Login as Administrator into iLO homepage. Choose the Integrated Remote Console option.( You'll need a Windows machine with IE for this)
Note: The RHEL Installation DVD needs to be connected to the server via the
Virtual Media option and hence the other options in iLO via serial/web/java
based cannot be used for installation since they don't have this option.
The other option is use the DVD ROM in the blade chassis. I'm lazy to go all the way to the data center for this . So I prefer the virtual media stuff ;)
2. Boot from the RHEL 4 AS Update 6 x86_64bit DVD ROM
Note: The RHEL 4 versions prior to U 6 do not contain the drivers for the SAS
disks and will not detect a hard disk on the server. The driver though can be
separately downloaded from the HP site and loaded from a floppy during the
installation.
3. Choose “linux text” method of installation since the mouse doesn't work during the graphical installation on the HP BL480c blade servers. Proceed with default options till the partitioning stage is reached.
4. Select to manually partition disk with Disk Druid and build the following disk
configuration:
/boot 100 MB
/ 50 GB
Ignore the swap warning and proceed.
Note: The rest of the partitions can be created on lvm ONLY using the graphical system-config-lvm tool once the installation is completed. The swap can be configured on a logical volume so that in case of memory upgrades we can easily increase the swap space accordingly. Its recommended to place the /boot partition on a non-lvm partition.
5. Configure the IP Address and hostname , select the adapter to activate on boot.
6. Select “customize the packages for installation” and choose the following :
a) X Window System
b) Gnome Desktop Environment
c) Editors
d) Graphical Internet
e) Text based Internet
f) Server configuration tools
g) Web Server
h) Windows File Server
i) FTP Server
j) Development tools
k) X software development
l) Legacy software development
m) Administration tools
n) System Tools
Leave the default options unchanged for the remaining steps and proceed.
7. Reboot the server once the package installation is complete and login as root.
8. Create an LVM (8e) partition with the remaining space on the disk using fdisk.
Issue the partprobe command so that the kernel reloads the new partition table.
9. Create a Physical Volume on the new partition using
[root@server1 ~]# pvcreate /dev/cciss/c0d0p5
Physical volume "/dev/cciss/c0d0p5" successfully created
10. Launch the system-config-lvm tool and create individual Logical Volumes on the newly created Physical Volume Vol0 with the sizes and mount points as below ( Set the mount points to be mounted only after reboot as we need to rsync the existing /tmp and /var directories before we move them to the newly created LVs ):
/dev/mapper/Vol0-u01 20G /u01
/dev/mapper/Vol0-u02 15G /u02
/dev/mapper/Vol0-u03 20G /u03
/dev/mapper/Vol0-u04 20G /u04
/dev/mapper/Vol0-u05 40G /u05
/dev/mapper/Vol0-u06 20G /u06
/dev/mapper/Vol0-u07 25G /u07
/dev/mapper/Vol0-u08 20G /u08
/dev/mapper/Vol0-u10 20G /u10
/dev/mapper/Vol0-backup 79G /backup
/dev/mapper/Vol0-archive 40G /archive
/dev/mapper/Vol0-tmp 9.9G /tmp
/dev/mapper/Vol0-var 15G /var
/dev/mapper/Vol0-swap 16 GB
11. Exit the system-config-lvm tool.
12. Prepare the /dev/Vol0/swap partition for swap.
[root@server1 ~] mkswap /dev/Vol0/swap
[root@server1 ~] swapon /dev/Vol0/swap
13. Move the /var and /tmp directories to LVs so that in case they get filled up due to any unexpected reasons, the system and the root ( “/” ) partition is not affected and so that in case they need to be expanded later on, it can be done easily. Create two temporary folders in /tmp for mounting the LVs var and tmp
temporarily. rsync the existing var and tmp directories to the corresponding LVs.
[root@server1 ~]mkdir /tmp/{var,tmp}
[root@server1 ~]mount /dev/mapper/Vol0-tmp /tmp/tmp
[root@server1 ~]mount /dev/mapper/Vol0-var /tmp/var
[root@server1 ~]rsync -av /var /tmp/var
[root@server1 ~]rsync -av /tmp /tmp/tmp
[root@server1 ~]
14. Add entries to /etc/fstab for all the newly created LVs.
/dev/Vol0/swap swap swap defaults 0 0
/dev/Vol0/u01 /u01 ext3 defaults 1 2
/dev/Vol0/u02 /u02 ext3 defaults 1 2
/dev/Vol0/u03 /u03 ext3 defaults 1 2
/dev/Vol0/u04 /u04 ext3 defaults 1 2
/dev/Vol0/u05 /u05 ext3 defaults 1 2
/dev/Vol0/u06 /u06 ext3 defaults 1 2
/dev/Vol0/u07 /u07 ext3 defaults 1 2
/dev/Vol0/u08 /u08 ext3 defaults 1 2
/dev/Vol0/u10 /u10 ext3 defaults 1 2
/dev/Vol0/backup /backup ext3 defaults 1 2
/dev/Vol0/archive /archive ext3 defaults 1 2
/dev/Vol0/tmp /tmp ext3 defaults 1 2
/dev/Vol0/var /var ext3 defaults 1 2
15. Reboot system and login as root. Ensure all the filesystems have been mounted.
16. Make sure the following packages do not exist so that there's no package conflict with the oracle prerequisites.
a) Ksh2004022912
b) Ipw2200firmware2.03
c) Ipw2100firmware1.31
Use the command #rpm –e to remove the packages.
17. Make sure the following packages (or later versions if available) are available and install/upgrade if necessary. The packages can be installed/upgraded either by manually downloading the rpm packages from RHN with subscription account.
kernel-2.6.9-42.0.3.EL
libstdc++-3.4.6-3
kernel-smp-2.6.9-42.0.3.EL
make-3.80-5
compat-db-4.1.25-9
pdksh-5.2.14-30.3
control-center-2.8.0-12.rhel4.5
sysstat-5.0.5-1
xscreensaver-4.18-5.rhel4.11
gcc-3.4.6-3
compat-libstdc++-33-3.2.3-47.3
libaio-0.3.102-1
openmotif21-2.1.30-11.RHEL4.2
gcc-c++-3.4.6-3
compat-libstdc++-296-2.96-132.7.2
glibc-2.3.4-2.25
glibc-common-2.3.4-2.25
gcc-g77-3.4.6-3
gnome-libs-1.4.1.2.90-44.1
mkinitrd-4.2.1.8-1
18. Configure the VNC server for remote administration.
[root@server1 ~]# cat /etc/sysconfig/vncservers
VNCSERVERS="1:ora10g"
VNCSERVERARGS[1]="-geometry 1024x768"
[root@server1 ~]# cat ~ora10g/.vnc/xstartup
#!/bin/sh
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
19. Download and install the latest HP Proliant Service Pack from the HP website
for x86_64 bit RHEL 4 AS to remotely administer the system and monitor the
server health. Untar the tarball and extract it to a folder. cd into the directory and
execute the following command:
[root@server1#]chmod u+x install791.sh ;
[root@server1#]./install791.sh
21. Reboot the server and get ready for the Oracle Database installation.
Oracle Database 10g Release 2 installation.
1. Check the prerequisite RPMs (Get the latest list from the oracle website)
2. Create the Oracle Groups
#/usr/sbin/groupadd oinstall
#/usr/sbin/groupadd dba
3. Create the oracle user
#/usr/sbin/useradd --home /u01/oracle/product/10.2.0.1 -g oinstall -G dba ora10g
Note: g for primary group and –G for other group
4. Change the password of the oracle user
#passwd oracle
5. Create oracle directories for binaries and data files
Creation of the ORACLE_HOME
#mkdir -p /u01/oracle/product/10.2.0.1
#chown -R ora10g:oinstall /u01/oracle/product/10.2.0.1
Creation of directories for oracle files
#mkdir -p /u01/oradata/prod
#chown -R ora10g:oinstall /u01/oradata/prod
Change ownership of /backup directory to the ora10g user.
#chown -R ora10g:oinstall /backup
6. Change the kernel parameters by appending the following to /etc/sysctl.conf:
#vi /etc/sysctl.conf
# For Oracle
kernel.shmall = 2097152
kernel.shmmax = 4294967296 # Set this to half of physical RAM
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 192000
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
Enter the following command to change the current values of the kernel
parameters (Reboot the machine if the command fails)
#/sbin/sysctl -p
7. Set the shell limits for the oracle user
Add the following lines in the /etc/security/limits.conf file
Ora10g soft nproc 2047
Ora10g hard nproc 16384
Ora10g soft nofile 1024
Ora10g hard nofile 65536
Add the following line to the /etc/pam.d/login file, if it does not exist
Session required /lib/security/pam_limits.so
8. Create the .bash_profile
#su - ora10g
$vi .bash_profile
ORACLE_BASE=/u01/oracle
Export ORACLE_BASE
ORACLE_HOME=/u01/oracle/product/10.2.0.1
Export ORACLE_HOME
ORACLE_SID-prod
Export ORACLE_SID
PATH=$PATH:$ORACLE_HOME/bin
Export PATH
Umask 022
9. Copy the oracle database installation file 10201_database_linux_x86_64.cpio
to /tmp and extract it
#cpio -idmv <10201_database_linux_x86_64.cpio
10. Start the installation by running runinstaller and proceed with the installation.
11. After completing the installation apply the oracle patch version 10.2.0.3 (latest).
HP ProLiant BL480c G1, Intel Xeon E5345 (x86_64) 2 * Quad Core 2.33GHz
Memory 8192 MB, Hard disk 440 GB - RAID 5 H/w array of 146.8 * 4 SAS disks
Software:
Operating System Red Hat Enterprise Linux 4 AS Update 6 x86_64 bit
Kernel Version Linux 2.6.967.ELsmp #1 SMP x86_64 GNU/Linux
Database Oracle 10g Release 2 Database
Installation procedure:
Note: Many of the special notes and parameters are specific to this installation on this hardware only. While installing other servers on a different type of hardware or different versions of the OS or any software used, choose the values accordingly.
1. Login as Administrator into iLO homepage. Choose the Integrated Remote Console option.( You'll need a Windows machine with IE for this)
Note: The RHEL Installation DVD needs to be connected to the server via the
Virtual Media option and hence the other options in iLO via serial/web/java
based cannot be used for installation since they don't have this option.
The other option is use the DVD ROM in the blade chassis. I'm lazy to go all the way to the data center for this . So I prefer the virtual media stuff ;)
2. Boot from the RHEL 4 AS Update 6 x86_64bit DVD ROM
Note: The RHEL 4 versions prior to U 6 do not contain the drivers for the SAS
disks and will not detect a hard disk on the server. The driver though can be
separately downloaded from the HP site and loaded from a floppy during the
installation.
3. Choose “linux text” method of installation since the mouse doesn't work during the graphical installation on the HP BL480c blade servers. Proceed with default options till the partitioning stage is reached.
4. Select to manually partition disk with Disk Druid and build the following disk
configuration:
/boot 100 MB
/ 50 GB
Ignore the swap warning and proceed.
Note: The rest of the partitions can be created on lvm ONLY using the graphical system-config-lvm tool once the installation is completed. The swap can be configured on a logical volume so that in case of memory upgrades we can easily increase the swap space accordingly. Its recommended to place the /boot partition on a non-lvm partition.
5. Configure the IP Address and hostname , select the adapter to activate on boot.
6. Select “customize the packages for installation” and choose the following :
a) X Window System
b) Gnome Desktop Environment
c) Editors
d) Graphical Internet
e) Text based Internet
f) Server configuration tools
g) Web Server
h) Windows File Server
i) FTP Server
j) Development tools
k) X software development
l) Legacy software development
m) Administration tools
n) System Tools
Leave the default options unchanged for the remaining steps and proceed.
7. Reboot the server once the package installation is complete and login as root.
8. Create an LVM (8e) partition with the remaining space on the disk using fdisk.
Issue the partprobe command so that the kernel reloads the new partition table.
9. Create a Physical Volume on the new partition using
[root@server1 ~]# pvcreate /dev/cciss/c0d0p5
Physical volume "/dev/cciss/c0d0p5" successfully created
10. Launch the system-config-lvm tool and create individual Logical Volumes on the newly created Physical Volume Vol0 with the sizes and mount points as below ( Set the mount points to be mounted only after reboot as we need to rsync the existing /tmp and /var directories before we move them to the newly created LVs ):
/dev/mapper/Vol0-u01 20G /u01
/dev/mapper/Vol0-u02 15G /u02
/dev/mapper/Vol0-u03 20G /u03
/dev/mapper/Vol0-u04 20G /u04
/dev/mapper/Vol0-u05 40G /u05
/dev/mapper/Vol0-u06 20G /u06
/dev/mapper/Vol0-u07 25G /u07
/dev/mapper/Vol0-u08 20G /u08
/dev/mapper/Vol0-u10 20G /u10
/dev/mapper/Vol0-backup 79G /backup
/dev/mapper/Vol0-archive 40G /archive
/dev/mapper/Vol0-tmp 9.9G /tmp
/dev/mapper/Vol0-var 15G /var
/dev/mapper/Vol0-swap 16 GB
11. Exit the system-config-lvm tool.
12. Prepare the /dev/Vol0/swap partition for swap.
[root@server1 ~] mkswap /dev/Vol0/swap
[root@server1 ~] swapon /dev/Vol0/swap
13. Move the /var and /tmp directories to LVs so that in case they get filled up due to any unexpected reasons, the system and the root ( “/” ) partition is not affected and so that in case they need to be expanded later on, it can be done easily. Create two temporary folders in /tmp for mounting the LVs var and tmp
temporarily. rsync the existing var and tmp directories to the corresponding LVs.
[root@server1 ~]mkdir /tmp/{var,tmp}
[root@server1 ~]mount /dev/mapper/Vol0-tmp /tmp/tmp
[root@server1 ~]mount /dev/mapper/Vol0-var /tmp/var
[root@server1 ~]rsync -av /var /tmp/var
[root@server1 ~]rsync -av /tmp /tmp/tmp
[root@server1 ~]
14. Add entries to /etc/fstab for all the newly created LVs.
/dev/Vol0/swap swap swap defaults 0 0
/dev/Vol0/u01 /u01 ext3 defaults 1 2
/dev/Vol0/u02 /u02 ext3 defaults 1 2
/dev/Vol0/u03 /u03 ext3 defaults 1 2
/dev/Vol0/u04 /u04 ext3 defaults 1 2
/dev/Vol0/u05 /u05 ext3 defaults 1 2
/dev/Vol0/u06 /u06 ext3 defaults 1 2
/dev/Vol0/u07 /u07 ext3 defaults 1 2
/dev/Vol0/u08 /u08 ext3 defaults 1 2
/dev/Vol0/u10 /u10 ext3 defaults 1 2
/dev/Vol0/backup /backup ext3 defaults 1 2
/dev/Vol0/archive /archive ext3 defaults 1 2
/dev/Vol0/tmp /tmp ext3 defaults 1 2
/dev/Vol0/var /var ext3 defaults 1 2
15. Reboot system and login as root. Ensure all the filesystems have been mounted.
16. Make sure the following packages do not exist so that there's no package conflict with the oracle prerequisites.
a) Ksh2004022912
b) Ipw2200firmware2.03
c) Ipw2100firmware1.31
Use the command #rpm –e
17. Make sure the following packages (or later versions if available) are available and install/upgrade if necessary. The packages can be installed/upgraded either by manually downloading the rpm packages from RHN with subscription account.
kernel-2.6.9-42.0.3.EL
libstdc++-3.4.6-3
kernel-smp-2.6.9-42.0.3.EL
make-3.80-5
compat-db-4.1.25-9
pdksh-5.2.14-30.3
control-center-2.8.0-12.rhel4.5
sysstat-5.0.5-1
xscreensaver-4.18-5.rhel4.11
gcc-3.4.6-3
compat-libstdc++-33-3.2.3-47.3
libaio-0.3.102-1
openmotif21-2.1.30-11.RHEL4.2
gcc-c++-3.4.6-3
compat-libstdc++-296-2.96-132.7.2
glibc-2.3.4-2.25
glibc-common-2.3.4-2.25
gcc-g77-3.4.6-3
gnome-libs-1.4.1.2.90-44.1
mkinitrd-4.2.1.8-1
18. Configure the VNC server for remote administration.
VNCSERVERS="1:ora10g"
VNCSERVERARGS[1]="-geometry 1024x768"
#!/bin/sh
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
19. Download and install the latest HP Proliant Service Pack from the HP website
for x86_64 bit RHEL 4 AS to remotely administer the system and monitor the
server health. Untar the tarball and extract it to a folder. cd into the directory and
execute the following command:
21. Reboot the server and get ready for the Oracle Database installation.
Oracle Database 10g Release 2 installation.
1. Check the prerequisite RPMs (Get the latest list from the oracle website)
#/usr/sbin/groupadd oinstall
#/usr/sbin/groupadd dba
3. Create the oracle user
#/usr/sbin/useradd --home /u01/oracle/product/10.2.0.1 -g oinstall -G dba ora10g
Note: g for primary group and –G for other group
4. Change the password of the oracle user
#passwd oracle
5. Create oracle directories for binaries and data files
Creation of the ORACLE_HOME
#mkdir -p /u01/oracle/product/10.2.0.1
#chown -R ora10g:oinstall /u01/oracle/product/10.2.0.1
Creation of directories for oracle files
#mkdir -p /u01/oradata/prod
#chown -R ora10g:oinstall /u01/oradata/prod
Change ownership of /backup directory to the ora10g user.
#chown -R ora10g:oinstall /backup
6. Change the kernel parameters by appending the following to /etc/sysctl.conf:
#vi /etc/sysctl.conf
# For Oracle
kernel.shmall = 2097152
kernel.shmmax = 4294967296 # Set this to half of physical RAM
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 192000
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
Enter the following command to change the current values of the kernel
parameters (Reboot the machine if the command fails)
#/sbin/sysctl -p
7. Set the shell limits for the oracle user
Add the following lines in the /etc/security/limits.conf file
Ora10g soft nproc 2047
Ora10g hard nproc 16384
Ora10g soft nofile 1024
Ora10g hard nofile 65536
Add the following line to the /etc/pam.d/login file, if it does not exist
Session required /lib/security/pam_limits.so
8. Create the .bash_profile
#su - ora10g
$vi .bash_profile
ORACLE_BASE=/u01/oracle
Export ORACLE_BASE
ORACLE_HOME=/u01/oracle/product/10.2.0.1
Export ORACLE_HOME
ORACLE_SID-prod
Export ORACLE_SID
PATH=$PATH:$ORACLE_HOME/bin
Export PATH
Umask 022
9. Copy the oracle database installation file 10201_database_linux_x86_64.cpio
to /tmp and extract it
#cpio -idmv <10201_database_linux_x86_64.cpio
10. Start the installation by running runinstaller and proceed with the installation.
11. After completing the installation apply the oracle patch version 10.2.0.3 (latest).
Tuesday, January 22, 2008
If you uninstall the rpm package itself!!!!!!!!!!!!
Installing rpm's rpm without... rpm!
A friend of mine recently uninstalled the rpm package on his system and panicked. Now thats sure a tough situation. rpm is the lifeline of red hat based distros. Here's what to do in case it happens to you
Download the rpm-4.x.x.i386.rpm package (the version depends upon the version of your distro )
Download this script and make it executable (chmod 775 rpm2cpio.sh)
http://www.rpm.org/tools/scripts/rpm2cpio.sh
Copy the script and the rpm-4.x.x.i386.rpm package in the / directory.
From the / directory, run the following command as root:
./rpm2cpio.sh rpm-4.x.x.i386.rpm | cpio -ivd
This will extract the files from the rpm-4.x.x.i386.rpm package and place them in the right directories, as if you installed it with the rpm command, but without updating the rpm database nor executing any postinstall script.
The pre- and post-install script are described in the attached file, that can be extracted from the rpm-4.x.x.i386.rpm package. You have to run them manually in a console window.
At the end, as extra security option, you could run
rpm -ivh --force rpm-x.x.i386.rpm
This should install rpm over itself, updating the rpm database and executing the pre- and post-install scripts as usual.
A friend of mine recently uninstalled the rpm package on his system and panicked. Now thats sure a tough situation. rpm is the lifeline of red hat based distros. Here's what to do in case it happens to you
Download the rpm-4.x.x.i386.rpm package (the version depends upon the version of your distro )
Download this script and make it executable (chmod 775 rpm2cpio.sh)
http://www.rpm.org/tools/scripts/rpm2cpio.sh
Copy the script and the rpm-4.x.x.i386.rpm package in the / directory.
From the / directory, run the following command as root:
./rpm2cpio.sh rpm-4.x.x.i386.rpm | cpio -ivd
This will extract the files from the rpm-4.x.x.i386.rpm package and place them in the right directories, as if you installed it with the rpm command, but without updating the rpm database nor executing any postinstall script.
The pre- and post-install script are described in the attached file, that can be extracted from the rpm-4.x.x.i386.rpm package. You have to run them manually in a console window.
At the end, as extra security option, you could run
rpm -ivh --force rpm-x.x.i386.rpm
This should install rpm over itself, updating the rpm database and executing the pre- and post-install scripts as usual.
Tuesday, November 20, 2007
Apache on Kerberos from Win 2k3 AD
So after a one year stint at Red Hat, I'm back to Doha. I've joined a govt. body that surprisingly has a Linux based infrastructure backend ( Surprising coz in this part of the world Linux deployment is still in its infancy). But the front end is still Windows mostly and so I'm back to a mixed environment. My first project was to test out an apache server to authenticate from the existing win 2k3 AD. After a few struggles I got it working. Here's the step by step
1) On the windows DNS server, add an entry for the linux server where the apache is running.
2) Install Support tools for Windows 2003 server. We'll need the ktpass tool for the next step.
3) C:\Program Files\Support Tools>ktpass -princ HTTP/testapache.foo.bar@foo.bar -mapuser apache1 -pass apachepassword -out c:\temp\testapache.keytab
4) Copy this file over to the linux machine and drop it in /etc/krb5.keytab
5) Configure the /etc/krb5.conf on linux as follows ( FOO.BAR is the FQDN of the Windows domain, DC.FOO.BAR is the domain controller ):
[root@testapache html]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FOO.BAR
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
FOO.BAR = {
kdc = DC.FOO.BAR:88
admin_server = DC.FOO.BAR:749
default_domain = FOO.BAR
}
[domain_realm]
.foo.bar = FOO.BAR
foo.bar = FOO.BAR
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
6) Add the kerberos authentication module entry in apache. Then add the following ( Remember the caps for the Realm name is important) in httpd.conf within the "Directory" section. The tags seem to be getting overridden when publishing this blog:
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealm FOO.BAR
Krb5KeyTab /etc/krb5.keytab
KrbVerifyKDC off
Require user apache1@FOO.BAR
#require valid-user
That should be it. restart apache and test kerberos using kinit and then the website via logging to the website.
1) On the windows DNS server, add an entry for the linux server where the apache is running.
2) Install Support tools for Windows 2003 server. We'll need the ktpass tool for the next step.
3) C:\Program Files\Support Tools>ktpass -princ HTTP/testapache.foo.bar@foo.bar -mapuser apache1 -pass apachepassword -out c:\temp\testapache.keytab
4) Copy this file over to the linux machine and drop it in /etc/krb5.keytab
5) Configure the /etc/krb5.conf on linux as follows ( FOO.BAR is the FQDN of the Windows domain, DC.FOO.BAR is the domain controller ):
[root@testapache html]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FOO.BAR
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
FOO.BAR = {
kdc = DC.FOO.BAR:88
admin_server = DC.FOO.BAR:749
default_domain = FOO.BAR
}
[domain_realm]
.foo.bar = FOO.BAR
foo.bar = FOO.BAR
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
6) Add the kerberos authentication module entry in apache. Then add the following ( Remember the caps for the Realm name is important) in httpd.conf within the "Directory" section. The tags seem to be getting overridden when publishing this blog:
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealm FOO.BAR
Krb5KeyTab /etc/krb5.keytab
KrbVerifyKDC off
Require user apache1@FOO.BAR
#require valid-user
That should be it. restart apache and test kerberos using kinit and then the website via logging to the website.
Thursday, October 18, 2007
perl script for ftp backup
root@srvsun01 # cat /usr/scripts/backup.pl
#!/usr/bin/perl
use Net::FTP;
#my $ftp = Net::FTP->new("172.16.39.7");
#$ftp->login("backupadmin@foo.bar.edu","foobar");
my $host="172.16.39.7";
my $directory="pub";
($a,$d,$d,$day,$month,$yearoffset,$r,$u,$o) = localtime();
$year = 1900 + $yearoffset;
$backupdate= "$day-$month-$year";
print $backupdate;
$ftp=Net::FTP->new($host,Timeout=>240) or $newerr=1;
push @ERRORS, "Can't ftp to $host: $!\n" if $newerr;
myerr() if $newerr;
print "Connected\n";
$ftp->login("backupadmin@foo.bar.edu","foobar") or $newerr=1;
print "Getting file list";
push @ERRORS, "Can't login to $host: $!\n" if $newerr;
$ftp->quit if $newerr;
myerr() if $newerr;
print "Logged in\n";
$ftp->binary;
$ftp->put("backup-$backupdate.tar.gz");
$ftp->quit;
Sunday, October 07, 2007
Solaris 10.3 Installation on Dell Latitude 620
My uncle was kind enough to temporarily provide me with a Dell Latitude D620. Now that I'm in Doha and have little else to do other than job hunting, I decided to install Solaris 10.3 on it. Things weren't easy initially. The installation would never cross the grub stage . Finally browsing through web forums , it was pointed out that the dual-core is not supported. So I disabled that and continued with the installation. There were no other hitches during the installation.
Then at the reboot, it didn't seem to proceed after grub again. This time I had to add "kernel/unix" to the kernel line in the grub entry for solaris boot, i.e.
kernel /platform/i86pc/multiboot
into
kernel /platform/i86pc/multiboot kernel/unix -v
That did it and the system booted fine. It was so nice to see a good GUI for Solaris. The last time I worked on Solaris, it was on those horrible Netra 1125 boxes which don't even have the mercy to display anything on screen other than via serial console or ssh/telnet. We did have an Enterprise E450 too, but the GUI for that wasn't that impressive either.
Anyway Solaris 10.3 looks really nice, clean. Video card and NIC worked out of the box. Only the sound remains to be installed. Will do that tomorrow.
And btw, firefox doesn't seem to be there in the default installation, only mozilla is installed. So I got a package of firefox for solaris on x86 and installed it. Now I feel much at home here too..
Then at the reboot, it didn't seem to proceed after grub again. This time I had to add "kernel/unix" to the kernel line in the grub entry for solaris boot, i.e.
kernel /platform/i86pc/multiboot
into
kernel /platform/i86pc/multiboot kernel/unix -v
That did it and the system booted fine. It was so nice to see a good GUI for Solaris. The last time I worked on Solaris, it was on those horrible Netra 1125 boxes which don't even have the mercy to display anything on screen other than via serial console or ssh/telnet. We did have an Enterprise E450 too, but the GUI for that wasn't that impressive either.
Anyway Solaris 10.3 looks really nice, clean. Video card and NIC worked out of the box. Only the sound remains to be installed. Will do that tomorrow.
And btw, firefox doesn't seem to be there in the default installation, only mozilla is installed. So I got a package of firefox for solaris on x86 and installed it. Now I feel much at home here too..
Sunday, August 26, 2007
Merging pdfs
ImageMagick package has a tool called convert which can easily merge pdfs. so if you get tutorials that have a file each for a chapter , then just use convert
convert chapter1.pdf chapter2.pdf tutorial.pdf
and you get a combined pdf of all the chapters :)
convert chapter1.pdf chapter2.pdf tutorial.pdf
and you get a combined pdf of all the chapters :)
Wednesday, August 22, 2007
Padma for firefox
I'm a regular reader of the Madhyamam newspaper but couldn't ever read its online version because of some font incompatibility with firefox. That was till I found out this plugin padma.
https://addons.mozilla.org/en-US/firefox/addon/873
Now I can happily read all the malayalam websites without any problems. Thats one more reason to go for firefox. Flexibility like never before.
https://addons.mozilla.org/en-US/firefox/addon/873
Now I can happily read all the malayalam websites without any problems. Thats one more reason to go for firefox. Flexibility like never before.
FTP troubles
We have an FTP server where we've disabled active FTP , so we often get complaints from users about being unable to use the server. Normally we just reply to specifically use passive mode, but we recently got a complaint from a user with a snippet of his output of the ftp client where he specifically mentions passive ftp and still gets a 550.
I set detailed logging on my vsftpd server using these parameters in the vsftpd.conf
log_ftp_protocol=YES
xferlog_std_format=NO
and started monitoring the vsftpd.log file.
It started showing me that despite the client showing me an output saying that the PASV command was issued, it was reaching us as PORT. On further investigation , we figured out that the person was using an ftp proxy and it was probably modifying the commands.
I set detailed logging on my vsftpd server using these parameters in the vsftpd.conf
log_ftp_protocol=YES
xferlog_std_format=NO
and started monitoring the vsftpd.log file.
It started showing me that despite the client showing me an output saying that the PASV command was issued, it was reaching us as PORT. On further investigation , we figured out that the person was using an ftp proxy and it was probably modifying the commands.
Ripping VCDs
Copying vcds on linux is a bit tricky. The normal cp and mv doesn't work.
So we need to rip the cds. Here's how to do it using mencoder
mencoder vcd://1 -ovc lavc -lavcopts vcodec=mpeg4:vhq -oac mp3lame -lameopts abr:br=128 -o Song1.avi
If you need to rip the multiple files, you can put in a small loop
for i in `seq 1 10` ; do mencoder vcd://$i -ovc lavc -lavcopts vcodec=mpeg4:vhq -oac mp3lame -lameopts abr:br=128 -o Song$i.avi; done;
So we need to rip the cds. Here's how to do it using mencoder
mencoder vcd://1 -ovc lavc -lavcopts vcodec=mpeg4:vhq -oac mp3lame -lameopts abr:br=128 -o Song1.avi
If you need to rip the multiple files, you can put in a small loop
for i in `seq 1 10` ; do mencoder vcd://$i -ovc lavc -lavcopts vcodec=mpeg4:vhq -oac mp3lame -lameopts abr:br=128 -o Song$i.avi; done;
Tuesday, July 24, 2007
Zgrep
To grep through archived gz files etc , instead of unzipping and then grep
you can use this tool zgrep
say for eg.
zgrep anonymous /var/log/xferlog.*
you can use this tool zgrep
say for eg.
zgrep anonymous /var/log/xferlog.*
Monday, July 23, 2007
Scripting woes
I was trying to get a perl script with a sed oneliner called from within the perl script..
It started itching me when I tried inserting a few leading spaces into the replacement text in sed.
Here's the snippet
my $mask = '255.255.255.0';
foreach my $device (sort keys %ifaddrs) {
unless ($ifmasks{$device}) {
$t = `sed -e "/255.255/ a\ \\\t '$device' => '$mask'," $deffile > $deffile.new ` ;
print $t ;
The leading tab never worked properly till we finally preceded \t with two escape sequences- one each for the perl and sed parsing.
With the third one , it finally worked. The better part of it was that the perl variables worked well in sed ..i.e. they were parsed by perl before passing it on to sed..well, in another way thats what screwed me when it came to the white spaces..Anyway all working now, here's the full script...
#!/usr/bin/perl
#use strict;
use warnings;
my $file = shift @ARGV;
my $check = 0;
print "\nchecking $file\n";
check_arrays($file);
sub check_arrays {
my $deffile = shift;
#my (%ifaddrs, %ifmasks, %bootproto, %onboot);
require "$deffile";
my $mask = '255.255.255.0';
foreach my $device (sort keys %ifaddrs) {
unless ($ifmasks{$device}) {
print "$deffile def file does not have ifmasks for $device\n";
$t = `sed -e "/255.255/ a\ \\\t '$device' => '$mask'," $deffile > $deffile.new ` ;
print $t ;
}
unless ($bootproto{$device}) {
print "$deffile def file does not have bootproto for $device\n";
}
unless ($onboot{$device}) {
print "$deffile def file does not have onboot for $device\n";
}
}
undef %ifaddrs;
undef %ifmasks;
undef %bootproto;
undef %onboot;
}
It started itching me when I tried inserting a few leading spaces into the replacement text in sed.
Here's the snippet
my $mask = '255.255.255.0';
foreach my $device (sort keys %ifaddrs) {
unless ($ifmasks{$device}) {
$t = `sed -e "/255.255/ a\ \\\t '$device' => '$mask'," $deffile > $deffile.new ` ;
print $t ;
The leading tab never worked properly till we finally preceded \t with two escape sequences- one each for the perl and sed parsing.
With the third one , it finally worked. The better part of it was that the perl variables worked well in sed ..i.e. they were parsed by perl before passing it on to sed..well, in another way thats what screwed me when it came to the white spaces..Anyway all working now, here's the full script...
#!/usr/bin/perl
#use strict;
use warnings;
my $file = shift @ARGV;
my $check = 0;
print "\nchecking $file\n";
check_arrays($file);
sub check_arrays {
my $deffile = shift;
#my (%ifaddrs, %ifmasks, %bootproto, %onboot);
require "$deffile";
my $mask = '255.255.255.0';
foreach my $device (sort keys %ifaddrs) {
unless ($ifmasks{$device}) {
print "$deffile def file does not have ifmasks for $device\n";
$t = `sed -e "/255.255/ a\ \\\t '$device' => '$mask'," $deffile > $deffile.new ` ;
print $t ;
}
unless ($bootproto{$device}) {
print "$deffile def file does not have bootproto for $device\n";
}
unless ($onboot{$device}) {
print "$deffile def file does not have onboot for $device\n";
}
}
undef %ifaddrs;
undef %ifmasks;
undef %bootproto;
undef %onboot;
}
Saturday, July 14, 2007
A few tips
Running multiple X sessions
On your login prompt. Insert your login and password and then execute:
startx -- :1
to get into your graphical environment.
To go back to the previous user session, press Ctrl+Alt+F7, while to get yours back press Ctrl+Alt+F8.
The keys F1 to F6 identify six console sessions, while F7 to F12 identify six X sessions.
On your login prompt. Insert your login and password and then execute:
startx -- :1
to get into your graphical environment.
To go back to the previous user session, press Ctrl+Alt+F7, while to get yours back press Ctrl+Alt+F8.
The keys F1 to F6 identify six console sessions, while F7 to F12 identify six X sessions.
Thursday, July 12, 2007
DVD Ripping
I've been ripping a few DVDs of late and I've got this wonderful tool
HandBrakeCLI http://handbrake.m0k.org/
Its really cool and simple.You might need to get the right libraries installed but its really simple to use. Just remember to select your subtitle no..the default is none..
Just happened to get this strange error today while playing with one of the servers
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
was wondering what it was...and finally turned out that I was installing an rpm sitting in a directory which the rpm moved and I ended up getting the error :)
HandBrakeCLI http://handbrake.m0k.org/
Its really cool and simple.You might need to get the right libraries installed but its really simple to use. Just remember to select your subtitle no..the default is none..
Just happened to get this strange error today while playing with one of the servers
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
was wondering what it was...and finally turned out that I was installing an rpm sitting in a directory which the rpm moved and I ended up getting the error :)
Tuesday, July 03, 2007
Screen tips
For scrolling back on screen
press Ctrl A Esc
then Ctrl U
For down Ctrl D
To switch windows in screen
Ctrl A 1 , 2 , 3 etc
press Ctrl A Esc
then Ctrl U
For down Ctrl D
To switch windows in screen
Ctrl A 1 , 2 , 3 etc
Tuesday, June 19, 2007
NFS options
At times there are instances where you'd want to export an NFS share temporarily but don't want to add it in your /etc/exports file esp when its huge and bulky and another temporary entry might add to its ugliness. You can always do a temporary export using
exportfs -v -i -o root=server.domain.tld:rw=client.domain.tld /vol/tmp_data
Remember everytime anyone runs exportfs -a on the nfs server , the volume vanishes ..
exportfs -v -i -o root=server.domain.tld:rw=client.domain.tld /vol/tmp_data
Remember everytime anyone runs exportfs -a on the nfs server , the volume vanishes ..
Thursday, May 24, 2007
for loop
I often get confused with the for loop
its always the ` and not the ' . For eg
for i in `ls *.log.*`; do gzip $i; done
its always the ` and not the ' . For eg
for i in `ls *.log.*`; do gzip $i; done
Thursday, May 03, 2007
Kickstarts
I was doing a kickstart installation on one of my servers and it seemed to always get stuck at the first language prompt. Obviously that meant the ks.cfg was not accessible since thats the first entry in a kickstart file. so hunting down the reasons, I arrived at a DNS error , the hostname of the server was not properly added to the dns server. Once that was done , it was still not working.
Finally the nscd of the server where the requests for ks.cgi co was cleared of its hosts table and the kickstart finally got off to a nice start :)
Btw I cleared an RHCA paper for the RH401 exam . Now for the rest .........
NB: My earlier post about Rconnect wifi works with airtel too , just the difference that the no. to be dialled is *99#
Thats all for now!
Finally the nscd of the server where the requests for ks.cgi co was cleared of its hosts table and the kickstart finally got off to a nice start :)
Btw I cleared an RHCA paper for the RH401 exam . Now for the rest .........
NB: My earlier post about Rconnect wifi works with airtel too , just the difference that the no. to be dialled is *99#
Thats all for now!
Wednesday, February 21, 2007
Adobe Reader on FC6
I suppose many others too might have faced this problem of Adobe Reader not working in FC 6. so here's a workaround
Edit the file/bin/acroread and replace the following line:
check_gtk_ver_and_set_lib_path "$MIN_GTK_VERSION"
with
# check_gtk_ver_and_set_lib_path "$MIN_GTK_VERSION"
(i.e. comment the line).
It worked for me. Thanks to AshutoshJSharma on Adobeforums.
Edit the file
check_gtk_ver_and_set_lib_path "$MIN_GTK_VERSION"
with
# check_gtk_ver_and_set_lib_path "$MIN_GTK_VERSION"
(i.e. comment the line).
It worked for me. Thanks to AshutoshJSharma on Adobeforums.
Wednesday, February 14, 2007
Reset the binary screen
Sometimes it gets really irritating if you mistakenly do a cat of some binary file and you end up with a command prompt that shows up with binary characters and everything you type on screen echoes as binary characters. the remedy is simple
just type "reset" and press enter.
just type "reset" and press enter.
Subscribe to:
Posts (Atom)