Tuesday, January 27, 2009

Webmin 1.450 is out!

Just a quick update that Webmin 1.450 is out.  If you are running a RedHat or a dirivative grab the rpm from http://prdownloads.sourceforge.net/webadmin/webmin-1.450-1.noarch.rpm.  If you aready have Webmin installed run the command rpm -Uhv webmin-1.450-1.noarch.rpm.

Friday, January 23, 2009

Things learned over time, Part 1

This is going to be an on going series of quick posts.  Some of those quick little tid bits of information that once you know you never forget, but up until that point it makes things harder than they need to be.

I typically change directories to where I want files to end up if say I am using wget or xcopy.  I used to do xcopy z:\some\directory\* c:\Users\Steve\Desktop\Directory 

now I have either realized or learnd from someone that you can do 

xcopy z:\some\directory\* .

Saves a lot of typing and reduces mistakes.  Again you have to be in the directory for it to work.
Alternatively if you open a command prompt by default you are in your home directory, so if I wanted the same outcome but didn't want to change directories I would do 
xcopy z:\some\directory Desktop\Directory

Of course this works on Linux as well as Windows but the paths and slashes will be different.

Thursday, January 22, 2009

301 Permenant Redirects in Apache on CentOS

Hello and welcome back to 301 Redirects and you.  You might remember that I did a post on 301 Redirects on IIS a few years ago, way back in 2007 actually.

Today we are concerned with the Apache web server and doing SEO / SSL friendly 301 redirects for host.com to www.host.com.

If you are just running host.com and not using any named virtual hosts you can do:
ServerName www.host.com
RewriteEngine on
RewriteRule ^/(.*) http://www.host.com/$1 [L,R=301]

If you are running named virtual hosts you can then add the directives below to your virtual hosts.

<VirtualHost *:80>
       ServerName somehost.com
       Redirect 301 / http://host.com
</VirtualHost>

Thursday, January 15, 2009

How to: Use chkconfig, or keeping your services running on a new run level

OK, so I didn't take my own advice and made sure that all of my services where set to the run on the correct run levels before I switched run levels and rebooted the servers.

chkconfig is a command-line tool for updating the /etc/rc[0-6].d directories.

So I ran chkconfig --list | more to see what was running and in what run levels. Next I ran chkconfig --levels 235 service on to tell the service to start when it enters that run level. For example:

chkconfig --levels 235 named on

Now since I have already rebooted the server, and I know this service didn't start on it's own I had to:

service named start

If I had been smarter and done all of this before hand but wanted to see if named was running or not I would have run:

service named status

I understand that all of this is basics, but some people learn from others mistakes, so hopefully I can save one person from doing the same thing.

Other useful chkconfig switches:
chkconfig --help (Used to display the help dialog)
chkconfig --add [Service Name] (chkconfig --add mysqld) (Adds a service to the chkconfig list)
chkconfig --del [Service Name] (chkconfig --del mysqld) (Deletes a service from the chkconfig list)
chkconfig --level [2,3,4,5][Service Name][on, off, reset] (chkconfig --levels 235 httpd on)(Sets the run levels a service should start in.)

chkconfig can also manage xinetd scripts via /etc/xinetd.d.

Oh, and while you are at it run chkconfig --list | more to review what services are running on your server, you might be suprised. For instance I had bluetooth support running, but not one computer in my company has bluetooth support, so I disabled it (chkconfig --levels 2345 off) and (service bluetooth stop).



Switching Run Levels in CentOS

I am assuming that anyone reading this is at least familar with run levels and linux but please have an understanding of what they are and how they will affect your system(s).

Runlevels

0 - halt (Do NOT set initdefault to this)

1 - Single user mode

2 - Multiuser, without NFS (The same as 3, if you do not have networking)

3 - Full multiuser mode

4 - unused or Admin

5 - X11

6 - reboot (Do NOT set initdefault to this)

The most commonly used runlevels in CentOS are 0, 1, 3, 5 and 6. Most systems will boot into runlevel 5 with a GUI login and either Gnome or KDE as a window manager running on top of X. This is exactly what someone using the computer as a desktop will want, but for a server you will want to boot to into runlevel 3 (Full multiuser mode). From there you may choose to "startx" manually once logged in. (A common setup for me. I like the ability to have a GUI, but I don't want it running all of the time. Runlevel1 (Single user mode) has been very handy, for instance if you have forgotten your root password or are having trouble booting for any number of reasons.

To change the runlevel of the server upon boot up edit the /etc/inittab

sudo vi /etc/inittab

Around line 18 you will see a line as shown below.

id:5:initdefault:

You simply change the "5" in this case to the runlevel you desire. (In my case 3) Save the file and exit.

Wednesday, January 14, 2009

Spiceworks releases 3.5!

Just found out that Spiceworks has been updated to 3.5. I never got the chance I wanted to beta test 3.5, but now I don't have to worry about it. Looking forward to the Network Bandwidth Analyzer and the Nagios integration.

I plan on doing a backup of my database tonight so I can do the update after hours. Wish me luck.

Friday, January 09, 2009

Configuring PuTTY to use PKI (passwordless) authentication

Since this is about using PuTTY I would recommend you download it if you haven't already. Also you will need to get PuTTYgen, it might be worth it to grab pscp as well. I like to keep putty.exe and puttygen.exe in my Windows directory, so I don't have to update my path, thus allowing me to run putty right from the command prompt.

Now run PuTTYGen and create a new pair of keys by clicking the “Generate” button. You will have to move your mouse around in the box to generate randomness, so keep doing that until the progress bar fills up. You can keep all the options at their default settings. Then, save both public and private key to a safe location. Name your public key [your_key_name].pub and the private key [your_key_name].ppk.

Now, upload your public key to a directory on your remote system. I used pscp to do this quickly to all of my servers (pscp [your_key_name.pub] user@remotesystem:)
Now you have to import your public key into the authorized_keys file (and authorized_keys2)

ssh-keygen -i -f [your_key_name.pub] >> .ssh/authorized_keys && ssh-keygen -i -f [your_key_name.pub] >> .ssh/authorized_keys2
Replace [your_key_name.pub] with the path to your key. Now log out and start PuTTY.
In Putty, you have to configure the following items:
In Connection/Data, add your remote user name
In Connection/SSH/Auth, browse to your private key file (.ppk)
In Sessions, fill in the FQDN or IP address of your remote machine, give your session a name [session_name] and click on Save.

Now you can use putty to SSH into your remote boxes with out a password. If you are a fan of having one or two click shortcuts create a shortcut to %windir%\putty.exe -load [session_name]. If you gave your [session_name] a name with spaces use double quotes to encase it like putty.exe -load "session name".

Configuring CentOS 5.2 to accept passwordless authentication via PKI

I am sure most people reading this blog know how to do this, setup password less authentication using Public Key Infrastructure, but there are a few minutea that I was missing.

The .ssh directory needs to be read/writeable/executabe by the owner only (chmod 700 .ssh)
authorized_keys and authorized_keys2 need to be read/writeable by the owner only (chmod 600 authorized_key*).

On CentOS 5.2 I also dropped in a .config file into the .ssh directory I was able to connect with Putty and not use a password.

nagstamon: A Nagios system tray monitor

First a little bit about my setup. While its true that I love nagios I don't always want to wait for e-mails to come before I know about a problem. I run a dual PC setup with Synergy2 to connect the two monitors and use only one keyboard and mouse. I keep the second monitor on my helpdesk tickets and nagios service detail page. I also use the Nagios Checker for Firefox on my second screen, but since I run Chrome as my main browser I cannot use that option on my main screen.

Today I found nagstamon and instantly fell in love with it! Configuration is easy. Below you can see what settings I am using for optimal performance in my opinion. Of course nagios-server is my actual FQDN for my nagios server and I don't use nagiosadmin to login to my nagios server.



If you notice on the last tab "Executables" I keep putty in the Windows directory so I don't have to update my path. This allows me to run putty right from the command line anywhere I am once I am at a command prompt.

Also if you don't choose to put NagStaMon in the system tray it will float in it's own tiny window like you see below. Look near the upper left corner by the Firefox Icon.


Monday, January 05, 2009

How-To: Install, Configure, and Import your first SVN (Subversion) repo on CentOS 5

This might only be useful to me, I don't know but at least I will know its out there and when I have to do this again I will know what to do.

Use wget to pull down the latest source.
tar xzfv subversion.1.2.3.4.tar.gz
cd subversion.1.2.3.4/
./configure
make && make install
svnadmin create --fs-type fsfs /path/to/repo
touch /path/to/repo/.htpasswd
htpasswd /path/to/repo username
svn import -m "First Import" --username=username /source/path/ file:///path/to/repo
Setup the apache config file. Since I use named virtual hosts and typically have multple repos here is a sample.

<VirtualHost *:80>
        ServerName svn.yourhost.com
        DocumentRoot "/var/www/html"
        ServerPath /html/
        DirectoryIndex index.php index.htm
        <Location /svn/repo1>
                DAV svn
                SVNPath /path/to/repo/repo1
                AuthType Basic
                AuthName "repo1 Repository"
                AuthzSVNAccessFile /path/to/svn-acl-conf
                AuthUserFile /path/to/repo/repo1/.htpasswd
                Require valid-user
        </Location>
        <Location /svn/repo2>
                DAV svn
                SVNPath /path/to/repo/repo2
                AuthType Basic
                AuthName "repo2 Repository"
                AuthzSVNAccessFile /path/to/svn-acl-conf
                AuthUserFile /path/to/repo/repo1/.htpasswd
                Require valid-user
        </Location>
        <Location /svn/repo3>
                DAV svn
                SVNPath /path/to/repo/repo3
                AuthType Basic
                AuthName "repo3 Repository"
                AuthzSVNAccessFile /path/to/svn-acl-conf
                AuthUserFile /path/to/repo/repo3/.htpasswd
                Require valid-user
        </Location>
</VirtualHost>


The /path/to/svn-acl-conf file contains
[repo1:/]
username = rw
[repo2:/]
username = rw
[repo3:/]
username =rw

This file needs to be updated everytime a new repository is added with the appropriate username and permissions.

I am sure I have missed some steps with this, but it's a decent starting point.